The Criminal N.S.A.

[Grizzly]

NSA to shut down bulk phone surveillance program by Sunday
http://www.reuters.com/article/2015/11/ ... 7120151127

Those that work at NSA have started their own private companies that will do the same as the NSA. But, now the Gov can say they don't monitor American phone calls. Former NSA head's cyber-security startup raises $32.5 million http://www.reuters.com/article/2015/10/ ... H120151026

Bonus:
Alphabet?

Google has a patent on identifying users by keystrokes and keystroke timings, using three letter sequences to identify the user.
hxxps://www.google.com/patents/WO1997023816A1?cl=en

[Grizzly]

The National Security Letter spy tool has been uncloaked, and it’s bad
No warrants needed to get browsing history, online purchase records, and other data.
http://arstechnica.com/tech-policy/2015 ... d-its-bad/

[seemslikeadream]

Report: NSA recorded members of Congress with Israeli leaders

The National Security Agency's (NSA) continued surveillance of Israeli Prime Minister Benjamin Netanyahu and Israeli leaders may also have swept up private conversations involving members of Congress, the Wall Street Journal reported Tuesday night.

Although President Obama had promised to curb eavesdropping on world leaders who are U.S. allies after Edward Snowden leaked documents revealing the extent of the surveillance, there were a few leaders the White House wished to continue monitoring, including Netanyahu.


The original reason for the stepped up surveillance of Netanyahu, according to the WSJ, was the fear that he would "strike Iran without warning." By 2013, that fear had dissipated. The administration then became concerned about the Iran nuclear deal that was being negotiated. U.S. officials believed that the Israelis were spying on the negotiations and would try to scuttle the deal, the report said.

Further, the Journal reports that intercepted conversations between Israeli leaders confirmed Israel's knowledge of the talks, as well as its intent to undermine any nuclear deal with Iran by leaking its details. When Netanyahu and his top aides came to Washington to talk with Jewish-American groups and members of Congress to lobby against the deal, the NSA was there to pick up the conversations.

Senior officials told the WSJ that those conversations collected by the NSA raised fears "that the executive branch would be accused of spying on Congress." The White House wanted the information anyway, however, because it "believed the intercepted information could be valuable to counter Mr. Netanyahu's campaign."

So in order to avoid leaving a trail, the White House left it to the NSA to figure out what to share, and the NSA obliged, deleting names of members and any personal attacks on the administration.

National Security Council Spokesman Ned Price wouldn't comment on the intelligence activities written about in the Wall Street Journal's story, but he said in a statement, "[W]e do not conduct any foreign intelligence surveillance activities unless there is a specific and validated national security purpose. This applies to ordinary citizens and world leaders alike."

He added that the U.S. commitment to Israel's security is "sacrosanct" and "backed by concrete actions that demonstrate the depth of U.S. support for Israel."

The office of Speaker of the House Paul Ryan said only that it was looking into the matter.

Before a campaign event in Cisco, Texas, Sen. Ted Cruz said he wasn't surprised that the administration was trying to intercept Netanyahu's communications, or even that conversations including members of Congress may have been swept up by the NSA, "because this administration views Congress, Republicans and sometimes even Democratic members of Congress as their enemy....At times, it seems like they view the American people as their enemy."

The allegations "are total nonsense," a spokesman for the Embassy of Israel in Washington told the WSJ.

Before Netanyahu came to address Congress, the NSA had intercepted Israeli messages that said Netanyahu wanted the "the latest U.S. positions in the Iran talks," the Journal wrote, signaling to to the administration that Netanyahu intended to use his address to reveal sensitive details about the negotiations. Secretary of State John Kerry then said as much to reporters on the eve of the speech.

Kerry justified his accusation by pointing to Israeli media reports, but those reports were a convenient source, given that "Intelligence officials said the media reports allowed the U.S. to put Mr. Netanyahu on notice without revealing they already knew his thinking. The prime minister mentioned no secrets during his speech to Congress," wrote the Journal.

[seemslikeadream]

NSA hacking secrets are revelead by former NSA agent

Ray Courtney by Ray Courtney | @ | January 30, 2016 1:47 pm

NSA hacking secrets are revelead by former NSA agent
Inside the notoriously secretive National Security Agency is an elite unit made up of some of the best hackers on the planet, charged with breaking into computer networks around the world.When the National Security Agency hacks into a computer network, it generally relies on tried-and-true methods widely known in the security industry.

