Reclaim the Net – by Tom Parker
Senator Ron Wyden (D-OR) has revealed that the US Naval Investigative Service (NCIS) has a contract for “Augury” – a mass monitoring tool that reportedly covers 93% of the world’s internet traffic and provides access to petabytes of current and historical data.
Wyden made the revelation in a recent letter that urged officials at the Department of Homeland Security (DHS), Department of Defense (DOD), and Department of Justice (DOJ) to investigate their department’s “warrantless purchase and use of records revealing the websites Americans have accessed online.”
The Senator wrote that public contracting records show that NCIS has a contract for Augury and that these records show that Augury provides access to network data “from over 550 collection points worldwide.” Wyden added that these records show Augury “is updated with at least 100 billion new records each day” and “confirm that Augury provides access to email data…and data about web browser activity.”
Not only does Wyden’s letter highlight this Augury contract but it also reveals that Wyden’s department was recently contacted by a whistleblower who had filed formal complaints “regarding the warrantless purchase and use of netflow data by the Naval Criminal Investigative Service (NCIS).” This whistleblower told Wyden’s department that NCIS is “purchasing access to data, which includes netflow records and some ‘communications content” from Team Cymru – a data broker that offers access to Augury.
Wyden’s letter also notes that other government agencies, including US Cyber Command, the Army, the Federal Bureau of Investigation (FBI), and the US Secret Service, have contracts with Argonne Ridge Group – an affiliate of Team Cymru that has previously managed contracts with public agencies.
Motherboard, which reviewed several of the contracts referenced in Wyden’s letter, added that while these contracts don’t mention Augury, one of the FBI contracts does say “it will secure funding approval to buy net flow from one commercial vendor and integrating it into existing sources of net flow available to cyber intelligence analysts to analyze as a proof of concept.”
We obtained a copy of Senator Wyden’s letter for you here.
Online promotional materials for Augury and online procurement records that were reviewed by Motherboard suggest that the platform provides access to access to a wide range of online data insights.
Cosive, a security company that claims its team are “experts at the setup and optimisation of Team Cymru Augury at organisations throughout Australia and New Zealand,” states that Augury gives “visibility into 93% of the internet traffic” and claims that Augury provides direct access to more than 50 different categories of data insights which include:
- Internet traffic intelligence
- DNS/SMTP/Web intelligence (DNS is an abbreviation of “Domain Name System,” a technology that connects web browsers with websites, and SMTP is an abbreviation of “Simple Mail Transfer Protocol,” one of the world’s most popular email communication protocols)
- Device intelligence and behaviors
- Darkweb activity
In its report on these contracts with Team Cymru, Motherboard wrote that online procurement records describe Augury making other data available to its users. This data includes:
- Web browser activity data (which includes URLs visited and cookie usage)
- Packet capture data (PCAP) related to email, remote desktop, and file sharing protocols
- Netflow data (which creates a picture of traffic flow and volume across a network)
According to Motherboard, netflow data can be used to follow traffic through virtual private networks (VPNs) and show the server a user is ultimately connecting from. Motherboard claimed that Team Cymru obtains its netflow data from internet service providers (ISPs) and that this transfer of data is likely happening without the informed consent of the ISPs’ users.
Motherboard noted that the procurement record that says Augury has access to PCAP data, URLs visited, and cookies is related to the maintenance of a Department of the Navy purchase of Augury and that it’s not clear whether Team Cymru’s other government clients have access to this data.
The US Navy, Army Cyber Command, and the Defense Counterintelligence and Security Agency collectively paid at least $3.5 million to access Augury, according to Motherboard’s report.
Charles E. Spirtos from the Navy Office of Information told Motherboard that NCIS specifically “conducts investigations and operations in accordance with all applicable laws and regulations” and said, “the use of net flow data by NCIS does not require a warrant.”
Zach Edwards, a cybersecurity researcher who spoke with Motherboard, said PCAP is “everything.” Another source in the cybersecurity industry told Motherboard that the reported availability of PCAP data in Augury is “insane.”
Team Cymru told Motherboard that it limits the data returned to its users but didn’t specify what data it actually provides to users.
“The Augury platform is not designed to target specific users or user activity,” Team Cymru added. “The platform specifically does not possess subscriber information necessary to tie records back to any users.”
Team Cymru also claimed that its platform only captures a limited sampling of available data and only allows queries against limited data which originates from malware, malicious activity, honeypots, scans, and third parties who provide feeds of the same. Additionally, Team Cymru said that Augury “doesn’t provide results that show any pattern of life, preventing its ability to be used to target individuals.”
These revelations about the US government’s contracts with Argonne Ridge Group are the latest of many bombshell surveillance revelations that have been made public this year.
Other revelations include Capitol Police engaging in social media surveillance, the Central Intelligence Agency (CIA) having a secret surveillance program that collects American’s private data, DHS secretly surveilling money transfers, Customs and Border Protection (CBP) and Immigration and Customs Enforcement (ICE) tracking cell phones on a much larger scale than previously reported, the Internal Revenue Service (IRS) surveilling thousands of cryptocurrency owners, and ICE creating a surveillance dragnet by purchasing databases with billions of data points from private companies.