Wednesday, November 27, 2013

NSA Infected 50,000 computer networks with Malicious Software

NSA Infected 50,000 computer networks with malicious software

nsa
The American intelligence service - NSA - infected more than 50,000 computer networks worldwide with malicious software designed to steal sensitive information. Documents provided by former NSA-employee Edward Snowden and seen by this newspaper, prove this.
A management presentation dating from 2012 explains how the NSA collects information worldwide. In addition, the presentation shows that the intelligence service uses ‘Computer Network Exploitation’ (CNE) in more than 50,000 locations. CNE is the secret infiltration of computer systems achieved by installing malware, malicious software.
One example of this type of hacking was discovered in September 2013 at the Belgium telecom provider Belgacom. For a number of years the British intelligence service - GCHQ – has been installing this malicious software in the Belgacom network in order to tap their customers’ telephone and data traffic. The Belgacom network was infiltrated by GCHQ through a process of luring employees to a false Linkedin page.

NSA special department employs more than a thousand hackers

The NSA computer attacks are performed by a special department called TAO (Tailored Access Operations). Public sources show that this department employs more than a thousand hackers. As recently as August 2013, the Washington Post published articles about these NSA-TAO cyber operations. In these articles The Washington Post reported that the NSA installed an estimated 20,000 ‘implants’ as early as 2008. These articles were based on a secret budget report of the American intelligence services. By mid-2012 this number had more than doubled to 50,000, as is shown in the presentation NRC Handelsblad laid eyes on.
Worldwide SIGINT/Defense Cryptologic Platform
Cyber operations are increasingly important for the NSA. Computer hacks are relatively inexpensive and provide the NSA with opportunities to obtain information that they otherwise would not have access to. The NSA-presentation shows their CNE-operations in countries such as Venezuela and Brazil. The malware installed in these countries can remain active for years without being detected.

‘Sleeper cells’ can be activated with a single push of a button

The malware can be controlled remotely and be turned on and off at will. The ‘implants’ act as digital ‘sleeper cells’ that can be activated with a single push of a button. According to the Washington Post, the NSA has been carrying out this type of cyber operation since 1998.
The Dutch intelligence services - AIVD and MIVD – have displayed interest in hacking. The Joint Sigint Cyber Unit – JSCU – was created early in 2013. The JSCU is an inter-agency unit drawing on experts with a range of IT skills. This new unit is prohibited by law from performing the type of operations carried out by the NSA as Dutch law does not allow this type of internet searches.
The NSA declined to comment and referred to the US Government. A government spokesperson states that any disclosure of classified material is harmful to our national security.

NSA Global SIGINT Power to Generate Profits and Pay

27 November 2013
NSA Global SIGINT Power to Generate Profits and Pay


The NSA SIGINT Strategy 2012-2016 pretty well covers all the comsec and crypto initiatives to covertly exploit people, cryptographers, anonymizers, informants, planted spies, security firms, networks, governments, nations, friends, lovers and citizens.
Not sure leaks, lawsuits and protests will deter this bounty of profits for the comsec industry, unless the public is aroused to demand the 3 branches grasp the nettle, and all those making money from this deception operation decide to give up their profits, perks and prestige.
I mean those on the comsec and crypto lists, those participating in standards committees, those enjoying contracts and grants in think tanks and universities, those in law firms and public interest orgs, those in the media and academia, those in non-spy gov agencies, pretending to be in opposition as they scramble to rejigger their products and sales pitches, to exploit what is being fabricated to diminish Snowden's revelations with new forms of secrecy, technology, law, regulations, bribery, lobbying, grants, contracts, list lurking, online and offline spying, break-ins, the usual kaboodle, to assure the NSA goals are fulfilled.
http://cryptome.org/2013/11/nsa-sigint-strategy-2012-2016.pdf
[Excerpt]
TOP SECRET//SI//REL TO USA, AUS, CAN, GBR, NZL
SIGINT Goals for 2012-2016
1. (U//FOUO) Revolutionize analysis, fundamentally shift our analytic approach from a production to a discovery bias, enriched by innovative customer/partner engagement, radically increasing operational impact across all mission domains.
1.1. (U//FOUO) Through advanced tradecraft and automation, dramatically increase mastery of the global network
1.2. (U//FOUO) Conduct original analysis in a collaborative information space that mirrors how people interact in the information age
1.3. (U//FOUO) Disseminate data at its first point of relevance, share bulk data, and enable customers to address niche requirements
1.4. (U//FOUO) Drive an agile technology base mapped to the cognitive processes that underpin large scale analysis, discovery, compliance and collaboration
2. (U//FOUO) Fully leverage internal and external NSA partnerships to collaboratively discover targets, find their vulnerabilities, and overcome their network/communication defenses.
2.1. (U//FOUO) Bolster our arsenal of capabilities against the most critical cryptanalytic challenges
2.1.1. (S//SI//REL) Employ multidisciplinary approaches to cryptanalytic problems, leveraging and integrating mid-point and end-point capabilities to enable cryptanalysis
2.1.2. (S//REL) Counter the challenge of ubiquitous, strong, commercial network encryption
2.1.3. (TS//SI//REL) Counter indigenous cryptographic programs by targeting their industrial bases with all available SIGINT and HUMINT capabilities
2.1.4. (TS//SI//REL) Influence the global commercial encryption market through commercial relationships, HUMINT, and second and third party partners
2.1.5. (S//SI//REL) Continue to invest in the industrial base and drive the state of the art for High Performance Computing to maintain pre-eminent cryptanalytic capability for the nation
2.2. (TS//SI//REL) Defeat adversary cybersecurity practices in order to acquire the SIGINT data we need from anyone, anytime, anywhere
2.3. (S//SI) Enable discovery capabilities and advanced tradecraft in the collection architecture to enable the discovery of mission-critical persona, networks, accesses, signals and technologies
2.4. (S//SI) Integrate capabilities into the mission architecture, deepen workforce skill base in advanced network and signals analysis, and optimize processes and policies for the benefit of discovery
3. (S//SI//REL) Dynamically integrate endpoint, midpoint, industrial-enabled, and cryptanalytic capabilities to reach previously inaccessible targets in support of exploitation, cyber defense, and cyber operations
3.1. (C//REL) Drive the SIGINT mission architecture to underpin synchronized, integrated, multi-capability operations, extending it to mission partners
3.2. (TS//SI//REL) Integrate the SIGINT system into a national network of sensors which interactively sense, respond, and alert one another at machine speed
3.3. (U//FOUO) Continuously rebalance our portfolio of accesses and access capabilities based on current and projected contributions to key SIGINT missions
3.4. (S//SI//REL) Identify new access, collection, and exploitation methods by leveraging global business trends in data and communications services
TOP SECRET//SI//REL TO USA, AUS, CAN, GBR, NZL
[End excerpt]

Saturday, November 23, 2013

NSA Snowden Releases Tally Update

23 November 2013. Add 1 page to NRC Handelsblad. Tally now 541 pages (~1%) of reported 50,000. NSA head claims 200,000 (~.25% of that released).
23 November 2013. Add 5 pages to New York Times. NYT cites two NSA documents apparently not published: "Treasure Map" and "Packaged Goods." If available please send pointers to cryptome[at]earthlink.net.
22 November 2013. Add 13 pages to Dagbladet.


21 November 2013. See also EFF and ACLU accounts:
https://www.eff.org/deeplinks/2013/11/nsa-spying-primary-sources
https://www.aclu.org/nsa-documents-released-public-june-2013


18 November 2013. Add 6 pages to The Guardian. Tally now 522 pages of reported 50,000. (NSA head claims 200,000.)
17 November 2013. Add two images to Der Spiegel. Tally now 516,
4 November 2013. Add 14 pages to Washington Post.
3 November 2013. A reports an additional 54 slides for O Globo Petrobas.