NSA’s Tailored Access Operations are revelead

Exactly how the Tailored Access Operations (TAO) cell works is a closely-held secret — despite some recent leaks — but in a rare public appearance, TAO’s chief shed some light on how America’s top cyber spies do their thing.

Rob Joyce, the NSA’s chief of tailored access operations, said as much Wednesday to a room full of systems administrators and security engineers at the Enigma Conference at the Hyatt Regency in San Francisco.

“A lot of people think that nation-states are running on zero-days” — undisclosed vulnerabilities that serve as software skeleton keys, he said. But “there are so many more vectors that are easier, less risky than going down that route.”



Joyce explained how can we protect from hackers

To protect against hackers, like his own guys, Joyce reportedly listed some best security practices for companies and individuals, including limiting access to data to those who really need it, segmenting networks and making sure a system administrator is there and paying attention to anomalies.

Joyce also addressed the difficulty in attribution in cyber-attacks, but said that if the U.S. government alleges that a nation-state is behind a specific cyber-attack, they are.

“It’s amazing the amount of lawyers that DHS [Department of Homeland Security], FBI and NSA have,” he said, according to WIRED. “So if the government is saying that we have positive attribution too, you ought to book it. Attribution is really, really hard. So when the government’s saying it, we’re using the totality of the sources and methods we have to help inform that. [But] because those advanced persistent threats aren’t going away… we can’t bring all that information to the fore and be fully transparent about everything we know and how we know it.”
The Enigma conference logo in San Francisco, California, on Wednesday, Jan. 27, 2016. Hotel hosting security conference was the victim of a data breach Hello Barbie is displayed at the Mattel showroom at the North American International Toy Fair, Saturday, Feb. 14, 2015 in New York. Mattel, in partnership with San Francisco startup ToyTalk, will release the Internet-connected version of the doll that has real conversations with kids in late 2015.

Hello Barbie has password problems Police surveillance cameras are attached to a stop light hanging over an intersection in San Pablo, CA, Tuesday, January 14, 2014.



San Pablo, CA, with a population of 30,000, had zero homicides last year, due in part to the police taking a more active role in the community with increased foot patrols, interactions with citizens and youth programs. S.F. transit agency seeks face-detecting cameras to check streets

Joyce added that government-employed hackers are more likely to use spear phishing attacks meant to persuade a person to download a malicious attachment, or SQL injection, a technique meant to dump data from a website or network, than zero-days.

During the roughly 30-minute presentation, Joyce referred to teams like his as “apex predators.”

He attempted to give the audience — which included privacy advocates dubious of government surveillance — tips for defending against outsiders who have unlimited resources — and, more importantly, an inexhaustible amount of focus.

“Don’t assume a crack is too small to be noticed or too small to be exploited,” said Joyce.

“We’ll poke and we’ll poke and we’ll wait and wait and wait,” said the man Wired magazine recently called the NSA’s “hacker-in-chief.” “Because we’re looking for that opportunity.”

His talk served to remind conference participants of their role in defending the United States against foreign hackers. Roughly 85 percent of the nation’s critical infrastructure is maintained by the private sector.

When the NSA does discover previously unreported bugs in tech products, he described the process as highly regulated.

“There is both internal and external processes to the NSA, so the overwhelming, vast majority of the vulnerabilities that we discover are reported as we find” them, said Joyce, who is a Scoutmaster in his spare time.

“Is it important enough? Is it heinous enough a problem that it gets revealed? … Whether we say ‘yes,’ or ‘no,’ that’s still brought to an interagency committee that’s chaired by the White House.

“We don’t get final say in what we keep or let go.”

Joyce also reiterated the NSA’s stance on encryption — a debate raging among politicians and law enforcement, but not at his agency.

“Encryption makes sense for the nation,” he said. “There is no doubt in my mind that encryption is good for the nation.”

This month, Joyce’s boss, NSA Director Michael Rogers, reportedly called the debate about that technology a “waste of time.”

