The NSA is scanning US web traffic for specific malware signatures, according to new Snowden documents published by The New York Times and ProPublica. Previous documents have shown the NSA and GCHQ collecting data from undersea data cables, but this is the most comprehensive look at how the NSA uses that data to zero in on specific activities or actors on the web.
According to the new documents, the scanning is enabled by broad legal powers, granted by the Department of Justice and FISA court in 2012. An initial Justice Department order (interpreting Section 702 of the FISA Amendments Act) authorized the NSA to target data based on specific IP addresses or threat signatures that were linked to foreign nations. In addition to its surveillance operations, the NSA is tasked with defending official US networks from digital intrusions, a task that's grown increasingly difficult as states like China have grown more sophisticated.
But according to the documents, limiting the scans to foreign states was too restrictive for the NSA. Over the course of 2012, NSA director Keith Alexander lobbied the Justice Department to extend the signature-based scans to malware that hadn't been linked to state actors, but his efforts were unsuccessful. Still, the agency Specific malware programs are often reused, even between criminals and governments, so it's notoriously difficult for researchers to connect a tactic to a specific actor.
Experts are comparing the resulting system to the network intrusion detection systems (or NIDS) that are deployed on many private networks. Given a top-down view of the network, NIDS systems monitor for malware traveling between points on the network, rather than catching the bad actors as they infect individual machines. Those systems have also been proposed at a national level, although they've rarely been deployed publicly due to the privacy issues involved.
6/4 4:07PM ET: An earlier version of this article stated that the Justice Department had authorized the NSA to collect signatures not linked to foreign actors. That permission was lobbied for, but never granted. The Verge regrets the error.