Revelations

Documents revealed by Edward Snowden and pertaining to the National Security Agency (NSA), US surveillance programs and US Intelligence Community partners abroad have been released and reported on since 5 June 2013. Below is a list of the revelations, with links to documents and relevant articles, with the most recent ones at the top.

GCHQ presents its plans for using social media

A presentation prepared by GCHQ’s Joint Threat Research Intelligence Group (JTRIG) for the 2010 SIGDEV conference makes clear the agency’s willingness to use mainstream social media channels “propaganda”, “deception”, “pushing stories” and “alias development.” Information operations are said to constitute 5% of GCHQ’s operations.

Source documents:
Full Spectrum Cyber Effects
2009 SIGDEV Conference: ‘Best Yet and Continuing to Improve’

Related article:
The “Cuban Twitter” Scam Is a Drop in the Internet Propaganda Bucket, by Glenn Greenwald, 4 April 2014 in the Intercept

A March 2013 report from the NSA’s Special Source Operations (SSO) reveals that a FISA Court order provided the agency with the authorisation to monitor communications relevant to “Germany” and that similar orders have been issued in relation to China, Mexico, Japan, Venezuela, Yemen, Brazil, Sudan, Guatemala, Bosnia and Russia. An undated 26-page GCHQ document shows that the agency compromised the communications of at least three German satellite companies (Stellar, Cetel and IABG), their employees and customers, which include the German defence ministry, European aerospace firms and the diplomatic service of a northern European country. Furthermore, according to a 2009 presentation, Angela Merkel was among 122 international leaders whose intercepted communications were stored in the NSA’s “Target Knowledge Base.”

Source document:
Machine vs. Manual Chief-Of-State Citations
Court Orders

Related articles:
‘A’ for Angela Merkel: GCHQ and NSA Targeted Private German Companies, by Laura Poitras, Marcel Rosenbach and Holger Stark, 29 March 2013 in Der Spiegel
Der Spiegel: NSA Put Merkel on List of 122 Targeted Leaders, by Ryan Gallagher, 29 March 2014 in the Intercept

NSA has access to source code of Huawei products

An NSA presentation from 2010 describes Shotgiant, an operation to create backdoors in Huawei’s networks, collecting internal operating information, software source code, customer lists and monitoring company emails. The aims of Shotgiant were both to discover whether Huawei had links to the PLA and to compromise the firm’s network technology for the NSA’s own cyberoperations. Huawei’s customers include countries that the NSA deems to be “high-priority targets”, including Iran, Afghanistan, Pakistan, Kenya and Cuba. An unpublished document from April 2013 reveals that the NSA has also compromised two Chinese mobile networks.

Source document:
Shotgiant

Related articles:
N.S.A. Breached Chinese Servers Seen as Security Threat, by David E. Sanger and Nicole Perlroth, 22 March 2014 in the New York Times
Targeting Huawei: NSA Spied on Chinese Government and Networking Firm, 22 March 2014 in Der Spiegel
Neue Snowden-Dokumente: Chinesischer Tech-Konzern Huawei verurteilt NSA-Spionage, by Bernhard Zand, 23 March 2014 in Der Spiegel

NSA targets System Administrators

A collection of 2012 posts from an internal NSA discussion board outline the agency’s stategies for accessing networks by targeting systems administrators as “a means to an end”. The posts are written by a single author, a network specialist in the agency’s Signals Intelligence Directorate, who also wrote a presentation on attempts to identify users of Tor. The process of targeting involves identifying an IT professional’s personal email or social media accounts and attempting to compromise their workstation with a QUANTAM attack and the posts propose developing a worldwide database of “probable admins” to be exploited when required.

Source document:
I Hunt Sys Admins

Related article:
Inside the NSA’s Secret Efforts to Hunt and Hack System Administrators, by Ryan Gallagher and Peter Maass, 20 March 2014 in the Intercept

France’s largest telecoms company works hand in hand with DGSE

An unpublished GCHQ document show that France’s largest telecoms company, Orange (formerly France Télécom) routinely shares its data with France’s Directorate General for National Security (DGSE), who in turn share the information with their allies, including GCHQ. The complicity between the 27% state-owned company and the national intelligence agency is intense by international standards: Orange employees engage in “joint ventures” with the DGSE to create new tools to collect and analyse their customers’ data. This arrangement is at least 30 years old.

Related articles:
Espionnage : comment Orange et les services secrets coopèrent, by Jacques Follorou, 20 March 2014 in le Monde
Mass Surveillance: French Spooks and Telcos Hand in Hand, 24 March 2014, La Quadrature du Net

NSA storing entire countries’ phone communications for 30 days

Documents show that the NSA has a voice interception operation called MYSTIC that includes a tool (RETRO) that allows for “retrospective retrieval” of calls captured in the past 30 days. By 2011, MYSTIC was used to capture and sift through the entirety of an unnamed country’s phone calls. While RETRO was initially conceived as a “unique one-off capability”, the secret intelligence budget for 2013 (the subject of a separate Snowden revelation) names five additional countries for which MYSTIC is used to provide “comprehensive metadata access and content”, with a sixth to be in place by October 2013. The NSA’s then deputy director later confirmed that Iraq is one of the countries concerned in an interview with the LA Times.

Source documents:
MYSTIC
Tasking of SCALAWAG
An “additional target country” for MYSTIC

Related articles:
NSA surveillance program reaches ‘into the past’ to retrieve, replay phone calls, by Barton Gellman and Ashkan Soltani, 18 March 2014 in the Washington Post
NSA Blows Its Own Top Secret Program in Order to Propagandize, by Glenn Greenwald, 31 March 2014 in the Intercept

NSA’s partnership arrangements obscure to elected politicians

An NSA intranet post dated 15 September 2009 from the Deputy Assistant for SIGINT Operations at the NSA’s Foreign Affairs Directorate explains how the agency views its “Third Party Relationships” withstates outside of the anglophone Five Eyes alliance. The post confirms that such partnerships are largely impervious to changes of elected government in the countries concerned for the simple reason that “few senior officials outside of their defense-intelligence apparatuses are witting.” It also contains short commentary on recent developments with two unnamed states, one in Europe.

Source document:
What Are We After With Our Third Party Relationships?

Related article:
Foreign Officials In the Dark About Their Own Spy Agencies’ Cooperation with NSA, by Glenn Greenwald, 13 March 2014 in the Intercept

NSA plans to automate deployment of “millions” of malware implants

A number of documents describe the NSA and GCHQ’s development of Quantum malware attacks, from bases in the US, UK and Japan. The goal of Tailored Access Operations (TAO) has become steadily more ambitious over the past decade and the automated Turbine system is intended to enable deployment on a scale of “millions.” Documents describe a number of NSA implants, including some designed to compromise routers, online telephony (VOIP), faceook users, criminal botnets and Virtual Private Networks (VPNs).

Source documents:
Simultaneously managing thousands of implanted targets
TURBINE
Analysis of Converged Data
A new intelligent command and control capability
VPN and VOIP Exploitation With HAMMERCHANT and HAMMERSTEIN
There Is More Than One Way To QUANTUM
WILLOWVIXEN and SECONDDATE
QUANTUMINSERT
TURMOIL
MHS Leverages XKS for Quantum Against Yahoo and Hotmail
QUANTUMTHEORY
Selector types
Hacking Routers
QUANTUMHAND

Related articles:
How the NSA Plans to Infect ‘Millions’ of Computers with Malware, by Ryan Gallagher and Glenn Greenwald, 12 March 2014 in the Intercept
NSA ‘hijacked’ criminal botnets to install spyware, by Jospeh Menn, 13 March 2014, Reuters
A Close Look at the NSA’s Most Powerful Internet Attack Tool, by Nicholas Weaver, 13 March 2014 in Wired
Compare the NSA’s Facebook Malware Denial to its Own Secret Documents, by Ryan Gallagher, 15 March 2014 in the Intercept

A series of documents show how the FISA Court enabled a more permissive environment for US intelligence agencies from 2001 onwards. A previously undisclosed 2002 “Raw Take” order (classified docket 02-431) weakened protections against sharing of identifying information about US persons among government agencies and, to a lesser degree, with foreign governments. In January 2007, after publication of details about the Bush-era warrantless wiretapping programme, the Court passed sweeping Large Content orders to allow the operation to continue in a “transitional” period before legislation was passed. A draft report from the NSA Inspector General gives some clues as to the legal reasoning that underpinned these orders.

Source documents:
Timeline of surveillance law developments
Procedures for the dissemination by NSA to foreign governments of information from FISA electronic surveillance or physical search carried out by the FBI
STELLARWIND classification guide
Classification guide for FISA, the Protect America Act and the FISA Amendments Act
Draft NSA Inspector General’s report on STELLARWIND
Recommended Requirements for cryptanalysts at CCs in Texas, Georgia and Hawaii to access NSA and FBI FISA material

Relevant article:
How a Court Secretly Evolved, Extending U.S. Spies’ Reach, by Charles Savage and Laura Poitras, 12 March 2014, in the New York Times

NSA agony aunt reveals officials’ own concerns about mass surveillance

The NSA’s internal intranet NSANet includes an “Ask Zelda!” column written by an NSA official who is a “Dispenser of Advice for SIGINTers on Workplace Issues”. “Ask Zelda!” regularly ranks among the most popular articles distributed in the agency’s email bulletin SIDtoday. A column published on 9 September 2011 ostensibly deals with concerns about surveillance in the workplace but can also be read as a commentary on the agency’s wider activities.

Source document:
“Ask Zelda!”: Watching Every Word in Snitch City

Related article:
The NSA Has An Advice Columnist. Seriously. by Peter Maass, 7 March 2014 in the Intercept

Dutch interception of Somali phone data likely supports US drone strikes

Several Dutch and US documents show that the NSA relies on Dutch signals intelligence for its access to Somali communications. Documents describe cooperation in support of Ocean Shield, the NATO mission against Somali pirates. Sources describe US-Dutch sigint cooperation, including the sharing of Somali metadata, as routine and ongoing; given the US intelligence gap in Somalia, it is likely that Dutch data interception is also used to support US drone strikes in that country.