[seemslikeadream]

Published on
Tuesday, February 23, 2016
byCommon Dreams
New WikiLeaks Release Exposes 'Most Highly Classified' NSA Spy Ops
Among the NSA's targets was UN Secretary General Ban-ki Moon. "If the Secretary General can be targeted without consequence then everyone from world leader to street sweeper is at risk," says Julian Assange
byNadia Prupis, staff writer

The NSA spied on EU, UN, Israeli, and Japanese officials, new documents reveal. (Photo: File)
New documents published by WikiLeaks on Tuesday reveal more of the U.S. National Security Agency's (NSA) spying operations on foreign leaders, including its interception of climate talks between UN Secretary General Ban-ki Moon and German Chancellor Angela Merkel.

The cables, some of which are marked "Top Secret" and which WikiLeaks says are the most highly classified documents ever released by a news organization, show that the NSA spied on Ban's strategizing on climate change with Merkel ahead of the 2009 Copenhagen Conference, where an attempt to negotiate a climate accord ultimately failed.

"Today we showed that UN Secretary General Ban Ki-Moon's private meetings over how to save the planet from climate change were bugged by a country intent on protecting its largest oil companies," said WikiLeaks founder Julian Assange.

"The U.S. government has signed agreements with the UN that it will not engage in such conduct against the UN—let alone its Secretary General," he said. "It will be interesting to see the UN's reaction, because if the Secretary General can be targeted without consequence then everyone from world leader to street sweeper is at risk."

The 2008 intelligence reports show that Ban was confident the new U.S. administration under President Barack Obama would "have a very engaging and proactive attitude on the issue" of climate change and that "the time is right for the EU and the whole world to create conditions necessary for reaching a meaningful deal at the 2009 UN Climate Talks."

That endeavor ultimately failed when world leaders were unable to strike an accord following U.S.-led negotiations.

There's something in the air...

Additional documents show the NSA also spied on a conversation between Israeli Prime Minister Benjamin Netanyahu and Italian Prime Minister Silvio Berlusconi; a meeting between Merkel, Berlusconi, and then-French President Nicolas Sarkozy; and diplomatic talks between Japanese and European Union (EU) ministers ahead of global trade negotiations.

The cables show Netanyahu asking Italy for help in repairing Israel's fractured relationship with the U.S. in 2010.

"Netanyahu insisted that the trigger for the dispute—Israel's decision to build 1,600 homes in contested East Jerusalem—was totally in keeping with national policy dating back to the administration of Golda Meir, and blamed this mishandling on a government official with poor political sensitivity," the NSA cable reads. "Berlusconi promised to put Italy at Israel's disposal in helping mend the latter's ties with Washington."

In 2006, the NSA spied on Japanese and EU ministers discussing U.S. and EU participation in the Japanese economy, and the EU's commitment to avoid "under-the-table" deals with the U.S. at the upcoming World Trade Organization (WTO) talks in Doha, Qatar.

"There was a conviction in both Brussels and Tokyo, according to Japanese reporting, that great care must be taken to avoid falling prey to U.S. moves designed to extort concessions through exaggerated initial demands," the cable states.

"[EU Agriculture Commissioner deputy cabinet chief Klaus-Dieter] Borchardt also tried to allay Japanese fears that the EU might try again to enter into a bilateral, under-the-table deal with the U.S. (as had happened in Cancun in 2003), saying that Brussels had learned its lesson with respect to such back-door actions," it reads.

And in 2011, Merkel and Sarkozy held a "tense and very harsh" meeting with Berlusconi to hold the Italian prime minister accountable for his country's debt problem, during which Sarkozy warned Berlusconi that the Italian banking system "could soon 'pop' like a cork in a champagne bottle."

The report is stamped "REL TO USA, FVEY," which indicates that the NSA could release the information to other U.S. agencies and to its "Five Eyes" intelligence allies—Britain, Canada, Australia, and New Zealand.

Between 2007 and 2011, the NSA targeted 13 phone numbers belonging to officials in Austria, Belgium, France, Italy, and Switzerland. As the Intercept notes, all but one of those phone numbers are still in use today.

[seemslikeadream]

WikiLeaks Documents show NSA Spied on World Leaders On Behalf of Big Oil

[82_28]

My friend sent me this yesterday:

http://www.nsahaiku.net/

It's generated haikus from the NSA watchlist. Purty funny.