3 November 2013
47 42 Years to Release Snowden Documents
Out of reported 50,000 pages (or files, not clear which), about 446 514 pages (>1% 1%) have been released over 5 months beginning June 5, 2012. At this rate, 89 100 pages per month, it will take 47 42 years for full release. Snowden will be 77 72 years old, his reporters hoarding secrets all dead.
NY Times, 3 November 2013:
Whatever reforms may come, Bobby R. Inman, who weathered his own turbulent period as N.S.A. director from 1977 to 1981, offers his hyper-secret former agency a radical suggestion for right now. “My advice would be to take everything you think Snowden has and get it out yourself,” he said. “It would certainly be a shock to the agency. But bad news doesn’t get better with age. The sooner they get it out and put it behind them, the faster they can begin to rebuild.”



Outlet Pages
The Guardian 211
Washington Post 148
Der Spiegel 19
O Globo Fantastico ~87
New York Times 36
ProPublica 7
Le Monde 19
Dagbladet 13
NRC Handelsblad 1




Timeline of releases:
23 November 2013. Add 1 page to NRC Handelsblad.
23 November 2013. Add 5 pages to New York Times.
22 November 2013. Add 10 pages to Dagbladet.
18 November 2013. Add 6 pages to The Guardian.
17 November 2013. Add two images to Der Spiegel.
4 November 2013. Add 14 pages to Washington Post.
3 November 2013. A reports an additional 54 slides for O Globo Petrobas.
3 November 2013. Add 22 pages to New York Times.
2 November 2013. Add 13 pages to Guardian, 11 are duplicates.
31 October 2013. Add 4 pages to Washington Post.
29 October 2013. Add 3 pages to Der Spiegel
27 October 2013. Add 2 pages to Der Spiegel.
25 October 2013. Add 4 pages to Le Monde.
22 October 2013. Add 5 pages to Le Monde.
21 October 2013. Add 11 pages to Le Monde, 8 are duplicates.
20 October 2013. Add 1 page to Der Spiegel.
13 October 2013. Add 4, 7 and 9 pages to Washington Post.
8 October 2013. Add 7 pages to O Globo: CSE spying on Brazilian ministry, reported 7 October 2013.
6 October 2013. Add Snowden pages published by Washington Post, Der Spiegel, O Globo Fantastico, New York Times, ProPublica. Some are duplicates(*).
5 October 2013
26 Years to Release Snowden Docs by The Guardian
Out of reported 15,000 pages, The Guardian has published 192 pages in fourteen releases over four months, an average of 48 pages per month, or 1.28% of the total. At this rate it will take 26 years for full release.
Edward Snowden will be 56 years old.
Glenn Greenwald will be 72.
Laura Poitras will be 75.
Alan Rusbridger will be 86.
Barton Gellman will be 78.
Julian Assange will be 68.
Chelsea Manning will be 52.
Keith Alexander will be 88.
Barack Obama will be 78.
Daniel Ellsberg will be 108.
This author will be 103.



Number Date Title Pages

The Guardian
211

16 18 November 2013 DSD 3G 6
15 1 November 2013 PRISM, SSO 13*
14 4 October 2013 Types of IAT Tor 9
13 4 October 2013 Egotistical Giraffe 20*
12 4 October 2013 Tor Stinks 23
11 5 September 2013 BULLRUN 6*
10 5 September 2013 SIGINT Enabling 3*
9 5 September 2013 NSA classification guide 3
8 31 July 2013 XKeyscore 32
7 27 June 2013 DoJ Memo on NSA 16
6 27 June 2013 Stellar Wind 51
5 20 June 2013 Minimization Exhibit A 9
4 20 June 2013 Minimization Exhibit B 9
3 8 June 2013 Boundless Informant 3
2 8 June 2013 Boundless Informant 4
1 5 June 2013 Verizon 4






Washington Post
148


4 November 2013 WINDSTOP, SSO, Yahoo-Google 14

30 October 2013 Google and Yahoo 4

14 October 2013 SSO Overview 4

14 October 2013 SSO Slides 7

14 October 2013 SSO Content Slides 9

4 October 2013 Tor 49

4 October 2013 EgotisticalGiraffe 20*

4 October 2013 GCHQ MULLENIZE 2

4 October 2013 Roger Dingledine 2

30 August 2013 Budget 17

29 June 2013 PRISM 8

20 June 2013 Warrantless Surveillance 25

6 June 2013 PRISM 1






Der Spiegel
19


17 November 2013 ROYAL CONCIERGE 2

29 October 2013 NSA-CIA SCS 3

27 October 2013 NSA-CIA SCS 2

20 October 2013 Mexico President 1

20 September 2013 Belgacom 3

16 September 2013 SWIFT 3

9 September 2013 Smartphones 5

1 September 2013 French Foreign Ministry 0

31 August 2013 Al Jazeera 0






O Globo Fantastico
~87


7 October 2013 CSE Brazil Ministry 7

8 September 2013 Petrobas ~60

3 September 2013 Brazil and Mexico 20






New York Times
36


23 November 2013 SIGINT Strategy 2012-2016 5

3 November 2013 SIGINT Missions 22

28 September 2013 Contact Chaining Social Networks 1

28 September 2013 SYANPSE 1

5 September 2013 BULLRUN 4*

5 September 2013 SIGINT Enabling 3*










ProPublica
7


5 September 2013 BULLRUN 4*

5 September 2103 SIGINT Enabling 3*






Le Monde
19


25 October 2013 NSA Hosts FR Spies 4

21 October 2013 Wanadoo-Alcatel 1

21 October 2013 Close Access Sigads 2

21 October 2013 Boundless Informant 2

22 October 2013 PRISM 11





Dagbladet
13


19 November 2013 BOUNDLESSINFORMANT 13





NRC Handelsblad
1


23 November 2013 SIGINT Cryptologic Platform 1
























NSA TreasureMap

23 November 2013
NSA TreasureMap
The NY Times today cites an NSA tool called "Treasure Map" and describes its capabilities but does not publish visual examples. Also cited is "Packaged Goods," an associated tool. If publicly available,Cryptome asked for pointers to the two.


From: tom <tom[at]cyber-dyne.com>
Subject: TreasureMap
Date: Sat, 23 Nov 2013 11:17:28 -0800
To: cryptome[at]earthlink.net
TreasureMap is not a document but viewing software -- very similar to MindMeister, see below -- that draws (and updates) network diagrams according to what is currently carried in an associated database. The key feature is scalability: vector graphics that zoom in and out to any level of resolution. Sort of like Google Earth, only using lines and nodes.
The NYTimes says the map is 300,000' wide; that's virtual width, at full zoom you could only see a very small part of the internet network some analyst wants to surveille.
So someone could only send you a screenshot of TreasureMap at a particular resolution. That would be very useful to technical people. Otherwise they would have to send you both the very large database (at some instant) and the proprietary defense contractor viewing software which would not install on your computer.
Below I attach a jpg from very similar software used by Marc Ambinder to show the organizational structure of NSA, its programs and tools. Note that MindMeister is able to attach images and text documents to nodes on the map so it is "all" there in one place. In TreasureMap, these would be (or link to) the phone numbers, email, name, SSI, recent Visa purchases, etc. of people owning the devices in the current zoom.
The NSA example: http://www.mindmeister.com/326632176/nsa-css
[Image]
More examples are shown here: http://www.mindmeister.com/public
PackagedGoods sounds like the software tool that makes the above unnamed database. "Despite the document’s reference to “unwitting data centers,” government officials said that the agency does not hack into those centers. Instead, the officials said, the intelligence community secretly uses front companies to lease space on the servers."
Uhh, we've seen this before with NSA's break-in of Tor. They lease server space initially for their malware, which then breaks out of its confines to capture the traceroute data they want in real time, but mostly they rent space to store and serve the information they have swiped from the data center to the TreasureMap database federation. So the joke is on the data center -- they're hosting the very thief of their other customers' data.
Let's hope someone can release the document describing PackagedGoods, or at least can name the front companies. It is really impossible to defend our privacy without knowing more of the operational attack details -- this drip, drip, drip of policy documents, often with gratuitous self-censoring by the journalists themselves, is not helping the public secure their phones or computers.

