Security11.02.2014

SA networks mum on NSA spying

NSA National Security Agency

Network operators in South Africa have chosen to remain silent after it was recently revealed that the US National Security Agency (NSA) may be intercepting communications at the cable-level.

This follows the recent release of “Sniffmap” from Priority One Security (P1sec), which indicated that 60% – 153 of the 255 telecommunications routes in South Africa may be intercepted by the NSA.

Prior to P1Sec’s Sniffmap, a Spiegel Online report revealed that the NSA had essentially tapped the SEA-Me-We 4 (SMW4) undersea cable, which runs through the Mediterranean.

SMW4 was previously a Seacom partner cable, but Seacom stopped using SMW4’s services, except as a restoration capacity provider during an outage in March 2013.

Tata Communications, the majority shareholder of Neotel, is part of the consortium that owns and operates SMW4, and is also listed as the network administrator for the SEA-Me-We 4 system.

NSA infiltrated networks slide, nrc.nl (scaled)

NSA infiltrated networks slide, nrc.nl

Neotel and Seacom are not necessarily the only operators relevant to questions about NSA spying on traffic to or from South Africa, however.

Considering that Sniffmap suggests that 60% of the routes in South Africa may be intercepted, any number of telecommunications providers could be affected.

Internet Solutions, Neotel, Seacom, Telkom, WACS, WIOCC (EASSy) were all asked about the potential spying on their clients, but none of the companies provided comment by the time of publication.

The questions put to the companies were as follows:

  1. Do you have reason to believe that any of the traffic you carry from South Africa is being intercepted by the NSA?
  2. How do you feel about the reports that the NSA is intercepting traffic at a cable level?

Of the companies asked about Sniffmap and the recent reports that the NSA was snooping on undersea cables, only Internet Solutions and Seacom acknowledged receipt of our queries.

Only Seacom indicated that it had considered the questions and has no comment on either of them.

Sniffmap February 2013 South Africa

Sniffmap, South Arica, February 2014

Sniffmap caveats

While Sniffmap does give an indication of the possible extent of spying on Internet traffic from South Africa, it is worth noting the methodology and places of known bias that were highlighted by P1sec.

According to P1sec, its methodology was as follows:

  1. Choose a random list of target IP addresses;
  2. For each country, get all known traceroute gateways;
  3. For each traceroute gateway, test each target IP address (within a pool of 255 random IPs with each of the 255 class A networks);
  4. If this route goes through one NSA-controlled country, mark the route as “bad”, otherwise the route is marked as good.

P1sec noted that its method does not estimate the quantity of traffic intercepted, but rather the percentage of routes potentially intercepted.

Among the other points of bias P1sec highlighted was that they use a geographic IP lookup table to determine the location of routers, which is not 100% accurate.

Results are also dependent on the variety of traceroute sources, P1sec said.

P1sec also warned that not only the “Five Eyes” allies are intercepting Internet traffic, which it said means that the real interception statistics may be much higher.

SA government admits spy satellite project exists

Potential NSA spying on SA networks

SA Spy Files link deepens to the tune of R3.6m

South Africa’s link to The Spy Files

Spyware servers in SA: more details emerge

Show comments

Latest news

More news

Trending news

Sign up to the MyBroadband newsletter