Source documents:
The Netherlands, France – last 30 days
Mission Management Success Stories
Capability Provided to Dutch Assists in Capture of Somali Pirates and Mapping of Piracy-Related Network
Worldwide SIGINT/Defense Cryptologic Platform

Related articles:
The secret role of the Dutch in the American war on terror by Steven Derix and Huib Modderkolk, 5 March 2014 in NRC Handelsblad
The NSA’s Secret Role in the U.S. Assassination Program, by Jeremy Scahill and Glenn Greenwald, 10 February 2014 in the Intercept
Documents reveal NSA’s extensive involvement in targeted killing program, by Greg Miller, Julie Tate and Barton Gellman, 17 October 2013 in the Washington Post
NSA growth fueled by need to target terrorists, by Dana Priest, 22 July 2013 in the Washington Post
Finding People’s Location Based on Their Activities in Cyberspace, by Bruce Schneier, 13 February 2013, schneier.com

Webcam images intercepted and retained by GCHQ

GCHQ documents from 2008 and 2010 show that the agency was collecting still images from Yahoo webcam chats and saving them in bulk. The images gathered included large amounts of sexually explicit material. Over the course of one six month period in 2008, more than 1.8 million Yahoo user accounts were affected. A page on GCHQ’s internal wiki reveals that automatic searches based on facial recognition technology were also trialled.

Source documents:
OPTIC NERVE – Yahoo webcam display and target discovery
Potentially Undesirable Images

Related articles:
Optic Nerve: millions of Yahoo webcam images intercepted by GCHQ by Spencer Ackerman and James Ball, 28 February 2014 in the Guardian
UK Spy Agency Collected Millions of Webcam Images From Yahoo Users, by Lorenzo Franceschi-Bicchierai, 28 February 2014 in Mashable

GCHQ engages in misinformation campaigns and subverts online discourse

A training presentation from GCHQ’s Joint Threat Research Intelligence Group (JTRIG) shows how the unit spreads misinformation online. False flag operations, victim blog posts and emails to family and friends are among the techniques recommended for use against companies and individuals. According to the presentation, over 150 GCHQ staff had received “Online Covert Action” accreditation by early 2013.

Source document:
The Art of Deception: Training for a New Generation of Online Covert Operations
Cyber Offensive Session: Pushing the Boundaries and Action Against Hactivism

Related article:
How Covert Agents Infiltrate the Internet to Manipulate, Deceive, and Destroy Reputations, by Glenn Greenwald, 25 February 2014 in the Intercept

NSA, GCHQ target WikiLeaks staff and website visitors

New slides from a previously published GCHQ presentation to the 2012 SIGDEV conference show that the agency was able to collect the IP addresses of visitors to the WikiLeaks website in real time, using its Tempora access to the internet backbone. A newly published NSA document from July 2011 shows that the agency’s general counsel considered designating WikiLeaks, The Pirate Bay and Anonymous as ‘malicious foreign actors’, which would remove many limits on the agency’s domestic activities. A top secret, peer-reviewed “Manhunting Timeline” describes US attempts to “focus the legal element of national power upon non state actor Assange [WikiLeaks editor-in-chief] and the human network that supports WikiLeaks.”

Source documents:
Psychology: a new kind of SIGDEV
Discovery SIGINT Targeting Scenarios and Compliance
Manhunting Timeline 2010

Related article:
Snowden Documents Reveal Covert Surveillance and Pressure Tactics Aimed at WikiLeaks and Its Supporters, by Glenn Greenwald and Ryan Gallagher, 18 February 2014, in the Intercept

An unpublished Feburary 2013 bulletin titled “SUSLOC (Special US Liaison Office Canberra) Facilitates Sensitive DSD Reporting on Trade Talks” shows that the Australian Signals Directorate (ASD) targeted a law firm advising the government of Indonesia in trade talks with the US and offered to share that information with the NSA. US officials at the Canberra liaison office were specifically told that “information covered by attorney-client privilege may be included.” Those officials then looked to the NSA general counsel’s office on behalf of the Australians for “general guidance” which, the bulletin continues, enabled the ASD “to continue to cover the talks, providing highly useful intelligence for interested US customers.” A separate unpublished document from 2004 confirms that the US Agriculture Department “often” relies on signals intelligence “to support their negotiations.”

Related article:
Eavesdropping on Law Firm Shared With N.S.A., by James Risen and Laura Poitras, 15 February 2014 in the New York Times

Drone strike targeting relies on NSA geolocation

Various documents show that metadata analysis and phone tracking – rather than human intelligence – are the primary means by which the targets of drone strikes are located. A former drone operator explains how measures taken to evade or frustrate the NSA’s Geo Cell monitoring (such as sharing SIM cards among collagues, friends and family members) have “absolutely” led to innocent people being killed. Systems used include drone-borne IMSI catchers (GILGAMESH) and devices which intercept data from any wireless or electronic devices within range (SHENANIGANS).

Source documents:
VICTORYDANCE
2013 Congressional Budget Justification
New Tactical Collection System Joins the War on Terorism

Related articles:
The NSA’s Secret Role in the U.S. Assassination Program, by Jeremy Scahill and Glenn Greenwald, 10 February 2014 in the Intercept
Documents reveal NSA’s extensive involvement in targeted killing program, by Greg Miller, Julie Tate and Barton Gellman, 17 October 2013 in the Washington Post
NSA growth fueled by need to target terrorists, by Dana Priest, 22 July 2013 in the Washington Post
Finding People’s Location Based on Their Activities in Cyberspace, by Bruce Schneier, 13 February 2013, schneier.com

How GCHQ uses “dirty tricks” against its targets

GCHQ presentations from 2012 and 2010 show that the Joint Threat Research and Intelligence Group (JTRIG) employs a range of offensive techniques to discredit, disrupt and entrap its targets. Techniques discussed include honey-traps, amending or deleting social media presences, discrediting block posts and denial of service attacks. Such Effects operations were said in 2010 to account for a “major part” of GCHQ’s activities.

Source document:
Cyber Integration “The art of the possible”
Pushing the Boundaries and Action Against Hacktivism

Related article:
Snowden Docs: British Spies Used Sex and ‘Dirty Tricks’, by Matthew Cole, Richard Esposito, Mark Schone and Glenn Greenwald, 7 February 2014, NBC News

GCHQ versus Anonymous

A GCHQ presentation from 2012 shows that a dedicated cyber-attack unit – the Joint Threat Research Intelligence Group (JTRIG) – engaged in activities against Anonymous, disrupting the political expression of many online activists when DDOS attacks were used against IRC servers in an operation called Rolling Thunder. The presentations also detail GCHQ’s attempts to collect human intelligence and identify individuals (one apparently via a VPN).

Source document:
Pushing the Boundaries and Action Against Hacktivism

Related articles:
War on Anonymous: British Spies Attacked Hackers, Snowden Docs Show, by Mark Schone, Richard Esposito, Matthew Cole and Glenn Greenwald, 4 February 2014, NBC News
The New Snowden Revelation Is Dangerous for Anonymous — And for All of US, by Gabriella Coleman, 4 February 2013 in Wired

German Chancellors have been surveilled by US since at least 2002

Analysis of the National SIGINT Requirements List shows that tasking 388 related to the office of Chancellor and that Gerhard Schröder had therefore also been the target of US surveillance. Unnamed sources suggest this particular tasking may have been triggered by German opposition to the Iraq war. It is unclear whether the NSA monitored the personal communications of German Chancellors previously.

Related article:
NSA hatte auch Gerhard Schröder im Visier, by Stefan Kornelius, Hans Leyendecker and Georg Mascolo, 4 February 2013 in Süddeutsche Zeitung

Airport wifi used to track Canadian air travellers

A 27-page CSEC presentation from May 2010 shows that the Canadian signals intelligence agency captured the details of wireless devices using a free airport wifi connection for a period of two weeks, then tracked those devices for a further week as they used other public wifi hotspots in Canada and the United States. By law, the agency is prohibited from targeting anyone within Canada without a warrant. In another demonstration of the agency’s capabilities to other members of the Five Eyes, CSEC “swept” a mid-sized Canadian city for an imaginary target using access to two communications systems with more than 300,000 users.

Source document:
IP Profiling Analytics & Mission Impacts

Related articles:
CSEC used airport Wi-Fi to track Canadian travellers: Edward Snowden documents, by Greg Weston, Glenn Greenwald and Ryan Gallagher, 30 January 2014, CBC News
Now we know Ottawa can snoop on any Canadian. What are we going to do?, by Ron Deibert, 31 January 2014, in the Globe and Mail

NSA spied to strengthen US negotiating position at UN climate conference

A post on the NSA intranet dating from 7 December 2009, the first day of the Copenhagen Climate Summit, reveals that the agency had been providing information to strengthen US negotiating positions and that those efforts would “continue” during the conference. In particular, the contents of the Danish “rescue plan” – which would reduce demands on the US – were known to the US before the conference began.

Source document:
UN Climate Change Conference in Copenhagen — Will the Developed and Developing World Agree on Climate Change?

Related articles:
NSA spied against UN climate negotiations, by Sebastian Gjerding, Henrik Moltke, Anton Geist and Laura Poitras, 30 January 2014 in Information
Snowden Docs: U.S. Spied on Negotiators at 2009 Climate Summit, by Kate Sheppard and Ryan Grim, 30 January 2014 in the Huffington Post

GCHQ monitoring and manipulating social media activity in real time

A GCHQ presentation from August 2012 shows that at that time the agency was able to monitor activity on popular social media sites including YouTube, Facebook, Twitter and Blogger in real time, using a tool called Squeaky Dolphin. The GCHQ speaker assigned to the presentation worked for the Gobal Telecoms Exploitation (GCE) division of the agency, which is responsible for the compromise of fibre optic cables. Separate GCHQ documents from 2010 show that the agency has exploited unencrypted data from Twitter to target specific users of the service.

Source document:
Psychology: a new kind of SIGDEV

Related article:
Snowden docs reveal British spies snooped on YouTube and Facebook, by Richard Esposito, Matthew Cole and Mark Schone, with Glenn Greenwald, 27 January 2014, NBC News

Personal data from “leaky” smartphone apps targeted by NSA and GCHQ

Numerous documents, most unpublished, show that since 2007 the US and UK signals intelligence agencies have targeted traffic from smartphone apps as an efficient alternative to compromising individual handsets. Cumulative NSA spending on these efforts is estimated at more than one billion USD. The internal GCHQ wiki included a guide to what kinds of data could be extracted from the most popular smartphone apps, with Angry Birds used as a case study. A particular focus of cooperation for the two agencies was intercepting location traffic from Google maps.

