Revelations | Courage Snowden

Documents revealed by Edward Snowden and pertaining to the National Security Agency (NSA), US surveillance programs and US Intelligence Community partners abroad have been released and reported on since 5 June 2013. Below is a list of the revelations, with links to documents and relevant articles, with the most recent ones at the top.

A number of SIDToday articles from 2006 give an indication of NSA operations against Iranian targets operating in Iraq. A particular concern was Iranian support of Shia militias, including supplying weapons and materials for explosives. Economic reporting revealed Iranian purchasing of US microprocessors used in improvised explosive devices. At the same time, the US was intensely concerned to locate and kill the head of Al Qaeda in Iraq, Abu Musab al-Zarqawi, which was eventually achieved when a courier was located in a Baghdad internet cafe. Audio fingerprinting techniques developed in the search for al-Zarqawi were used in other situations

Source documents:Economic Reporting Strives to Interdict the Flow of Improvised Explosive Device ComponentsEmbedded with USSOCOM: NSA Reps Provide Direct Analytic SupportDeployment of New System Improves Access to Iranian CommunicationsNSA/CSS Georgia Contributes to Capture of Iraqi Terrorist LeaderInstant-Gratification SIGINTOpen Source Signals Analysis: Not Your Grandfathers SIGINT!Intercepted: Letter for Zarqawi from al-Qaida Senior LeadersCatch of the Day: Abu Musab al-Zarqawi and FriendsAl-Zawahiri Speaks Yet Again!Al-Zawahiri: At It Again!Public Enemy No. 1 Speaks!VoiceMatch: A New Offering at NCSNuclear Sleuthing Can SIGINT Help?SCS Baghdad Teams With Brits to Help Free Hostages

Related article:328 NSA Documents Reveal Vast Network of Iranian Agents, Details of a Key Intelligence Coup, and a Fervor for Voice-Matching Technology, by Margot Williams, Talya Cooper, Henrik Moltke, Micah Lee, 15 August 2015 in the Intercept

A series of articles from the NSAs internal SIDToday give an indication of concerns at the agency in 2006. The agency was fielding an unprecedented number of Freedom of Information requests, in response to James Risen and Eric Lichtblaus NYT article about warantlesss wiretapping, to frustration from the staff tasked with dealing with them. The agency was also responding to the growth of online call services, where those using US numbers might be based elsewhere. A series of articles encouraged employees to write more effectively for the larger audience produced new intelligence sharing within the intelligence community and federal government.

Source documents:New CNO Capability Poised to Help Counter IEDs, Geolocate TerroristsSID Around the World: Living in Thailand A Singles PerspectiveSID Around the World: Misawa and TokyoSID Around the World: Jumping Into Yorkshires Village Life with Both FeetSID Around the World: Walking the Streets of TurkeySID Around the World: A Glimpse of UtahSID Around the World: Sugar Grove, West VirginiaSID Around the World: Life in Central Maryland?? (repost)What Is a FOIA Request? And Why Is S02L3 Always Bugging Us?Exploiting US/UK/CAN Phone Numbers In Compliance with USSID-18 Policy

Related article328 NSA Documents Reveal Vast Network of Iranian Agents, Details of a Key Intelligence Coup, and a Fervor for Voice-Matching Technology, by Margot Williams, Talya Cooper, Henrik Moltke, Micah Lee, 15 August 2015 in the Intercept

Long-term NSA employee and self-styled SIGINT curmudgeon Rahe Clancy was given a regular spot in internal newsletter SIDToday to voice his complaints. His column, which started in 2005 and ran through to Clancys retirement in 2006, was supportive of the agencys core activities but critical of what he saw as the increasing corporatisation of the agency and, in particular, the proliferation of management jargon in internal communications. Clancys was one of a number of regular columns that ran in SIDToday, which included the SIGINT Philospher and Ask Zelda! described in previous releases from the archive.

