Google engineers rage at NSA

Google engineers rage at NSA

Summary: Google cryptography engineers explain their anger at the NSA for violating security systems they built to stop criminals.


Google engineers are taking to their Google+ pages to vent their fury at the NSA for the violation of their back-end security systems committed by the NSA.

It started with Brandon Downey who dropped an F-bomb on the agency shortly after the Washington Post reported on how the NSA had tapped into the internal traffic between Google's data centers.

Downey was joined yesterday by Mike Hearn. Hearn says he worked for over two years on the system that the NSA subverted.

A Google blog on that system, written by Hearn in February of this year, explains how spammers had begun to hijack Google accounts in order to send spam from them, increasing the odds that the spam would get through filters. The system he describes is called "risk-based authentication" in some security circles:

Every time you sign in to Google, whether via your web browser once a month or an email program that checks for new mail every five minutes, our system performs a complex risk analysis to determine how likely it is that the sign-in really comes from you. In fact, there are more than 120 variables that can factor into how a decision is made.

If a sign-in is deemed suspicious or risky for some reason—maybe it’s coming from a country oceans away from your last sign-in—we ask some simple questions about your account. For example, we may ask for the phone number associated with your account, or for the answer to your security question. These questions are normally hard for a hijacker to solve, but are easy for the real owner. Using security measures like these, we've dramatically reduced the number of compromised accounts by 99.7 percent since the peak of these hijacking attempts in 2011.

And indeed, an accompanying graph of legitimate accounts blocked for spamming over time shows that the number dropped to near-zero early in 2012.

The NSA broke into this system by tapping the connections between Google data centers. Because it was considered internal to Google, it was unencrypted, even though it passed through public facilities. The traffic is now all encrypted, blocking off this particular avenue of attack.

You can tell from these posts and from others, like Justin Schuh's, that these guys aren't Tea Party or Occupy types. They really do want to make systems that secure users and cooperate, through proper procedure, with law enforcement. They know that there's a lot of real crime committed on their systems and they need to fight it. The NSA's subterfuge makes this job harder.

Topics: Security, Google, Government US, Government UK

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • "Because it was considered internal to Google"

    It would appear that Google and any other organization that cares about security should revisit their assumptions and make modifications, as appropriate, to their security posture.

    Just curious, does this make the 3-letter agency in question eligible for a Pwnium prize?
    Rabid Howler Monkey
    • sure does...

      sure does!!!

      And by the way, those 3-lettered guys will always find a way.. no matter what
      • The NSA needs to be reigned in

        I have no problem with the NSA trying to brute-force their way through high strength encryption, but lately they have been (thanks to the PATRIOT Act) getting encryption keys thanks to our knucklehead politicians who think that security at any cost is essential, which is wrong. The NSA is wrecking the trust of the Internet...
        • .

          I hear GHCQ can find out everything I do, and I don't really care. Unless I am planning something illegal why should I worry?

          If I found out that by tapping all my comms, my friends and my families and everyone I have ever met in my life then I would think its all worth it.
          • Did it ever occur to you...

            that this info could have other uses beyond simply convicting you of a crime? Or that this information may be used for other more nefarious purposes, and not just for national security?

            And, if you don't value your privacy, fine. Give the NSA all your usernames and passwords, keys to your house, let them imbed a GPS and microphone in your skull, but please do not devalue the privacy of OTHERS by oversimplification of an issue that is far from simple.
          • Why would the NSA care about

            your usernames and passwords, the keys to your house, or want to imbed a GPS and microphone in your skull?

            Are you really that important?
          • Depends...

            ...on whether or not you think U.S. administrations might get into the "counter-subversion" (ie. dissent suppression) business; or NSA directors might want to take a tip from J. Edgar Hoover and stockpile incriminating information on politicians and other public figures (we want our politicians to work for their constituents, not lobbyists or entrenched bureaucrats). Or maybe it will just be plain old ordinary digging up of dirt that can be used to prosecute or otherwise harass political opponents as bosses have been doing for nearly two centuries.

            Just because you think the present administration is trustworthy doesn't mean that future ones will be.
            John L. Ries
          • And that is relevant how, exactly?

            Considering that they sweep up ALL transaction data.
    • It's really really hard to consider these guys "security" guys when they

      were transmitting all this data in the clear over networks they didn't own and manage. And to your last point, no, this doesn't make their job of fighting crime harder. Not at all.
      Johnny Vegas
      • that's not fair

        It wasn't over some other network, it was on leased lines between their own data centers. I'm not sure it's on the record, but I presume that the tap happened at a public interchange which is only supposed to be connecting 2 legs of the line.
        • Even so...

          Anyone pontificating on best practices and who doesn't have a budget to meet would say that these connections should be encrypted as well.
  • Hmmm not really Pwnium ...

    We are talking about traffic WITHIN Google's own cloud, traffic which is completely inaccessible to anyone else on the planet.

    Except for the US Government.

    So yeah, those 3 letter guys will find a way I guess. And everytime a door is closed they will bring out a new "Patriot Act" to open a dozen others.

    God bless America.
    • LOL

      You have no idea what you are on about.

      1. It was sent over Public Infrastructure so anyone who knows how can access it
      2. The fact that it was sent unencrypted in the first place should be a sackable offence on its own.

      Seriously who doesn't encrypt everything anymore....
      • Talk about not knowing what you're talking about

        1) No it wasn't
        2) Internal data is sent unencrypted all the time, by menu businesses.
        Funny, though, that, coming from the person who feels it's fine for all information to be available to the gov't since you claim you have nothing to hide.
        If that is so, please install a toilet in your front yard with no walls. Sometimes privacy is not about crime.
        • menu=many

    • The thing is...

      ...if the NSA can do it, others potentially can as well, or NSA itself could be infiltrated (it's happened before).

      I'm guessing that NSA wasn't going through a government back door. if it had, we wouldn't have Google engineers swearing.
      John L. Ries
  • so ,Google should have

    encrypted that in the first place. I think that eventually, stupidity of the 3-letter org will come out pretty costly to the said org, as well as, the entire 3-letter country...
  • It's about time ALL these jerks learned that they need to encrypt.

    Look at the idiots who designed *military* UAV's with unencrypted video and then complain that targets hack into the video stream. Is it really that difficult to add some *basic* encryption? How could something like that get past even the most basic preliminary list of necessary features?
  • Unencrypted traffic

    Because it was considered internal to Google, it was unencrypted, even though it passed through public facilities.

    It was about here were I lost any sympathy for Google.

    I would suggest this is too obvious a mistake for Google to make. The backdoor was opened intentionally. I am not saying the developers complaining knew about it but corporate Google knew about it.
    Richard Garrick
  • Dumb Ass Yanks ...

    ... Never fails to amaze me the number of American idiots that use the old "if you have nothing to hide, you have nothing to fear" Your country's institutions from the NY stop and friskers to the congress politi... sorry, bribed lobbyists, are that corrupted, compromised and infested with incompetent morons that trusting your personal details and records to ANY government agency should be an offence punishable by indefinite detention in a home for the deranged...

    ... and just how safe do you think your encryption is anyway, huh? Trust Microsoft? PGP? The cloud, ffs? How many encryption systems have fed backdoors? Enchelon anyone?

    ... and why would they want your data? Because they can get it, not because they are smart enough to do anything with it other than store it in a few zetabytes of warehouses in Texas at taxpayer expense.

    Its all a gigantic farce, and guess who is paying for it?