Source documents:
Converged Analysis of Smartphone Devices
Mobile Theme Briefing

Related articles:
NSA and GCHQ target ‘leaky’ phone apps like Angry Birds to scoop user data, by James Ball, 27 January 2014 in the Guardian
Spy Agencies Scour Phone Apps for Personal Data, by James Glanz, Jeff Larson and Andrew W Lehren, 27 January 2014 in the New York Times
Spy Agencies Probe Angry Birds and Other Apps for Personal Data, by Jeff Larson, James Glanz and Andrew W Lehren, 27 January 2014 in Pro Publica

US wanted spying on Germany kept secret until 2086

An unpublished document dated 21 December 2011 confirms that West Germany was targeted by the US between 1946 and 1967. NSA operations and intercepts staged from US embassies and consulates were deemed sufficiently sensitive that they should be concealed for 75 years – longer than was the case elsewhere – lest their disclosure risk “serious damage to relations between the United States and the foreign government or for the current diplomatic activities of the United States”.

Related articles:
Generalbundesanwalt: Bundesregierung fürchtet Ermittlungen wegen Merkels Handy, 19 January 2014, in Der Spiegel (in German)
Probing America: Top German Prosecutor Considers NSA Investigation, 20 January 2013, in Der Spiegel

200 million text messages a day collected and analysed

An NSA presentation from 2011 describes the untargeted bulk collection of SMS messages on an enormous scale. The Dishfire system collects nearly 200 million SMS records every day, which are then processed to extract contact, financial, travel and other information with an automated processing tool called Prefer. Several unpublished GCHQ memos shows that the agency uses the tool to access information about UK citizens it would otherwise have to make a formal request for under the Regulation of Investigatory Powers Act.

Source document:
Content Extraction Enhancements for Target Analytics

Related articles:
NSA collects millions of text messages daily in ‘untargeted’ global sweep, by James Ball, 16 January 2014 in the Guardian
Revealed: UK and US spied on text messages of Brits, by Geoff White, 16 January 2013, Channel 4 News

NSA has two data centres in China

Documents show that the NSA uses “a covert channel of radio waves” transmitted from hardware implants to compromise target computers that would be difficult to reach by other means – for example, because they are not connected to the internet.The radio signals transmitted by compromised machines can be picked up by a portable base station placed miles away. According to further unpublished documents, the NSA has set up two data centres in China – possibly through front companies – from which it engages in offensive operations.

Source documents:
ANT Product Data
Worldwide SIGINT/Defense Cryptologic Platform

Related article:
N.S.A. Devises Radio Pathway Into Computers, by David E. Sanger and Thom Shanker, 14 January 2014 in the New York Times

NSA trying to build quantum computer

Documents show that the NSA is attempting to build a “cryptologically useful quantum computer” as part of a US$79.7 million research effort called “Penetrating Hard Targets.” The NSA regards its progress as on par with similar projects sponsored by the EU and the Swiss government, which are all at relatively early stages.

Source documents:
Penetrating Hard Targets and Owning The Net
Classification guide for NSA/CSS quantum computing research

Related article
NSA seeks to build quantum computer that could crack most types of encryption, by Steven Rich and Barton Gellman, 3 January 2014 in the Washington Post.

NSA Tailored Access Operations’ software and hardware attacks explained

logo-taoPresentations describe the methods used by the Office of Tailored Access Operations, the NSA’s hacking unit, which collects and deploys hardware and software vulnerabilities to gain access to computer networks. By the mid-2000s, the unit had gained access to 258 targets in 89 countries. It conducted 279 operations worldwide in 2010. TAO units are located at several NSA bases across the US and at the European Security Operations Center (ESOC) in Darmstadt, Germany and staffing levels have increased exponentially over the past decade. An internal NSA catalogue describes many of the hardware tools the agency was using to compromise systems in 2008.

Source documents:
Tailored Access Operations – Texas Cryptologic Center
NSA QUANTAM Tasking Techniques for the R&T Analysis
ANT Product Data
FOXACID
VALIDATOR and OLYMPUSFIRE
QFIRE pilot report

Related articles:
Inside TAO: Documents Reveal Top NSA Hacking Unit, by Jacob Appelbaum, Laura Poitas, Marcel Rosenback, Christian Stöcker, Jörg Schindler and Holger Stark, 29 December 2013 in Der Spiegel
NSA’s Secret Toolbox: Unit Offers Spy Gadgets for Every Need, by Jacob Appelbaum, Judith Horchert, Ole Reissmann, Marcel Rosenbach, Jörg Schindler and Christian Stöcker, in Der Spiegel 30 December 2013
Shopping for Spy Gear: Catalog Advertises NSA Toolbox, by Jacob Appelbaum, Judith Horchert and Christian Stöcker, 29 December 2013 in Der Spiegel
Interactive Graphic: The NSA’s Spy Catalog, 30 December 2013 in Der Spiegel
Neue Dokumente: Der geheime Werkzeugkasten der NSA, by Jacob Appelbaum, Judith Horchert, Ole Reißmann, Marcel Rosenbach, Jörg Schindler und Christian Stöcker, 30 December 2013 in Der Spiegel (in German)
NSA-Programm “Quantumtheory”: Wie der US-Geheimdienst weltweit Rechner knackt, by Jacob Appelbaum, Marcel Rosenbach, Jörg Schindler, Holger Stark und Christian Stöcker, 30 December 2013 in Der Spiegel (in German)
To Protect and Infect: The Militarization of the Internet, Jacob Appelbaum, 30 December 2013 presentation at 30C3 (slides)

NGOs and allies found on GCHQ target lists

An unseen document dated 27 November 2009 shows that German phone numbers were on the target list at GCHQ’s Bude installation in Cornwall, which is jointly operated by GCHQ and the NSA. Other unpublished documents dating from 2008 to 2011 suggest that the UK monitored entire country-to-country satellite communications as well as senior EU, African and Israeli politicians. Representatives of NGOs – including UN agencies UNICEF, UNIDIR and FAO – telecoms, banking and other European companies were also to be found on target lists in the “Bude Sigint Development” reports.

Related articles:
Friendly Fire: How GCHQ Monitors Germany, Israel and the EU, by Laura Poitras, Marcel Rosenbach and Holger Stark, 20 December 2013 in Der Spiegel
GCHQ and NSA targeted charities, Germans, Israeli PM and EU chief, by James Ball and Nick Hopkins,  20 December 2013 in the Guardian
N.S.A. Dragnet Included Allies, Aid Groups and Business Elite, by James Glanz and Andrew W. Lehren,  20 December 2013 in the New York Times

Norway’s 61 year relationship with the NSA

A unseen four-page information paper from 17 April 2013 shows that the NSA ranks Norway’s NIS (E-tjensten) as one of its two main foreign partners in the field of “Technical SIGINT.” A close relationship that sees the NSA sharing daily reports with NIS dates back to before the 1954 NORUS Agreement and still has a focus on Russia, including intelligence-gathering on civilian targets. The information paper says that Norway is currently engaged in a “massive and costly” expansion of its signals intelligence capabilities.

Related articles:
Nytt Snowden-dokument avslører: Norsk overvåkning av russisk politikk rapporteres til NSA, by Anne Marte Blindheim, Harald S. Klungveit, Gunnar Hultgreen, Kjetil Magne Sørenes, Tore Bergsaker and Arne Halvorsen, 17 December 2013 in Dagbladet (in Norwegian)
Snowden-dokumentene: Norge er NSAs drømmepartner, by Arne Halvorsen, Harald S. Klungveit, Gunnar Hultgreen, Anne Marte Blindheim, Kjetil Magne Sørenes, Tore Bergsaker and Ola Strømman, 18 December 2013 in Dagbladet (in Norwegian)

NSA and others can listen in to GSM phone conversations

An NSA classification guide confirms that the agency is able to break the A5/1 encryption used in most GSM (2G) phone communications, meaning that widescale listening in to conversations is technically possible. The weakness of the A5/1 cipher has been known for many years and equipment that allows remote monitoring of GSM phone conversations is marketed by several companies.

Source document:
GSM classification guide

Related articles:
By cracking cellphone code, NSA has capacity for decoding private conversations, by Craig Timberg and Ashkan Soltani, 13 December 2013 in the Washington Post
Cellphone data spying: It’s not just the NSA, by John Kelly, 8 December 2013 in USA Today
Not just the NSA Surveillance company selling system to spy on mobile phones worldwide, by Matt Rice, 11 December 2013, Privacy International

Sweden’s FRA engages in offensive operations, has access to XKeyScore

A briefing produced by the NSA ahead of a top-level conference with Sweden’s Forsvarets Radioanstalt (FRA) reveals that collaboration on the WINTERLIGHT project was discussed by senior NSA and FRA figures in late April 2013. While the document does not disclose the target of WINTERLIGHT, it does indicate that five machines were infiltrated and “successfully redirected to the GCHQ server.” The document also shows that Sweden’s FRA was granted access to the NSA’s XKeyScore tool in support of its development efforts.

Source documents:
Visit Precis SWEDUSA
Final Agenda SWEDUSA
UK and Swedish involvement in Quantam
Select Accomplishments: Production
XKeyScore slide with Swedish example
XKeyScore data sources

Related articles:
FRA har tillgång till kontroversiellt övervakningssystem, by Sven Bergman, Joachim Dyfvemark, Ryan Gallagher, Glenn Greenwald, Fredrik Laurin and Filip Struwe, 11 December 2013 in SVT (in Swedish)
FRA has access to controversial surveillance system, by Sven Bergman, Joachim Dyfvemark, Ryan Gallagher, Glenn Greenwald, Fredrik Laurin and Filip Struwe, 11 December 2013 in SVT
FRA hackar datorer – topphemligt projekt med NSA, by Sven Bergman, Joachim Dyfvemark, Ryan Gallagher, Glenn Greenwald, Fredrik Laurin and Filip Struw, 11 December 2013 in SVT (in Swedish)
FRA part of top-secret hacker project, by Sven Bergman, Joachim Dyfvemark, Ryan Gallagher, Glenn Greenwald, Fredrik Laurin and Filip Struwe, 11 December 2013 in SVT

NSA and GCHQ use Google tracking cookies to identify targets

An internal NSA presentation shows that the cookies used by companies to track users and target advertising are also a source of information for the agency and its partners. A slide suggests that GCHQ has used the Google specific tracking cookie “PREFID” to identify targets for “remote exploitation” – that is, offensive attacks. Another presentation shows that the NSA makes wide use of information generated for advertising purposes – the HAPPYFOOT tool intercepts mobile app traffic to determine a phone’s location.