Source documents:The Regruntlement of a SIGINT CollectorOpinion Piece: The SIGINT Curmudgeons Last Shot!SIGINT Curmudgeon Excited By SCO-FESTCan You Cut the Mustard as a SCO?Letters to the Editor: Views on the Corporatization of NSA

Related article:Before Snowden, an NSA Spy tried to incite change from the inside. He called himself the curmudgeon of signals intelligence, by Peter Maas, 15 August 2018 in the Intercept

A sequence of posts from the NSAs internal newsletter SIDToday shows how the agency monitors environmental change, as the issue rises up the list of security threats to the United States. Particular focuses are disputes over natural resources like fish stocks and water scarcity, and the response to natural disasters. Previous revelations have shown how the agency has surveiled climate conferences.

Source documents:Japan, Eternal Land of the Rising SunAn Intern Learns That Customers Do Value SIGINTPersistence and Collaboration Thwart Criminals on the High SeasOne Fish, Two Fish, My Fish, Your Fish!A Growing Security Challenge: Competition for WaterDid You Know that NSA Has an Arctic Presence?New GLAIVE (HF Collection System) Course Is AccreditedResponsibility 3B: Implications of Technology & Geopolitical TrendsNSA Hosts Successful Climate Change Day in Advance of UN ConferenceSINIO Seminar: Fire and Ice: A Discussion on Climate Change

Related article:The NSAs Role in a Climate-Changed World: spying on nonprofits, fishing boats, and the North Pole, by Alleen Brown and Miriam Pensack, 15 August 2018 in the InterceptNSA spied against UN climate negotiations, by Sebastian Gjerding, Henrik Moltke, Anton Geist and Laura Poitras, 30 January 2014 in Information

An NSA document from March 2006 reveals that the agency had infiltrated virtual private networks (VPNs) used by organisations including Al Jazeera, Iraqs Ministries of Defence and the Interior, Iran Air and Aeroflot and the private SABRE and Galileo computer systems that facilitate travel transactions like booking airline tickets and are used by hundreds of airlines around the world. In 2006, the ability to exploit VPNs was held closely within NSA but a tool called VIVIDDREAM was made available to analysts that would let them know whether a particular VPN was vulnerable, without giving them information about how the exploit worked. That the NSA had access to Al Jazeeras internal communications and Aeroflot reservation records was reported by Der Spiegel in 2013, but the means of that access has not been published until now. VPN protocols and implementation vary and security researchers have a number of suggestions about how the agency might have secured this access.

Source documents:Efforts Against Virtual Private Networks Bear FruitGiving Answers, Keeping Secrets

Related articles:NSA Spied on Al Jazeera Communications, 31 August 2013 in Der SpiegelNSA cracked open encrypted networks of Russian airlines, Al Jazeera, and other high potential targets, by Micah Lee, 15 August 2018 in the Intercept

AT&T facilities in eight US cities are actively involved in intercepting internet traffic; this is the source of data the NSA refers to as FAIRVIEW. NSA considers AT&T as a trusted partner with an extreme willingness to help, valuable not just for its access to US traffic it assists other American companies with bandwidth but for its partnerships with international providers. AT&T refers to the eight sites as Service Node Routing Complexes; they were set up following the internet boom of the mid to late 90s; the companys cooperation with NSA allows the US agency privileged access to the common backbone technology that transports internet traffic worldwide. Documents outline how FIARVIEW traffic is integrated into other key NSA systems like MAINWAY, MARINA and XKEYSCORE.

Source documents:Changes to Handling of FAA-702 CollectionFAIRVIEW HomeSSO FAIRVIEW OverviewSSO dictionary FAIRVIEWFull One End Foreign (1EF) Interim Status Update

Relevant article:The Wiretap Rooms: The NSAs Hidden Spy Hubs In Eight U.S. Cities, by Ryan Gallagher and Henrik Moltke, 25 June 2018 in the The Intercept

A newly published document from Snowden archive is the first to ever emerge publicly from Japans extremely secretive Directorate for Signals Intelligence, which has at least 6 facilities and employs around 1700 people. The document discusses the operations of the Tachiarai base southwest of Tokyo which in 2012-13 was collecting hundreds of thousands of internet records for the purpose of detecting potential cyberattacks. The Japanese went to NSA for advice on handling the enormous amounts of information they were collecting, despite the MALLARD operation having a questionable status in Japanese law. Another document reveals that the Directorate intended to collect information about Tor users in order to de-anonymise them.

