NSA Surveillance Can Penetrate VPNs
National Security Agency's XKeyscore system can collect just about everything that happens online, even things encrypted by VPNs, according to Edward Snowden.
The National Security Agency has a system that allows it to collect pretty much everything a user does on the Internet, according to a report published by The Guardian on Wednesday, apparently even when those activities are done under the presumed protection of a virtual private network (VPN).
The Guardian 's information comes from whistleblower Edward Snowden, the former NSA contractor now seeking asylum in Russia from U.S. authorities for revealing classified documents about the NSA's intelligence-gathering capabilities to the media. The news organization's report suggests that Snowden's claim that he could wiretap anyone from his desk, dismissed by U.S. lawmakers as false, was essentially accurate.
Described in a 2008 presentation, the system, called XKeyscore, can reportedly track email addresses, logins, phone numbers, IP addresses and online activities — files, email contents, Facebook chats, for example — and can cross-reference this information with other metadata.
Even after weeks of revelations about the scope and breadth of NSA data gathering, news that XKeyscore can penetrate VPNs comes as a something of a shock.
Post a comment to the original version of this story on InformationWeek