Emerging Trends In Computer And Information Technology ETI (22618) Micro Project MSBTE
 |
| ETI (22618) Micro Project MSBTE |
program Name and Code: ETI (22618)
Course Name and Code: CO 6 I
Academic Year :
Semester: Sixth
Annexure-I
A MICRO PROJECT ON "Case study on data leakage from NSA (National Security Agency)"
1.0 Aims/Benefits of the Micro Project
I. To create awareness about the PRISM attack among people.II. To prepare an in-depth case study on the PRISM attack by Edward Snowden covering all aspects of the attack.III. To help minimize future losses caused by PRISM attacks by providing preventive measures.IV. To study the importance of security.
2.0 Course outcome addressed.
- CO604.4: Describe evidence handling procedure
- CO604.3: Describe the ethical hacking process
- CO604.5: Detects Network, Operating System and applications vulnerability
3.0 Proposed methodology
- Focused on the selection of an appropriate topic for the micro-project.
- Prepare Algorithm and flowchart.
- Write the program and get the output.
- Select the topic i.e. To Prepare a report on a Case study on data leakage from the NSA (National Security Agency).
- A brief study on our topic.
- Gather all information based on the topic of the micro project.
- Analysis and study of our topic in detail.
- Following all the above methodologies we successfully completed our microproject.
- Focused on the selection of an appropriate topic for the micro-project.
- Prepare Algorithm and flowchart.
- Write the program and get the output.
- Select the topic i.e. To Prepare a report on a Case study on data leakage from the NSA (National Security Agency).
- A brief study on our topic.
- Gather all information based on the topic of the micro project.
- Analysis and study of our topic in detail.
- Following all the above methodologies we successfully completed our microproject.
4.0 Action Plan
Sr. No. Detail of activity Plan start date Plan finish date Name of responsible team members 1 Searching the topic for micro-project 2 Search information from the ETI (22618) book and from the internet.
3 Discuss with the project guide. 4 arrange all information in MS Word 5 Prepare a report on it using MS Word 6 print micro project
| Sr. No. | Detail of activity | Plan start date | Plan finish date | Name of responsible team members |
|---|---|---|---|---|
| 1 | Searching the topic for micro-project | |||
| 2 | Search information from the ETI (22618) book and from the internet. | |||
| 3 | Discuss with the project guide. | |||
| 4 | arrange all information in MS Word | |||
| 5 | Prepare a report on it using MS Word | |||
| 6 | print micro project |
5.0 Resources used
| Sr. no. | Name of resource material | Specifications | Quantity |
|---|---|---|---|
| 1 | Computer System | 16 GB RAM, Windows 11 OS | 1 |
| 2 | Internet | Youtube / Wikipedia | |
| 3 | textbook/manual | ETI (22618) | 1 |
annexure-II
Micro-Project Report
A MICRO PROJECT ON "Case study on data leakage from NSA (National Security Agency)"
Brief Introduction/Rationale
The advancements and applications of Computer Engineering and Information Technology are constantly evolving. Emerging trends are focused on raising awareness about the significant trends that will shape technological disruption in the field of Computer Engineering and Information Technology in the coming years. As technology continues to innovate, there is also an increasing presence of technical threats in human life, posing a threat to society. To educate people about one of these issues, our group chose to conduct a case study on the PRISM attack conducted by Edward Snowden, which resulted in significant financial and data losses.
Problem Definition:
Write a brief report on data leakage of classified information from NSA (National Security Agency).
• Write how the security of a National Security Agency works.
• Study how the classified information was leaked by intelligence consultant.
• Study how the situation affected the National Security Agency.
Literature Review
In his testimony to the House Permanent Select Committee on Intelligence, General Alexander clarified that Snowden had falsely created digital keys to facilitate his attack. Edward Joseph Snowden, an American former computer intelligence consultant, leaked highly classified information from the National Security Agency (NSA) in 2013. At the time, he was an employee and subcontractor. His disclosures exposed various global surveillance programs, some of which were operated by the NSA and the Five Eyes Intelligence Alliance in collaboration with telecommunication companies and European governments. This sparked a societal debate on national security and personal privacy.
• Here is what we know about Snowden’s work environment and the tools he had at his disposal:
i. Valid Access
ii. SSH Keys
iii. Limited Computing Resources
Introduction:
Edward Snowden, a 29-year-old technical assistant for the Central Intelligence Agency, became known for exposing the PRISM program, the largest surveillance program ever implemented by the US. His name is destined to go down in history, for better or worse. According to The Guardian, Snowden worked as a technical assistant for the National Security Agency for the past four years under various defense contractors. Currently, he is employed by security defense contractor Booz Allen Hamilton. Like other whistleblowers, such as Bradley Manning, a US Army soldier arrested in Iraq in May 2010 for allegedly leaking classified material to WikiLeaks, Snowden chose to publicly reveal an uncomfortable truth.
