

A slide from the National Security Agency powerpoint presentation on the PRISM program. (Image: Washington Post)

The recent exposure of National Security Agency monitoring of Americans’ emails, live voice communications and stored data cast suspicion once again on private surveillance contractors linked to Israeli intelligence services. One firm called Narus has provided the NSA with technology for almost a decade that enabled it to obtain and analyze at least 80 percent of communications made by Americans over online and telecom channels. What was Narus’ role in the latest scandal, and how far back does its history of spying go?

Deep Packet Inspection

Back in 2011, when Egyptian President Hosni Mubarak attempted to quell the Tahrir Square uprising by ordering telecommunications companies to shut down the Internet, the Obama administration slammed his regime, demanding that it immediately open up social media channels. The US also took the opportunity to promote the State Department’s $30 million Internet freedom project, which was aimed at providing dissidents with technology to stifle online surveillance in repressive states.

Tim Karr, the campaign director for the online freedom advocacy group Free Press, wondered what tools the Mubarak regime was using to target online dissidents. He discovered that Egypt had purchased Deep Packet Inspection (DPI) technology from Narus, a Silicon Valley-based high tech firm.

DPI is a computer network packet filtering system that allows administrators to collect any data that passes through an inspection point. Governments around the world rely on it to conduct spying and data mining on a massive level. “[DPI] is often called dual use because it can be used for legitimate purposes, by cops to ID terrorists, or for commercial purposes,” Karr told me. “But in the wrong hands it can be a tool that can be used to suppress online dissent, identify dissidents and even hunt them down.”

The information about Narus’ sales to Egypt was not hard to find; Karr discovered it right on the company’s website. Narus has also boasted about sales of DPI technology to serial human rights violators like the governments of Pakistan, Saudi Arabia, and telecom subsidiaries of the Chinese government. Through a third party reseller, Narus was in negotiations to provide spying devices to the Qaddafi regime, but the deal fell through when Qaddafi was overthrown by the very people he had sought to monitor.



A diagram from a Narus demo showing its network management product, which can be used to manage network traffic or provide surveillance over all network activity.

(Image: The Berkman Center for Internet & Society)

The exposure this month of the US National Security Agency’s Prism program, which uses DPI technology to monitor the phone and online communications of American citizens, eroded the credibility of US calls for Internet freedom abroad. “The Obama administration has tried to play both sides of this equation and the rhetoric it used during Arab Spring doesn’t square with our practices domestically in spying on our own citizenry,” Karr remarked. “There seems to be a double standard here.”

He added, “When people fear that their communications are being monitored, there is a chilling effect. So this is not just about privacy, it’s a freedom speech issue.”

Room 641A

In 2006, an AT&T technician named Mark Klein discovered a secret room inside the company’s windowless “Folsom Street Facility” in downtown San Francisco that was bristling with Narus machines. The now notorious Room 641A was controlled by the NSA, which was using it to collect AT&T customer data for data mining and real-time analysis. Thanks to the powerful NarusInsight system, the NSA was able to monitor 108 billion emails from AT&T customers per day.



AT&T’s windowless Folsom Street Facility in downtown

San Francisco, the home of Room 641A where the NSA

used Narus machines to spy on millions of Americans.

The revelations set off a national scandal, confirming that the US government was spying on millions of citizens, and that major telecom and service providers were complicit. But no one was held accountable. Following a lawsuit filed against AT&T by the Electronic Freedom Foundation, Congress passed the FISA Amendments Act in July 2008, giving retroactive immunity to telecom corporations that assisted the NSA, and relieving them of any consequences for spying on Americans.

Cass Sunstein, an informal advisor to Barack Obama’s 2008 presidential campaign who now heads the Office of Information and Regulatory Affairs, and who has urged federal law enforcement to “cognitively infiltrate” anti-government groups, was an outspoken supporter of the retroactive immunity bill. With Sunstein by his side, Obama reversed his initial objections to the NSA’s domestic spying operations, voting as a Senator for retroactive immunity.

The vote allowed the NSA to expand its domestic spying operations, clearing the legal hurdles obstructing the creation of PRISM. The stage was set for the second term scandal that would leave Obama reeling.

“You have to demonize the source”

Well before Edward Snowden was a household name, there was William Binney, a high level NSA official who resigned in protest on October 31, 2001 after learning of the birth of a massive, post-9/11 domestic spying operation. I spoke to Binney three days after Snowden revealed himself as the latest NSA whistleblower.

“I couldn’t stay there [at the NSA] and be a party to that collecting data and spying on American citizens,” Binney told me. “And that court order from Verizon [that revealed the PRISM program] is a continuation of that.”

