Ecstatic NSA spooks delight in spying on spies who are spying on spies

A tranche of fresh Snowden leaks published in Der Spiegel by Laura Poitras, Jacob Appelbaum and others detail the NSA's infiltration of other countries' intelligence services, detailing the bizarre, fractal practices of "fourth-party collection" and "fifth-party collection."

"Fourth party collection" is the practice of spying on spy agencies to gather all the data they're taking in. "Fifth-party collection" is the practice of spying on spies who are spying on other spies. Really.

The tone of these leaks is jubilant, almost giddy, filled with jokey pop-culture references. Countries targeted for fourth-party collection include US/Five Eyes allies, like Germany, whose spy-services have been penetrated by the NSA.

It's absurd: As they are busy spying, the spies are spied on by other spies. In response, they routinely seek to cover their tracks or to lay fake ones instead. In technical terms, the ROC lays false tracks as follows: After third-party computers are infiltrated, the process of exfiltration can begin -- the act of exporting the data that has been gleaned. But the loot isn't delivered directly to ROC's IP address. Rather, it is routed to a so-called Scapegoat Target. That means that stolen information could end up on someone else's servers, making it look as though they were the perpetrators.

Before the data ends up at the Scapegoat Target, of course, the NSA intercepts and copies it using its mass surveillance infrastructure and sends it on to the ROC. But such cover-up tactics increase the risk of a controlled or uncontrolled escalation between the agencies involved.

It's not just computers, of course, that can be systematically broken into, spied on or misused as part of a botnet. Mobile phones can also be used to steal information from the owner's employer. The unwitting victim, whose phone has been infected with a spy program, smuggles the information out of the office. The information is then retrieved remotely as the victim heads home after work. Digital spies have even adopted drug-dealer slang in referring to these unsuspecting accomplices. They are called "unwitting data mules."

NSA agents aren't concerned about being caught. That's partly because they work for such a powerful agency, but also because they don't leave behind any evidence that would hold up in court. And if there is no evidence of wrongdoing, there can be no legal penalty, no parliamentary control of intelligence agencies and no international agreement. Thus far, very little is known about the risks and side-effects inherent in these new D weapons and there is almost no government regulation.

The Digital Arms Race: NSA Preps America for Future Battle [Jacob Appelbaum, Aaron Gibson, Claudio Guarnieri, Andy Müller-Maguhn, Laura Poitras, Marcel Rosenbach, Leif Ryge, Hilmar Schmundt and Michael Sontheimer/Der Spiegel]

(Image: Army, Marcos Leal, CC-BY)

Notable Replies

  1. To be fair, I feel like I would also be delighted at an opportunity for metaspying.

  2. I also feel like you feel like that.

  3. I suspect your 'espionage crash' may be named Edward Snowden.

  4. It's spies all the way down.

  5. I remember hearing about FBI investigators looking for sexual predators who were posing as young girls, online chatting with suspects, only to find out that their suspects were other FBI agents, posing as sexual predators to try to get young girls about other online acquaintances, and thus track actual sexual predators. Supposedly, now they use secret codewords and names to alert each other and stop them from stalking each other. Now that's a rabbit hole.

Continue the discussion

18 more replies