Side by Side: Timeline of NSA’s Communications Collection and Cyber Attacks

In all the reporting and subsequent hubbub about the National Security Administration’s ongoing collection of communications, two things stood out as worthy of additional attention:

— Collection may have been focused on corporate metadata;

— Timing of NSA’s access to communications/software/social media firms occurred alongside major cyber assault events, particularly the release of Stuxnet, Flame, and Duqu.

Let’s compare timelines; keep in mind these are not complete.



Cyber Attacks


Access to MSFT servers acquired


Stuxnet 0.5 discovered in wild


File name of Flame’s main component observed


Access to Yahoo servers acquired

All 2008 (into 2009)

Adobe applications suffer from 6+ challenges throughout the year, including attacks on Tibetan Government in Exile via Adobe products.


Stuxnet 0.5 “ends” calls home


Access to Google servers acquired


Operation Aurora attacks begin; dozens of large corporations confirming they were targets.


Access to Facebook servers acquired


Date Stuxnet version 1.001 compiled


Stuxnet 0.5 terminates infection process


Access to PalTalk servers acquired


Operation Aurora attacks continue through Dec 2009


Google discloses existence of Operation Aurora, said attacks began in mid-December 2009


Iranian physicist killed by motorcycle bomb


Flame operating in wild


Date Stuxnet version 1.100 compiled


Date Stuxnet version 1.101 compiled


Langner first heard about Stuxnet


DHS, INL, US congressperson informed about threat posed by “Stuxnet-inspired malware”


Access to YouTube servers acquired


Iranian scientist killed by car bomb


Access to Skype servers acquired


AOL announces agreement to buy HuffingtonPost


Access to AOL servers acquired


Duqu worm discovered


Flame identified


Date on/about “suicide” command issued to Flame-infected machines


Stuxnet versions 1.X terminate infection processes


Access to Apple servers acquired (date NA)

Again, this is not everything that could be added about Stuxnet, Flame, and Duqu, nor is it everything related to the NSA’s communications collection processes. Feel free to share in comments any observations or additional data points that might be of interest.

Please also note the two deaths in 2010; Stuxnet and its sibling applications were not the only efforts made to halt nuclear proliferation in Iran. These two events cast a different light on the surrounding cyber attacks.

Lastly, file this under “dog not barking”:

Why aren’t any large corporations making a substantive case to their customers that they are offended by the NSA’s breach of their private communications through their communications providers?

32 replies
  1. Rayne says:

    Nuts. Accidentally omitted these points:

    10-MAY-2011 Microsoft announces acquisition of Skype
    13-OCT-2011 Skype acquisition completed

    30-APR-2013 Microsoft completes phase-out of Windows Live Messenger in favor of Skype; all WLM users migrated to Skype, except for WLM users in Mainland China who will remain on WLM.

    Anything else I missed?

  2. orionATL says:

    Great work, rayne!

    What’s actually going on – has been going on – is still opaque to me, but this clearly is a side of the equation that has been severely underanalyzed.

    I’m still uncertain about where the line is between “corporate (only)” metadata, “aggregated individual” metadata, and single individual + social associates metadata.

    I suppose all will be revealed to us in good time and good faith :>))

  3. orionATL says:

    It’s just a personal anecdote, but i quit commenting at salon (almost entirely glenn greenwald) when salon demanded a sign-in from a facebook or twitter account. This felt to me like an improper tying together of my identity and my on-line commentary (i did not have and will not have havean account in either).

    I noticed other organizations began to do the same.

    At some time in the near past microsoft began to tie all sign-ins to one’s win live media account, i.e., a wlm account became mandatory.

    Final story -i dropped ms internet explorer earlier this year when i got a nearly impossible to remove infection in a desktop.

    The source turned out to be an israeli company that had moved to redmund wa and was connected to corporate microsoft – whether as partner or subsidiary i don’t know. Ms is now allowing that company/program to place advertising info on computers using iex.

    I’m now done with outlook, iex, word2010 – except where government or internet org demand use of iex, presumably for security reasons.

  4. peasantparty says:


    Ya known me long enough to know I won’t put something on a site that is not truth. I may not always have a link for you, but I got the truth.