Source documents:DFS SIGINT-enabled CyberCurrent State of and Proposed Future Cooperation with JapanProtocol note for Japan visitWhats NSAs Reputation Among Third Parties?

Related articles:The Untold Story of Japans Secret Spy Agency, by Ryan Gallagher, 19 May 2018 in the Intercept , 19 May 2018, NHK (video)

A collection of internal NSA memos from March 2013 cite an information source codenamed MONKEYROCKET, which has helped NSA analysts to track down senders and receivers of Bitcoins. MONKEYROCKET, which is described in the documents as a non-Western Internet anonymization service, appears to have been a fake VPN-like service planted by the NSA as a device for observing the online activities of internet users in the Middle East. The documents indicate that data obtained about bitcoin users could be accessed through the NSAs main search interface, XKeyScore.

Source documents:OAKSTAR Weekly Update 8 March 2013OAKSTAR Weekly Update 15 March 2013OAKSTAR Weekly Update 22 March 2013OAKSTAR Weekly Update 29 March 2013OAKSTAR Weekly Update 5 April 2013SSO Corporate Portfolio OverviewMONKEYROCKET Achieves Initial Operational CapabilityEntries From Sample SSO AccessesSSO dictionary MONKEYROCKETOAKSTAR Travel Handbook

Related article:The NSA Worked To track Down Bitcoin Users, Snowden Documents Reveal, by Sam Biddle, 20 March 2018 in the Intercept

Documents from the Snowden archive show how British surveillance activities intensified after the bombings of 7 July 2005, with the collaboration of NSA. GCHQ focused on locating closed loops of burner phones. A Five Eyes intelligence sharing agreement of the previous year, the Alice Springs Resolution, intended to enable unfettered access to metadata repositories among our five agencies, was fulfilled in the wake of the terrorist attack. Later, NSA would criticise Australia and New Zealand for not making enough use of the arrangement.

Source documents:MHS Lends a Hand in the Aftermath of the London BombingsCT Staff and Augmentees Focus on Bombings in BritainThe London Bombings an Insiders ViewContact ChainingGraph theory in the operational environment Sensitive Metadata Analytic Collaboration (SMAC) Concept of OperationsThe Alice Springs ResolutionTransnational DNI Training

Related article:How Londons 7/7 Bombings Led to Unprecedented Surveillance Tactics, by Ryan Gallagher, 1 March 2018 in the Intercept

Documents from the Snowden archive show how intelligence sharing works among the 18 members of the SIGINT Seniors network. The original nine members of the SIGINT seniors Europe group were brought together in 1982 and the alliance expanded after 2001. The alliance has worked together on monitoring major sporting events, counterterrorism operations and the development of new shared tools and techniques.

Source documents:SIGINT Partnership Agrees to Greater SharingLinguistic Resource Sharing in Asia Pacific Takes Step ForwardNSAs Changing Counterterrorism Relationship With IndiaSIGINT Seniors Pacific Successes Highlighted at ConferenceCounterterrorism Analytic Working Group Meets in MadridGlobal Collaboration Environment (GCE)GOOOOAAAALLLL!!! World Cup Report From SUSLAGWhos Who in Afghanistan?SIGINT Seniors Making History in a Good Way

Related article:The Powerful Global Spy Alliance You Never Knew Existed, by Ryan Gallagher, 1 March 2018 in the Intercept

A sigint station run by Norways Intelligence Service in association with the NSA, codenamed VICTORYGARDEN, captured records of phone calls and emails between Norwegian citizens and their contacts abroad, in contravention of Norwegain law. The problem came to the attention of Norways oversight committee in 2014 but has continued unabated since. A sequence of newly-released documents shows a close and developing relationship between Norwegian intelligence and the NSA, which has been shielded from democratic oversight.

