The National Security Agency is working to repair its fractured relationship with major tech companies following disclosures by former agency contractor Edward Snowden that the NSA had been secretly pulling data from company servers for surveillance purposes.
“The outreach is happening. It’s absolutely imperative. This is about the big guys of a big tech company sitting in a room saying ‘holy shit, we’ve been hacked. What the F#*& is going on?’ So they look around at who may be able to help, and it used to be they would call NSA,” a former agency official told VentureBeat.
Not so much anymore. These days, the phones over at the NSA’s Commercial Solution Center, or NCSC, at Fort Meade aren’t ringing like they used to, and many U.S. tech operators, including Google and Apple, are pushing back hard against agency data requests through the super secret FISA court.
The NCSC is tasked with protecting the standards and competitiveness of U.S. technology companies.
Snowden’s leaks showed how the agency was routinely siphoning data from Apple, Google, Facebook, and Twitter servers without warrants, setting up phony Linkedin pages and boosting information from Yahoo servers at will, among many other secret programs.
Executives at Cisco, for example, were outraged when the scope of the agency’s questionable metadata collection programs (with names like MYSTIC and UPSTREAM) became known. And America’s closest allies were angered to learn that the NSA was rifling through their data too — tapping the personal cell phone of German Chancellor Angela Merkel, for example.
But with Russian- and Chinese-sponsored threats against private American and government infrastructure well known, and the theft of U.S. corporate, trade, and government secrets well documented, the former official told VentureBeat that the relationship between the NSA and American companies is now more important than ever despite its low point.
Since December, hackers have breached some of the biggest U.S. banks and retailers, like Target and Home Depot, and inserted complex strains of malware into their systems with devastating results. In the case of Target and Home Depot, security researchers strongly believe Russian hackers were behind the attacks. Over 150 million customers had their credit card information boosted.
Google declined to comment for this story. Apple is mulling my request for a response.
Apple revealed earlier this week that new encryption standards infused into the new iPhone 6 and iPhone 6 Plus were designed to make it harder for agencies like the NSA to tap and extract data from the devices.
It has been a difficult year for America’s biggest signals intelligence agency. The NSA admitted that it investigated 4,000 employees last year as part of a “re-investigation” program that it described as a routine security checks on workers. The agency employs 35,000 full-time workers and another 15,000 contractors.
The NSA announced last Thursday it would appoint a full-time risk officer to help oversee signal intelligence operations to make sure they stay within legal purview — another first, but one some former intelligence officials have scoffed at as an “empty suit approach” with no real power.
And earlier this month, the agency appointed Debora Plunkett as senior adviser for equality to help diversify employee rolls. Plunkett is an agency insider and comes from the signals intelligence directorate. She has held other significant roles in the super-secretive spy agency.
“The intelligence community never went in there wanting to cause harm,” to American IT outfits, a second former NSA official who now works in the security industry told VentureBeat.
Both former intelligence officials asked that their names not be used because they were discussing ongoing agency processes.
“There are advanced, persistent threats out there. And this is where the relationship between the agency and private sector changes. A company gets hacked, and somebody says ‘holy shit. Those guys (NSA) can help us.’ In the past, you would have these executives in a room, sitting with our best engineers, telling them what’s wrong,” the first former agency official said.
“So they need each other for obvious reasons. Regardless of specifics, there is a strong incentive for both sides of the relationship. If not, the U.S. is going to get crushed in terms of intellectual property theft, which is like a $300 billion problem.”
You can't solo security COVID-19 game security report: Learn the latest attack trends in gaming. Access here