    Here is today’s truth:

    The reason corporations are not yakking about anything is because they are required by law, according the USA Patriot Act to do this. Also, and here is the REALLY BIG part:

    They are tracking you and the goods you buy with RFID chips. Yeah, those little tiny, smaller than a grain of rice devices. Oh, and those devices are IN your credit and debit cards and hold REAMS of info on you.

    I tease Marcy and MzChief all the time about the tin foil, but it really works.

    Now, remember a while back when we were all appalled that the schools required Kindergarten children to be finger printed? Yeah, they said in case of kidnapping and all that. Now, the Supreme Court agrees your DNA is allowable. So, when you put RFID chips, hummingbird drones, phone and internet spying together you get TOTAL INFORMATION AWARENESS!

    Here is another BIG ISSUE: No matter what Congress runs around speechifying about this, they know. The Attorney General, by the law of the Patriot Act is suppose to brief Congress on all of this every 6 months. Yep, that’s right. All of Congress, especially the individual committees are supposed to briefed on the FISA court warrants, who was surveilled/sp, who was not, and why. So, either they all know the details or Holder is not doing his job.

    It also encompasses all of our government sectors from DOD all the way down to the Transportation Comm. Guess what? Your car spies on you too if it is newer model.

  5. Dan says:

    The answer to your final question is obvious: 1, customers were supposed to never know and 2, they are getting a butt-load of our tax dollars to do it.

  6. Rayne says:

    @orionATL: Could have told you IE was your biggest risk factor. I refuse to use it. ;-)

    The metadata is likely intended to detect connections–see this lovely map of Twitter uses who’ve allowed geotagging of their tweets as an example. Let’s say all the metadata is pushed through an algorithm tweaked to identify certain patterns of connections between a few points. Voila, a terror network mapped.

    In theory it’s all good until one of the nodes gets bombed by a drone and there’s an under-age civilian ex-pat turned into pink mist.

    @Hmmm: Thanks for those links. I’m deliberately avoiding some of the NSA-centric maps because they skew away from my current theory that there’s a relationship between some collection efforts and our ongoing cyber warfare.

    @peasantparty: You know what bugs me? Why folks don’t push back more aggressively as consumers. Laziness, apathy, disengaged? who knows, but like that link to the map formed of geotagged tweets, people just roll over and give it up for the man.

    @Dan: Nah, the corporations which permitted access without complaining didn’t get money or even tax credits. They got immunity, an implicit permission slip to mess with metadata for their own purposes, and a quid pro quo that they won’t be fully prosecuted for something, anything. They got the value of a Get-Out-Of-Jail card.

    It’s the corporations that are not in communications which have not complained we should monitor more closely.

  7. tryggth says:

    Why aren’t any large corporations making a substantive case to their customers that they are offended by the NSA’s breach of their private communications through their communications providers?

    I was under the impression PRISM was having corps bundle their data and ship to NSA storage. Seems to be the only working mechanism.

  8. hopeful says:

    Glenn Beck claims the Government will start using OnStar to spy on us on His October 22, 2009 radio show. Then OnStar changes it’s privacy policy January 1, 2011 to allow collection of user information. OnStar uses Verizon as it’s carrier.


  9. mzchief says:

    @peasantparty: No– RFID and its uses are not the things of the tinfoil hat. I am proud of having skirmished with Arthur phookin’ Andersen and IBM over that and more on the leading edge/ascent of Big Database back in the late 1980s/early 1990s when they tried to dog-collar every Texan one way or another. At this point, what you can do is take your tinfoil and create a mini Faraday cage to energetically isolate each of your electronic devices– passports, cell phones without removable batteries [iPhone], etc. — from being located and updated (because they are ON) by devices from across the electromagnetic spectrum. AlumaWallet clam shells are nice but are only sized for credit cards which may be sporting RFID.

  10. Rayne says:

    @mzchief and @peasantparty: The RFID for inventory allows for greater granularity in transactional records; NSA will know with increased reliability exactly how much hummus and acetone a consumer bought at Walmart. The real data remains at point-of-sale when Walmart processes the credit/debit card or the check (which is now electronically scanned).

