The US military gained access to a powerful Internet surveillance tool that covers more than 90 percent of global web traffic and in some cases provides access to email data, history browsing and many other information, such as sensitive cookies, according to contract documents that acquired Motherboard.
Additionally, Sen. Ron Wyden reported that a whistleblower contacted his office about the alleged warrantless use and purchase of this data by NCIS, a civilian law enforcement agency owned by the Navy, after filing a complaint through the official process of reference to its Ministry Defense, according to a copy of the letter Wyden's office provided to Motherboard.
The documents reveal the sale and use of a previously and little known technologys monitoring powered by markets data from the private sector. The tool, called Augury, was developed by cyber security company Team Cymru and collects a huge amount of data that it makes available to government and corporate clients as a paid service.
In the private sector, cyber security analysts use it to monitor hacker activity or to attribute cyber attacks. In the government sector, analysts can do the same. Authorities dealing with criminal investigations also have this service.
The military services do not mention the cases of use of the tool. However, the sale of the tool to the military shows us that the military also gained access. It should be noted here that no one knows how Team Cymru acquired the data and then sells it as a business, which has worried many sources in the cyber security industry.
“The data includes data from more than 550 collection points worldwide, from Europe, the Middle East, North/South America, Africa and Asia and is updated with at least 100 billionmillions new files every day,” a US government procurement file reviewed by Motherboard says of the Augury platform. He adds that Augury provides access to “petabytes” of data. Motherboard found that the US Navy, Army, Cyber Command, Defense Counterintelligence and Security Service have collectively paid at least $3,5 million to access Augury.
“The Augury platform is not designed to target specific users or user activity. The platform specifically does not have subscriber information necessary to connect with any user," Team Cymru told Motherboard.
“Our platform does not provide information about users or subscribers preventing the ability to use it to target individuals. Our platform captures only a limited sampling of the available data and allows queries for a limited sample and limited data, which originates from malware, malicious activity, honeypots, scans and third parties that provide it.”