Source documents:Life as a TLO in OsloSIGINT Development Working Group Meets in Oslo, NorwayNorway Gets FORNSAT Collection Capability On Par With NSAsNorwegian-US Conference Held at Ft Meade and ColoradoNSAs intelligence relationship with NorwayCanyondust Coverage RegionsManaging the Challenge

Related articles:Norway Used NSA Technology for Potentially Illegal Spying, by Henrik Moltke, 1 March 2018 in the InterceptAntennene som samler inn data om norske borgere, by yvind Bye Skille, 1 March 2018, NRK

Posts from the NSAs internal SIDToday newsletter describe how agency analysts posted to Iraq in 2004, ostensibly to help locate weapons of mass destruction, would locate pornographic material on seized hard drives, which was then used to humiliate and break down detainees. Other accounts suggest this was done as a matter of policy. Further SIDToday articles describe the agencys monitoring of referendum-fixing in Mubaraks Egypt, intelligence gathering on the Israeli and Palestine positions during negotiations at Camp David in 2000 and a reluctance to recruit Americans of Arab descent to work as language specialists. Published documents also document the emerging relationship between NSA and its counterpart in the Czech Republic, the agencys concerted action against a European group called the Anti-Imperialist Camp and how progress was made in monitoring mobile telephony and Skype calls.

Source documents:NSAer Investigates Computers Seized in Raids in IraqWhat SIGINT Revealed About the Egyptian ElectionNow Youre Speaking My Language: NSAs Linguistic Resources (Part I)Can Motor City Manufacture Some Arabic Language Assistance for NSA?Is NSA Going Deaf? What Is Golf Cart Reporting? An Interview With REDACTEDTerrorism or Political Action? The Anti-Imperialist Camp Crosses the LineUS, Czech and Japanese All at the Same TableCzech Mates?GSM Temporary Selectors Breakthroughs in Automated IdentificationA Tough Targeting Challenge: SkypeLetter to the Editor: About SkypeLetter to the Editor: More Comments on Social Network Analysis

Related article:NSA Used Porn to Break Down Detainees in Iraq and Other Revelations From 297 Snowden Documents, by Margot Williams, Talya Cooper and Micah Lee, 1 March 2018 in the Intercept

NSA and associated US government agencies have put significant investment into the development of voice identification technology, which has the potential to become a general biometric means of identifying people as consumer devices using voice recognition become more prevalent. Internal NSA newsletters give some indication of how this technology developed, including the use of bulk voice recordings from Iraq and Afghanistan, and attempts to overcome the strategies surveillance subjects adopted to frustrate it.

Source documents:Technology That Identifies People by the Sound of Their Voices Human Language Technology in Your Future For Media Mining the Future Is Now!RT10 Initiative OverviewVoice/Fax User Group Minutes of January 2008 meetingVoice/Fax User Group Minutes of December 2010 meetingVoice/Fax User Group Minutes of March 2009 meetingVoice/Fax User Group Minutes of October 2008 meetingVoice/Fax User Group Minutes of September 2008 meetingInnov8 VoiceAnalytics Experiment Profile Letters to the Editor: Still More on Tool DevelopmentTips for a Successful Quick Reaction Capabiity NSA Georgia Opens New Audio-Forensics LabNew RT-RG Overview Video Available on NSANet Alert: Voice Masking Is Discovered in SIGINTAlvin, Simon, and Al Qaeda? Finding Modified Voice in SIGINT Traffic SIGINTers Use Human Language Technology to Great Advantage, Isolate Conversation About Threat to US Come to SIDs Identity Intelligence (I2) Day Conference and See Your Target in a Whole New Light!How Is Human Language Technology Progressing?CTIC: Its Not Just Another Pretty Space

Related article:Finding Your Voice, by Ava Kofman, 19 January 2018 in the Intercept

PRISM reports in the Snowden Archive show that criminal defendants were subjected to Section 702 PRISM reporting, obtained without a warrant, that was not revealed in court. Other documents in the archive show how often 702 reporting us used in counterterrorism cases, raising concerns about the prevalence of parallel construction in the US criminal justice system. In some cases, NSA analysts claimed credit for convictions in internal newsletters.