Thursday, November 21, 2013

NSA Authorized to Spy on British

21 November 2013
NSA Authorized to Spy on British
The NY Times does not appear to have published this memo. If available elsewhere please provide pointer: cryptome[at]earthlink. Current tally of Snowden documents released (not counting this alleged memo): 522 pages of reported 50,000 (or 1%). (NSA Director claims 200,000 (or .25%).)
US-UK Agreements 1940-1956:
http://www.nsa.gov/public_info/declass/ukusa.shtml


http://www.nytimes.com/2013/11/21/us/united-states-can-spy-on-britons-despite-
pact-nsa-memo-says.html

United States Can Spy on Britons Despite Pact, N.S.A. Memo Says
By JAMES GLANZ
Published: November 20, 2013
The National Security Agency is authorized to spy on the citizens of America’s closest allies, including Britain, even though those English-speaking countries have long had an official non-spying pact, according to a newly disclosed memorandum.
The classified N.S.A. document, which appears to be a draft and is dated January 2005, states that under specific circumstances, the American intelligence agency may spy on citizens of Britain without that country’s consent or knowledge. The memo, provided by the former N.S.A. contractor Edward J. Snowden, is labeled secret and “NOFORN,” indicating that it may not be shared with any foreign country.
In recent months, the N.S.A.’s activities have stoked anger across the world after leaked documents have exposed American spying on political and economic partners like Germany and France, as well as various foreign leaders. But until now, there has been almost nothing disclosed about spying among the “Five Eyes” countries — the United States and its close intelligence partners Britain, Canada, Australia and New Zealand.
The N.S.A. declined to respond to questions on whether the draft became official policy and whether spying on Britain without its consent had ever taken place.
But portions of the document appear to indicate that, whether by formal agreement or simply longstanding practice, both Britain and the United States believed that in extraordinary circumstances, one country might feel compelled to spy on citizens of the other.
In a reference to an intelligence-sharing compact struck in March 1946, the memo said the two nations had agreed “that both governments will not target each other’s citizens/persons.”
That agreement, however, came with a caveat that “when it is in the best interest of each nation,” unilateral spying by one nation on the other could take place, the memo says. It goes on to expand that mandate to allow spying by the United States on any of the Five Eyes countries.
The memo was provided by Mr. Snowden to The Guardian, which shared it with The New York Times. The N.S.A. also declined to say whether the memorandum merely codified longstanding American practice or was breaking new ground.
“NSA works with a number of partners and allies in meeting its foreign-intelligence mission goals, and in every case those operations comply with U.S. law and with the applicable laws under which those partners and allies operate,” the agency said in a written reply to questions.
One former senior intelligence official said he had been unaware there were any exceptions to the policy of the five nations sharing intelligence information with each other, but said he would be surprised if the United States chose to spy on its closest allies very frequently.
“They would do this unilaterally so rarely and in such extraordinary circumstances because they would be so concerned about hurting the relationship,” said the former official, who spoke only on condition of anonymity. “My bet is that they wouldn’t go to that well very often.”
The memo contains several protocols on who should be alerted, and under what circumstances, when spying must take place on other Five Eyes countries — also referred to as “Second Party” countries.
One paragraph, marked secret, appears to suggest that the preferred option is to gain permission from the country whose citizens are to be spied upon. But the very next paragraph, marked secret and NOFORN, indicates that the N.S.A. can go it alone if permission is not forthcoming — or if United States chooses not to ask.
“When sharing the planned targeting information with a Second Party would be contrary to U.S. interests, or when the Second Party declines a collaboration proposal, the proposed targeting must be presented to the Signals Intelligence Director for approval with justification for the criticality of the proposed collection,” the passage explains.
It goes on to say that if that spying is approved, the information it gleans “must be maintained in NOFORN channels” — i.e., never shared with the spied-upon country.
A footnote goes further, suggesting that if a Five Eyes citizen is outside of his or her own country, the limits are lifted. In that case, the memo says, “there may be no restrictions associated with that collection” outside of basic N.S.A. rules on avoiding spying on innocent Americans and similar guidelines.
The memo does not detail how much, if at all, these orders differ from existing practice among the spying partners. Even the memo’s purpose is classified secret and NOFORN: “This management directive establishes United States Signals Intelligence System (USSS) policy and procedures related to the targeting of Second Party Persons.”
From the start, the document raises the intriguing question of whether American and British spy agencies have been loosening the rules established in the nonspying compact of 1946. After referring to the compact, the memo contains a passage stating that “this agreement has evolved” to include the understanding that Britain and the United States would not spy on each other.
But in the next two sentences, the memo asserts that the countries “reserved the right” to spy on each other “when it is in the best interest of each nation.”

Tuesday, November 19, 2013

Masterspy Releases of FISC NSA Spy Documents

Masterspy Releases FISC NSA Spy Documents


http://www.odni.gov/index.php/newsroom/press-releases/191-press-releases-2013/
964-dni-clapper-declassifies-additional-intelligence-community-documents-regarding-
collection-under-section-501-of-the-foreign-intelligence-surveillance-act-nov

DNI Clapper Declassifies Additional Intelligence Community Documents Regarding Collection Under Section 501 of the Foreign Intelligence Surveillance Act
Monday, November 18, 2013
In June of this year, President Obama directed me to declassify and make public as much information as possible about certain sensitive programs while being mindful of the need to protect sensitive classified intelligence activities and national security.  Since then, I have authorized the declassification and public release of numerous documents pertaining to the government's collection under Sections 501 and 702 of FISA. 

Today I authorized the declassification and public release of additional documents relating to collection under Section 501, bringing the total to nearly 2000 pages of documents released to the public so far, including 20 orders and opinions of the Foreign Surveillance Court, 11 pleadings and other documents submitted to the Court, 24 documents provided to Congress, and 20 reports, training slides, and other internal documents describing the legal basis for the programs and how they operate.  The information released today includes a number of internal NSA documents, training slides and internal guidance, which demonstrate the care with which NSA's foreign intelligence collection pursuant to Section 501 is run, managed, and overseen. Also included is the United States Signals Intelligence Directive 18 which details policies and procedures to ensure NSA's missions and functions are conducted in a manner that safeguards the constitutional rights of U.S persons, and two opinions from the Foreign Intelligence Surveillance Court concerning a now-discontinued NSA bulk electronic communications metadata program.  These documents were properly classified and their declassification was not done lightly.

Release of these documents reflects the Executive Branch's continued commitment to making information about this intelligence collection program publicly available when appropriate and consistent with the national security of the United States.  Additionally, they demonstrate the extent to which the Intelligence Community kept both Congress and the Foreign Intelligence Surveillance Court apprised of the status of the collection program under Section 215.  Some information has been redacted because these documents include discussion of matters that continue to be properly classified for national security reasons and the harm to national security would be great if disclosed. These documents will be made available at the website of the Office of the Director of National Intelligence and at ICOntheRecord.tumblr.com, the public website dedicated to fostering greater public visibility into the intelligence activities of the U.S. Government.

James R. Clapper
Director of National Intelligence


Today's Releases

Training.  The documents released today include a number of internal NSA documents, including training slides and internal guidance.  These documents explain in detail rules that have been put in place to ensure compliance with the law and to protect privacy rights in conducting the NSA's signals intelligence mission.  Together, these documents demonstrate the care with which NSA's foreign intelligence collection pursuant to Section 501 is run, managed, and overseen.  Each of the training documents details the efforts that NSA makes to ensure that the restrictions under which NSA operates are ingrained in the workforce charged with implementing the authority granted by Congress and authorized by the FISC. 