[Karmamatterz]

And who is the commander in chief that directs the NSA?

Is he a far right or far left elected official?

And Trump is more dangerous?

Or do we just assume the the NSA is full of non-partisan bureaucrats? Who votes to fund the NSA? Are they all far right elected officials? Bernie Sanders was one of the few to vote no against the insidious Patriot Act. What about all the other lefties that voted for it? Are they dangerous? Just who the fuck isn't dangerous? How can anybody in their right mind separate POTUS from the CIA, NSA, NRO etc?

[seemslikeadream]

NSA CLOSELY INVOLVED IN GUANTÁNAMO INTERROGATIONS, DOCUMENTS SHOW
Cora Currier
May 16 2016, 10:37 a.m.


PERSONNEL FROM THE National Security Agency worked alongside the military, CIA, and other agencies on interrogations at Guantánamo in the early days of the war on terror, new documents show.
Entries from an internal NSA publication, which were among the documents provided by whistleblower Edward Snowden, described staffers’ deployments to Guantánamo Bay during a time period when prisoners were subjected to brutal questioning and mistreatment. An NSA employee also described participation in a rendition, when U.S. forces seized six men in Bosnia and secreted them off to Cuba.

In October 2003, a post in SIDtoday, the online newsletter of the NSA’s Signals Intelligence Directorate, or SID, advertised the “chance to get to GITMO for 90 days!”

The NSA’s liaison, or NSA LNO, would “coordinate” with interrogators “to collect information of value to the NSA Enterprise and Extended Enterprise” and be “responsible for interfacing with the DoD, CIA, and FBI interrogators on a daily basis in order to assess and exploit information sourced from detainees.” In some instances, the relationship would go the other way, with the NSA providing “sensitive NSA-collected technical data and products to assist JTF-GTMO [Joint Task Force Guantánamo] interrogation efforts.”

The post’s title was “Can You Handle the Truth?” — a reference to Jack Nicholson’s famous line in the courtroom drama A Few Good Men, set in Guantánamo.

Two months later, in another post, an NSA liaison reported back on his trip. “On a given week,” he wrote, he would “pull together intelligence to support an upcoming interrogation, formulate questions and strategies for the interrogation, and observe or participate in the interrogation.”

Outside work, “fun awaits,” he enthused. “Water sports are outstanding: boating, paddling, fishing, water skiing and boarding, sailing, swimming, snorkeling, and SCUBA.” If water sports were “not your cup of tea,” there were also movies, pottery, paintball, and outings to the Tiki Bar. “Relaxing is easy,” he concluded.

Other accounts of Guantánamo around the same time were not so sunny.

FBI agents there internally protested the interrogation tactics they witnessed, describing them as “torture techniques” and “beyond the bounds of standard FBI practice,” including detainees being chained in fetal positions on the floor, without food or water, and the use of strobe lights, loud music, and dogs.

The International Committee of the Red Cross charged in a 2004 confidential report that treatment of some prisoners at Guantánamo was “tantamount to torture.” In a June 2004 visit, its investigators reported “humiliating acts, solitary confinement, temperature extremes, use of forced positions” and “some beatings,” according to a New York Times report.

The George W. Bush administration began bringing prisoners to Guantánamo in early 2002, and by the end of the year, over 600 men had been processed at the prison. Over the next few years, over a hundred more would arrive. Despite the Bush administration’s rhetoric that Guantánamo held “the worst of the worst,” many of them were innocent men, some of whom had been sold for bounty to U.S. forces in Afghanistan. Only a handful of them would ever be charged with a crime by the U.S. government.

It’s not a surprise that the NSA would send representatives to support military operations (as detailed in this Department of Defense doctrine), but its role during this controversial period remains murky. In the many investigations into detainee treatment, the NSA has hardly surfaced.

Neither the Senate Intelligence Committee’s report on the CIA’s detention and rendition program (which confirmed the existence of two CIA facilities at Guantánamo) nor a 2008 Senate Armed Services Committee report on detainee abuse by the military addresses the role of the NSA, at least in the heavily censored versions that have been made public.

The NSA declined to comment for this story.

