Narus is a company, now a wholly owned subsidiary of Boeing, which provides real-time network traffic and analytics software with enterprise class spyware capabilities. It was co-founded in Israel in 1997 by Ori Cohen, who had served as Vice President of Business and Technology Development for VDONet, an early media streaming pioneer, and Stas Khirman.
Narus is notable for being the creator of NarusInsight, a supercomputer system whose installation in AT&T‘s San Francisco Internet backbone gave rise to a 2006 class action lawsuit by the Electronic Frontier Foundation against AT&T, Hepting v. AT&T.
|Type||Subsidiary of Boeing|
|Headquarters||Sunnyvale, California, United States|
|Key people||Ori Cohen (Co-founder)|
Management and investors
Narus was founded in 1997 by a team of Israelis led by Ori Cohen and Stas Khirman. It became a wholly owned subsidiary of Boeing in 2010. According to the Narus website, Cohen and Khirman are not members of the Board.
Prior to 9/11 Narus worked on building carrier-grade tools to analyze IP network traffic for billing purposes, to prevent what they term “revenue leakage”. Post-9/11 they have continued down that path while adding more semantic monitoring abilities for surveillance purposes.
- “Crowell is an independent security consultant and holds several board positions with a variety of technology and technology-based security companies. Since 9/11, Crowell has served on the Defense Advanced Research Projects Agency (DARPA) Task Force on Terrorism and Deterrence, the National Research Council Committee on Science and Technology for Countering Terrorism and the Markle Foundation Task Force on National Security in the Information Age.”
Narus has several business partners who provide various technologies similar to the features of NarusInsight. Several of the partners are funded by In-Q-Tel.
System specification and capabilities
Some features of NarusInsight include:
- Scalability to support surveillance of large, complex IP networks (such as the Internet).
- High-speed packet processing performance, which enables it to sift through the vast quantities of information that travel over the Internet.
- Normalization, Correlation, Aggregation and Analysis provide a model of user, element, protocol, application and network behaviors, in real-time. That is it can track individual users, monitor which applications they are using (e.g., web browsers, instant messaging applications, e-mail) and what they are doing with those applications (e.g., which web sites they have visited, what they have written in their emails/IM conversations), and see how users’ activities are connected to each other (e.g., compiling lists of people who visit a certain type of web site or use certain words or phrases in their e-mail messages.
- High reliability from data collection to data processing and analysis.
- NarusInsight’s functionality can be configured to feed a particular activity or IP service such as security lawful intercept or even Skype detection and blocking.
- Compliance with CALEA and ETSI.
- Certified by Telecommunication Engineering Center (TEC) in India for lawful intercept and monitoring systems for ISPs.
The intercepted data flows into NarusInsight Intercept Suite. This data is stored and analyzed for surveillance and forensic analysis purposes.
Other capabilities include playback of streaming media (i.e., VoIP), rendering of web pages, examination of e-mail and the ability to analyze the payload/attachments of e-mail or file transfer protocols. Narus partner products, such as Pen-Link, offer the ability to quickly analyze information collected by the Directed Analysis or Lawful Intercept modules.
A single NarusInsight machine can monitor traffic equal to the maximum capacity (10 Gbit/s) of around 39,000 256k DSL lines or 195,000 56k telephone modems. But, in practical terms, since individual internet connections are not continually filled to capacity, the 10 Gbit/s capacity of one NarusInsight installation enables it to monitor the combined traffic of several million broadband users.
According to a year 2007 company press release, the latest version of NarusInsight Intercept Suite (NIS) is “the industry’s only network traffic intelligence system that supports real-time precision targeting, capturing and reconstruction of webmail traffic… including Google Gmail, MSN Hotmail and Yahoo! Mail“. However, currently most webmail traffic can be HTTPS encrypted, so the content of messages can only be monitored with the consent of service providers.
It can also perform semantic analysis of the same traffic as it is happening, in other words analyze the content, meaning, structure and significance of traffic in real time. The exact use of this data is not fully documented, as the public is not authorized to see what types of activities and ideas are being monitored.
- Hepting vs. AT&T, the 2006 lawsuit in which the Electronic Frontier Foundation alleges AT&T allowed the NSA to tap the entirety of its clients’ Internet and voice over IP communications using Narus equipment.
- Computer surveillance
- Total Information Awareness
- Communications Assistance For Law Enforcement Act
- Carnivore (software)
- Room 641A
- Lincoln (surveillance)
- “Boeing: Narus”. Boeing. Retrieved 17 September 2011. “A wholly owned subsidiary of The Boeing Company, Narus is headquartered in Sunnyvale, Calif., and supports a global base of government and commercial customers.”
- “Narus Networks Private Limited: Private Company Information”. Bloomberg Businessweek. Retrieved 17 September 2011. “Narus Networks Private Limited provides real-time network traffic and analytics software used to protect against cyber attacks and persistent threats aimed at large Internet Protocol networks.”
- “Ori Cohen: Executive Profile & Biography”. Bloomberg Businessweek. Retrieved 17 September 2011. “He served as Vice President of Business and Technology Development for VDOnet and Chief Executive Officer for IntelliCom Ltd.”
- EFF vs AT&T
- Fogel, Raphael (11 July 2006). “Ori Cohen, private eye”. Haaretz. Retrieved 17 September 2011. “It was founded in 1997 by Dr Ori Cohen, Stas Khirman and four other guys in Israel.”
- “Boeing buying cybersecurity firm Narus”. Bloomberg Businessweek (St. Louis). Associated Press. 8 July 2010. Retrieved 18 September 2011. “Boeing announced its second acquisition in as many weeks, saying it will buy anti-cyber attack software company Narus.”
- “Boeing Completes Acquisition of Narus”. Benzinga.com. 29 July 2010. Retrieved 18 September 2011. “Boeing (NYSE: BA) today announced it has completed its acquisition of Narus.”
- “Executive Team”. Narus. Retrieved 25 February 2013.
- Narus Appoints Former Deputy Director of the National Security Agency To Its Board of Directors
- Key Features list of NarusInsight
- “Narus Expands Traffic Intelligence Solution to Webmail Targeting”. Reuters. 2007-12-10. Retrieved 2008-02-13.
- Official website
- Wired News article
- Wired News article (AT&T whistleblower Mark Klein discusses Narus STA 6400)
- Documents, including pictures, wiring diagrams, and equipment lists and installation dates, from Mark Klein at the Wayback Machine (archived December 1, 2007)
- Frontline Flash Video “Spying on the Home Front” TV documentary originally aired on PBS 15 May 2007 with a section entitled “The NSA’s Eavesdropping at AT&T” with the story of Mark Klein exposing NSA wiretapping with a secure room and Narus STA 6400 at an AT&T facility in San Francisco, CA