Minimization Procedures.  In addition, as part of the Government's continuing effort to provide the public with additional information about how NSA conducts its activities, the DNI is publicly releasing United States Signal Intelligence Directive 18.  This directive details policies and procedures designed to ensure that NSA's missions and functions are conducted as authorized by law and in a manner that is consistent with the Fourth Amendment to the Constitution.  The directive sets forth the minimization policies and procedures regarding NSA's SIGINT activities, including the rules for the collection, retention, and dissemination of information about U.S. persons.

Electronic Communications Metadata Collection Opinions.  Finally, the DNI has authorized the declassification and public release of two opinions of the FISC concerning a now-discontinued NSA bulk electronic communications metadata program.  The FISC authorized this program under Section 402 of FISA, the Pen Register and Trap and Trace (PR/TT) provision.  Previous public releases by the DNI, including the FISC's opinion from October 3, 2011, referenced this program, and the fuller explanation of the program provided by today's release extends the DNI's commitment to providing greater transparency for FISA activities.  Except for a brief period, the FISC reauthorized this program approximately every 90 days from its inception until it was discontinued in 2011.  Throughout its operation, the program was briefed to the Intelligence and Judiciary Committees of Congress and generally referenced in the then-classified white papers provided to Congress during reauthorization of the USA PATRIOT Act in 2009 and 2010. 

The discontinued PR/TT program shared certain similarities to the NSA's bulk telephony metadata program—the subject of previous releases—in that the PR/TT program sought only the metadata associated with electronic communications and not their content; moreover, querying the metadata for both programs was permitted only for authorized counterterrorism purposes.  Additionally, both programs operated with similar access, retention, and dissemination restrictions proposed by the Government and approved by the FISC.  Given these operational similarities, many of the documents released today address both programs, sometimes side by side, even though, as noted above, the PR/TT program was conducted pursuant to a different legal authority from that authorizing the NSA's bulk telephony metadata program.  At all times, the PR/TT program collected metadata from only a small percentage of world wide electronic communications traffic.

Additional Information on the Discontinued PR/TT Program

The Program

Under the now-discontinued PR/TT program, the FISC, after finding that the Government's applications satisfied the requirements of FISA and the Constitution, approved orders that enabled the Government to collect electronic communications metadata, such as the â€Å“to,” â€Å“from,” and â€Å“cc” lines of an email and the email's time and date.  This program did not authorize the collection of the content of any electronic communications.  Under this program, NSA could not read the content of any electronic communications for which the metadata was acquired.  Like NSA's bulk telephony metadata program, this program was subject to several restrictions approved by the FISC, such as:
 
  • The information had to be stored in secure databases.
  • The information could be used only for counterterrorism purposes.
  • The databases could be queried using an identifier such as an email address only when an analyst had a reasonable and articulable suspicion that the account or email address was associated with certain specified foreign terrorist organizations that were the subject of FBI counterterrorism investigations.  The basis for that suspicion had to be documented in writing and approved by one of the 22 designated approving officials identified in the Court's Order.  Moreover, if an identifier was reasonably believed to be used by a United States person, NSA's Office of General Counsel would also review the determination to ensure that suspected association was not based solely on First Amendment-protected activities.
  • NSA was required to destroy the bulk metadata after a set period of time.
The Documents Released

The first PR/TT document released today is an opinion and order from the FISC that carefully analyzed and approved the Government's application to initiate this collection program.  The Court's detailed 87-page opinion and 18-page order demonstrate the Court's searching and exhaustive review of the proposed program prior to its implementation.  The opinion not only details the program's legal basis but also explains the procedures that NSA was required to follow in administering the program.  The Court concluded that the NSA collection program was permissible under both FISA and the Constitution.

The second PR/TT document released today is a 117-page FISC opinion, which authorized NSA to re-initiate the program following the Government's suspension of the program for several months to address compliance issues identified by the Government and brought to the Court's attention.  As the Court's opinion explains, these incidents involved three general categories of compliance issues: (1) access to the metadata; (2) disclosure of query results and information derived from them; and (3) overcollection.  Because of the significance and complexity of these incidents, the Government did not seek an order from the FISC to renew the program when it expired on its normal schedule, thus essentially suspending the program for several months.  As detailed in the opinion released today, the Government addressed these concerns during that period and, after a careful review, the FISC approved the Government's application to resume collection on a modified basis.

As previously stated, this electronic communications metadata bulk collection program has been discontinued.  The Intelligence Community regularly assesses the continuing operational value of all of its collection programs.  In 2011, the Director of NSA called for an examination of this program to assess its continuing value as a unique source of foreign intelligence information.  This examination revealed that the program was no longer meeting the operational expectations that NSA had for it.  Accordingly, after careful deliberation, the Government discontinued the program.

Both of these opinions contained extensive technical discussions of the particular means by which the collection was to be accomplished, particular targets of the collection, and other sensitive intelligence matters that must remain classified.  Accordingly, they are being released in redacted form.

Executive Branch Initiatives

Upon discovery in 2009 of longstanding compliance issues associated with NSA's electronic communications and telephony bulk metadata collection programs, NSA recognized that its compliance and oversight structure had not kept pace with its operational momentum and the evolving and challenging technological environment in which it functioned.  NSA, in close coordination with the Office of the Director of National Intelligence and the Department of Justice, therefore undertook significant steps to address these issues from a structural, managerial, and training perspective.  The Director of NSA ordered comprehensive reviews of both of these collection programs to ensure that they were being implemented in accordance with all applicable legal requirements.  Concurrently, NSA created the position of Director of Compliance to focus on the NSA-wide structural, managerial, and training improvements necessary to keep NSA's activities consistent with the law, policies, and procedures designed to protect privacy.

NSA continues to enhance training for both operational and technical personnel.  NSA has added additional technology-based safeguards and has implemented procedures to ensure accuracy and precision in its filings before the FISC.  NSA has also enhanced its oversight coordination with the Office of the Director of National Intelligence and the Department of Justice.  NSA's senior leadership is directly involved in and responsible for compliance efforts across NSA, including regular senior leadership reviews of NSA's privacy compliance program.

Since 2009 and the discovery of the compliance incidents related to NSA's bulk metadata programs, the Government has continued to increase its focus on compliance and oversight.  Today, NSA's compliance program is directly supported by over three hundred personnel, a threefold increase in just four years.  This increase was designed to address changes in technology and authorities enacted as part of the FISA Amendments Act to confront evolving threats.  This increase also reflects the commitment on the part of the Intelligence Community and the rest of the Government to ensuring that its intelligence collection activities are conducted responsibly and in accordance with the law.

The Government continues to evaluate whether additional information concerning the use of FISA authorities can be made public, consistent with protecting national security.
LIST OF RELEASES

Reports to Congress

The Attorney General's Annual Reports on Requests for Access to Business Records under FISA for Years 2006-2012
 
April 10, 2009 NSA notification memorandum to SSCI on the status of the on-going NSA-initiated end-to-end review of its bulk telephony metadata programs conducted pursuant to Section 501 of FISA, and bulk electronic communications metadata program conducted pursuant to Section 402 of FISA.

June 29, 2009 NSA notification memorandum to SSCI on the status of the on-going NSA-initiated end-to-end review of its bulk telephony metadata program conducted pursuant to Section 501 of FISA, and bulk electronic communications metadata program conducted pursuant to Section 402 of FISA.   

December 1, 2010 NSA memorandum to SSCI explaining that NSA does not acquire cell site location information pursuant to the bulk electronic communications metadata program, and with the exception of a limited sampling for testing purposes, does not acquire such information pursuant to the bulk telephony metadata program. 

Production to Congress of a May 23, 2006 Government Memorandum of Law in support of its Application to the FISC for authorization to conduct bulk telephony metadata collection under Section501 of FISA.  Included with the Memorandum of Law is a copy of United States Signals Intelligence Directive 18 (USSID 18), which prescribes policies and procedures, and assigns responsibilities, to ensure that NSA's signals intelligence activities are conducted in a manner that is appropriate under the Fourth Amendment to the Constitution.

