In 2013, Edward Snowden showed the National Security Agency (NSA) has a global surveillance apparatus covering all our digital communications.
Then, in 2017, Wikileaks released a trove of data from inside the “other” U.S. intelligence agency, the Central Intelligence Agency (CIA).
The leaks expose the workings of the otherwise hermetically sealed spying agencies of the world’s most powerful nation.
We have learned that the NSA and the CIA are very different in their spying techniques and hacks.
The NSA mostly relies on intercepting mass amounts of data, breaking encryption protocols, and penetrating telecommunications providers.
The CIA, however, focuses on the endpoints—compromising devices and humans instead.
NSA vs. CIA: How their spying techniques differ
While the NSA might attempt to intercept and break the encryption of all of the world’s chat messages, the CIA would try to retrieve the messages directly from your phone.
Likewise, the NSA is interested in knowing where all cars are at all times, while the CIA is only interested in hacking your car (and how to use it to assassinate you).
How the NSA surveils the planet
The NSA doesn’t have any field agents. Their employees almost exclusively remain at the NSA’s physical locations and data centers, most notably Fort Meade in Maryland or the Utah Data Center.
While the NSA does have agents stationed in listening outposts around the world, it relies on help from other agencies or government branches to physically infiltrate the world’s internet infrastructure and undersea cables.
Because of this, you’re physically safe from the NSA. They might try to hack your systems remotely, but it’s incredibly unlikely they’ll come to you in person to take your laptop (although they might intercept and install spyware on your shipments).
The NSA aims to “collect it all,” meaning they want to build a database of every piece of information ever exchanged across the internet.
Mass encryption is a hindrance to the NSA spying machine, but it’s not enough
Before encryption was widespread across the internet, the NSA’s US$11b annual budget made it easy for them to hoover data. By tapping central points of global internet infrastructure, they collected most emails, phone calls, browsing sessions, and data.
Where encryption is applied, the NSA will attempt to strip protections from communications. Interfering with connections can trick participants into thinking there’s an error. The hope is people will revert to unencrypted channels to circumvent the fabricated error.
If protection stripping doesn’t work, the NSA will break into data centers where emails or phone calls are stored or compromise the service providers. If the NSA can’t intercept data in transit, they can access it at the data center
Additionally, the NSA will attempt to weaken or break encryption systems or introduce backdoors (often through secret payments). These last steps, in particular, have left our networks more vulnerable to hackers.
Indeed, given their budget, size, and sophistication, the NSA is likely the first to find significant vulnerabilities in tech products and protocols. But they are not the last, and any vulnerability, if not fixed immediately, is eventually discovered by other governments and criminals.
The government is picking our locks, sneaking around our private lives, and leaving the door open for others to come in.
How the CIA will hack you
Unlike the NSA, the CIA has agents in the field. You can expect them to find you wherever you are in the world.
But the CIA does not monitor or hack the internet on a massive scale (the NSA does that already).
The CIA uses hacking techniques to extract intelligence directly from the endpoints, like your phone or computer. It’s difficult to hack devices on a large scale, and targeted attacks wield better results.
The CIA employs many computer scientists and researchers to find weaknesses. Their goal is to get into your device, either remotely or directly, to extract data and intelligence, or perhaps even control it.
Similarly to the NSA, the CIA also hoards vulnerabilities instead of disclosing them to manufacturers.
How to protect yourself from the NSA and the CIA
Unless the U.S. government has targeted you, you shouldn’t fear the CIA.
It’s creepy and uncomfortable, not to mention unjust and illegal, to have your every move recorded in perpetuity by the NSA. Their actions also expose you to others, like stalkers, local governments, or criminal enterprises.
“The government is picking our locks, sneaking around our private lives, and leaving the door open for others to come in.”
Use encryption whenever you can. Consider encrypting your sensitive emails with PGP or move to more secure instant messaging platforms.
To stop the NSA tracking you:
- Always pay with cash or Bitcoin
- Avoid ridesharing apps and online shops
- Search with DuckDuckGo
- Encrypt your chats
- Don’t use email
- Browse with Tor and a VPN
- Block ads and third-party cookies
- Avoid social networks
It’s tough to do, but turning your phone off (or getting rid of it) will make it more difficult for the NSA to track your movements. You could also make an effort to disappear completely.
To stop the CIA tracking you:
- Use devices that receive regular security updates
- Always update your phone and computer (to protect against known security vulnerabilities)
- Don’t leave your devices unattended
- Don’t put unnecessary networked devices in your home (cameras, smart TVs, fridges)
And remember, if you’re at risk of assassination, avoid newer car models altogether!
Comments
Why we shouldn’t use email?
Can you explain the reason?
CIA and FBI use NSA that’s why there is an NSA. Article is wrong
There has to be a powerful person in dismantling the nsa and the CIA; since the CIA killed JFK and genocide in other countries and in the USA
There is a person to stop the NSA and CIA. The people.
With reading the information understanding more about NSA and CIA, the relating I have with potentially have fallen/faliing in trap to… It’s the damage already done if it’s been some time passes before realising you have/are.
However……. assassination?
That is a word used here that has left me scared, insecure, threatened and vulnerable.
Why would I be a victim to assassination?
Hi there, I’m in Australia and the government has announced besides meta-data retention they are also aiming to disable encryption, as well encourage the ‘five eyes’ nations to follow suit. I now notice my connection now has my pc—-wi-fi—-internet, where as previously i had my pc—-vpn—-internet. When i check my ip is shows the chosen server, but it makes me wonder if some software is piggy backing along my connection. i would like to know what express thinks of this, and is my encryption compromised
Hi prfnq!
To avoid your connection being spied on, make sure to always stay connected to the VPN, and never download unknown software. It’s also important to keep your computer and its programs up to date! Install software updates when they are available, or better, automatically.
If you have very sensitive work of information, you might additionally use the Tor Browser. Keep your VPN connected, open the Tor Browser and browse the internet with it as you would normally.
Stay safe!
Lexie