The U.S. National Security Agency has penetrated the main communication links that connect Yahoo and Google data centres around the world, giving it access to the accounts of hundreds of millions of people including U.S. residents, The Washington Post reported Wednesday.
By tapping the links, the agency is able to collect at will a wide range of content such as metadata — indicating the recipients of emails and when the messages were sent — as well as actual content like text, audio and video, according to the report.
The NSA does not store all of the content permanently, but it keeps a lot, the newspaper reported, based on documents provided by former NSA contractor Edward Snowden as well as interviews with what the Post called "knowledgeable" officials.
Through the program, millions of records are sent every day from Yahoo and Google's internal networks to data warehouses at the NSA's headquarters in Fort Meade, Maryland, the report said. In the past 30 days alone, more than 181 million records containing various data had been processed by field collectors, according to the report.
The data links are exploited using a tool called MUSCULAR, which is operated in partnership with the NSA's British counterpart, GCHQ, the Post reported. Together, the NSA and HCHQ can copy entire data flows across fiber-optic cables carrying information between Yahoo and Google data centers, the report said.
The interception points were not disclosed.
The revelation constitutes the latest in a series of high-profile leaks of information about U.S. surveillance programs since the Post and the Guardian newspaper first reported the existence of a program known as Prism in June. That program allows the NSA to access data stored within the servers at major Internet companies like Yahoo, Google, Facebook, Microsoft and others.
Sign up for CIO Asia eNewsletters.