April 27, 2005 Prepared Testimony from Alberto R. Gonzales, Attorney General of the United States, and Robert S. Mueller, III, Federal Bureau of Investigation, United States Department of Justice Before the Select Committee on Intelligence discussing the government's use of USA PATRIOT Act authorities in combating international terrorism. 

FISC Submissions,  Opinions and Orders

Opinion of the FISC granting the Government's application seeking the collection of bulk electronic communications metadata pursuant to Section 402 of FISA, the Pen Register and Trap and Trace (PR/TT) provision.

Opinion of the FISC granting the Government's application seeking to re-instate NSA's bulk electronic communications metadata program following the Government's suspension of the program for several months to address compliance issues identified by the Government and brought to the Court's attention. 

Order and Supplemental Order of the FISC in response to the Government's reporting of a compliance incident related to NSA's dissemination of certain query results discovered during NSA's end-to-end review of its bulk telephony metadata program, and ordering the Government to report on a weekly basis, any disseminations of information from that program outside of NSA and provide further explanation of the incident in its final report upon completion of the end-to-end review. 

July 17, 2006 Court-ordered NSA Inspector General and General Counsel report on the adequacy of the management controls for the processing and dissemination of U.S. person information collected under NSA's bulk telephony metadata program.  The report finds that although the NSA-designed management controls governing the processing, dissemination, security, and oversight of telephony metadata and U.S. person information are adequate, several aspects exceed the terms of the Court's Order, and proposes additional controls to enhance the protection of US person information.

August 17, 2006 NSA Presentation for the FISC regarding NSA's bulk telephony metadata program pursuant to Section 501 of FISA, and notification of two compliance issues concerning the collection.

September 1, 2009 NSA Presentation for the FISC regarding NSA's bulk telephony metadata program pursuant to Section 501 of FISA for the purpose of demonstrating NSA's compliance with the Court's Orders, and NSA's operational use of the bulk telephony metadata program in its counterterrorism missions while appropriately protecting privacy.

September 5, 2006 Cover filing submission to the FISC of the standard minimization procedures governing the retention and dissemination by the Federal Bureau of Investigation of information received by FBI pursuant to Section 501 of FISA. 

May 8, 2009 Government Memorandum to the FISC providing preliminary notice of a compliance incident identified during the ongoing NSA-initiated end-to-end review of NSA's bulk telephony metadata program under Section 501 of FISA.

July 20, 2009 Order of the FISC approving the Government's request for authorization to provide the application and orders in docket number BR 06-05 to congressional committees consistent with the Government's congressional reporting requirements.

NSA Internal Procedures, Guidance, and Training Materials

United States Signals Intelligence Directive 18 (USSID 18) dated July 27, 1993, which prescribes policies and procedures designed to ensure that NSA's missions and functions are conducted as authorized by law in a manner that is consistent with the Fourth Amendment to the Constitution.  The directive sets forth the minimization policies and procedures regarding NSA's SIGINT activities, including the rules for the collection, retention, and dissemination of information about U.S. persons. 

United States Signals Intelligence Directive 18 (USSID 18) dated January 25, 2011, which prescribes policies and procedures designed to ensure that NSA's missions and functions are conducted as authorized by law in a manner that is consistent with the Fourth Amendment to the Constitution.  The directive sets forth the minimization policies and procedures regarding NSA's SIGINT activities, including the rules for the collection, retention, and dissemination of information about U.S. persons. 

Undated PowerPoint slide describing the requirements for verifying that only metadata, and not content, is collected consistent with Court order. 

Undated NSA summary of requirements for the collection of bulk telephony metadata under Section 501 of FISA

January 8, 2007 NSA web--based training slides on NSA's bulk telephony metadata program pursuant to Section 501 of FISA.  Topics include: 1) Court-ordered requirements; 2) the reasonable articulable suspicion (RAS) standard; 3) First Amendment considerations; and 4) Minimization procedures governing the accessing, sharing, retention, and dissemination of information.  

January 8, 2007 Interim Competency Test for NSA analysts on legal and compliance issues concerning queries of bulk telephony metadata acquired by NSA pursuant to Section 501 of FISA.

January 8, 2007 NSA PowerPoint presentation, designed for use by NSA personnel with access to the bulk telephony metadata acquired by NSA pursuant to Section 501 of FISA, for purposes of performing analytical functions, including:
(1)  Court-ordered requirements;
(2)  The reasonable articulable suspicion (RAS) standard;
(3)  First Amendment considerations; and
(4)  Minimization procedures governing the accessing, sharing, retention, and dissemination of information. 
August 2009 NSA Cryptological School Course on Legal, Compliance, and Minimization Procedures.  These course materials, designed for NSA personnel provided access to bulk telephony and electronic communications metadata acquired pursuant to Section 501 of FISA and Section 402 of FISA respectively, include:


(1)   Background on constitutional constraints under the Fourth Amendment for NSA collection activities;
(2)   Legal framework and applicable standards for collection, retention, dissemination of information under FISA and Executive Order 12333;
(3)   Guidance on collection, processing, retention, and dissemination of information under United States Signals Intelligence Directive 18 (USSID 18); and
(4)   Oversight and compliance issues relating to access and use of SIGINT databases and information. 
August 29, 2008 NSA memorandum providing guidance on NSA policy as to the applicable legal standards for querying bulk telephony metadata acquired pursuant to Section 501 of FISA, and bulk electronic communications metadata acquired pursuant to Section 402 of FISA.    

September 2008 Attorney General's Guidelines for Domestic FBI Operations, which establishes the framework for the use of authorities and investigative methods to protect the United States from terrorism and other threats to the national security, and to further United States foreign intelligence objectives, in a manner consistent with the Constitution and laws of the United States.

NSA Core Intelligence Oversight Training materials relating to NSA signals intelligence collection activities, including:
(1) Executive Order 12333; (2) December 1982 DOD Procedures Governing the Activities of DOD Intelligence Components That Affect United States Persons (DoD 5240 1-R);
(3) NSA/Central Security Service (CSS) Policy 1-23, Procedures Governing NSA/CSS Activities that Affect U.S. Persons, which establishes procedures and assigns responsibilities to ensure that the signals intelligence and information assurance missions of NSA and the Central Security Service are conducted in a manner consistent with the privacy rights of U.S. persons as required by law, executive orders, DOD policies and instructions, and internal policy; and
(4) DoD Guidance for Reporting Questionable Intelligence Activities and Significant or Highly Sensitive Matters (DTM 08-052).

2011 NSA Course Materials regarding NSA's bulk telephony metadata program pursuant to Section 501 of FISA, and NSA's bulk electronic communications metadata program pursuant to Section 402 of FISA.  These materials contrast the differences between the authorities granted for the two programs, detail the limitations on accuse, use, and retention of information collected under these two programs, and explain the role of the two programs in the context of the broader set of NSA's SIGINT authorities.

Thursday, November 14, 2013

UpdateD - NSA Spied 125 Billion Phone Calls in a Month

13 November 2013
Date: Fri, 1 Nov 2013 16:48:15 -0700 (PDT)
From: xxxxx[at]efn.org
To: cryptome[at]earthlink.net
Subject: Correcting the US figure
It seems that Greenwald already listed the US DNR total, and since he is looking at better images than I am (I am reading the Hindu's images), I'm inclined to take his total. (though not the interpretation of it, I've gone into the reasons enough times)
"There are no precise figures, but last January Brazil was just behind the United States, which had 2.3 billion phone calls and messages spied."
I have a US aggregate figure from Le Monde (3,095,533,478), Greenwald's rounded DNR figure from O Globo (2,300,000,000), which leaves the approximate US DNI total to be (795,533,478)
The revised DNR figures:
Pakistan: 12.76 billion
Afghanistan: 21.98 billion
India: 6.28 billion
Iraq: 7.8 billion? (blurry image)
Saudi Arabia: 7.8 billion ? (blurry image)
United States: 2.3 billion
Egypt: 1.9 billion ? (blurry image)
Iran: 1.73 billion
Jordan: 1.6 billion
Germany: 361 million
France: 70.2 million
Spain: 61 million
Italy: 46 million
Netherlands: 1.8 million
The rest of the world: Lots and Lots
Total: 124.8 billion.
http://oglobo.globo.com/mundo/eua-espionaram-milhoes-de-mails-ligacoes-de-
brasileiros-8940934#ixzz2jRJ3kGCn

