Leaked NSA doc reveals ‘sheer luck’ needed to find useful info in sea of surveillance data

A National Security Agency (NSA) data gathering facility is seen in Bluffdale, about 25 miles (40 km) south of Salt Lake City, Utah May 18, 2015. © Jim Urquhart
The NSA didn’t know it was already sitting on a “goldmine” of data on one of its targets until one of its analysts discovered it by “sheer luck,” according to an internal newsletter entry leaked by Edward Snowden.

The article, dated March 23, 2011, was written by a signals development analyst in SIDtoday, an NSA in-house newsletter. He explains how he discovered the contact and personal information for over 10,000 people, as well as some 900 account login details, after “a ton of hard work,” according to reports from The Intercept and teleSUR.

“By sheer luck, (and a ton of hard work) I discovered an important new access to an existing target and am working with TAO to leverage a new mission capability,” the analyst wrote to colleagues. TAO refers to Tailored Access Operations, an NSA hacking team which had collected the 900 usernames and passcodes.

The “existing target” was Petróleos de Venezuela, a Venezuelan state oil company also referred to as PDVSA.

Matthew Green, a Johns Hopkins Information Security Institute professor, told The Intercept it was “interesting” that the analyst used the word “discovered” because it means that either the NSA “didn’t realize” it had been collecting PDVSA’s information or that, perhaps, there had been a bureaucratic miscommunication on the subject.

“They’re capturing so much information from their cable taps that even the NSA analysts don’t know what they’ve got,” Green said.

An NSA review in 2010 found that its data on PDVSA had become “stagnant,” so it is clear why the analyst described the newly found materials as a “goldmine.”

“To understand PDVSA is to understand the economic heart of Venezuela,” the analyst wrote, who noted petroleum makes up “more than half of all government revenues.”

A “telltale sign,” as the analyst called it, of the NSA’s lapse in data mining was that “most reporting was coming from warranted collection,” likely referring to secret FISA warrants issued for surveillance of US communication lines.

The analyst ran a “target reboot,” a fresh batch of searches on PDVSA, aimed at “namely, the president and members of the Board of Directors,” using an NSA database called PINWALE that automatically compiles “targeting selectors” like email or IP addresses from large swaths of intercepted internet activity.

Soon after, in May 2011, the Department of State placed sanctions on PDVSA, claiming it was violating US sanctions against Iran. The announcement was made at the same time that Venezuela’s government was in court with Exxon Mobil and ConocoPhillips over its handling of oil drilling sites, which the US companies claimed had wrongly gone to PDVSA.

In recent weeks, the Wall Street Journal has reported that the US is pursuing “a series of wide-ranging investigations” aimed at PDVSA.