(Updated: November 12, 2013)
Over the last month, the publication of various slides of a powerpoint presentation about the top secret NSA collection program PRISM caused almost worldwide media attention. Less known is that a number of new slides about other NSA collection programs were published on July 6 by the Brazilian newspaper O Globo.
These and a few other slides were also shown on Brazilian televion, combined with an interview with Guardian-columnist Glenn Greenwald, who lives in Rio de Janeiro. Screenshots of some of the slides shown on Brazilian television became available on Flickr (see Links and Sources). On July 21, the German magazine Der Spiegel published some extra details about the XKEYSCORE program.
UPDATE:
On July 31, The Guardian published a full presentation about XKEYSCORE, but this shows the program is not for data collection, but for data analysing.
FAIRVIEW-slides
Brazilian television and the O Globo website presented a whole new series of four slides from what seems to be a presentation about the FAIRVIEW program or maybe the broader "collection of communications on fiber cables and infrastructure as data flows past", which was called "Upstream" in one of the PRISM-slides.
The first slide (below) shows the logos of the NSA and its Special Source Operations (SSO) unit, and a map representing "1 Day view of authorized (FAA ONLY) DNI traffic volumes to North Korea within FAIRVIEW environment". As DNI stands for Digital Network Intelligence, this map apparently shows internet traffic to North Korea, as traced by the FAIRVIEW program.
According to O Globo these maps show the amount of exchanged messages and phone calls (allthough DNI only refers to internet traffic) by various countries in the world with North Korea, Russia, Pakistan and Iran. Below we see DNI traffic to Pakistan on March 4 and 5, 2012:
A third slide shows a list op "Top 20 Pakistani domains (.pk)" which where apparently tracked between February 15, 2012 and March 11, 2012:
A fourth slide shows some lines with names of collection managers of OAKSTAR, BLARNEY and what appears to be the STORMBREW and (the hitherto unknown) OCELOT programs (Update: newly disclosed slides show that the latter word is actually MADCAPOCELOT). Brazilian television showed this slide uncensored with the names visible, but here we blacked them out:
According to former NSA official Thomas Drake FAIRVIEW is a highly classified program for tapping into the world’s intercontinental fiber-optic cables. It acts as an "umbrella program" with other programs underneath it. One of them is BLARNEY, which is a program to access internet data at key junctions and is facilitated by arrangements with commercial cable companies and internet servce providers.
According to Drake, "BLARNEY is to the international Internet space as PRISM is to the domestic". FAIRVIEW is apparently also the method through which the NSA receives the information it has collected, essentially co-opting the fiber optic cables to transmit the data back to the agency to be analyzed by data mining programs.
FORNSAT-slide
The Brazilian television also showed one slide from a presentation which wasn't mentioned or seen earlier. The only information we have, is the slide itself and what the O Globo website tells about it:
The slide is titled PRIMARY FORNSAT COLLECTION OPERATIONS, and the O Globo website says it shows a network of 16 facilities for intercepting transmissions from foreign satellites. The slide shows markings in blue and green, where blue represents "US Sites" and green "2nd Party" for intercepting locations run by partner signals intelligence agencies of the UKUSA Agreement.
US Sites:
- JACKKNIFE, Yakima (US)
- TIMBERLINE, Sugar Grove (US)
- CORALINE, Sabena Seca (Puerto Rico)
- SCS, Brasilia (Brazil)
- MOONPENNY, Harrogate (Great Britain)
- GARLICK, Bad Aibling (Germany)
- LADYLOVE, Misawa (Japan)
- LEMONWOOD, Thailand
- SCS, New Delhi (India)
2nd Party Sites:
- CARBOY, Bude (Great Britain)
- SOUNDER, Cyprus
- SNICK, Oman
- SCAPEL, Nairobi (Kenya)
- STELLAR, Geraldton (Australia)
- SHOAL BAY, Darwin (Australia)
- IRONSAND, New Zealand
Most of these locations were part of the ECHELON satellite intercept program. The NSA station at Bad Aibling in Germany was closed down in 2004, but at the same time, the German foreign intelligence agency BND opened a listening station at the nearby Mangfall baracks, also near Bad Aibling.
According to Snowden, there's also NSA personell at this station, maintaining their own communications hub connected to the NSA headquarters. This cooperation between NSA and BND is based on a Memorandum of Agreement dated April 28, 2002. As the slide has no date, it's unclear whether the marking on the map is for the former NSA station, or the current NSA/BND post.
The SCS sites in Brasilia and New Delhi are units of the Special Collection Service, a joint CIA/NSA program to collect information through covert listening posts based in US embassies in foreign capitals.