Edward Snowden was afraid that the government would persecute him for revealing classified information about the extensive surveillance program PRISM. At the moment, he is staying in a hotel in Hong Kong, where he went after sharing his presentation that he had prepared while working at the NSA Office in Hawaii approximately three weeks ago. Snowden decided to make public the details and evidence of a program that every American had suspected but that authorities and private companies always denied. He left the United States, citing health reasons, and traveled to Hong Kong, a Chinese territory known for its commitment to freedom of speech. In an interview with The Guardian, Edward Snowden expressed his concerns, being fully aware of the power of intelligence agencies and the potential consequences of his actions. Consequently, he has taken measures to protect himself by staying in a hotel.
 |
| Edward Snowden |
What is PRISM?
A former NSA contractor leaked classified presentation slides that provide information about PRISM. On June 6th, The Guardian and The Washington Post released reports that were based on the leaked slides. These reports claim that the NSA has "direct access" to the servers of Google, Facebook, and other companies. Since the leak, the companies implicated in the slides have strongly denied any knowledge or involvement in PRISM. They have also refuted the allegations that the US government can directly access their users' data.
Both the companies and the government insist that data is collected only with court approval and for specific targets. According to The Washington Post, PRISM is reportedly a streamlined system, varying between companies, that enables them to expedite data collection requests approved by the court. Due to the limited technical information available on PRISM's operations and the secrecy of the FISA court, critics express concerns about the program's scope and potential violation of the constitutional rights of US citizens.
 |
| PRISM |
How PRISM was Created?
Under the Protect America Act, the attorney general and the director of national intelligence are authorized to outline in a confidential document how intelligence will be gathered on foreign individuals abroad each year. However, specific targets or locations are not required to be identified. As stated by the Post, once this plan receives approval from a secret court order issued by a federal judge, the NSA can compel companies like Google and Facebook to provide data to the government, as long as the requests align with the criteria specified in the classified plan.
 |
| Creation of PRISM |
What does the NSA Collect?
The NSA programs collect two types of data: metadata and content. Metadata refers to the sensitive information derived from communications, such as phone records that disclose details like participants, times, and durations of calls. PRISM collects the content of emails, chats, VoIP calls, cloud-stored files, and other forms of communication. US officials have attempted to alleviate concerns about the NSA's collection of indiscriminate metadata by highlighting that it does not reveal the actual conversations. However, metadata can be just as revealing as content, as internet metadata includes data such as email logs, geolocation information (IP addresses), and web search histories. Due to a long-standing law, metadata receives less protection than content in the US.
How does the NSA collect the Data?
Many important details about how and when the NSA collects data are still unknown. Legally, surveillance programs rely on two statutes: Section 702 of the FISA Amendments Act (FAA) and Section 215 of the Patriot Act. The former allows the collection of communication content through programs like PRISM, while the latter permits the collection of metadata from phone companies like Verizon and AT&T. However, various reports and leaked documents suggest that the FISA intelligence courts have interpreted these statutes in secret to grant broader authority than originally intended. They also indicate that the FISA courts only approve the NSA's collection procedures and that specific warrants for individual targets are not required. To begin the analysis process, an analyst enters search terms known as "selectors" into a system like PRISM. This system then retrieves information from other collection sites called SIGADs (Signals Intelligence Activity Designators). SIGADs have classified and unclassified code names and are responsible for different types of data. For example, NUCLEON gathers the contents of phone conversations, while others like MARINA store internet metadata.
%20Micro%20Project%20MSBTE.webp "Emerging Trends In Computer And Information Technology ETI (22618) Micro Project MSBTE") |
| Methods of Data Collection by NSA |
How did the PRISM attack happen?
Millions of Americans who are facing difficulties in obtaining health insurance through Obamacare's new health exchanges are inputting their personal information into computer systems. Encryption is the technology that is relied upon to ensure the security of this information, as well as for emails, online shopping, banking, and other activities. However, it is possible that your data may not be as secure as you would hope. The process of encrypting a message involves scrambling it using a randomly generated key and mathematical jumbling. The NSA and its UK counterpart GCHQ perceive this encryption as the most substantial threat to their ability to access the vast amounts of communication data they gather.
Internet companies have provided their users with reassurances regarding the security of their communications. However, the Snowden documents expose the fact that US and British intelligence agencies have managed to successfully break or bypass a significant amount of online encryption. According to the documents, these agencies achieved this not through conventional code-breaking methods, but rather by collaborating with the industry to introduce vulnerabilities or backdoors into commercial encryption systems – and even covertly sabotaging the international standards that encryption relies on.