_____
Date: Fri, 1 Nov 2013 16:58:38 -0700 (PDT)
From: xxxxx[at]efn.org
To: xxxxx[at]earthlink.net
Subject: While im'm in the business of correcting things.....
Statement from Greenwald's Dismissal of the Dismissal does not match the Article:
"A similar article, using the same set of documents, was published in Brazil's O Globo a week later, reporting the NSA's collection of the data for more than 2 billion calls and emails in Brazil in a single month. Another article, in the Indian daily the Hindu, reported on bulk collection of the data of calls in India based on the same document set."
http://ggsidedocs.blogspot.com/
Whereas the article in question actually states "Não há números precisos, mas em janeiro passado o Brasil ficou pouco atrás dos Estados Unidos, que teve 2,3 bilhões de telefonemas e mensagens espionados." ( There are no precise figures, but last January Brazil was just behind the United States, which had 2.3 billion phone calls and messages spied.)
http://oglobo.globo.com/mundo/eua-espionaram-milhoes-de-mails-ligacoes-de-
brasileiros-8940934#ixzz2jRPq0U9s

In the first instance it would seem that 2 billion was the Aggregate Brazil total (calls and emails), but in fact it was the US DNR total (calls and text messages).
I caught this because i was trying to reconcile the color of Brazil vs Germany, with Germany apparently having a lower total but a more intense color.
_____
29 October 2013. A explicates now the numbers below were derived from NSA Boundless Informant images and responds to press reports:
2013-1481.htm  NSA Boundless Informant Images Explicated  October 29, 2013
_____
24 October 2013. A sends:
Date: Thu, 24 Oct 2013 00:29:02 -0700 (PDT)
From: xxxxx[at]efn.org
To: xxxxx[at]earthlink.net
Subject: Translating Telephone metadata records to phone calls.
I feel a need to explain that 1 call metadata record does not necessarily correspond to 1 phone call. There is no easy way to determine the number of tapped phone calls from the number of metadata records captured. The number of metadata records generated by each phone call will depend on several factors. Here are a few:
1) It is possible for a new record to be generated along each switch along the call's path. 2) Multiple taps on a call's path, will of course generate multiple records for the same call. In a country like Afghanistan or Iraq, you can pretty much count on the entire infrastructure being bugged many times over by multiple means. The same calls therefor get picked up many times. Which is how we get to 20 billion call data records in a country that doesn't make nearly that many calls.
2a) The NSA may have some de-duplication capability, however it is likely not perfect.
3) Double counting: If someone in Iran calls someone in Brazil, that call could be picked up in both places, and increase each country's total. If the overall count equals the sum of the individual countries, there is double counting involved in the computation of the total.
In some ways the NSA is it's own worst enemy to say that the reports of 70 million calls in France being logged per month is inaccurate without explaining any of this. However, it isn't really better to say that each call on average generated 3 metadata records which were on average picked up twice apiece (ie: "it's only 11.7 million calls we bugged").
_____
23 October 2013. A sends revised numbers:
NSA Spied 124.8 Billion Phone Calls in a Month
Date: Tue, 22 Oct 2013 17:08:34 -0700
From: xxxxx[at]efn.org>
To:xxxxxx[at]earthlink.net
Subject: Thanks for publishing so quick, but the total telephone metadata records is a LOT higher than 540 million
I did not include the total in my original email, because does not reflect the totality of the NSA's operation.  If we take a look at the Map view, we actually have the true total: 124.8 BILLION.
The map view seems to be captured on Jan 8, 2013, and captures reflects the last 30 days, just like the org views. (Declassify date: Jan 1, 2032), and is giving is some totals. There ought to be an Org view for each of the countries on the map view.  According to the FAQ, the org views appear to have the ability to drill down further than we've seen so far. The caveat here is the the FAQ warns that the totals on the Org and map views are not the same, be that as it may, we still should have some idea based on the published images.
So the Real bottom line is:
Pakistan: 12.76 Billion
Afghanistan: 21.98 Billion
India: 6.28 billion
Iraq: 7.8 billion? (blurry image)
Saudi Arabia: 7.8 billion ? (blurry image)
United States: 3 Billion? (blurry image)
Egypt: 1.9 Billion ? (blurry image)
Iran: 1.73 Billion
Jordan: 1.6 Billion
Germany: 361 Million
France: 70.2 Million
Spain: 61 Million
Italy: 46 Million
Netherlands: 1.8 Million
The rest of the world: Lots and Lots
Total: 124.8 billion.
Sources:
http://cryptome.org/2013/10/nsa-boundless-informant.pdf
http://www.theguardian.com/world/interactive/2013/jun/08/boundless-informant-nsa-full-text
http://www.thehindu.com/news/national/india-among-top-targets-of-spying-by-nsa/article5157526.ece




22 October 2013 NSA Spied 540 Million Phone Calls in a Month


Date: Tue, 22 Oct 2013 13:25:47 -0700 (PDT)
From: xxxxxx[at]efn.org
To: xxxxxx[at]earthlink.net
Subject: Beneath the blackouts on "close access SIGADs" in LeMonde, etc.

I enclose a screen-capture from the program "Bom Dia Brasil" that shows more of the Close Access Sigad Document, in addition, "The Hindu" has described, though not shown 9 additional lines. They ought to looks something like this (minus the SIGAD suffix and Covername columns) that are not described):

Target/Country ........ Location.... Mission
India/UN .............. New York... HIGHLANDS
India/UN .............. New York... LIFESAVER
India/UN .............. New York... VAGRANT
India/UN .............. New York... MAGNETIC
India/Emb.............. Wash, DC....LIFESAVER
India/Emb.............. Wash, DC.... VAGRANT
India/Emb.............. Wash, DC.... MAGNETIC
India/Emb Annex........ Wash, DC.... HIGHLANDS
India/Emb Annex........ Wash, DC.... VAGRANT
It looks to me a lot like the Le Monde stories will follow the path of the Brazilian and Indian stories. It has occurred to me that this same story can also be told for many, many other countries: der Spiegel has already published BOUNDLESSINFORMANT graphs for the following: Germany, France, Italy, Spain and the Netherlands. If we take careful measurements of these graphs, and work out the appropriate scaling, we can determine how many telephone metadata records we have in each of these countries over the same 30 day period (DNR). The accuracy will be plus or minus 1 pixel, scaled appropriately. I have enclosed my chart.
The bottom Line:
Germany: 361 Million
France: 70 Million
Spain: 61 Million
Italy: 46 Million
Netherlands: 1.8 Million
Total: 539.8 Million
Publish if you will, there's nothing here that a person with a spreadsheet, a photo editor, and a lot of time couldn't have worked out, and for that reason, it's not encrypted.


Sources:
http://g1.globo.com/bom-dia-brasil/noticia/2013/07/jornal-o-globo-revela-que-brasil-
teria-sido-espionado-pelos-estados-unidos.html

http://www.thehindu.com/news/international/world/nsa-planted-bugs-at-indian-
missions-in-dc-un/article5164944.ece

http://www.spiegel.de/fotostrecke/photo-gallery-nsa-documentation-of-spying-in-
germany-fotostrecke-99672-2.html

Wednesday, November 13, 2013

"JFS-1 High Density Data Center."