The NSA documents made explicit reference to the CIA working on interrogations at Guantánamo. At the time of the documents, in late 2003, the CIA had just brought four of its “high-value” prisoners to Guantánamo: alleged al Qaeda operative Abu Zubaydah, Ramzi Binalshibh and Mustafa al-Hawsawi, who helped plan the 9/11 attacks, and Abd Al-Rahman al-Nashiri, accused of planning the bombing of the USS Cole in Yemen in 2000. These men had been subjected to torture in other overseas CIA prisons; Zubaydah, for instance, was waterboarded 83 times. They were moved out of Guantánamo again in March 2004, when it appeared imminent that the Supreme Court was going to give detainees access to U.S. courts (all four came back in 2006, after Bush acknowledged and closed the CIA black sites).

FILE-A Bosnian riot police officer guards a car containing some of the six Algerians suspected of having terrorist links, in front of Sarajevo's central prison in this Jan. 18, 2002 file photo. Humanitarian groups in Bosnia are under close scrutiny after the arrests of the six Algerians, five of whom worked for Islamic humanitarian organizations. (AP Photo/Sava Radovanovic, File) A Bosnian riot police officer in front of Sarajevo’s central prison guards a car containing some of the six Algerian men suspected of having terrorist links, Jan. 18, 2002. Photo: Sava Radovanovic/AP
Midnight Convoy in Sarajevo

Another SIDtoday entry described a rendition in which six men were bundled away from Bosnia to Guantánamo in early 2002. Most renditions were CIA-run; this is one of the only such operations known to have been carried out by the military outside Afghanistan.

The men — natives of Algeria who became known as “The Algerian Six” — had been linked to a plot to bomb the U.S. Embassy in Sarajevo, but a Bosnian judge had ordered them released for lack of evidence. But the United States leaned on the Bosnian government to hand them over instead.

The NSA staffer who wrote the SIDtoday piece recounted the operation as part of a series of anecdotes provided by NSA employees about working overtime.

“Because much of the evidence against them came from U.S. intel, the Bosnian government didn’t have access to it, and after a couple of months in custody, the six prisoners were scheduled to be released without trial,” she wrote. “The U.S. did not want to let them go back into the general population,” so the commander of the unit in charge, Lt. Gen. H. Steven Blum, “planned to take the prisoners into U.S. custody as soon as they were released by the Bosnians. The prisoners would be taken from Sarajevo up to Tuzla.”

The staffer was tasked with watching for the possibility of an ambush on the military convoy. The men’s release, she wrote, “was delayed for several hours due to a large demonstration outside the building they were being held in,” and “the convoy did not leave Sarajevo until after midnight.”

“The ‘gentlemen’ in question are still guests of the U.S. government, at Guantánamo Bay,” she wrote in the entry dated September 3, 2008. In fact, just a few months later, a federal judge ordered five of the six men released on lack of evidence. One of them, Lakhdar Boumediene, had brought a suit that led to a landmark decision in June 2008 that Guantánamo detainees had the right to challenge their detention in federal court. The last of the men, Belkacem Bensayah, was released to Algeria in 2013.

“A Unique Opportunity Awaits You” in Iraq

NSA analysts were also intimately involved in interrogations in Iraq; a December 2003 call for volunteers to deploy to Baghdad as counterterrorism analysts with the Iraq Survey Group, which was leading the search for Saddam’s weapons of mass destruction, said that “the selectee will, in all likelihood, be involved in the interrogation/questioning of potential leads,” as well as “the evaluation and analysis of interrogation reports and other HUMINT-based reports.”

A June 2003 SIDtoday article described snapshots of a trip with Maj. Gen. Richard J. Quirk III, then the agency’s director for signals intelligence. The photos for the entry are missing from the file, but one caption described a visit to Abu Ghraib prison, where “the group discussed the role of interrogations and how they can provide links for SIGINT.” In an ironic addition, given that Abu Ghraib would soon become the notorious symbol of prisoner abuse, the newsletter noted the group “also visited one of Saddam’s torture chambers.”

[seemslikeadream]

So, Uh, Did The NSA Get Hacked?

William Turton
Today 1:31pmFiled to: NSA
21.7K
66
5

NSA Headquarters/ Getty Images
Hackers say they’ve breached a hacking group known as the Equation Group, which is widely speculated to be an offshoot of the National Security Agency. The hackers have provided some files including what could be parts of the agency’s surveillance tools, but are demanding millions of dollars in bitcoins for the rest.

