MUSCULAR (DS-200B), located in theUnited Kingdom,^[1] is the name of a surveillance program jointly operated by Britain'sGovernment Communications Headquarters (GCHQ) and the U.S.National Security Agency (NSA) that was revealed by documents released byEdward Snowden and interviews with knowledgeable officials.^[2] GCHQ is the primary operator of the program.^[1] GCHQ and the NSA have secretly broken into the main communications links that connect thedata centers ofYahoo! andGoogle.^[3] Substantive information about the program was made public at the end of October 2013.

The programme is jointly run by:

• –Government Communications Headquarters (GCHQ) (United Kingdom)
• – U.S.National Security Agency (NSA)

MUSCULAR is one of at least four other similar programs that rely on a trusted 2nd party, programs which together are known asWINDSTOP. In a 30-day period from December 2012 to January 2013, MUSCULAR was responsible for collecting 181 million records. It was however dwarfed by another WINDSTOP program known (insofar) only by its codeDS-300 and codenameINCENSER, which collected over 14 billion records in the same period.^[4]

According to the leaked document the NSA's acquisitions directorate sends millions of records every day from internal Yahoo! and Google networks to data warehouses at the agency's headquarters atFort Meade, Maryland. The program operates via an access point known asDS-200B, which is outside the United States, and it relies on an unnamed telecommunications operator to provide secret access for the NSA and the GCHQ.^[3]

According toThe Washington Post, the MUSCULAR program collects more than twice as many data points ("selectors" in NSA jargon) compared to the better knownPRISM.^[2] Unlike PRISM, the MUSCULAR program requires no (FISA or other type of)warrants.^{[dubious –discuss]}

Because of the huge amount of data involved, MUSCULAR has presented a special challenge to NSA'sSpecial Source Operations. For example, when Yahoo! decided to migrate a large amount of mailboxes between its data centers, the NSA'sPINWALE database (their primary analytical database for the Internet) was quickly overwhelmed with the data coming from MUSCULAR.^[5]

Closely related programmes are called INCENSER andTURMOIL. TURMOIL, belonging to the NSA, is a system for processing the data collected from MUSCULAR.^[1]

According to apost-it style note from the presentation, the exploitation relied on the fact that (at the time at least) data was transmitted unencrypted inside Google'sprivate cloud, with "Google Front End Servers" stripping and respectively adding backSSL from/to external connections. After the information about MUSCULAR was published by the press, Google announced that it was working on deployingencrypted communication between its datacenters.^[2]

This sectionneeds expansion. You can help byadding missing information.(January 2014)

In early November 2013, Google announced that it wasencrypting traffic between its data centers.^[6] In mid-November, Yahoo! announced similar plans.^[7]

In December 2013,Microsoft announced similar plans and used the expression "advanced persistent threat" in their press release (signed-off by their top legal representative), which the press immediately interpreted as comparison of the NSA with theChinese government-sponsored hackers.^[8][9]

Google engineer Brandon Downey stated the following onGoogle+:^[10]

"Fuck these guys.I've spent the last ten years of my life trying to keep Google's users safe and secure from the many diverse threats Google faces… But after spending all that time helping in my tiny way to protect Google -- one of the greatest things to arise from the internet -- seeing this, well, it's just a little like coming home from War with Sauron, destroying the One Ring, only to discover the NSA is on the front porch of the Shire chopping down the Party Tree and outsourcing all the hobbit farmers with half-orcs and whips."

• 
  Slide from NSA SSO presentation detailing the MUSCULAR capabilities
• 
  Internal NSA SSO update on the MUSCULAR operation, mentioning problem with Yahoo mailbox transfers, which required a throttling of data capture

• 2013 mass surveillance disclosures
• DISHFIRE, another NSA–GCHQ collaboration collecting SMS and similar messages worldwide
• List of government mass surveillance projects
• Mass surveillance
  • Mass surveillance in the United Kingdom
  • Mass surveillance in the United States
• Squeaky Dolphin, program targeting Facebook, YouTube, and Blogger
• STELLARWIND
• Total Information Awareness

• Savage, Charlie; Miller, Claire; Perlroth, Nicole (October 30, 2013)."N.S.A. Said to Tap Google and Yahoo Abroad".The New York Times. RetrievedNovember 1, 2013.
• Rushe, Dominic; Ackerman, Spencer; Ball, James (October 30, 2013)."Reports that NSA taps into Google and Yahoo data hubs infuriate tech giants".The Guardian. RetrievedNovember 2, 2013.
• Gellman, Barton; Soltani, Ashkan; Lindeman, Todd (October 30, 2013)."How the NSA is infiltrating private networks".The Washington Post. Archived fromthe original on October 31, 2013. RetrievedNovember 1, 2013.
• Miller, Claire (October 31, 2013)."Angry Over U.S. Surveillance, Tech Giants Bolster Defenses".The New York Times. RetrievedNovember 1, 2013.
• Schneier, Bruce (October 31, 2013)."NSA Eavesdropping on Google and Yahoo Networks".Schneier on Security. RetrievedNovember 1, 2013.
• Perlroth, Nicole; Markoff, John (November 25, 2013)."N.S.A. May Have Penetrated Internet Cable Links".The New York Times. RetrievedNovember 26, 2013.
• Gellman, Barton; DeLong, Matt."What Yahoo and Google did not think the NSA could see".The Washington Post. Archived fromthe original on March 19, 2014. RetrievedMarch 14, 2014.

• GCHQ operations
• National Security Agency operations
• Intelligence agency programmes revealed by Edward Snowden
• Secret government programs
• Surveillance scandals
• Hacking of Yahoo!
• Google
• Email hacking
• Cyberattacks

• Articles with short description
• Short description is different from Wikidata
• Articles containing potentially dated statements from 2007
• All articles containing potentially dated statements
• All accuracy disputes
• Articles with disputed statements from February 2014
• Articles to be expanded from January 2014
• All articles to be expanded