Source documents:
SSO GHOSTMACHINE Analytics
Summary of DNR and DNI Co-Travel Analytics

Related articles:
NSA uses Google cookies to pinpoint targets for hacking, by Ashkan Soltani, Andrea Peterson and Barton Gellman, 10 December 2013 in the Washington Post
New documents show how the NSA infers relationships based on mobile location data, by Ashkan Soltani and Barton Gellman, 10 December 2013 in the Washington Post

Extent of Canadian cooperation with the NSA revealed

An unseen briefing note dated 3 April 2013 provides an update on the US-Canadian intelligence relationship for a senior figure at the NSA. The document reveals that Canada has set up and operated covert spying posts in 20 countries at the behest of the NSA, that personnel from CSEC are stationed at an NSA facility in Maryland and that a reciprocal staffing arrangement exists at CSEC.

Related articles:
Canada set up spy posts for U.S., new Snowden document shows, 9 December 2013, CBC
Canada set up spy posts around the world for the NSA, by Greg Weston, Glenn Greenwald and Ryan Gallagher, 9 December 2013, CBC

Online games infiltrated by NSA and GCHQ

Two NSA documents from 2008 show that the agency collaborated with GCHQ in efforts to monitor in-game communications in World of Warcraft and Xbox Live. Multiple agencies had human intelligence presences in online games and virtual environments, to the extent that the NSA felt that a “deconfliction” group was necessary to provide coordination. Unseen documents describe GCHQ’s “first operational deployment into Second Life” in 2008 – codenamed Operation Galician – and the progress GCHQ’s “network gaming exploitation team” had made by January 2009 in identifying potential recruitment targets among players of World of Warcraft.

Source documents:
Exploiting Terrorist Use of Games & Virtual Environments
MHS and GCHQ “Get in the Game with Target Development for World of Warcraft Online Gaming”
Games: a look at Emerging Trends, Uses, Threats and Opportunities in Influence Activities

Related articles
Spies’ Dragnet Reaches a Playing Field of Elves and Trolls, by Mark Mazzetti and Justin Elliott, 9 December 2013 in the New York Times
World of Spycraft: NSA and CIA Spied in Online Games, by Mark Mazzetti and Justin Elliott, 9 December 2013 in ProPublica,
Spy agencies in covert push to infiltrate virtual world of online gaming, by James Ball, 9 December 2013 in the Guardian

Sweden’s close relationship with the NSA, GCHQ

Briefing documents for an April 2013 meeting between representatives of the NSA and Sweden’s FRA show that the two agencies have had a historically close association, despite Sweden’s non-aligned status. Current Swedish contributions include information on civilian targets in the Baltic region, including the Russian energy industry. The NSA has had access to information intercepted from Swedish telecoms cables since 2011.

Source document:
NSA Intelligence Relationship with Sweden

Related articles:
FRA spionerar på “energi” och “Baltikum” åt USA, by Sven Bergman, Joachim Dyfvermark, Ryan Gallagher, Glenn Greenwald and Fredrik Laurin, 7 December 2013 in SVT (in Swedish)
FRA spying on “energy” and “Baltics” for USA, by Sven Bergman, Joachim Dyfvermark, Ryan Gallagher, Glenn Greenwald and Fredrik Laurin, 7 December 2013 in SVT
USA har tillgång till FRA:s kabelavlyssning, by Filip Struwe and Anna H Svensson, 8 December 2013 in SVT (in Swedish)
NSA “frågar” FRA om specifik information – avtal sedan 1954, by Sven Bergman, Joachim Dyfvermark, Ryan Gallagher, Glenn Greenwald, Fredrik Laurin and Filip Struwe, 8 December 2013 in SVT (in Swedish)
NSA “asking for” specific exchanges from FRA – Secret treaty since 1954, by Sven Bergman, Joachim Dyfvermark, Ryan Gallagher, Glenn Greenwald, Fredrik Laurin and Filip Struwe, 8 December 2013 in SVT

Italian leadership, embassy and public targeted by the NSA

Documents reveal that the NSA’s Special Collections Service (SCS) administered sites in Rome and Milan until at least 2010. Operations also targeted the Italian embassy in Washington: one codenamed Lifesaver aimed to obtain images of embassy hard drives; another, codenamed Highlands, focused on gaining access to communications by means of “implants.” Separately, a Boundless Informant slide shows that the metadata of 45,893,570 Italian phone calls was collected between 10 December 2012 and 9 January 2013.

Source documents:
Italy – last 30 days
SCS Operations in Italy
Close Access Sigads

Related articles:
Da qui ci spiano gli americani, by Glenn Greenwald and Stefania Maurizi, 5 December 2013 in l’Espresso (in Italian)
Revealed: How the Nsa Targets Italy, by Glenn Greenwald and Stefania Maurizi, 5 December 2013 in l’Espresso

Sweden’s FRA spies on Russian leadership for the NSA

Documents describing cooperation between the NSA and Sweden’s Försvarets radioanstalt (FRA) reveal that the latter is a “primary partner” in obtaining information on Russian targets, including the Russian leadership, and counterintelligence.

Source documents:
NSA Intelligence Relationship with Sweden
Third Party Partners

Related articles:
USA hyllar FRA:s ryss-spionage, by Filip Struwe and Anna H Smith, 5 December 2013 in SVT (in Swedish)
Snowden files reveal Swedish-American surveillance of Russia, by Filip Struwe and Anna H Smith, 5 December 2013 in SVT
Dokument avslöjar: FRA:s hemliga avtal med USA, by Filip Struwe and Anna H Smith, 8 December 2013 in SVT (in Swedish)

NSA collecting phone location data on an unprecedented scale

Documents show that the NSA gathers nearly 5 billion records a day on the locations of mobile phones around the world, allowing individuals’ movements and associations to be tracked. A suite of tools called CO-TRAVELLER has been developed to analyse the data collected from hundreds of millions of devices and identify previously hidden relationships between individuals. The enormous scale of the NSA’s bulk collection relies on the agency’s access to ten major “sigads” (signals intelligence activity designators), which appear to involve extensive access to the commercial infrastructure that allows users to roam between mobile networks.

Source documents:
FASCIA
CHALKFUN and TAPERLAY
Summary of DNR and DNI Co-Travel Analytics GSM classification guide
SSO GHOSTMACHINE Analytics

Related articles:
NSA tracking cellphone locations worldwide, by Barton Gellman and Ashkan Soltani, 4 December 2013 in the Washington Post
How the NSA is tracking people right now, 4 December 2013 in the Washington Post
Reporter explains NSA collection of cellphone data, 4 December 2013 in the Washington Post (video requires Flash)
New documents show how the NSA infers relationships based on mobile location data, by Ashkan Soltani and Barton Gellman, in the Washington Post, 10 December 2013

Australia offered to share citizens’ data with the NSA

A 2008 document on information sharing between 5-Eyes partners shows that Australia took a particularly permissive approach to sharing its own citizens’ unredacted metadata “as long as there is no intent to target an Australian national.” The document also shows that the ASD (then DSD) was considering how signals intelligence information could be used by “non-intelligence agencies.”

Source document:
Meeting notes 22-23 April, 2008

Related article:
Australian spy agency offered to share data about ordinary citizens, by Ewen MacAskill, James Ball and Katharine Murphy, 2 December 2013 in the Guardian

CSEC’s methodology explained

A CSEC presentation shows how the Canadian signals intelligence agency finds a role for itself in analysing data drawn from a number of Five Eyes sources. The agency, which has expanded dramatically over the past 20 years with little oversight, was authorised to begin a domestic internet metadata collection operation in 2004, the extent of which remains unclear.

Source document:
CSEC – Advanced Network Tradecraft

Related article
How CSEC became an electronic spying giant, by Colin Freeze, 30 November 2013 in the Globe and Mail

Dutch AIVD attacks internet forums

A document summarising a meeting between the NSA and the Dutch intelligence agencies MIVD and AIVD shows that AIVD carries out its own Computer Network Exploitation attacks against online forums in order to seize MySQL databases containing all posts and user data. AVID sought to match data acquired in this fashion with information from social networks in order to identify individuals.

Source document:
Notes for Dutch SIGINT/Cyber Analytic Exchange

Related articles:
Dutch intelligence agency AIVD hacks internet fora, by Steven Derix, Glenn Greenwald and Huib Modderkolk, 30 November 2013, in NRC Handelsblad
AIVD hackt internetfora, ‘tegen wet in’, by Steven Derix, Glenn Greenwald and Huib Modderkolk, 30 November 2013 in NRC Handelsblad (in Dutch)

Canada allowed NSA to spy on G8 and G20 summits

Briefing notes show that a six-day NSA operation on Canadian territory in June 2010 was “closely co-ordinated” with the Communications Security Establishment Canada (CSEC). The US embassy in Ottawa was turned into a security command post for the duration of the 2010 G8 and G20 summits in Toronto, with part of the mandate for the operation given as “providing support to policymakers.”

Source document:
NSA lends support to upcoming G8 and G20 meetings in Canada

Related articles:
New Snowden docs show U.S. spied during G20 in Toronto, by Greg Weston, Glenn Greenwald and Ryan Gallagher, 27 November 2013, CBC News
Canada helped U.S. spy on G20 summit in Toronto: Snowden docs, 28 November 2013, canada.com

Microsoft data centres may also have been NSA targets

Two slides and an email indicate that Microsoft services including Hotmail, Windows Live Messenger and Passport may have been targets of the NSA project Muscular, which previous reports revealed to have infiltrated Google and Yahoo datacentres.

Source documents:
MUSCULAR and realms
Microsoft data

Related article:
Microsoft, suspecting NSA spying, to ramp up efforts to encrypt its Internet traffic, by Craig Timberg, Barton Gellman and Askan Soltani, 27 November 2013 in the Washington Post

NSA gathers online activity data to discredit “radicalizers”

A 2012 NSA document, also distributed to officials in the US Department of Justice, Department of Commerce and the Drug Enforcement Administration proposes using records of online activity to discredit six specific individuals, none of whom were thought to be involved in terrorist activity. An annex to the document lists the six individuals – all Muslims – and their perceived vulnerabilities, together with the ideas expressed by each that are seen to justify their targeting as “radicalizers.”