Here’s part of a message the hackers, going by the name “The Shadow Brokers” posted:

!!! Attention government sponsors of cyber warfare and those who profit from it !!!!

How much you pay for enemies cyber weapons? Not malware you find in networks. Both sides, RAT + LP, full state sponsor tool set? We find cyber weapons made by creators of stuxnet, duqu, flame. Kaspersky calls Equation Group. We follow Equation Group traffic. We find Equation Group source range. We hack Equation Group. We find many many Equation Group cyber weapons. You see pictures. We give you some Equation Group files free, you see. This is good proof no? You enjoy!!! You break many things. You find many intrusions. You write many words. But not all, we are auction the best files.
Kapersky Lab, who blew the lid off Equation Group last year, didn’t explicitly say it was the work of the NSA, but the group’s connections to other high profile hacks and the use of similar codenames that were included in documents leaked by NSA whistleblower Edward Snowden raise serious suspicions.

It’s not clear if the breach is real, who posted it, or why, but some security researchers think the breach may be more than just a hoax. Claudio Guarnieri, who works as a technologist for Amnesty International, says the hack seems credible.



The hackers say they’ve only released 40% of the breach, and will release the remaining 60% to the highest bidders. The hackers seem to imply that the file contains the sophisticated hacking tools used by the NSA’s spies. The hackers seem pretty thirsty for bitcoin based on an FAQ they posted with their dump.

FAQ

Q: Why I want auction files, why send bitcoin? A: If you like free files (proof), you send bitcoin. If you want know your networks hacked, you send bitcoin. If you want hack networks as like equation group, you send bitcoin. If you want reverse, write many words, make big name for self, get many customers, you send bitcoin. If want to know what we take, you send bitcoin.

Q: What if bid and no win, get bitcoins back? A: Sorry lose bidding war lose bitcoin and files. Lose Lose. Bid to win! But maybe not total loss. Instead to losers we give consolation prize. If our auction raises 1,000,000 (million) btc total, then we dump more Equation Group files, same quality, unencrypted, for free, to everyone.

Q: Why I trust you? A: No trust, risk. You like reward, you take risk, maybe win, maybe not, no guarantees. There could be hack, steal, jail, dead, or war tomorrow. You worry more, protect self from other bidders, trolls, and haters.
The NSA and The Shadow Brokers did not return a request for comment.

http://gizmodo.com/so-uh-did-the-nsa-ge ... 1785302806

[seemslikeadream]

NSA website recovers from outage amid intrigue
By ERIC GELLER 08/16/16 07:30 PM EDT
Share on Facebook Share on Twitter
The National Security Agency’s website was offline for almost a full day until Tuesday evening, in an unexplained outage that began shortly after hackers claimed to have stolen a collection of the agency's prized cyber weapons.
It's unknown if the two events are connected.