Source documents:Special Source Operations Weekly 25 April 2013Teaming with the FBI in the Global War on TerrorismTransnational DNI training PINWALERe: Ehsanul Sadequee FISA RequestLife as the SID Liaison to the Joint Terrorism Task Force in NYCThe Saudi Assassination Plot How It Was Thwarted2009: A Watershed Year in the Fight Against TerrorismPerseverance Pays Off: Eight-Year SIGINT Effort Culminates in Arrest of Elusive Colombian TerroristClassification guide for FISA, the Protect America Act and the FISA Amendments Act

Related article:NSA Secretly Helped Convict Defendants in U.S. Courts, Classified Documents Reveal, by Trevor Aaronson, 30 November 2017 in the Intercept

Reports produced by US intelligence on potential Cuban and Russian links to the assassination of President Kennedy were kept classified for decades, according to documents in the Snowden archive. A classification guide published in 2000 states that NSAs 1960s attempts to intercept the communications of Cuban diplomats and agents are still to be regarded top secret. A separate classification guide relating to the Cuban missile crisis gives a similar designation to information about NSA targeting of Soviet general staff communications.

Source documents:JFK Assassination Records Classification/Declassification Guide Number: 385-00Classification Guide Title/Number: Cuban Missile Crisis, 10-18

Related article:NSA Concealed Records on JFK Assassination for Decades, by Miriam Pensack, 25 October 2017 in the Intercept

A single slide from an NSA PRISM presentation claims that Saudi Prince Salman bin Sultan ordered Syrian rebels to light up Damascus in March 2013, to mark the second anniversary of the Syrian revolution. The slide claims that almost all information on [Syrian] opposition plans and operations that reaches the NSA is acquired via PRISM.

Source document:PRISM FAA Reporting Highlight

Related article:NSA Document Says Saudi Prince Directly Ordered Coordinated Attack By Syrian Rebels On Damascus, by Murtaza Hussein, 24 October 2017 in the Intercept

A GCHQ document from 2009-2010 explains the PHANTOM PARROT tool, which enables the search of data downloaded from phones seized during border stops, often unbeknownst to their owners, which has then been sent to GCGQ for inclusion in a central database (LUCKY STRIKE), where it is integrated with financial data. The previous UK Independent Reviewer of Terorrism Legislation stated on several occasions that the current system is not subject to sufficient safeguards.

Source documents:PHANTOM PARROTFININT Tasking

Related article:Airport Police Demanded An Activists Passwords. He Refused. Now He Faces Prison In The UK, by Ryan Gallagher, 23 September 2017 in the Intercept

A 2011 report from CSEC describes how a group of hackers codenamed MAKERS MARK, who were believed to be associated with Russia regularly compromised really well designed systems for obscuring their identity by logging into personal accounts. Operatives were even infected with commercial malware. These errors allowed CSEC to attribute MAKERS MARK attacks to Russia.

Source document:Hackers are Humans too: Cyber leads to CI leads

Related article:White House Says Russias Hackers Are Too Good To Be Caught But NSA Partner Called Them Morons, by Sam Biddle, 2 August 2017 in the Intercept

Thirteen previously-unpublished documents from the Snowden archive document the NSAs evolving relationship with its Japanese counterpart, the G2 Annex. While Japan houses and part-funds three NSA bases on its territory and shares access to tools like XKEYSCORE, the US agency also spies on the Japanese government and institutions. NSA programmes housed in Japan include GHOSTHUNTER, which identifies locations of internet users in the Middle East and North Africa and is used to facilitate drone strikes.

Revealed documents:Whats NSAs Reputation Among Third Parties? What are the Japanese Like as SIGINTers?Charlie Meals Opens New Engineering Support Facility in JapanNSA SIGINT Site Relocated in Japan: The Story Behind the MoveBack in Time: The KAL-007 ShootdownRequest for ADET SIGDEV Materials to be Used for Training the Japanese Directorate for SIGINT PersonnelSpecial-Delivery SIGINT: How NSA Got Reports to US Negotiators In Time for Them To Be of ValueUS, Japan Now Exchanging Collection From Reconnaissance MissionsShift to Software Demodulation in Misawa Expands Collection, Saves MoneyNSA Liaison in Tokyo Opens New OfficeCROSSHAIR Foreign Partners Filling HF/DF Gaps for the USThe International Security Issues Build-OutNSA Assistance to Japanese Directorate for SIGINT in Developing Capabilities to Provide SIGINT Support to CNDNSA High Frequency (HF) Collaboration efforts with Japan