12 November 2013. A sends: The facility is named "JFS-1 High Density Data Center."
A report on the facility by Intel engineer and the architect/engineer:
http://cryptome.org/2013-info/11/intel-ug-lab/Intel-Jones-Farm.pdf
(2.8MB)
[Image]
[Image]
8 November 2013
Intel Secret Underground Laboratory
A sends:
J wrote:
> ...
> It has been about 31 years since I worked at Intel; at the time they were
> developing the first DRAMs with 'redundancy': The ability to swap out
> 'rows' and 'columns', or potentially blocks, of storage elements. This was
> done to be able to drastically increase the yield of such chips: Test
> programs were written to identify errors (single bits; bad rows; bad
> columns; bad blocks) and swap out with 'invisible' rows/columns/blocks with
> others. Presumably, modern flash ROM has long used similar abilities. If
> that is the case, there is some kind of ordinarily-invisible storage areas
> (blocks, most likely) in those flash-drives. Such areas were sometimes
> 'activated' (made to appear/disappear) by out-of-spec voltages (above +5
> volts), but it's possible also that reading or 'writing' combinations of
> pre-specified data would also do this. It's been too long for me to give
> detailed assistance, but I can well imagine that 'they' are taking advantage
> of such 'features'.
Intel would be a strange beast for you today J.
There's a secret underground facility in Oregon (perhaps Cali too) for
classified intelligence work. some small fraction of Intel employees even
know it exists.
There they sequester CPU vulnerability research of sufficient implication.
There they sequester hardware level exploitation research of sufficient
implication. There they work on TS/SCI compartmented projects for USGOV.
45.545981, -122.962680
Hillsboro, OR
To the east, power (and interesting perimeter controls)
To the west, underground TS facilities accessed via underground
tunnel under parking to main complex.



Intel Secret Underground Laboratory
[Image]
[Image]
[Image]
[Image]
[Image]
[Image]
[Image]




Saturday, November 9, 2013

Intel Secret Underground Laboratory

Intel Secret Underground Laboratory

8 November 2013
Intel Secret Underground Laboratory
A sends:
J wrote:
> ...
> It has been about 31 years since I worked at Intel; at the time they were
> developing the first DRAMs with 'redundancy': The ability to swap out
> 'rows' and 'columns', or potentially blocks, of storage elements. This was
> done to be able to drastically increase the yield of such chips: Test
> programs were written to identify errors (single bits; bad rows; bad
> columns; bad blocks) and swap out with 'invisible' rows/columns/blocks with
> others. Presumably, modern flash ROM has long used similar abilities. If
> that is the case, there is some kind of ordinarily-invisible storage areas
> (blocks, most likely) in those flash-drives. Such areas were sometimes
> 'activated' (made to appear/disappear) by out-of-spec voltages (above +5
> volts), but it's possible also that reading or 'writing' combinations of
> pre-specified data would also do this. It's been too long for me to give
> detailed assistance, but I can well imagine that 'they' are taking advantage
> of such 'features'.
Intel would be a strange beast for you today J.
There's a secret underground facility in Oregon (perhaps Cali too) for
classified intelligence work. some small fraction of Intel employees even
know it exists.
There they sequester CPU vulnerability research of sufficient implication.
There they sequester hardware level exploitation research of sufficient
implication. There they work on TS/SCI compartmented projects for USGOV.
45.545981, -122.962680
Hillsboro, OR
To the east, power (and interesting perimeter controls)
To the west, underground TS facilities accessed via underground
tunnel under parking to main complex.



Intel Secret Underground Laboratory
[Image]
[Image]
[Image]
[Image]
[Image]
[Image]
[Image]




Thursday, November 7, 2013

Cyprus: UK-US Middle East Internet Spying


7 November 2013
Cyprus: UK-US Middle East Internet Spying
Thanks to the authors.


EXCLUSIVE
Cyprus: the home of British/American Internet surveillance in the Middle East
di Nicky Hager e Stefania Maurizi
Mi piace
Consiglia


British and US Internet surveillance in the Middle East and surrounding regions occurs from a secret base on the island of Cyprus, as l'Espresso, the German daily “Sueddeutsche Zeitung”, the Greek daily “Ta Nea” and the Greek channel “AlphaTV” can reveal. The country only has a million citizens and is a small player in world affairs, but it is a key site for the mass surveillance systems revealed by US whistleblower Edward Snowden.
The Middle Eastern surveillance hub has remained unidentified in Snowden revelations until now. The Guardian newspaper, which first received the Snowden leaks, said British Internet spying operations were run from two British sites and “a location abroad, which the Guardian will not identify”. The UK Independent newspaper also described a “secret Internet monitoring station in the Middle East” intercepting vast quantities of e-mails, phone calls and web traffic carried on underwater fibre-optic cables passing through the area -- but also declined to reveal the location.

