NSA, ASD rifle through users' address books: Report

NSA, ASD rifle through users' address books: Report

Summary: US and Australian intelligence agencies are collecting users' address books and contact lists for intelligence, but they are also being defeated by spammers.


The Australian Signals Directorate (ASD) has been assisting the US National Security Agency (NSA) in the collection of millions of online address books.

In another document leaked by whistleblower Edward Snowden, and reported by The Washington Post, the NSA and ASD are collecting more specific information on how users interact with each other over the internet for intelligence purposes.

The NSA has already been reported to store metadata on millions of web users without their consent, but the latest document shows how US and Australian intelligence agencies have been targeting email address books and instant messenger contact lists.

The document shows that the agencies have targeted the address books belonging to users of Yahoo, Hotmail, Gmail, and Facebook, and that this data is stored across multiple databases.

A representative day of how many address books are collected is shown in the document, with The Washington Post claiming that the figures are from the top six overseas access points. One of these belongs to "NSA's Australian counterpart" — the ASD.

The figures show than on that particular day, the two intelligence agencies collected 712,366 address books. The ASD's collection point was responsible for 311,113 of them.

Address books are not the only source of information listed in the document. The two intelligence agencies also appear to be targeting contact lists, with Yahoo Messenger being a particular focus.

Information that can be collected from Yahoo Messenger includes users' online contact status and unread emails in Yahoo inboxes. The document notes that webmail inboxes increasingly include content, as opposed to pure metadata that is gleaned from address books, and that "buddy lists" provide information in an indirect way.

"Most collection is due to the presence of a target on a buddy list where communication is not to, from, or about that target."

The document indicates that the NSA collects information from 500,000 lists and inboxes each day.

However, the NSA and ASD are having increasing difficulty with managing the amount of data it can analyse, stating that "identifying buddy lists and inboxes without content (or without useful content)" is an ongoing challenge.

An example case is provided where a targeted Yahoo email account in 2011 was hacked and used to send spam. The ASD's collection of information spiked dramatically as it collected all of the spam, and then subsequently began looking at and collecting information from recipients.

The problem became so bad that in the subsequent month, the target email address was "emergency detasked" from the Australian collection point and one other US collection point.

The number of these incidents is decreasing, however, with another document showing that emergency detasks are trending downward, from a little under 120 per month in November 2011 to about 10 in May 2012.

The improvements in how it collects and analyses information also apply specifically to Yahoo Messenger. Another document states that Yahoo's web-based Messenger client makes a lot of network chatter that has very little foreign intelligence value.

Lastly, the documents identify a bandwidth problem whenever the IMAP protocol is used to fetch mail from servers.

When email accounts are secured using two-factor authentication, the second factor is typically not time based when connecting via IMAP, making it potentially easier to break into an account and likely to be of significant interest to the intelligence agencies. In Yahoo's case, it has been demonstrated that no two-factor challenge is even made when checking mail in this way, even if the account has the security measure enabled.

Topics: Privacy, Government, Government AU, Government US, Security, Australia

Michael Lee

About Michael Lee

A Sydney, Australia-based journalist, Michael Lee covers a gamut of news in the technology space including information security, state Government initiatives, and local startups.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Good thing the only addresses I keep in mine

    are those of politicians and NSA employees.
    • Explosive information.

      It's a 5-eyed monster, and now we know it has tentacles.

      Those undersea cables are like tentacles or vacuum tubes, sucking up emails and address books from an entire population on the other side of the Pacific. I wonder if each of those governments sharing masses of data pay for any of the undersea fiber cables they're using for this mass Hoovering of data?

      Now we know those address books get analyzed and collated, probably on the other side of the Pacific. Every person's circle of friends, contacts and acquaintances get stored. We know that the 5-eyed nations then share intelligence data with each other.

      I would suggest that any news organizations get their email moved to servers in countries well away from the 5-eyed nations. Journalists can no longer guarantee that their sources will be kept confidential. The managers and CEOs of every news organization should make it a priority to make their email secure.

      Maybe journalists need to go back to the old way of meeting contacts, Watergate style, in a carpark late at night, to avoid being wiretapped.