Source document:
Global Radicalizers Vulnerable in Terms of Authority

Relevant article:
Top-Secret Document Reveals NSA Spied On Porn Habits As Part Of Plan To Discredit ‘Radicalizers‘, by Glenn Greenwald, Ryan Gallagher and Ryan Grim, 26 November 2013 in the Huffington Post

The Netherlands an NSA target since 1946

An unseen document states that the NSA sought to keep historic spying on The Netherlands – in addition to other European countries including Belgium, France, Germany and Norway – secret. The NSA feared that public knowledge of its activities would endanger ongoing Dutch cooperation with the agency, which was particularly intense during Dutch operations in Afghanistan between 2006 and 2011. The document does not disclose whether spying on The Netherlands continued after 1968.

Related articles:
Nederland al sinds 1946 doelwit van NSA, by Floor Boon, Steven Derix and Huib Modderkolk, 23 November 2013 in NRC Handelsblad (in Dutch)
Nauwe banden NSA en Nederlandse diensten dankzij Uruzgan, by Steven Derix and Huib Modderkolk, 23 November 2013 in NRC Handelsblad (in Dutch)
Politiek wil nieuwe uitleg Plasterk na berichtgeving NRC over NSA, by Pim van den Dool, 23 Novembe 2013 in NRC Handelsblad (in Dutch)

50,000 networks infected with NSA malware

A presentation from 2012 explains that, through its Tailored Access Operations (TAO) department, the NSA has employed offensive Computer Network Exploitation (CNE) attacks against more than 50,000 networks worldwide. A published slide from the same presentation shows the distribution of networks targeted.

Source document:
Worldwide SIGINT/Defense Cryptologic Platform

Related article:
NSA infected 50,000 computer networks with malicious software, by Floor Boon, Steven Derix and Huib Modderkolk, 23 November 2013 in NRC Handelsblad

NSA’s ambitious four-year goals

A February 2012 strategy document reveals that the NSA saw the promotion of a more permissive legal and policy regime as a key condition for the agency meeting its four-year goal to “dramatically increase mastery of the global network”. An unseen presentation describes Treasure Map, which uses internet routing data obtained via another tool called Packaged Goods, together with commercial and signals intelligence information, to provide a dynamic picture of the entire internet. Treasure Map is claimed to be able to map “any device, anywhere, all the time.”

Source document:
SIGINT Strategy 2012-2016

Related article:
N.S.A. Report Outlined Goals for More Power, by James Risen and Laura Poitras, 22 November 2013 in the New York Times

NSA collects data “against” countries

An instructional presentation and internal Frequently Asked Questions document on the NSA’s Boundless Informant tool shows that it provides an assessment of collection capabilities “against” – as opposed from “from” – a given country. Slides show how the tool reported collections of Afghan and Norwegian records between 10 December 2012 and 8 January 2012.

Source documents:
Boundless Informant – Frequently Asked Questions
Describing Mission Capabilities from Metadata Records
Norway – last 30 days
Afghanistan – last 30 days

Related article:
NSA-files repeatedly show collection of data «against countries» – not «from», by Glenn Greenwald, 22 November 2012 in Dagbladet

NSA retains information on UK citizens

A 2007 briefing sent to analysts in the NSA’s Signals Intelligence Directorate reveals that an agreement made that year greatly extended the categories of information the agency could retain when “incidentally collected” from UK citizens.The NSA, previously allowed only to retain details of landline numbers, was authorised to retain and analyse UK mobile phone and fax numbers, emails and IP addresses. A separate draft memo from 2005 reveals the NSA reserved the right to collect information on British citizens even without the authorisation of the UK Government, contrary to what the document describes as the ‘common understanding’ between the two countries.

Source documents:
2007 agreement on UK contact identifiers
Collection, Processing and Dissemination of Allied Communications

Relevant articles:
US and UK struck secret deal to allow NSA to ‘unmask’ Britons’ personal data, by James Ball, 20 November 2013 in the Guardian
Documents show Blair government let US spy on Britons, by Paul Mason, 20 November 2013, Channel 4 News
NSA considered spying on Australians ‘unilaterally’, leaked paper reveals, by James Ball and Paul Farrell, 5 December 2013 in the Guardian

Thirty three million Norwegian phone calls logged

Unseen documents show that call data from 33.19 million Norwegian telephone conversations was gathered between 10 December 2012 and 8 January 2013, making Norway the European country with the largest number of logged phone calls per capita in that period.

Source document:
Norway – last 30 days

Relevant articles:
USA overvåket 33 millioner norske mobilsamtaler, by Glenn Greenwald and Arne Halvorsen, 19 November 2013 in Dagbladet (in Norwegian)
Overhode ikke gitt tilgang, by Tore Bergsaker, 19 November 2013 in Dagbladet (in Norwegian) NSA logged 33m calls in Nato ally Norway, by Richard Orange, 19 November 2013 in The Local

Indonesian leadership an ASD target

A November 2009 presentation from Australia’s Department of Defence and the Defence Signals Directorate (now the Australian Signals Directorate or ASD) shows that the mobile phone communications of the Indonesian president and nine other officials and confidants were targeted by the agency. A second slide from the presentation shows President Susilo Bambang Yudhoyono’s call data from August 2009.

Source document:
3G: impact and update

Relevant article:
Australia tried to monitor Indonesian president’s phone, by Ewen MacAskill and Lenore Taylor, 17 November 2013 in the Guardian

GCHQ monitors international hotel reservations

Slides from a presentation describing GCHQ’s Royal Concierge programme shows that the agency monitors the bookings systems of 350 luxury hotels worldwide, sending an alert to GCHQ whever a reservation comfirmation is sent to a government email address. Capabilities deployed for hotel room monitoring range from intercepting telephone, online and fax communications to “Technical Attack” and Humint operations.

Source document:
Royal Concierge

Relevant article:
‘Royal Concierge’: GCHQ Monitors Hotel Reservations to Track Diplomats, by Laura Poitras, Marcel Rosenbach and Holger Stark, 17 November 2013 in Der Spiegel

GCHQ employs phishing attacks against Belgacom, Mach and OPEC

A published slide shows that the GCHQ programme Quantam Insert targets networks by installing spyware on the computers of employees who visit fake LinkedIn pages. GCHQ is known to have targeted mobile network Belgacom and Mach, a company that supplies billing services to other international mobile providers. According to an unseen document from 2010, GCHQ infiltrated the computers of nine OPEC employees using this method.

Source document:
Quantam Insert

Relevant articles:
Britischer Geheimdienst greift über gefälschte LinkedIn-Seiten an, 11 November 2013 in Der Spiegel (in German)
GCHQ Targets Engineers with Faked LinkedIn Pages, 11 November 2013 in Der Spiegel
Passively ‘Sniffing’ Data: How Mobile Network Spying Works, by Christian Stöcker, 15 November 2013 in Der Spiegel

Venezuela named as a key NSA target

An NSA mission list from 2007 named Venezuela as one of the agency’s six “enduring targets.” A unpublished PowerPoint presentation from August 2010 titled “Development of the Venezuelan Economic Mission” shows that the NSA was monitoring the government and personal emails of officials within the Venezuelan Ministry of Planning and Finance.

Source documents:
Collection accesses
January 2007 Strategic Mission List
2008-13 Strategic Plan

Relevant article:
No Morsel Too Minuscule for All-Consuming N.S.A., by Scott Shane, 2 November 2013 in the New York Times

NSA relies on corporate partners

A slide from the presentation prepared by the NSA’s Special Source Operations division on “Corporate Partner Access” makes clear that the agency depends on “key corporate partnerships” to access fibre-optic cables and other communications infrastructure worldwide. A second slide from the same presentation shows that, over a five-week period in summer 2010, more than 2,000 intelligence reports were produced based on data obtained from Google, Microsoft and Yahoo.

Source document:
Corporate Partner Access

Relevant article:
Snowden document reveals key role of companies in NSA data collection, by Ewen MacAskill and Dominic Rushe, 1 November 2013 in the Guardian

European collaboration with NSA and GCHQ

Eighteen European countries as well as Japan and South Korea have a “focused cooperation” relationship with the NSA that allows access to their citizens’ metadata. In addition, an unpublished report from 2008 shows that GCHQ has worked with intelligence services in France, Germany, Holland, Italy, Spain and Sweden to develop technical capabilities and weaken domestic legal protections.

Relevant articles:
El CNI facilitó el espionaje masivo de EEUU a España, by Glenn Greenwald and Germán Aranda, 30 October 2013 in El Mundo (in Spanish)
GCHQ and European spy agencies worked together on mass surveillance, by Julian Borger, 1 November 2013 in the Guardian

NSA and GCHQ break into Yahoo and Google data centres

A joint NSA-GCHQ project targets the private networks of major US technology companies. Unpublished documents show that entire data flows are copied from access points outside the US and millions of records are sent to data warehouses at the NSA’s Fort Meade headquarters every day. An excerpt from an internal NSA publication describes complaints that “the relatively small intelligence value” delivered by Project Muscular “does not justify the sheer volume of collection.”

Source documents:
Project Muscular
Special Source Operations overview
SSO Collection Optimization
WINDSTOP – last 30 days

Relevant articles:
NSA infiltrates links to Yahoo, Google data centers worldwide, Snowden documents say, by Barton Gellman and Ashkan Soltani, 30 October 2013 in the Washington Post
How the NSA is hacking private networks, by Barton Gellman, Todd Lindeman and Ashkan Soltani, 30 October 2013 in the Washington Post
How we know the NSA had access to internal Google and Yahoo cloud data, by Barton Gellman, Ashkan Soltani and Andrea Paterson, 4 November 2013 in the Washington Post

Sixty million calls gathered from Spain

The NSA’s Boundless Informant tool shows that the agency had access to 60 million phone records from Spain during the month of December 2012.

