The U.S. National Security Agency has penetrated the main communication links that connect Yahoo and Google data centers around the world, giving it access to the accounts of hundreds of millions of people including U.S. residents, The Washington Post reported Wednesday.
By tapping the links, the agency is able to collect at will a wide range of content such as metadata -- indicating the recipients of emails and when the messages were sent -- as well as actual content like text, audio and video, according to the report.
[ Learn how to protect your systems with Roger Grimes' Security Adviser blog and Security Central newsletter, both from InfoWorld. | For a quick, smart take on the news you'll be talking about, check out InfoWorld TechBrief -- subscribe today. ]
The NSA does not store all of the content permanently, but it keeps a lot, the newspaper reported, based on documents provided by former NSA contractor Edward Snowden as well as interviews with what the Post called "knowledgeable" officials.
Through the program, millions of records are sent every day from Yahoo and Google's internal networks to data warehouses at the NSA's headquarters in Fort Meade, Maryland, the report said. In the past 30 days alone, more than 181 million records containing various data had been processed by field collectors, according to the report.
The data links are exploited using a tool called Muscular, which is operated in partnership with the NSA's British counterpart, GCHQ, the Post reported. Together, the NSA and HCHQ can copy entire data flows across fiber-optic cables carrying information between Yahoo and Google data centers, the report said.
The interception points were not disclosed.
In a statement, Google Chief Legal Officer David Drummond said the company does not give any government access to its systems. However, the company has been concerned about the possibility of this kind of snooping and has encrypted more of Google's services and links as a result, he said.
"We are outraged at the lengths to which the government seems to have gone to intercept data from our private fiber networks, and it underscores the need for urgent reform," he said.
The revelation constitutes the latest in a series of high-profile leaks of information about U.S. surveillance programs since the Post and the Guardian newspaper first reported the existence of a program known as Prism in June. That program allows the NSA to access data stored within the servers at major Internet companies like Yahoo, Google, Facebook, Microsoft and others.