MUSCULAR (DS-200B), located in the

United Kingdom The United Kingdom of Great Britain and Northern Ireland, commonly known as the United Kingdom (UK) or Britain, is a country in Northwestern Europe, off the coast of European mainland, the continental mainland. It comprises England, Scotlan ...

, is the name of a surveillance program jointly operated by Britain's Government Communications Headquarters (GCHQ) and the U.S.

National Security Agency The National Security Agency (NSA) is an intelligence agency of the United States Department of Defense, under the authority of the director of national intelligence (DNI). The NSA is responsible for global monitoring, collection, and proces ...

(NSA) that was revealed by documents released by Edward Snowden and interviews with knowledgeable officials. GCHQ is the primary operator of the program. GCHQ and the NSA have secretly broken into the main communications links that connect the data centers of

Yahoo! Yahoo (, styled yahoo''!'' in its logo) is an American web portal that provides the search engine Yahoo Search and related services including My Yahoo, Yahoo Mail, Yahoo News, Yahoo Finance, Yahoo Sports, y!entertainment, yahoo!life, and its a ...

and

Google Google LLC (, ) is an American multinational corporation and technology company focusing on online advertising, search engine technology, cloud computing, computer software, quantum computing, e-commerce, consumer electronics, and artificial ...

. Substantive information about the program was made public at the end of October 2013.

Overview

The programme is jointly run by: * – Government Communications Headquarters (GCHQ) (United Kingdom) * – U.S.

(NSA) MUSCULAR is one of at least four other similar programs that rely on a trusted 2nd party, programs which together are known as WINDSTOP. In a 30-day period from December 2012 to January 2013, MUSCULAR was responsible for collecting 181 million records. It was however dwarfed by another WINDSTOP program known (insofar) only by its code DS-300 and codename INCENSER, which collected over 14 billion records in the same period.

Operational details

According to the leaked document the NSA's acquisitions directorate sends millions of records every day from internal Yahoo! and Google networks to data warehouses at the agency's headquarters at

Fort Meade Fort George G. Meade is a United States Army installation located in Maryland, that includes the Defense Information School, the Defense Media Activity, the United States military bands#Army Field Band, United States Army Field Band, and the head ...

, Maryland. The program operates via an access point known as DS-200B, which is outside the United States, and it relies on an unnamed telecommunications operator to provide secret access for the NSA and the GCHQ. According to ''

The Washington Post ''The Washington Post'', locally known as ''The'' ''Post'' and, informally, ''WaPo'' or ''WP'', is an American daily newspaper published in Washington, D.C., the national capital. It is the most widely circulated newspaper in the Washington m ...

'', the MUSCULAR program collects more than twice as many data points ("selectors" in NSA jargon) compared to the better known PRISM. Unlike PRISM, the MUSCULAR program requires no (FISA or other type of) warrants. Because of the huge amount of data involved, MUSCULAR has presented a special challenge to NSA's Special Source Operations. For example, when Yahoo! decided to migrate a large amount of mailboxes between its data centers, the NSA's PINWALE database (their primary analytical database for the Internet) was quickly overwhelmed with the data coming from MUSCULAR. Closely related programmes are called INCENSER and TURMOIL. TURMOIL, belonging to the NSA, is a system for processing the data collected from MUSCULAR. According to a post-it style note from the presentation, the exploitation relied on the fact that (at the time at least) data was transmitted unencrypted inside Google's private cloud, with "Google Front End Servers" stripping and respectively adding back SSL from/to external connections. After the information about MUSCULAR was published by the press, Google announced that it was working on deploying

encrypted communication Secure communication is when two entities are communicating and do not want a third party to listen in. For this to be the case, the entities need to communicate in a way that is unsusceptible to eavesdropping or Signals intelligence, interception ...

between its datacenters.

Reactions and countermeasures

In early November 2013, Google announced that it was encrypting traffic between its data centers. In mid-November, Yahoo! announced similar plans. In December 2013,

Microsoft Microsoft Corporation is an American multinational corporation and technology company, technology conglomerate headquartered in Redmond, Washington. Founded in 1975, the company became influential in the History of personal computers#The ear ...

announced similar plans and used the expression "

advanced persistent threat An advanced persistent threat (APT) is a stealthy threat actor, typically a State (polity), state or state-sponsored group, which gains unauthorized access to a computer network and remains undetected for an extended period. In recent times, the ...

" in their press release (signed-off by their top legal representative), which the press immediately interpreted as comparison of the NSA with the Chinese government-sponsored hackers. Google engineer Brandon Downey stated the following on

Google+ Google+ (sometimes written as Google Plus, stylized as G+ or g+) was a Social networking service, social network owned and operated by Google until it ceased operations in 2019. The network was launched on June 28, 2011, in an attempt to challe ...

Gallery

Image:NSA-MUSCULAR-p22.png, Slide from NSA SSO presentation detailing the MUSCULAR capabilities Image:20131030-wapo-muscular.pdf, Internal NSA SSO update on the MUSCULAR operation, mentioning problem with Yahoo mailbox transfers, which required a throttling of data capture

References

External links