美國國家安全局RAMPARTA項目基本情況

1、重要性an excerpt from the us intelligence ?black budget? detailing the ?foreign partner access project? provides insight into how important rampart-a is to the us government. in 2011, the nsa spent a total of $91 million on foreign cable access programs, out of which rampart-a accounted for $76.55 mill

2、ion, or 84 per cent. second party cable access programs, codenamed windstop, make up the rest. the fiscal year 2013 requested spending for rampart-a was down to $46.2 million but still accounts for 82 per cent of the total requested spending on foreign access projects. the efforts pay off. according

3、 to a 2010 briefing intelligence collected via rampart-a was used across all nsa analysis and production centers, and yielded over 9000 intelligence reports the previous year, out of which half was based solely on intelligence intercepted through 截獲數(shù)據(jù)量the ?black budget? also provides details about t

4、he volume of data collected by the nsa via third party cable taps. the introductory project description states that ?rampart-a has access to over 3 terabits per second of data streaming world-wide?. according to analysis provided by telegeography this was more than five times the average internation

5、al traffic from denmark in 2013, or 362 million ordinary cd-roms if stored on a daily basis.基本配置the most recent sso overview lists thirteen secret rampart-a sites out of which nine were active in april 2013. one site only provided metadata. the three largest sites - codenamed azurephoenix, spinneret

6、 and moonlightpath, the locations of which are unknown - tap a total of seventy different cables or networks and figure in several documents among the nsas most productive sources. the large amount of rampart-a cable taps, according to the leaked documents, gives access to ?international communicati

7、ons from anywhere around the world?, and ?all communications technologies? including ?digital network intelligence, voice, fax, telex, e-mail, internet chat, vpn and voip communications?.five sites, 4 with a trusted 3rd party partner us-3127/azurephoenix us-3145/moonlightpath us-3180/spinneret us-32

8、37/smokysink us-3190/firebird合作伙伴it has already been widely reported that the nsa works closely with eavesdropping agencies in the united kingdom, canada, new zealand, and australia as part of the so-called five eyes surveillance alliance. but the latest snowden documents show that a number of other

9、 countries, described by the nsa as “third-party partners,” are playing an increasingly important role by secretly allowing the nsa to install surveillance equipment on their fiber-optic cables.what the reports on both websites didnt mention is that rampart-a is apparently focussed on collecting inf

10、ormation about russia, the middle east and north africa. this comes fromder nsa komplex, a book about the snowden-revelations written by two journalists from der spiegel. unfortunately this book, which is much more informative than the one by glenn greenwald, is only available in german.besides 3rd

11、party partners giving access to cables in their own country, theres also a construction in which such a partner agency cooperates with yet another country that secretly provides access to data traffic, which is also shared with nsa. in recent years, bnd and nsa conducted about half a dozen of such o

12、perations, three of which are mentioned inder nsa komplex:-tiamat(access to high-level international targets under risky circumstances. this operation had ended before 2013)*-hermos(in the spring of 2012, bnd got access to communication cables in a crisis zone country, but this operation had to be t

13、erminated by the end of the year when the situation almost went out of control)*-wharpdrive(this operation was still active in 2013, but in the spring of that year, employees of the private company that operates the communication cables, accidently discovered the clandestine bnd/nsa equipment, but t

14、he operation was rescued by providing a plausible cover story)*監(jiān)聽地點 the best kept secret is the actual location where the bnd tapping point was. sddeutsche zeitungreportsthat in the original documents the name of the provider is blacked out, but that according to insiders, it must have beendeutsche

15、telekomthat assisted bnd. the paper even says both parties signed an agreement in which the provider earned a payment of 6.000,- euros a month in return for the access.this seems to correspond with a report broadcasted by the german television magazinefrontal 21in july last year, saying that bnd had

16、 access to the frankfurt internet exchange through its own cable since 2009. according to an insider, this cable access was under the cover of a major german telecom provider, and it was speculated this was deutsche telekom.but assomepeoplenoticed, deutsche telekom wasnotconnected to de-cix when ope

