The material reveals the sale and use of a previously little known monitoring capability that is powered by data purchases from the private sector. The tool, called Augury, is developed by cybersecurity firm Team Cymru and bundles a massive amount of data together and makes it available to government and corporate customers as a paid service. In the private industry, cybersecurity analysts use it for following hackers’ activity or attributing cyberattacks. In the government world, analysts can do the same, but agencies that deal with criminal investigations have also purchased the capability. The military agencies did not describe their use cases for the tool. However, the sale of the tool still highlights how Team Cymru obtains this controversial data and then sells it as a business, something that has alarmed multiple sources in the cybersecurity industry.
“The network data includes data from over 550 collection points worldwide, to include collection points in Europe, the Middle East, North/South America, Africa and Asia, and is updated with at least 100 billion new records each day,” a description of the Augury platform in a U.S. government procurement record reviewed by Motherboard reads. It adds that Augury provides access to “petabytes” of current and historical data. Motherboard has found that the U.S. Navy, Army, Cyber Command, and the Defense Counterintelligence and Security Agency have collectively paid at least $3.5 million to access Augury. This allows the military to track internet usage using an incredible amount of sensitive information. Motherboard has extensively covered how U.S. agencies gain access to data that in some cases would require a warrant or other legal mechanism by simply purchasing data that is available commercially from private companies. Most often, the sales center around location data harvested from smartphones. The Augury purchases show that this approach of buying access to data also extends to information more directly related to internet usage. “The Augury platform is not designed to target specific users or user activity. The platform specifically does not possess subscriber information necessary to tie records back to any users,” said Team Cymru in a statement to Motherboard. “Our platform does not provide user or subscriber information, and it doesn’t provide results that show any pattern of life, preventing its ability to be used to target individuals. Our platform only captures a limited sampling of the available data, and is further restricted by only allowing queries against restricted sampled and limited data, which all originates from malware, malicious activity, honeypots, scans, and third parties who provide feeds of the same. Results are then further limited in the scope and volume of what’s returned,” Team Cymru said in another email.
Charles E. Spirtos from the Navy Office of Information told Motherboard in an email that NCIS specifically “conducts investigations and operations in accordance with all applicable laws and regulations. The use of net flow data by NCIS does not require a warrant.” He added that NCIS has not used netflow during any criminal investigation, but that “NCIS uses net flow data for various counterintelligence purposes.”
Meanwhile, the Department of Defense Office of the Inspector General, which the whistleblower alleges referred their complaint to the Navy, told Motherboard it had received Wyden’s letter and was reviewing it. The Office of the Naval Inspector General declined to comment and directed Motherboard back to its Department of Defense counterpart. The Defense Counterintelligence and Security Agency also deferred to the Department of Defense.
Read more of this story at Slashdot.