    As for Apple — I sure would like to know if the iPhone 5 released last Aug/Sep has some unusual capabilities, and if the “failed” Maps app was intentionally borked to screw up some short-term targeting.

  11. peasantparty says:

    @mzchief: Yeah, but don’t I need a grounding wire in there some place? I am not that good at Jerry Rigging up electronics. Give me a pot and some meat and I can create a masterpiece. Faraday, not so much. Heck! I wrap them all in tin foil.

  12. peasantparty says:

    @Rayne: Yes, but….

    I used to breed Champion Blood Line Dogs. I fell for the chip implant for my special ones. I also invested in Qualcomm when they first started making those GPS systems that were placed first in 18 wheeler tractors, then in cars. My sister invested in the chip manufacturer.

    Those chips don’t just go inside of DOGS!

  13. mzchief says:

    @peasantparty: Some folks I know of have gone back to pagers and old-as-you-can-get-away-with phones with removable batteries. { Mental note of @PeasantParty ‘s place for a really good home cooked meal }

  14. mzchief says:

    @Rayne: An superbly implemented BitCoin would be designed to tewtelly mess up the data collection at the Point-of-Sale but I did see WSJ pimping BitCoin recently and the risk of the BITCoin co-option right while The Vampire Squid rules the Net’s backbone now is extremely high based upon everything we do know (e.g. @IOErrors comment regarding packet injection and things to be revealed in the upcoming exposé on BLARNEY). By the way, I was pleased to note that the 5k strong PDX #MarchAgainstMonsanto was sophisticate enough to interject “F* Walmart” chants.

  15. peasantparty says:

    @mzchief: Ohhhhhhhhhhh! Lemme tell ya about the Fed’s fear of Bitcoin.

    They have raided and shut down all US taps of use.

  16. orionATL says:


    The company was perion (or perion ltd)

    The software that refused to remove itself normally was incredibar or IB or my start incredibar or incredibar my start.

    The program repeatedly loaded dozens of cookies in rapid manner into user sections of windows.

    It took a lot of research and effort to get rid of the sob.

    perion insisted it’s product was harmless, but they were being literal. The product was an effn major nuisance.

    s. Ballmer said perion was an advertising arm (my words) of microsoft.

    The same company is beginning to market a product called incredimail for tiny computers aka phones ‘n pads.

  17. peasantparty says:

    @orionATL: I didn’t know about that one. I do know there is another called Rubicon, like the military jeep name. It tracks any commercial site you click on.

  18. Rayne says:

    @orionATL: LOL! But MSFT is at the heart of Stuxnet, was the delivery vehicle in several different layers. I don’t trust them; they had to be complicit by way of not patching their vulnerabilities to prevent exploitation.

  19. orionATL says:



    That is very interesting.

    Not only can we never see the electrons working their magic, we aren’t allowed to see what the controllers of the electrons, e.g., ms corp, intend to do with the electrons we stimulate.

    In it’s early age at least, the “digital” society is proving to be a happy hunting ground for despots, oligarchs, and, dare i say it, elected officials of the american democracy.

  20. orionATL says:

    I was just going over your time line carefully and suddenly had the peculiar thought that it looked as if our gov might have used “external” events to obtain compliance from social network corps one-by-one. At least there seemed to be a very persistent action/reaction pattern.

    I don’t know if that was your hypothesis.

  21. The Raven says:

    Google’s Chief Legal Officer, David Drummond, is denying, though it’s possible he’s just logic-chopping. It’s his career on the line if he’s lying and perhaps even if he is just dissembling. It is also possible that he has been deliberately kept in the dark. That would be very spook-like; only some people at the organizations which have been penetrated know about the penetration.

    BitCoin…tell me again why untraceable banking transactions are a good thing? Isn’t that a problem we already have?

  22. Rayne says:

    @orionATL: There’s a action/reaction pattern, but in both directions. Boggles my mind the ineffectiveness combined with tromping of civil liberties.

    @The Raven: I think it’s a combination of careful parsing (perhaps required by gov’t fiat) and blindness (likely due to compartmentalization). The answers may be revealed very, VERY shortly.

Comments are closed.