17、ration eikonal took place. in 2008, the actual routers and switches of de-cix were situated in10data centers frominterxion, telecity, equinix, level 3, itenos and e-shelter. since 2008, the distributed de-cix switches areinterconnectedthrough the priva|nex private fiber-optic network from eunetworks

18、.maybe before 2008 the de-cix switches were connected by fiber cables from deutsche telekom, but if not, there seems to be no way this company could have provided the bnd access to the frankfurt internet exchange. if the 6000,- euro contract really involved deutsche telekom, thenmaybefor the rent of

19、 a private cable from the tapping point to a bnd site.in response to earlier media reports, the de-cix management put out apress releaseon june 26, 2014 saying:we exclude that any foreign or domestic secret service had access to our internet exchange and the connected fiber-optic networks during the

20、 period of 2004 - 2007. it was added that de-cix itself doesnt operate any data centers, nor stores or processes data on its own.this statement only speaks about the past, so it doesnt contradict the fact that the bnd was recentlyauthorizedto intercept the communications from 25 internet service pro

21、viders (isps), with their cables being tapped at the de-cix internet exchange, as was reported by der spiegel on october 6, 2013. a letter containing this authorisation was sent to the association of the german internet industry, which is the owner of the company that operates the frankfurt internet

22、 exchange.among these 25 providers there are foreign companies from russia, central asia, the middle east and north africa, but also 6 german providers: 1&1, freenet, strato ag, qsc, lambdanet and plusserver, who almost exclusively handle domestic traffic.however,strato agsaid they would never agree

23、 with such a wiretapping order and1&1declared they never received a letter from bnd and suggests that if theres any interception this may take place in cooperation with de-cix management gmbh, the organisation that operates the frankfurt internet exchange.this would mean that currently bnd isnt tapp

24、ing the whole internet exchange, but only the cables from selected providers, which is of course much more efficient. tapping the whole exchange would probably also exceed bnds technical capabilities, as nowadays de-cix connects some 550 isps from more than 55 countries (includingnorth korea), inclu

25、ding broadband providers, content delivery networks, web hosters, and incumbent operators.if thats the case, then the actual interception could take place at de-cix systems, maybe at the core fiber network or the core switch. this means, bnd only needs the cooperation of the de-cix management and th

26、e indivual providers can honestly deny that their cables are being intercepted.according to der spiegel, the bnd copies the data stream and then searches it using keywords related to terrorism and weapon proliferation. a bnd spokesmanassuredthe wall street journal in october last year that purely do

27、mestic german traffic is neither gathered nor stored.simplified structure of the internet, showing how tier 1, tier 2 and tier 3 providerstransit data traffic in a hierarchial way and how tier 2 providers exchangetraffic directly through peering at an internet exchange point (ixp)(diagram: wikimedia

28、 commons - click to enlarge)in august last year, a spokesman from the de-cix managementsaidthat he couldnt rule out that some providers connected to the exchange would allow interception on their equipment when ordered so by their national governments.this points to for examplelevel 3, a us company

29、that has a data center which houses some de-cix routers. but if level 3 would have provided access to de-cix, then there was no need for nsa to cooperate with bnd. also, on august 1, 2013, level 3 gave out apress releasesaying that the company had not given any foreign government access to its netwo

30、rks in germany in order to conduct surveillance. see also:nsa also has arrangements with foreign internet providersconclusionalthough we have no positive confirmation that eikonal was part of the rampart-a program, this german operation perfectly fits the way in which foreign parters of nsa get acce

31、ss to important internet cables and switches and share the results with their american counterparts. in this case, nsa apparently cooperated with bnd in order to get access to communications from russia and probably also from the middle east and north africa that traveled through germany.the best kept secret is how and where such interception takes place, and we have seen that tapping the frankfurt internet exchange de-cix is far more complex than it seems. this makes it difficult to pinpoint t