Update: An article showing a better version of the map says that it's from 2002, which explains why it shows the stations at Bad Aibling and Sabena Seca, both of which have since closed.
PRISM-slides
Already nine slides from the presentation about the PRISM data collection program were published on the websites of The Guardian and The Washington Post. On this weblog we also discussed the first five slides and the following four slides, which were additionally published by the Post.
The Brazilian television showed two new pictures, the first is the fifth slide published by The Guardian, but only showing the world map with fiber optic cables, and without the text balloons about "Upstream" and "PRISM" collection methods, which apparently show up after clicking the original powerpoint presentation:
The slide which is below was not published earlier. Just like the previous slide, this one is also about "FAA702 Operations", which means operations under section 702 of the FISA Amendment Act (FAA) of 2008. The slide shows the same world map with fiber-optic cables and is hardly readable, but according to Wikipedia, the subheader reads "Collection only possible under FAA702 Authority" and the program name FAIRVIEW is the central cyan colored box. Maybe the codenames of other programs are in the yellow box at the right side:
An eleventh slide of the PRISM presentation appeared on the website of O Globo, some days after the previous slides were shown on television. This slide is titled "A Week in the Life of PRISM Reporting" and shows some samples of reporting topics from early February 2013:
It seems the bottom part of this slide was blacked out by Brazilian media, as the Indian
paper The Hindu disclosed that this slide also mentions "politics, space, nuclear" as
topics under the header "India", and also information from Asian and African
countries is contributing to a total of "589 End product Reports".
These lists show that PRISM is used for collecting data about the usual strategical and tactical targets and not about ordinary people, as most of the media reports suggest.
XKEYSCORE-slides
Brazilian television showed a whole new set of slides about the XKEYSCORE program. According to O Globo, XKEYSCORE detects the nationality of foreigners by analysing the language used within intercepted emails, which the paper claims has been applied to Latin America and specifically to Colombia, Ecuador, Venezuela and Mexico.
In total, O Globo showed four slides about the XKEYSCORE program, which are classified as TOP SECRET//COMINT//REL TO USA, AUS, CAN, GBR, NZL. This means this information can be shared with signals intelligence agencies from Australia, Canada, Great Britain and New Zealand, which are cooperating under the so called UKUSA Agreement.
XKEYSCORE collects data with the help of over 700 servers based in "US and allied military and other facilities as well as US embassies and consulates" in several dozen countries. These locations are shown on the slide below:
The next slide shows how the collected data of so-called sessions are processed by separating them into different communication information, which are stored in various databases:
According to O Globo the XKEYSCORE can also track people by localities when they are using Google Maps:
This slide is follewed by one showing a map of Afghanistan and surrounding countries with a lot of coloured marking points, without any clarification of what they represent:
According to new information published by the German magazine Der Spiegel (pdf) on July 21, the slides about X-KEYSCORE are from a presentation dated February 25, 2008. It's said that, starting with the metadata, the program is able to retroactively reveal any terms a targeted person has typed into a search engine like Google or Google Maps. Furthermore, there's a buffer storage capable of storing a "full take" of intercepted raw data for several days. X-KEYSCORE can also to monitor user activity in near real time, as well as showing "anomalies" in internet traffic.
In December 2012, XKEYSCORE gathered around 180 million data sets from Germany alone. Apparently the German federal security service BfV was equipped with XKEYSCORE to "expand their ability to support NSA as we jointly prosecute CT [counterterrorism] targets" and the German foreign intelligence agency BND was tasked with instructing the BfV on how to use the program.
On July 25, the directors of the German intelligence agencies briefed members of the German parliamentary intelligence oversight committee about the various NSA programs. They said that XKEYSCORE is used by the BND since 2007, that BfV uses a test version since 2012, and that this program is not for collecting data, but only for analysing them. The director of the BfV even gave a partial demonstration of the test version of XKEYSCORE.
UPDATE:
On July 31, The Guardian published a full presentation about XKEYSCORE, which confirms that this program is not for data collection, but for data analysing.
(Updated on September 22 with the eleventh PRISM slide and on October 23 with a better FornSat slide)
Links and Sources
- Brazilian television report: La CIA y la NSA espiaron mediante satélites desde Brasil & Slides
- O Globo slides: Mapa mostra volume de rastreamento do governo americano
- Cryptome translations: NSA Email and Phone Tracking Programs
- Screenshots on Flickr: NSA Hawaii in USB Made in China
- DailyDot.com: Forget PRISM: FAIRVIEW is the NSA's project to "own the Internet"
- Der Spiegel-article: 'Prolific Partner': German Intelligence Used NSA Spy Program
See also: Boundless Informant NSA data-mining tool – four key slides
0 comments:
Post a Comment