Related articles:Japan Made Secret Deals With The Nsa That Expanded Global Surveillance, by Ryan Gallagher, 24 April 2017 in the InterceptJapan monitored in the United States: Snowden unpublished file shock, by Akira Ikegami, Shinichi Takeda and Izumi Tanaka, 24 April 2017 in NHK CloseupNZ spied on Japan as part of anti-whaling push: Snowden document, 26 April 2017 in the New Zealand Herald

A post from the internal NSA newsletter SIDToday describes the role the agency plays in security arrangements for domestic events, primarily the Democratic and Republican National Conventions, which have been designated as National Special Security Events (NSSEs). Other NSSEs include the Salt Lake City Olympics. The Republican National Convention in 2004 was greeted by large scale protest and over one thousand arrests, which were later ruled to be unlawful. It is not known whether the NSA was tasked with monitoring domestic protest.

Revealed documents:NSA Provides Un-conventional Support

Related article:NSA kept watch over Democratic and Republican conventions, Snowden documents reveal, by Ryan Gallagher, 24 April 2017 in the Intercept

An NSA-US Navy report in the Snowden archive shed light on the extent of US defence information compromised when a US spy plane collided with a Chinese fighter jet in 2001. The 117-page report, prepared three months after the incident largely vindicates the planes crew for their attempts to destroy the signals intelligence and cryptographic material on board before its emergency landing and criticises the lack of institutional preparation for such an incident.

Revealed documents:EP-3E Collision: Cryptologic Damage Assessment and Incident Review

Related article:Burn After Reading: Snowden Documents Reveal Scope of Secrets Exposed to China in 2001 Spy Plane Incident, by Kim Zetter, 10 April 2017 in the Intercept

A page from the NSAs internal WikiInfo, on Russian journalist Anna Politkovskaya, suggests that in 2005 the agency identified an attack on Politkovskayas email account depplying malicious malware which is not in the public domain. The NSA concluded that Russias FSB was probably responsible. Politkovskaya was assassinated in 2006.

Revealed document:Anna Politkovskaya

Related article:Top-Secret Snowden Document Reveals what the NSA Knew about Previous Russian Hacking, by Sam Biddle, 29 December 2016 in the Intercept

A GCHQ presentation from 2012 discusses the Southwinds system, which intercepts mobile phone activity from commercial aircraft at cruising altitude. As of 2012, the programme was restricted to those regions covered by UK satellite communications provider Inmarsat: Europe, Africa and the Middle East and was capable of updating phone position data every two minutes. Air France and Air Mexico flights were discussed as specific targets as early as 2005, based on possible terrorist threats to these airlines. GCHQ noted that Aeroflot was carrying out its own surveillance of calls made on board its aircraft.

Source documents:SIGINT Analysts: In-flight GSM Is No JokeIn-Flight GSMTHIEVING MAGPIE Using on-board GSM/GPRS to track targetsHOMING PIGEON

Related articles:Les compagnies ariennes dont Air France vises par les services secrets amricains et britanniques, by Jacques Follorou, 7 December 2016 in le MondeAmerican and British Spy Agencies Targeted In-flight Mobile Phone Use, by Jacques Follorou, 7 December 2016 in the Intercept

Details from documents in the Snowden archive, together with architectural plan, public records and interviews with former AT&T employees suggest that an AT&T communications hub at 33 Thomas Street in lower Manhattan is also an NSA surveillance site codenamed TITANPOINTE. AT&T is referred to in several documents as LITHIUM, the partner who visits to TITANPOINTE must be coordinated with. The agency claims to have access to foreign gateway switches at the building, which it refers to as RIMROCK access, as well as to satellite communications as part of a system called SKIDROWE. The facility is also referred to in the Snowden archive as a BLARNEY core site.