Computer security experts claim that, in their relentless pursuit of accessing more data, intelligence agencies have compromised the computers of millions of ordinary internet users and undermined their other priority of safeguarding the US and UK from cyberattacks. Therefore, the question arises: is all encryption rendered useless? According to Snowden, who was part of the system until May, a considerable amount of encryption is weak, making it susceptible to the NSA's ability to circumvent it. However, there are still robust cryptographic systems that can be trusted. Snowden himself endorses a combination of Tor and PGP, where Tor provides anonymity by routing communications through a network of volunteers, and PGP software is used for data encryption. Levison, the creator of the secure email service Lavabit, is currently involved in a legal battle because he chose to shutter his company rather than surrender encryption keys.
Conduction of PRISM attack
How the Evidence was handled by the court and what actions was take against Edward Snowden:
The Snowden disclosures have led many, both on Capitol Hill and beyond, to conclude that the political and legal mechanisms required to hold the NSA accountable in a functioning democracy are no longer suitable for their intended purpose. The Foreign Intelligence Surveillance Act of 1978 (FISA) was designed to limit the NSA's ability to utilize its capabilities against American citizens. It was enacted in response to one of the major controversies of that time, which involved the unlawful surveillance of US political activists, trade union leaders, and civil rights leaders by intelligence agencies. FISA was the first law to officially establish that the NSA's focus is on foreign intelligence. If there were suspicions regarding a spy or a foreign power's agent operating within the US, the NSA and the FBI could seek a warrant from the newly established FISA court for surveillance. However, according to Wyden, the intelligence agencies have since operated with a high level of secrecy, making it difficult to fully understand how the laws are implemented in practice. The 2008 FISA Amendments Act, which was renewed in 2012, allows for the collection of communications without a warrant, as long as at least one end of the communication involves a non-US person.
The FISA court and its proceedings used to be top secret, but then Snowden spilled the beans. Because of this, it's pretty much impossible to challenge how they interpret the law. The government is the only one who gets to talk to the court, there's no one arguing for privacy rights. The NSA says it's not surprising that everything is hush-hush since they're doing secret stuff. In January 2009, the FISA court found out that the NSA was snooping on business records in a way that went against their own rules. The court told the government to explain themselves. These documents show how the NSA was struggling to understand the business records program and make sure they were following the rules.
What is Fisa Court?
The FISA Court, also known as the FISC, is a federal court in the United States that was set up to handle surveillance warrants against foreign spies within the country. It was established in 1978 as a result of recommendations from the U.S. Senate's Church Committee. The court used to be located in the Robert F. Kennedy Department of Justice Building, but since 2009, it has been moved to the E. Barrett Prettyman United States Courthouse in Washington, D.C. In 2013, a secret order from the court, which later became public through documents leaked by Edward Snowden, required a Verizon subsidiary to provide the NSA with daily call records, including domestic calls.
Charges against Edward Snowden:
Last week, federal prosecutors secretly charged ex-NSA contractor Edward Snowden with three serious crimes related to the recent leaks of classified information about secret U.S. surveillance programs. The charges include sharing classified information with an unauthorized party, revealing communications intelligence information, and stealing government property. These charges could result in a maximum of ten years in prison for each offense. The charges were filed in a federal court in Alexandria, Va., on Friday.
The Justice Department is apparently trying to get Snowden sent back from Hong Kong, but nobody really knows where he is right now.
Ways for Organizations to avoid PRISM attacks:
- 1) Encrypt your internet traffic
In the browser's URL field, enter "https://" before the domain name. The browser will then download a certificate from the website and utilize it to establish a shared encryption key. Subsequently, all of your data will be encrypted. If you do not observe "https" in the URL field, the data is not encrypted.
- 2) Check the encryption used by the websites you visit
Not all websites use good keys or encryption algorithms. At ssllabs.com you can test the sites you visit and (politely) ask them to improve their security.
- 3) Disable internet use tracking
On the other hand, NoScript is a whitelisting system that disables JavaScript (a programming language that operates within your browser) when you visit a site, unless the site is included in the whitelist. Since most tracking relies on JavaScript, disabling it makes it more challenging (although not completely impossible) for trackers to monitor your activities. There are two possible methods for preventing website tracking: blacklisting and whitelisting. Blacklist programs utilize lists of known spyware sites and block their activities. An example of such a program is PeerBlock.
Skill Developed / Learning Outcome of this Micro-Project
Technical skills:
1. Gained knowledge about ethical hacking.
2. Understood the concept of Firewall.
3. Got to know about cyber security.
4. Understood the Fundamentals of Computer Networking.
5. Documentation.
Soft Skills:
1. Leadership (How to lead a team to get best outcomes)
2. Improvement in presentation skills
3. Teamwork
4. Information Searching
5. Reading and understanding the IEEE Papers related to the topic
Applications of Micro Project:
1. Beneficial to various Organizations in order to understand the working of PRISM, how to prevent attacks and what precautions should be taken, etc.
2. Useful for Students to study thoroughly about the PRISM attack
3. Advantageous for all Organizations as they will get to know the working and preventive measures to protect their important data.