Google engineers rage at NSA

Google cryptography engineers explain their anger at the NSA for violating security systems they built to stop criminals.
Written by Larry Seltzer, Contributor on

Google engineers are taking to their Google+ pages to vent their fury at the NSA for the violation of their back-end security systems committed by the NSA.

It started with Brandon Downey who dropped an F-bomb on the agency shortly after the Washington Post reported on how the NSA had tapped into the internal traffic between Google's data centers.

Downey was joined yesterday by Mike Hearn. Hearn says he worked for over two years on the system that the NSA subverted.

A Google blog on that system, written by Hearn in February of this year, explains how spammers had begun to hijack Google accounts in order to send spam from them, increasing the odds that the spam would get through filters. The system he describes is called "risk-based authentication" in some security circles:

Every time you sign in to Google, whether via your web browser once a month or an email program that checks for new mail every five minutes, our system performs a complex risk analysis to determine how likely it is that the sign-in really comes from you. In fact, there are more than 120 variables that can factor into how a decision is made.

If a sign-in is deemed suspicious or risky for some reason—maybe it’s coming from a country oceans away from your last sign-in—we ask some simple questions about your account. For example, we may ask for the phone number associated with your account, or for the answer to your security question. These questions are normally hard for a hijacker to solve, but are easy for the real owner. Using security measures like these, we've dramatically reduced the number of compromised accounts by 99.7 percent since the peak of these hijacking attempts in 2011.

And indeed, an accompanying graph of legitimate accounts blocked for spamming over time shows that the number dropped to near-zero early in 2012.

The NSA broke into this system by tapping the connections between Google data centers. Because it was considered internal to Google, it was unencrypted, even though it passed through public facilities. The traffic is now all encrypted, blocking off this particular avenue of attack.

You can tell from these posts and from others, like Justin Schuh's, that these guys aren't Tea Party or Occupy types. They really do want to make systems that secure users and cooperate, through proper procedure, with law enforcement. They know that there's a lot of real crime committed on their systems and they need to fight it. The NSA's subterfuge makes this job harder.

Editorial standards