Revealed documents:Blarney Program TDY Handbook FAIRVIEW TDY HandbookFAIRVIEW Dataflow DiagramsSpecial Source Operations: Corporate Partner AccessDNI Processing of RINGBILL AccessSSO Web > (U) BlarneySKIDROWE Low Speed DNI Processing Solution Replacing WEALTHYCLUSTER2

Related articles:Titanpointe: The NSAs Spy Hub in New York, Hidden in Plain View, by Ryan Gallagher and Henrick Moltke, 16 November 2016 in the InterceptLook Inside the Windowless New York Skyscraper Linked to the NSA, by Ryan Gallagher and Henrick Moltke, 19 November 2016 in the Intercept

In a cache of documents revealed to the Intercept, New Zealand based company Endace are revealed as a supplier to GCHQ and other intelligence agencies, including Moroccos DGST which has been singled out by Amnesty and others for human rights abuses. The company supplies equipment that allows telecoms providers to make their systems intercept capable and analysis of previously-released documents from the Snowden archive suggests that Endace-supplied equipment played a critical role in enabling the agency to dramatically expand its surveillance of undersea cables between 2009 and 2012.

Revealed documents:Access: The VisionSupporting Internet OperationsMobile Apps Checkpoint meeting Archives

Related article:Private Eyes: The Little-Known Company That Enables Worldwide Mass Surveillance, by Ryan Gallagher and Nicky Hager, 23 October 2016 in the Intercept

A draft NSA malware manual confirms that SECONDDATE which appears in the ShadowBrokers initial release was created by the Agency. SECONDDATE, which intercepts web requests and redirects them to an NSA server, is part of the system codenamed TURBINE. That, and the NSA server (FOXACID) has been described in previously published documents from the Snowden archive.

Revealed documents:FOXACID SOP for Operational Management of FOXACID InfrastructureWireless LAN/CNE Tool Training Course and EvaluationIntroduction to WLAN / 802.11 Active CNE OperationsIntroduction to BADDECISIONFOXACIDSIGINT Development Support II Program Management ReviewDGO Enables Endpoint Implants via QUANTUMTHEORYQUANTUMTHEORY success at SARATOGAExpeditionary Access Operations: NSAs Close Access Network Exploitation Program

Related article:The NSA Leak is Real, Snowden Documents Confirm, by Sam Biddle, 19 August 2016 in the Intercept

Articles from the NSAs internal newsletter SIDToday show how the NSAs capabilities have at times been frustrated by the adoption of relatively low-tech strategies. In late 2003, insurgents in Afghanistan and Iraq had caused issues for the agency with their use of high powered cordless phones, which could be used to denotate IEDs as well as for communication. Later disclosures by other whistleblowers shed light on some of the tools governments are employing in response to this issue.

Source documents:High Powered Cordless Phones in the Af/Pak Border Area: Is UBL Talking?HPCP Conference Aids CollaborationRegister for the Worldwide HPCP Conference, 27-31 October

Related articles:Iraqi Insurgents Stymied the NSA and Other Highlights from 263 Internal Agency Reports, by Margot Williams and Micah Lee, 10 August 2016 in the InterceptThe Secret History of Iraqs Invisible War, by Noah Shachtman, 14 June 2011 in WiredA Secret Catalogue of Government Gear for Spying on Your Cellphone, by Jeremy Scahill and Margot Williams, 17 December 2015 in the Intercept

A post from the internal NSA newsletter SIDToday dated 6 November 2003 describes how the agency shared intercepted material from international NGOs and treaty monitoring organisations working in the health sector with the DIAs Armed Forces Medical Intelligence Center. The DIA unit was tasked with producing intelligence for the military in support of force health protection, particularly in the field of epidemiology. The collaboration allowed the NSA to analyse the impact of Chinas SARS outbreak on governance, local media, the economy and the readiness of the Peoples Liberation Army. Further documents from the Snowden archive show the range of the NSAs ambitions in accessing and utilising medical data.

Source document:DIA Swimming Upstream in the SIGINT SystemInteragency SARS Conference May 20thSpecial Source Operations Weekly 18 April 2013A New Approach to Uncovering WMD ProgramsFY 2013 Congressional Budget Justifiation

Related article:How the U.S. Spies on Medical Nonprofits and Health Defenses Worldwide, by Jenna McLaughlin, 10 August 2016 in the Intercept

Amidst the controversy about the hacking of Democratic Party networks, which US authorities have linked to the Russian government, previously published documents in the Snowden archive illustrate the extent to which the US own signal intelligence agency has breached electronic systems in other countries where elections are ongoing, with targets including successive Mexican Presidents. The US is making large investments into its offensive cyberwarfare capability.

