US intelligence has been mimicking the search engine Google to conduct “man in the middle” surveillance of suspects.
Buried in among all the NSA leaks, which have shown direct economic and private espionage, was the news about an operation code-named Flying Pig.
According to Techdirt, Flying Pig has not been mentioned before, although there were rumours that the NSA and others had been using “man in the middle attacks”.
The system is good as far as GCHQ and the NSA are concerned because they do not need to approach Google directly.
An NSA presentation that also contains some GCHQ slides describes how the attack was used to snoop on SSL traffic. It illustrates with a diagram how one of the agencies appears to have hacked into a target’s internet router and covertly redirected targeted Google traffic using a fake security certificate. This allowed it to intercept the unencrypted information.
The British GCHQ network exploitation team developed Flying Pig because there was a rise in SSL encryption by email providers like Yahoo, Google, and Hotmail.
The Flying Pig system appears to allow it to identify information related to use of the anonymity browser Tor and also allows spies to collect information about specific SSL encryption certificates.
It is starting to show how far the NSA and GCHQ are going in their hacking antics and how the tech companies aren’t always “willing participants” in the NSA’s efforts.
No one knows how the agencies are getting their hands on the security certificates and the question about how much the British GCHQ is doing the US government’s dirty work is also not being looked at.