Like Snowden, who has been roundly demonized by pundits and Obama supporters, and may face an extradition order, Binney encountered a severe backlash when he resigned. “They want to avoid facing up to what the government was doing so you have to demonize the source,” Binney said. “We [NSA whistleblowers past and present] were all attacked. They attempted to indict us and frame us, they raided us with the FBI, they attempted to discredit us with all the standard tactics they use. It went nowhere but it allowed them continue doing what they were doing. And that’s the problem – they refused to recognize there even was a problem and now we won’t solve it.”

Binney told me that throughout the United States there are currently as many as 20 NSA black sites like Room 641A. Narus devices, he said, have been placed at fiber-optic convergence points, allowing the NSA to retrieve about 80 percent of data carried through telecom and online service providers. Binney emphasized that the devices do not only retrieve so-called metadata, which only offers general records of data, but that they gather the actual content of emails and calls. (“We can reconstruct all of their e-mails along with attachments, see what web pages they clicked on; we can reconstruct their (Voice Over Internet) calls,” said Steve Bannerman, the marketing director of Narus).

Thanks to PRISM, the NSA bas been able to “fill in the gaps,” Binney explained, gathering bulk data from communications the NSA might have missed with the NarusInsight system, especially those made between Americans and foreign countries.

The Israeli Connection

Binney told me that while he worked at the NSA in 1998, a freebooting agency colleague with pronounced pro-Israel views “shared” DPI technology with Israeli intelligence agencies. At the time, Binney was the chairman of the NSA’s Foreign Relations Advisory Council (FRAC), a board charged with reviewing the transfer of technology to foreign allies. To his chagrin, he was only made aware of the transfer to Israel after the fact.

“Usually when you share things you discuss them and have approval from FRAC – you have an agreement,” Binney said. “I was supposed to know about all the sharing that goes on. So when I found out about this I said, ‘Hey, if we’re gonna share it with Israel we should share it with other allies too and save them the money of having to develop it on their own. I didn’t have a problem with it, and I don’t know how he did it, but we had a process and he circumvented it.”

Enter Narus, the company named for the Latin word for “all knowing.” Founded in the Silicon Valley in 1997 by Israeli expatriates with alleged ties to Israel’s intelligence services, Ori Cohen and Stas Khirman, Narus has been shrouded in mystery since its inception.

A 2006 investigation by Haaretz into Cohen’s background was unable to establish a clear portrait of its subject, concluding that he was “hard to pin down.” Khirman, according to journalist James Bamford, worked in the past for Elta Systems, a subsidiary of Israel Aerospace Industries that specialized in advanced eavesdropping systems for Israel’s military-intelligence apparatus. (In 2010, Narus was sold to the Boeing Company, a multinational defense corporation that clearly saw a future in the online surveillance industry).

Sometime around 2002, Narus pioneered state-of-the-art DPI devices. “The timeline shows [DPI technology] was shared with Israel about five years before Narus came out with its devices,” Binney commented. “It certainly was a suspicious timing sequence.”

Another Israeli-linked tech company, Verint, is a subsidiary of the Israeli firm Comverse, which boasts a reputation as “the world’s leading provider… of communications intercept and analysis” technology. Among the many Comverse executives plucked from the ranks of Israeli army intelligence is the company’s founder, Jacob “Kobi” Alexander, an ex-Israeli intelligence agent who cashed in through Israel’s high-tech surveillance industry. Alexander’s lucrative career collapsed in dramatic fashion when he was arrested for fraud in Namibia in 2006 after an international manhunt, and wound up handing over bank accounts worth $46 million to US authorities.

Just as AT&T relied on Narus systems, Verint’s DPI devices have been used to fulfill NSA requests for data from Verizon’s subscribers. And as Bamford explained in his 2008 book on the NSA, “Shadow Factory,” much of the data Verint and other private Israeli contractors gather from can be remotely accessed from Israel. “The greatest potential beneficiaries of this marriage between the Israeli eavesdroppers and America’s increasingly centralized telecom grid are Israel’s intelligence agencies,” Bamford wrote.

Journalist Christopher Ketcham speculated in a 2008 article that Israeli-linked firms like Verint and Narus could have implanted Trojan spy technology into their devices, providing Israeli intelligence services with a backdoor means of reviewing and analyzing data stored in secure NSA systems. Boaz Guttmann, an Israeli national police cybercrimes investigator, told Ketcham, “Trojan horse espionage is part of the way of life of companies in Israel. It’s a culture of spying.”

However, Binney dismissed the possibility of backdoor Trojan spying. “With any foreign equipment we bought we would make sure that there wasn’t anything planted in it like backdoors,” he told me. “I don’t think backdoors are a problem since they don’t have the bandwidth capacity and if it started happening it would have immediately showed up in service providers records.”

But no matter how much control the NSA exerts over the spying technology it procures from private contractors, there is little guarantee it can control the thousands of people who work in their offices. To understand how acute the problem could be, look no further than Edward Snowden.