Source documents:Intelligently filtering your data: Brazil and Mexico case studiesComputer-Network Exploitation Successes South of the Border

Related articles:Commentary: The worlds best cyber army doesnt belong to Russia, by James Bamford, 9 August 2016, ReutersFresh Leak on US Spying: NSA Accessed Mexican Presidents Email, by Jens Glsing, Laura Poitras, Marcel Rosenbach and Holger Stark, 20 October 2013 in Der SpiegelExclusive: Edward Snowden on Cyber Warfare, by James Bamford and Tim De Chant, 8 January 2015, PBS Nova

GCHQs JTRIG unit used a link shortener in an attempt to influence online activists at the time of the 2009 Iranian presidential elections and the Arab Spring. GCHQ set up a free link-shortening service called lurl.me (codenamed DEADPOOL), which the agency classed as one of its shaping and honeypots tools, and used this to target activists from the Middle East. The same technique was used in an attempt to identify members of Anonymous. An examination of previously-published documents from the Snowden archive allows the likely objectives and methods used in this campaign to be understood, including the limitations of GCHQs capacity.

Source documents:JTRIG Tools and TechniquesCyber Offensive Session: Pushing the Boundaries and Action Against HactivismBehavioural Science Support for JTRIGS Effects and Online HUMINT Operations

Related article:British Spies Used a URL Shortener to Honeypot Arab Spring Dissidents, by Mustafa al-Bassam, 29 July 2016 in Vice Motherboard

Whistleblower concerns about the extent of information gathering by the Five Eyes making drawing intelligence insights more difficult are borne out by a 2010 document prepared by Britains intelligence services for the Cabinet office and the Treasury. Documents from GCHQs National Technical Assistance Centre show that a very small percentage of communications intercepted under the agencys targeted operations are ever analysed by a human being.

Revealed documents:The Digint ProgrammeDigint imbalanceArtemis DGO and DOC SpecialCommunications Capability Development ProgrammeMILKWHITE Enrichment Services (MES) ProgrammeMobile Apps Checkpoint meeting ArchivesPRESTON ArchitecturePRESTON Business ProcessesThe National Technical Assistance Centre

Related article:Facing Data Deluge, Secret U.K. Spying Report Warned of Intelligence Failure, by Ryan Gallagher, 7 June 2016 in the InterceptEdward Snowden leaks reveal secret Scottish spy system, by Michael Gray, 11 June 2016 in Commonspace

An investigation shows that the electronic communications of UK parliamentarians are being collected by GCHQ as a matter of course. An unpublished GCHQ document from the Snowden archive confirms that the agency is able to scan the content of parliamentary emails for keywords via the MessageLabs spam filters used in MPs inboxes. In 2014 after Edward Snowdens revelations brought mass surveillance to widespread public attention the UK parliamentary estate moved its internal email and office software to Microsoft 364, so the digital output of parliamentarians is constantly moving between the UK, Netherlands and Ireland. A Computer Weekly study has found that around 65% of parliamentary email headers are routed internationally.

Source documents:Intrusion Analysis / JeACSSO HIGHLIGHT Microsoft Skydrive Collection Now Part of PRISM Standard Stored Communications Collection

Related article:MPs private emails are routinely accessed by GCHQ, by Duncan Campbell and Bill Goodwin, 1 June 2016 in Computer Weekly

Eric Fair, an interrogator who worked for a US military contractor in Iraq and former NSA employee, authored several articles about his experiences in internal agency newsletter SIDToday. Later, in his memoir, Fair reflected on how he had felt obliged to mask his moral qualms about his experience at Abu Ghraib and in Falluja for the consumption of his new colleagues. There is a strong contrast between the tone of Fairs SIDToday articles and his later writing for a general audience.

Source documents:From SIGINT to HUMINT to SIGINT (through HUMINT) part 1From SIGINT to HUMINT to SIGINT (through HUMINT) part 2

Related article:The Secret NSA Diary of an Abu Ghraib Interrogator, by Cora Currier, 11 May 2016 in the Intercept

Continued here:
Revelations | Courage Snowden