Relevant article:
La NSA espió 60 millones de llamadas en España en sólo un mes, by Glenn Greenwald and Germán Aranda, 28 October 2013 in El Mundo (in Spanish)

US spies from the Berlin Embassy, targets Angela Merkel

logo-scsThe joint NSA-CIA group called the Special Collection Service (SCS) has agents active in more than 80 locations worldwide. Documents reveal that the SCS is tasked with intercepting cellular signals, wireless networks and satellite communication, and that the equipment for such interception is installed at US embassies, including the embassy in Berlin. The SCS very likely targeted German Chancellor Angela Merkel’s mobile phone, and her number is a ‘Selector Value’ in the documents.

Source document:
Spies in the Embassy

Relevant article:
Embassy Espionage: The NSA’s Secret Spy Hub in Berlin, 27 October 2013 in Der Spiegel

GCHQ’s attempts to keep its mass surveillance secret

Several memos detail the GCHQ’s efforts to make its intercepted evidence inadmissible in criminal court cases. The memos also reveal that the GCHQ lobbied to keep the extended cooperation it had with telecommunications companies secret, as well as efforts to maintain sympathetic public relations people within the British government.

Relevant article:
Leaked memos reveal GCHQ efforts to keep mass surveillance secret, by James Ball, 25 October 2013 in the Guardian

French intelligence questioned NSA over hacking incident

An memo sent from France’s Directorate for External Security (DGSE) and National Systems Security to the NSA questions the US agency over its suspected involvement in a cyber attack targeting the French Presidency in May 2012. France’s internal investigation had discovered that the only perpetrators capable of the attack were among American, British or Canadian intelligence agencies.

Source document:
Four-page internal memo

Relevant articles:
The NSA’s intern inquiry about the Elysée hacking revealed, by Jaques Follorou and Glenn Greenwald, 25 October 2013 in Le Monde
Comment Paris a soupçonné la NSA d’avoir piraté l’Elysée, by Jaques Follorou and Glenn Greenwald, 25 October 2013 in Le Monde (in French)

NSA monitors calls of world leaders

Senior officials in the US government provided the NSA with contact phone numbers of foreign political and military leaders, which were monitored for foreign intelligence information. A memo reveals that one official handed over 200 contact numbers, which included those of 35 world leaders.

Relevant article:
NSA monitored calls of 35 world leaders after US official handed over contacts, by James Ball, 25 October 2013 in the Guardian

Wiretapping French diplomats

An internal NSA memo outlines codenames of various interception tools and techniques used to spy on French diplomats, including at the French embassy in Washington.

Source document:
NSA codenames

Relevant article:
The NSA wiretapped French diplomats in the US, by Jaques Follorou, 22 October 2013 in Le Monde

NSA targets French companies Wanadoo and Alcatel-Lucent

In a span of just 30 days, more than 70 million phone records from France were collected by the NSA’s Boundless Informant program. Slides from a presentation on the NSA’s PRISM program show that the agency targeted two well-known French telecommunications companies, Wanadoo and Alcatel-Lucent.

Source documents:
PRISM overview and Boundless Informant on France

Relevant articles:
Comment la NSA espionne la France, by Jaques Follorou and Glenn Greenwald, 21 October 2013 in Le Monde (in French)
Les Etats-Unis intéressés par Wanadoo et Alcatel-Lucent, by Jaques Follorou and Glenn Greenwald, 21 October 2013 in Le Monde (in French)
France in the NSA’s crosshair: phone networks under surveillance, by Jaques Follorou and Glenn Greenwald, 21 October 2013 in Le Monde
France in the NSA’s crosshair: Wanadoo and Alcatel targeted, by Jaques Follorou and Glenn Greenwald, 21 October 2013 in Le Monde

Mexican President’s email account accessed

The NSA’s Tailored Access Operations (TAO) division was able to exploit a key mail server in the Mexican Presidencia domain in May 2010 to gain access to the President’s public email account in an operation codenamed Flatliquid.

Source document:
NSA Hacked Into Mexican President’s Email Account

Related article:
NSA Accessed Mexican President’s Email, by Jens Glüsing, Laura Poitras, Marcel Rosenbach and Holger Stark, 20 October 2013 in Der Spiegel

NSA signals intelligence aids drone campaign

A secret NSA unit called Counter-Terrorism Mission Aligned Cell collected email and phone calls which led to a drone strike targeting and killing an Osama Bin Laden associate named Hassan Ghul.

Related articles:
Documents reveal NSA’s extensive involvement in targeted killing program, by Greg Miller, Julie Tate and Barton Gellman, 17 October 2013 in the Washington Post
NSA growth fueled by need to target terrorists, by Dana Priest, 22 July 2013 in the Washington Post

NSA collects email address books and buddy lists

Two presentations from the NSA’s Special Source Operations branch and one excerpt from the NSA’s internal wiki document the agency’s attempts at “collection optimization”. A tool called SCISSORS helps filter some unwanted data, such as “unattributed address books” – the NSA still collected a total of 689,246 address books from Yahoo, Hotmail, Gmail, Facebook and other providers on 10 January 2012.

Source documents:
Content Aquisition Optimization
SSO Collection Optimization Overview

Relevant article:
NSA collects millions of e-mail address books globally, by Barton Gellman and Ashkan Soltani, 14 October 2013 in the Washington Post

US and Canada spy on Brazil’s Ministry of Mines and Energy

A program named Olympia that mapped phone and computer communications of the Brazilian Ministry of Mines and Energy was shared between the NSA and its Canadian counterpart agency.

Source document:
CSEC – Advanced Network Tradecraft

Relevant articles:
Ministério de Minas e Energia foi alvo de espionagem do Canadá, 6 October 2013 in Fantástico (in Portuguese)
American and Canadian Spies target Brazilian Energy and Mining Ministry, 6 October 2013 in Fantástico

NSA and GCHQ target Tor anonymity software

Tor’s anonymity software was analysed and attacked under the NSA’s Tailored Access Operations unit. A system codenamed FoxAcid attempted to redirect Tor users to its own servers, with the aim of infecting users’ computers and allowing for long-term compromise.

Source documents:
Peeling back the layers of Tor with EgotisticalGiraffe
‘Tor Stinks’ presentation
Tor: ‘The king of high-secure, low-latency anonymity’
Talk by Roger Dingledine of Torproject.org at the NSA
NSA report on the Tor encrypted network
GCHQ report on ‘MULLENIZE’ program to ‘stain’ anonymous electronic traffic

Relevant articles:
NSA and GCHQ target Tor network that protects anonymity of web users, by James Ball, Bruce Schneier and Glenn Greenwald, 4 October 2013 in the Guardian
Why the NSA’s attacks on the internet must be made public, by Bruce Schneier, 4 October 2013 in the Guardian
Attacking Tor: how the NSA targets users’ online anonymity, by Bruce Schneier, 4 October 2013 in the Guardian
Secret NSA documents show campaign against Tor encrypted network, by Barton Gellman, Craig Timberg and Steven Rich, 4 October 2013 in the Washington Post

Social networks of US citizens

Since November 2010, SIGINT Management Directive 424 allowed the NSA to analyse phone and email metadata of US persons through contact chaining. This metadata can be supplemented with public or commercial data from sources such as Facebook profiles, voter registration and property records.

Source document:
Documents on N.S.A. Efforts to Diagram Social Networks of U.S. Citizens

Relevant article:
N.S.A. Gathers Data on Social Connections of U.S. Citizens, by James Risen and Laura Poitras, 28 September 2013 in the New York Times

India a top target

logo-gaoThe Boundless Informant program, which graphs the capabilities of the NSA’s Global Access Operations (GAO), shows that 6.3 billion intelligence reports were gathered from India in March 2013. Another document indicates that India’s UN office and embassy in Washinton, DC were targeted for infiltration with computer and telephone bugs.

Relevant article:
India among top targets of spying by NSA, by Glenn Greenwald and Shobhan Saxena, 23 September 2013 in The Hindu
NSA planted bugs at Indian missions in D.C., U.N., by Shobhan Saxena, 25 September 2013 in The Hindu

GCHQ exploits Belgian telecom company

A GCHQ presentation describes a project named Operation Socialist against the Belgian telcommunications firm Belgacom and its subsidiary Bics. The operation provided GCHQ and NSA with unlawful access to communications routed through Belgium.

Source document:
‘Operation Socialist’ Cyber Attack on Belgacom

Relevant article:
Belgacom Attack: Britain’s GCHQ Hacked Belgian Telecoms Firm, 20 September 2013 in Der Spiegel

Follow the Money monitors international payments

NSA documents describe a branch called Follow the Money (FTM), which targets credit card authorisation networks, resulting in collection and parsing of transactional data. The Society for Worldwide Interbank Financial Telecommunication (SWIFT) network is identified as a target.

Source document:
NSA Spying on Credit Card and Bank Transactions

Relevant articles:
‘Follow the Money’: NSA Spies on International Payments, 15 September 2013 in Der Spiegel
‘Follow the Money’: NSA Monitors Financial World, by Laura Poitras, Marcel Rosenbach and Holger Stark, 16 September 2013 in Der Spiegel

NSA shares intelligence with Israel

A memorandum of understanding (MOU) between the NSA and the Israeli SIGINT National Unit allows the NSA to share “raw SIGINT data” with Israel. The MOU states that data given to Israel may include information on US persons, including judges and lawmakers.

Source document:
NSA and Israeli intelligence: memorandum of understanding

Relevant article:
NSA shares raw intelligence including Americans’ data with Israel, by Glenn Greenwald, Laura Poitras and Ewen MacAskill, 11 September 2013 in the Guardian

Smartphone surveillance

The NSA has created specialised teams to study the leading smartphone manufacturers and operating systems, and it eventually obtained access to contact lists, call logs, text messages and pictures from the iPhone.

Source document:
Spying on Smartphones

Relevant article:
iSpy: How the NSA Accesses Smartphone Data, by Marcel Rosenbach, Laura Poitras and Holger Stark, 9 September 2013 in Der Spiegel

Targeting Brazilian oil company Petrobras

A top secret training presentation from May 2012 reveals that the NSA targeted private communications networks, including that of Petrobras, the largest oil company in Brazil. This example of economic espionage was revealed just weeks after the NSA provided a public statement that they did not perform such activities.

