Unless you’ve been living under a rock, you’ve probably heard a lot about Edward Snowden and how he leaked top-secret information about government spying.
Sure, they store our emails and log the metadata of our phone calls in huge server warehouses, but what else do they know about us?
How much do we reveal about ourselves by simply going online?
The Pwn Plug
That was the question that NPR correspondent Steve Henn and security experts Sean Gallagher and Dave Porcello wanted to answer. Sean and Dave installed a device called Pwn Plug that was able to access the data going into and out of Steve’s computer and mobile phone. In a nutshell, the Pwn Plug is a network penetration test tool that also can be used to tap into Internet communications. It allows anyone to scoop up data on a network and store it for later analysis. We already know that free WiFi connections offer an easy way for someone to tap into your Internet traffic and capture your account information for less-than-friendly purposes.
But in contrast, the NSA uses two main tools to gather and sort all the information it collects. Turbulence is a monitoring tool that scoops up Internet data, and XKeyscore is a database that helps process the vast amount of information it gathers and pick out the important stuff (such as email addresses and phone numbers). The Pwn Plug is a small-scale version of these surveillance tools that the NSA is using to spy on hundreds of millions of Americans.
You Are Revealing More Than You Probably Know
When the security experts turned Pwn Plug on, in less than two minutes it had gathered vast amounts of information Steve had stored on his computer and phone.
His web browser had many pages open, and all of this information was captured and stored by Pwn Plug, providing a lot of information about Steve’s life: movies he liked, work research, and the local weather report. Sean and Dave kept Pwn Plug on for a week and passively collected information on Steve, and the amount of detailed information they found out about Steve was staggering. This information included Steve’s mobile phone number, his email address, his phone’s unique device identifier, what operating system he used on his computer and all of his software, as well as all of the apps on his cell phone.
They also were able to track every website he visited, most of his search queries, and the time he worked on his computer or was using his smartphone. This is more than just aggregate data about Steve, or non-identifiable information. You could use this information to learn a lot about what Steve does, what his interests are, how he spends his time, as well as track him as he went about his business both online and offline.
A Little Paranoia
Sean and Dave were both surprised at the amount of data that they were able to gather on Steve, and how many software programs and mobile phone apps leak data. How many of us have the knowledge or time to figure out whether the technology we use every day is revealing very personal things about us?
It’s not so much a question of whether or not we are a target of the government, it’s more that we should be concerned about the ways in which we expose our private information online without our knowledge, and how easy it is for someone else, from the government to cybercriminals, to get access to this information.
As Sean put it, “a little paranoia remains a very healthy thing.”