The secret location is Cyprus, the 240km long island in the eastern Mediterranean. When Britain granted Mediterranean independence in 1960, Britain retained two large military bases, now home to the most important overseas spying operations of the Government Communications Headquarters (GCHQ).
This news comes amidst growing anger in Germany and other Western European countries at large-scale US and British surveillance of their citizens and political leaders. Britain faces pressure to stop spying on its European neighbours on behalf of the US intelligence agencies.
The surveillance is also a very controversial issue for the Cyprus Government. It relies on the secrecy of the British spying operations to avoid having to explain to neighbouring countries why British and US intelligence agencies spy on them from bases on Cypriot territory.
The Internet monitoring occurs at the Ayios Nikolaos intelligence station, part of Britain’s Eastern Sovereign Base Area. It is possible to see the top secret intelligence base on Google Earth (here): a cluster of operations buildings, several eavesdropping satellite dishes and nearby a large circular radio direction-finding antenna system, a tell-tale sign of signals intelligence bases.
The targets of the Cyprus intelligence operations will typically include the government leaders in all the surrounding countries and other senior public, business and military leaders. Following the pattern of British and US spying in other regions, it will also include United Nations agencies, trade organisations, private companies, police forces, militaries and political groups.
British intelligence documents leaked by Snowden reveal a GCHQ project with the extravagant name “Mastery of the Internet”. According to the Guardian, a programme called “Tempora” allows GCHQ to tap into Internet cables passing over UK territory, intercepting hundreds of gigabytes of Internet data every second. This includes websites visited, e-mails, instant messages, calls and passwords. The documents say Britain currently does more Internet monitoring even than the US National Security Agency (NSA). Personal data available to GCHQ from Internet and mobile traffic had increased 7000% in five years.
A large component of this Internet surveillance is occurring in Cyprus. Among the thousands of documents Snowden copied before he left his intelligence job and became a whistleblower is an obscure GCHQ document containing the clue about GCHQ’s Internet surveillance “location abroad”. It was passed by Snowden to the Washington Post and published last month.
The 2012 report is about Internet surveillance, including a project called Operation Mullenize It says the Internet surveillance work occurs at three locations and involves “a lot of hard work by some committed individuals”. The Internet surveillance staff are based at “Benhall, Bude and Sounder”. These correspond to the three Internet surveillance locations mentioned by the Guardian: the GCHQ’s headquarters, its station in Bude and the unidentified “location abroad”.
Benhall is the address of the GCHQ headquarters and Bude the main British interception station in Cornwall. The third location, “Sounder”, is a tightly held secret, but it turns out to be a confidential intelligence agency name for operations in Cyprus.
The name Sounder had been mentioned in the diary of former NSA head General William Odom and was discovered in Odom’s archived papers by US intelligence writer Matthew Aid. The diary recorded a 1988 discussion between Odom and GCHQ director Peter Marychurch that noted Sounder was in Cyprus and said that NSA “will share part of costs”. Aid identified Sounder specifically as the Ayios Nikolaos surveillance station.
The UK is strategically placed for Internet surveillance. The Snowden documents, as reported by the German newspaper Süddeutsche Zeitung, revealed GCHQ monitors at least 14 major undersea cables that come ashore in Britain. There are trans-Atlantic, African, Western European and Europe-to-Asia cables conveniently accessible to GCHQ on British soil.
However, Britain is not well positioned for its long-term role of spying on the Middle East. The answer is Cyprus.
Undersea cable maps show Cyprus at the hub of numerous fibre-optic undersea cables making it a natural site to spy on the Eastern Mediterranean and Middle Eastern communications. A number of cables connect Cyprus to Israel and Syria, obvious targets for Anglo-American spying. Other cables run from Cyprus to Lebanon, Cyprus to Egypt and Turkey, to Greece and Italy, and so on.
The major SEA-ME-WE3 cable connecting South East Asia, the Middle East and Western Europe also comes ashore on the little island country. In total over a dozen strategic cables are accessible in Cyprus and more are planned. It is an ideal site for monitoring communications in the Middle East and surrounding countries.
Last August, “ l'Espresso ” revealed that, according to the Snowden files on the “Tempora” programme, the GCHQ tapped three submarine fiber optic cables having landing points in Sicily: Fea, SeaMeWe3 and SeaMewe4.
As Cyprus plays a crucial role in the mass surveillance operations targeting Middle East, with 14 cables having landing points in Cyprus, Sicily plays a crucial role with its 19 cables with landing points in the Italian island at the center of the Mediterranean Sea, a crossroad for communications between Europe, North Africa, Middle East and Asia ( see ).
SeaMewe3 and SeaMeWe4 are owned by a consortium of international telecoms including the Italian company “Telecom Italia Sparkle”, which is also the co-owner of many submarine cables with landing points in Cyprus, like SeaMewe3, Lev Submarine System, Cadmos, MedNautilus Submarine System, Ugarit, Cios.
Telecom Italia Sparkle is an Italian company which ended up in a huge tax evasion scandal, involving Gennaro Mokbel, an infamous Italian businessman linked to the Italian intelligence services and to the far right extremism, sentenced to 15 years in jail for this tax fraud scheme”.
Gaining intelligence access to undersea cables requires cooperation from the telecommunications authorities. In the UK, GCHQ has had a long-term relationship with British Telecom, allowing telecommunications routes to be designed to the advantage of the eavesdroppers.
This makes Cyprus perfect for GCHQ surveillance as well. The British government directly governed Cyprus until 1960. Since then, the treaty granting the country independence has included a special clause, section 6, stating that the Cyprus authorities must “consult and cooperate” with the British over the island’s telecommunications decisions.
In other words, the government owned Cyprus Telecommunications Authority is legally obliged to assist the British government, which in Cyprus primarily means assisting the British intelligence bases. Some of the undersea cables are directly owned by the Cyprus Telecommunications Authority (CYTA).
We asked CYTA if it is aware that the British intelligence station at Ayios Nikolaos is tapping into and processing international communications carried by undersea cables it owns and manages in Cyprus; and whether there an agreement between CYTA and the British authorities for assisting the surveillance. Cyta spokesperson Lefteris Christou replied that "Cyta is fully compliant to the European legislation relating to the Data Protection of its customers, and is not involved in any practises that violate this legislation." This however says very little. The privacy rules in the EU Data Protection Directive do not apply to "operations concerning public security, defence, State security."
Undersea cable engineers say that undersea cable interception occurs after a cable emerges from the sea at a landing station and travels overland to a data centre to connect with other cable networks. They say undersea cables are copied inside the data centre using a passive optical splitter. A separate fibre-optic cable would then carry the intercepted communications to an intelligence site, in this case the Ayios Nikolaos station.
The NSA has a strong interest in the GCHQ surveillance capabilities. A Snowden document describes direct NSA funding of GCHQ projects it sees having value for its own intelligence operations. In 2010, £39.9 million of NSA funding went mostly to GCHQ’s “Mastering the Internet” project and to developments at the GCHQ’s underseas cable intercepting site in Bude. The following year, according to the Guardian, NSA paid “half the costs of one of the UK’s main eavesdropping capabilities in Cyprus.”
This is not the first time. When a financial crisis forced Britain to withdrew its forces from “East of Suez” and close many of its world-wide bases, the UK government looked at closing the Cyprus bases. The US government insisted in 1974 that the Cyprus bases stay open and agreed to pay some of the costs. Later, in 1988, NSA director Odom’s diary records more US funding, a date that probably coincides with expansion into satellite communications interception at the Ayios Nikolaos station.
A current-day GCHQ document on the future of Cyprus operations was still arguing the Cyprus operations had to "remain resourced and equipped … to maintain healthy relationships with USA customers".
According to a further Snowden document, viewed by Süddeutsche Zeitung journalists, US intelligence officers are also based in the British Cyprus bases. The document says the American intelligence staff are required to dress as tourists because the UK has promised the Cyprus government that only British staff will work there.
The GCHQ press office responded to questions about the Cyprus surveillance with its standard non-answer: “It is long standing policy that we do not comment on intelligence matters.” Their e-mail said that “Communications with GCHQ may be monitored and/or recorded for system efficiency and other lawful purposes.”
Cyprus has been the main British communication interception base in the Middle East for about 65 years [see box]. This has gone together with GCHQ’s long-term role specialising in Middle East intelligence gathering as its contribution to the NSA-led intelligence alliance.
The US-British intelligence alliance coordinates its Middle Eastern operations from two huge intelligence centres: the GCHQ headquarters in England and a NSA regional intelligence centre at Fort Gordon in the southern US state of Georgia (known as “NSA-G”). Both facilities contain hundreds of analysts who speak Middle Eastern and surrounding languages. They are connected in real time to the flows of intercepted public calls and messages captured by eavesdropping sites in that region.
However the key eavesdropping site, Cyprus, has remained hidden and so the crucial influence of Cyprus-based spying on Middle Eastern politics has never been widely understood.
05 novembre 2013
© RIPRODUZIONE RISERVATA
History of British intelligence operations in Cyprus
When the GCHQ was first exposed to the British public by investigative journalists in the 1970s, the whistleblower John Berry was a 1960s intelligence officer at the Ayios Nikolaos station. When Britain justified the 2003 Iraq invasion by saying Iraqi weapons of mass destruction could reach British bases in just 45 minutes, the bases in question were the Cyprus intelligence facilities. When Britain provides intelligence to the present-day Syrian rebels, the intelligence is coming in part from its Cyprus monitoring bases (105 km off the Syrian coast). Yet Cyprus itself, the island of spies, has largely managed to remain out of the news, at most on the edge of the news and more often invisible. Great effort has gone into keeping it secret from the public.
Cyprus became the main British signals intelligence location in the Middle East in the late 1940s. Political upheavals forced the British to close large radio eavesdropping stations in Sarafand, Palestine, and in Heliopolis, Egypt. In 1947 these were moved to Cyprus and became the Ayios Nikolaos base. UK eavesdropping bases in Ceylon and Habbaniya, Iraq, were closed in the 1950s and moved to Cyprus as well. It became the main centre for Anglo-American spying on the Middle East and surrounding regions.
The British intelligence operations expanded during the Cold War. In addition to long-distance radio monitoring, there was the 1963 Project Sandra Over the Horizon Radar on Mount Olympus for monitoring aircraft and missile launches as far away as the Soviet Union. British and US spy planes flew thousands of electronic eavesdropping and photographic missions from Cyprus; and a US “Pusher” radio antenna monitored and pinpointed radio communications across the Middle East and southern Soviet Union. A separate unmanned NSA listening post in Cyprus -- connected to the large NSA Bad Aibling base in Germany -- was intercepting Israeli communications. There was also an MI6 radio station and Voice of America broadcasts. 
Later, Cyprus became a site for the first US-British mass surveillance system called Echelon. This was the job of the large satellite dishes next to the Ayios Nikolaos operations buildings, at a time when bulk telecommunications traffic was mainly carried by satellite. They spy on regional communications satellites and the phone calls, e-mails and other communications are processed and searched by intelligence computers inside the buildings.
Later technology changed and fibre-optic undersea cables became the best option for bulk communications. The era of undersea cable and Internet monitoring was underway as well. Given the US and Britain’s long-term political and military activities in the Middle East, the Cold War, the Israel-Palestine conflict, wars in Afghanistan, Iraq, Libya and Syria, and so on, it is no surprise that Britain’s intelligence real estate in the heart of this region is still a key interception site today.