Relevant articles:
NSA Documents Show United States Spied Brazilian Oil Giant, by Glenn Greenwald and Sonia Bridi, 8 September 2013 in Fantástico
Petrobras foi espionada pelos EUA, apontam documentos da NSA, 8 September 2013 in Fantástico (in Portuguese)

NSA and GCHQ mission to crack encryption

A 2013 budget proposal for the NSA’s SIGINT Enabling Project shows that the agency spends US$250 million per year to work with US and foreign IT industries to exploit commercial systems using encryption and to undermine encryption standards (corresponding articles refer to NIST, and in particular its 2006 standard making Dual EC_DRBG the default pseudo-random number generator). The proposal lists its resources and goals, which reveal the capacity to insert vulnerabilities into commercial encryption systems, IT systems and networks, and to exploit foreign trusted computing platforms and technologies. Attacks on 4G network encryption is also mentioned, as well as a Human Intelligence (HUMINT) division for infiltrating the telecommunications industry to obtain access to key product systems. The NSA’s Project BULLRUN aims to “defeat the encryption used in specific network communication technologies”. A briefing sheet and a classification guide for Project BULLRUN explain its capabilities against network security technology, including TLS/SSL, SSH, encrypted chat, VPN and encrypted Voice-over-Internet-Protocol (VOIP). Documents refer to a major breakthrough in decryption capabilities in 2010. The briefing emphasises the importance of maintaining secrecy of BULLRUN details, as knowledge of NSA capabilities would alert targets to using other technologies. Also mentioned is the corresponding GCHQ counter-encryption program EDGEHILL.

Source documents:
NSA classification guide for cryptanalysis

Project Bullrun – classification guide to the NSA’s decryption program
Secret Documents Reveal N.S.A. Campaign Against Encryption
Bullrun briefing sheet
SIGINT Enabling Project

Relevant articles:
Revealed: how US and UK spy agencies defeat internet privacy and security, by James Ball, Julian Borger and Glenn Greenwald, 5 September 2013 in the Guardian
N.S.A. Able to Foil Basic Safeguards of Privacy on Web, by Nicole Perlroth, Jeff Larson and Scott Shane, 5 September 2013 in the New York Times
Revealed: The NSA’s Secret Campaign to Crack, Undermine Internet Security, by Jeff Larson, Nicole Perlroth and Scott Shane, 5 September 2013 in ProPublica

NSA targets Brazilian and Mexican presidents

Three documents featured in Brazil media offer insight into how the NSA created intelligence reporting on Brazil; one presentation shows the NSA targeted Brazilian President Dilma Rousseff and mapped her entire contact network. Another document presents “geopolitical trends for 2014-2019″, identifying Brazil and Turkey as emerging “on the global stage”.

Source documents:
Intelligently filtering your data: Brazil and Mexico case studies
Geopolitical trends for 2014-2019
The International Security Issues Build-Out

Relevant articles:
Veja os ultrassecretos documents that Dilma espionagem comprovam, 2 September 2013 in Fantástico (article in Portuguese)
Documentos revelam esquema de agência dos EUA para espionar Dilma, 1 September 2013 in Fantástico (article in Portuguese)

NSA targets French foreign ministry network

An unpublished top secret document revealed the NSA secretly attacked France’s diplomatic establishments in contravention of international law. The document indicated the NSA had technicians secretly install bugs within diplomatic buildings inside the United States.

Relevant article:
‘Success Story’: NSA Targeted French Foreign Ministry, 1 September 2013 in Der Spiegel

Al Jazeera communications

An unpublished NSA document claims that the agency had information on reservation services for the Russian airline Aeroflot and hacked into “Al Jazeera broadcasting internal communication”, marking them as having “high potential as sources of intelligence”.

Relevant article:
Snowden Document: NSA Spied On Al Jazeera Communications, 31 August 2013 in Der Spiegel

US Intelligence Community budget for 2013

A Congressional Budget Justification summary for fiscal year 2013 from the Office of the Director of National Intelligence gives a breakdown of spending within the US Intelligence Community. The budget totalled US$52.6 billion, the largest portion of which was allocated to the CIA at US$14.7 billion.

Source documents:
Inside the 2013 U.S. intelligence ‘black budget’
2013 U.S. intelligence budget tables

Relevant articles:
Funding the Intelligence Program (interactive charts)
U.S. spy network’s successes, failures and objectives detailed in ‘black budget’ summary, by Barton Gellman and Greg Miller, 29 August 2013 in the Washington Post
NSA paying U.S. companies for access to communications networks, by Craig Timberg and Barton Gellman, 30 August 2013 in the Washington Post
To hunt Osama bin Laden, satellites watched over Abbottabad, Pakistan, and Navy SEALs, by Craig Whitlock and Barton Gellman, 29 August 2013 in the Washington Post
U.S. spy agencies mounted 231 offensive cyber-operations in 2011, documents show, by Barton Gellman and Ellen Nakashima, 30 August 2013 in the Washington Post
U.S. intelligence agencies spend millions to hunt for insider threats, document shows, by Carol D. Leonnig, Julie Tate and Barton Gellman, 1 September 2013 in the Washington Post
Top-secret U.S. intelligence files show new levels of distrust of Pakistan by Greg Miller, Craig Whitlock and Barton Gellman, 2 September 2013 in the Washington Post

NSA auditing and the FISC Opinion

Four documents reveal the NSA’s self-auditing process and how the NSA violated its own rules more than 2,776 times between April 2011 and March 2012. At least one of these incidents violated a court order and impacted more than 3,000 Americans.

Source documents:
NSA Auditing: Targeting Rationale Training material: US person information
SSO transitions following FISA Court ruling
2012 SID Auditing report

Relevant article:
NSA broke privacy rules thousands of times per year, audit finds by Barton Gellman, 16 August 2013 in the Washington Post

NSA Section 702: targeting US persons

A document reveals what Senator Ron Wyden called the “back-door searches loophole”. A classified update to FAA Section 702 showed the NSA secretly created a policy allowing analysts to “go through… communications and conduct warrantless searches for the phone calls or emails of law-abiding Americans” outside of any judicial process.

Relevant article:
NSA loophole allows warrantless search for US citizens’ emails and phone calls, by James Ball and Spencer Ackerman, 9 August 2013 in the Guardian

Telecommunications companies aid GCHQ surveillance

An internal presentation from 2009 describes a partnership between the British Government Communications Headquarters (GCHQ) and seven telecommunications companies: Verizon Business, British Telecommunications, Vodafone Cable, Global Crossing, Level 3, Viatel and Interoute. The companies were responsible for interception of data from global fibre-optic cable networks; combined, they had access to networks spanning Europe and many parts of the world.

Relevant articles:
Snowden enthüllt Namen der spähenden Telekomfirmen, by John Goetz and Frederik Obermaier, 2 August 2013 in Süddeutsche Zeitung (in German)
Geheimdienste nutzen Firmendienste, by John Goetz and Jan Lukas Strozyk, 2 August 2013 in Tagesschau (audio file below article, in German)

NSA intelligence on the Summit of Americas

A letter written on behalf of the US diplomatic service thanks NSA director General Keith Alexander for spying on participants of the Fifth Summit of Americas in 2009.

Relevant article:
A carta em que o embaixador americano no Brasil agradece o apoio da NSA, Glenn Greenwald, Raphael Gomide and Leonardo Souza, 2 August 2013 in Época (in Portuguese)

NSA pays GCHQ for access to intelligence

The US has paid GCHQ more than £100 million over the past three years for access to its intelligence operations, as well as £15.5 million to redevelop a GCHQ sister site in Bude, Cornwall that intercepts communications from transatlantic cables.

Relevant articles:
NSA pays £100m in secret funding for GCHQ, by Nick Hopkins and Julian Borger, 1 August 2013 in the Guardian
Inside the top secret world of Britain’s biggest spy agency, by Nick Hopkins, Julian Borger and Luke Harding, 2 August 2013 in the Guardian

XKeyscore training materials

XKeyscore is an NSA program used to search “nearly everything a user does on the internet” in real-time. Full content data captured by XKeyscore is stored for three to five days, and metadata is stored for 30 days.

Source document:
XKeyscore training presentation, 2008

Relevant article:
XKeyscore: NSA tool collects ‘nearly everything a user does on the internet’ by Glenn Greenwald, 31 July 2013 in the Guardian

NSA intelligence on the UN Security Council

A top secret document entitled ‘Quiet Success’ describes how the NSA spied on at least eight countries during UN Security Council negotiations. The goal was to derail Brazil’s plan to prevent Iran’s domestic production of nuclear fuel, instead voting for increased sanctions in the spring and summer of 2010.

Relevant articles:
Spies of the digital age, by Leonardo Souza and Raphael Gomide, 27 July 2013 in Época Espiões da era digital, by Leonardo Souza and Raphael Gomide, 27 July 2013 in Época (in Portuguese)

NSA works with the German BND

Documents seen by Der Spiegel suggest that the NSA worked closely with the Germany’s foreign intelligence agency, the Bundesnachrichtendienst (BND).

Source document:
Data ‘Made in Germany’

Related articles:
‘Prolific Partner’: German Intelligence Used NSA Spy Program, 20 July 2013 in Der Spiegel
Mass Data: Transfers from Germany Aid US Surveillance, by Hubert Gude, Laura Poitras and Marcel Rosenbach, 5 August 2013 in Der Spiegel
‘Key Partners’: Secret Links Between Germany and the NSA, 22 July 2013 in Der Spiegel
Kamerbrief met reactie op berichtgeving metadata telefoonverkeer, 4 February 2014, rijksoverheid.nl

Industrial espionage in Brazil

Several slides on various programs within the NSA show the extent of US surveillance of Latin America – particularly in Brazil. Included are slides containing information from the programs/tools Boundless Informant, XKeyscore, Fairview, PRISM and SILVERZEPHYR.

Source documents:
Mapa mostra volume de rastreamento do governo americano

Relevant articles:
Espionagem dos EUA se espalhou pela América Latina, by Glenn Greenwald, Roberto Kaz and José Casado, 9 July 2013 in O Globo (in Portuguese)
EUA espionaram milhões de e-mails e ligações de brasileiros, by Glenn Greenwald, Roberto Kaz and José Casado, 6 July 2013 in O Globo (in Portuguese)

EU and UN buildings bugged by the NSA

A 2008 document says that a bugging method known as DROPMIRE was implanted at the EU embassy in Washington DC. A program codenamed BLARNEY (also mentioned in a PRISM slide previously released by the Washington Post) is authorised under the FISA Amendments Act, Section 702, and utilises partnership with a US telecommunications company, targeting “diplomatic establishment, counter-terrorism, foreign government and economic” data.

Source document:
Photo Gallery: Monitoring the EU and UN

Relevant articles:
Attacks from America: NSA Spied on European Union Offices, by Laura Poitras, Marcel Rosenbach, Fidelius Schmid and Holger Stark, 29 June 2013 in Der Spiegel
New NSA leaks show how US is bugging its European allies, by Ewen MacAskill and Julian Borger, 30 June 2013 in the Guardian
Codename ‘Apalachee’: How America Spies on Europe and the UN, by Laura Poitras, Marcel Rosenbach and Holger Stark, 26 August 2013 in Der Spiegel

NSA activity in Germany

A graph released by Der Spiegel shows a comparison of data on the German phone network, German Internet, Italian phone network and French phone network, collected by the NSA’s Boundless Informant tool. Some documents suggest that the NSA worked closely with the Germany’s foreign intelligence agency, the Bundesnachrichtendienst (BND).

Source documents:
The NSA’s “Boundless Informant” Program
NSA Documentation of Spying in Germany

Related articles:
Partner and Target: NSA Snoops on 500 Million German Data Connections, by Laura Poitras, Marcel Rosenbach and Holger Stark, 30 June 2013 in Der Spiegel
How the NSA Targets Germany and Europe, by Laura Poitras, Marcel Rosenbach, Fidelius Schmid, Holger Stark and Jonathan Stock, 1 July 2013 in Der Spiegel

PRISM data aquisition

Four top secret NSA slides show flow charts for the PRISM data collection process, including data flow from service providers to the FBI, CIA and specialised NSA systems and databases.

Source documents:
PRISM Powerpoint Slides re Data Acquisition

Related article:
NSA slides explain the PRISM data-collection program, 29 June 2013 in the Washington Post

Extended data collection: EvilOlive and ShellTrumpet

A program called One-End Foreign (1EF) solution, codenamed EvilOlive, was enabled via the FISA Amendments Act of 2008, and allowed increased collection of internet traffic. Another program called ShellTrumpet, which was five years old in 2012, “began as a near-real-time metadata analyzer” and was eventually also used for “performance monitoring” and “direct email tip alerting”.

Relevant article:
How the NSA is still harvesting your online data, by Glenn Greenwald and Spencer Ackerman, 27 June 2013 in the Guardian

Authorisation for NSA analysis of US-based electronic metadata

A 2007 Department of Justice memo sought approval for NSA use of Americans’ metadata for analysis by ‘contact chaining’ – a procedure used to link contacts by observing telephone numbers, e-mail addresses or IP addresses that a targeted address attempts to contact. The bulk of the memo explains that analysis of US metadata is “consistent with” the Fourth Amendment, FISA and the electronic surveillance provisions of the United States Code [of Laws] because the data is already in the NSA’s databases.

Source documents:
Justice Department and NSA memos proposing broader powers for NSA to collect data

Related article:
NSA collected US email records in bulk for more than two years under Obama, by Glenn Greenwald and Spencer Ackerman, 27 June 2013 in the Guardian

Internal investigation of the post-9/11 warrantless wiretapping program

A review of NSA activities beginning shortly after 9/11 until January 2007 decribes the warrantless mass surveillance activities extra-legally authorised by President Bush, including a program codenamed STELLARWIND, and initial funding of US$25 million. The 51-page draft from the Office of the Inspector General at the NSA provides a review of the President’s Surveillance Program (PSP) and also details close collaboration with the private sector, which was used to obtain access to key internet and telephone choke points. By June 2002, more than 500 people had been given access to the PSP program, including Senators Robert Graham and Richard Shelby and Congresswoman Nancy Pelosi. A total of 14 White House members and 60 Congressmen were cleared for the program before 2007. After questions about the President’s warrantless wiretapping initiative surfaced in the media, a new Pen Register/Tap & Trace (PR/TT) FISC order, signed 14 July 2004, “essentially gave NSA the same authority to collect bulk Internet metadata that it had under the PSP”. Authority to collect telephony metadata and content and internet content from designated targets was transitioned to three FISC orders: the Business Records Order, the Foreign Content Order and the Domestic Content Order. The Foreign Court order was eventually replaced by the FISA Amendments Act of 2008.

Source document:
NSA Inspector General review of government surveillance programs after 9/11.

Relevant article:
NSA collected US email records in bulk for more than two years under Obama, by Glenn Greenwald and Spencer Ackerman, 27 June 2013 in the Guardian

GCHQ’s cable-tapping Tempora operation

Nukmerous unpublished documents show that Britain’s GCHQ has been running a surveillance operation codenamed Tempora, which is said to have access to 200 fibre-optic cables through partnerships with commercial companies, some which might have been paid for their cooperation. The NSA was given access to the data. Internal briefings suggest GCHQ lawyers recognised that ” a light oversight regime” was a key strength that the agency could bring to its international partnerships.

Related articles:
GCHQ taps fibre-optic cables for secret access to world’s communications, by Ewen MacAskill, Julian Borger, Nick Hopkins, Nick Davies and James Ball, 21 June 2013 in the Guardian
Mastering the internet: how GCHQ set out to spy on the world wide web, by Ewen MacAskill, Julian Borger, Nick Hopkins, Nick Davies and James Ball, 21 June 2013 in the Guardian
The legal loopholes that allow GCHQ to spy on the world, by Ewen MacAskill, Julian Borger, Nick Hopkins, Nick Davies and James Ball, 21 June 2013 in the Guardian

How the NSA decides what counts as US data

Two NSA procedural documents signed by Attorney General Eric Holder in 2009 outline targeting rules for analysts, revealing that the separation and “minimization” of US details is less than rigorous.

Source documents:
FAA Targeting Procedures
FAA Minimization Procedures

Related article:
The top secret rules that allow NSA to use US data without a warrant, by Glenn Greenwald and James Ball, 20 June 2013 in the Guardian

NSA targets universities, mobile phones and fibre-optic network in China

The US has been targeting the Chinese University of Hong Kong, public officials, businesses and students, according to an interview with Edward Snowden. Documents also revealed that Pacnet headquarters in Hong Kong, running one of the biggest regional fibre-optic networks, was hacked by the NSA in 2009.

Related articles:
Edward Snowden: US government has been hacking Hong Kong and China for years, by Lana Lam, 14 June 2013 in the South China Morning Post
US spies on Chinese mobile phone companies, steals SMS data: Edward Snowden, by Lana Lam and Stephen Chen, 23 June 2013 in the South China Morning Post
US hacked Pacnet, Asia Pacific fibre-optic network operator, in 2009, by Lana Lam, 23 June 2013 in the South China Morning Post
NSA targeted China’s Tsinghua University in extensive hacking attacks, says Snowden, by Lana Lam, 13 August 2013 in the South China Morning Post

Surveillance of G20 delegates

Delegates at the G20 summit in April and September of 2009 had their communications intercepted by GCHQ in London. Documents also note that NSA intelligence based upon the G20 surveillance was passed on to UK ministers, relating delegates’ positions on various agreements to influence talks to their advantage.

Related articles:
GCHQ intercepted foreign politicians’ communications at G20 summits, by Ewen MacAskill, Nick Davies, Nick Hopkins, Julian Borger and James Ball, 17 June 2013 in the Guardian
G20 summit: NSA targeted Russian president Medvedev in London, by Ewen MacAskill, Nick Davies, Nick Hopkins, Julian Borger and James Ball, 17 June 2013 in the Guardian

Boundless Informant illustrates NSA’s global reach

Boundless Informant is a tool used to describe the capabilities of the NSA’s Global Access Operations (GAO) unit, which is responsible for satellite interceipts and other foreign platforms. The tool counts metadata records to create real-time maps and charts of some of the NSA’s international capabilities without the need for surveys and other self-evaluation methods.

Source documents:
Boundless Informant – Frequently Asked Questions
Boundless Informant slides

Related article:
Boundless Informant: the NSA’s secret tool to track global surveillance data, by Glenn Greenwald and Ewen MacAskill, 8 June 2013 in the Guardian

Presidential Directive orders cyber-offensive targeting overseas

Presidential Policy Directive 20 outlined in October of 2012 the US approach to offensive cyber operations and ordered national security officials to create a target list for Offensive Cyber Effects Operations (OCEO) . A series of declassified talking points, published in January 2013 obscured the extent to which the US was adopting an offensive cyber posture.

Source document:
Presidential Policy Directive PPD-20 on US Cyber Operations Policy

Related article:
Obama orders US to draw up overseas target list for cyber-attacks, by Glenn Greenwald and Ewen MacAskill, 7 June 2013 in the Guardian

PRISM: an NSA partnership with US service providers

prism-logoNumerous documents outline PRISM, which enables the routine collection of data including emails, chats, videos, file transfers and photos from private companies that include Microsoft, Yahoo, Google, Facebook, PalTalk, YouTube, Skype, AOL and Apple.

Source document:
PRISM/US-984XN Overview

Related articles:
U.S., British intelligence mining data from nine U.S. Internet companies in broad secret program, by Barton Gellman and Laura Poitras, 6 June 2013 in the Washington Post
NSA Prism program taps in to user data of Apple, Google and others, by Glenn Greenwald and Ewen MacAskill, 7 June 2013 in the Guardian
NSA’s Prism surveillance program: how it works and what it can do, by James Ball, 8 June 2013 in the Guardian
Microsoft handed the NSA access to encrypted messages, by Glenn Greenwald, Ewen MacAskill, Laura Poitras, Spencer Ackerman and Dominic Rushe, 12 July 2013 in the Guardian
NSA paid millions to cover Prism compliance costs for tech companies, by Ewen MacAskill, 23 August 2013 in the Guardian

FISA Court order demanding US call records from Verizon

A FISA Court order issued to the US telecommunications company Verizon demanded daily call records for all communications both within the US and between the US and abroad. The order was valid from 25 April 20013 until 19 July 2013 and included a non-disclosure order, which prevented Verizon from revealing that the NSA and FBI sought the aforementioned call records. The revelation of this order resulted in the US government disclosing for the first time that all domestic call records are sought under such orders.

Source document:
Verizon FISA Court order

Related article:
NSA collecting phone records of millions of Verizon customers daily, by Glenn Greenwald, 6 June 2013 in the Guardian