POLITICO first noticed that the agency’s website wasn’t working at 10:54 p.m. Monday. It came back online around 5 p.m. Tuesday.
The outage began a few hours after a mysterious group called the Shadow Brokers claimed to have stolen cyber weapons from the Equation Group, a sophisticated hacking group suspected of being linked to the NSA. Some cybersecurity experts, as well as fugitive NSA whistleblower Edward Snowden, suggested that the alleged thefts may be connected to the uproar over suspected Russian cyber spying on the Democratic Party — but no information has surfaced to link the two, or to connect the alleged thefts with the NSA website outage.
During the outage, the NSA homepage itself was accessible, but all links on the page led to “Service Unavailable” error pages, except for blog posts listed under the “What’s New” section. (Those may be hosted on another server.)
An NSA spokesman declined to comment on the record about the outage, as did a spokesman for the Office of the Director of National Intelligence. A spokesman for the Department of Defense, which also oversees the NSA, said he would look into the issue, but did not follow up with any information.
AP_16151738361579.jpg
Suspected Russian DNC hackers also hit GOP, researchers say
By CORY BENNETT
The White House referred POLITICO to the NSA.
An unnamed source told FedScoop that the outage was due to an ongoing “internal review.”
The Shadow Brokers' claims to have stolen the Equation Group's hacking tools had stirred much intrigue earlier Monday, especially when the Shadow Brokers said they were willing to sell them. The security firm Kaspersky has linked the Equation Group to digital intrusion techniques widely associated with the NSA.
Regardless of how the Shadow Brokers obtained the files — if in fact they’re real — the thieves have been holding onto their merchandise for a while, as POLITICO's Morning Cybersecurity noted Tuesday. One of the leaked tools exploits a vulnerability from 2006.
Capital Alpha Security CEO Matt Tait hypothesized that the hackers acquired the files a long time ago and saved them for a future purpose. If so, he said, their recent unveiling — along with Monday's release of a fresh batch of stolen Democratic documents — may be designed to hit back at the NSA for some behind-the-scenes action the agency took in response to the DNC hack.
Snowden also speculated about a connection, calling it "unprecedented" for anyone to publicize this kind of attack on the agency.
"Why did they do it? No one knows, but I suspect this is more diplomacy than intelligence, related to the escalation around the DNC hack," Snowden wrote Tuesday on Twitter. He added that "circumstantial evidence and conventional wisdom indicates Russian responsibility," and said it may be an attempt to warn the NSA that the dispute "could get messy fast."
"Accordingly, this may be an effort to influence the calculus of decision-makers wondering how sharply to respond to the DNC hacks," Snowden tweeted.
The Obama administration has not publicly assigned blame for the hacking of the Democratic National Committee and other Democratic groups, let alone said whether it is prepared to take retaliatory action.


Read more: http://www.politico.com/story/2016/08/n ... z4HYlhbPbU
Follow us: @politico on Twitter | Politico on Facebook

[seemslikeadream]

How the NSA snooped on encrypted Internet traffic for a decade

Exploit against Cisco's PIX line of firewalls remotely extracted crypto keys.

DAN GOODIN - 8/19/2016, 3:11 PM

In a revelation that shows how the National Security Agency was able to systematically spy on many Cisco Systems customers for the better part of a decade, researchers have uncovered an attack that remotely extracts decryption keys from the company's now-decommissioned line of PIX firewalls.

The discovery is significant because the attack code, dubbed BenignCertain, worked on PIX versions Cisco released in 2002 and supported through 2009. Even after Cisco stopped providing PIX bug fixes in July 2009, the company continued offering limited service and support for the product for an additional four years. Unless PIX customers took special precautions, virtually all of them were vulnerable to attacks that surreptitiously eavesdropped on their VPN traffic. Beyond allowing attackers to snoop on encrypted VPN traffic, the key extraction also makes it possible to gain full access to a vulnerable network by posing as a remote user.

BenignCertain's capabilities were tentatively revealed in this blog post from Thursday, and they were later confirmed to work on real-world PIX installations by three separate researchers. Before the confirmation came, Ars asked Cisco to investigate the exploit. The company declined, citing this policy for so-called end-of-life products. The exploit helps explain documents leaked by NSA contractor Edward Snowden and cited in a 2014 article that appeared in Der Spiegel. The article reported that the NSA had the ability to decrypt more than 1,000 VPN connections per hour.

"It shows that the NSA had the ability to remotely extract confidential keys from Cisco VPNs for over a decade," Mustafa Al-Bassam, a security researcher at payments processing firm Secure Trading, told Ars. "This explains how they were able to decrypt thousands of VPN connections per minute as shown in documents previously published by Der Spiegel."

The revelation is also concerning because data returned by the Shodan search engine indicate more than 15,000 networks around the world still use PIX, with the Russian Federation, the US, and Australia being the top three countries affected. Last weekend's release of BenignCertain and dozens of other NSA-connected attack tools means even relatively low-skilled hackers can now carry out the same advanced attack. Analysis of the exploit binary shows BenignCertain targeted PIX versions 5.3(9) through 6.3(4). The researchers, however, were able to make the key-extraction technique work against version 6.3(5) as well.

Cisco representatives on Friday declined to comment on the revelation, citing the previously mentioned end-of-life policy. Update: After this article went live, Cisco updated a previously written blog post to report that product security incident response team decided to investigate BenignCertain after all. The team found that Adaptive Security Appliance, its currently supported firewall is not vulnerable; PIX versions 6.x and earlier are affected; and PIX versions 7.0 and later are confirmed to be unaffected.

BenignCertain exploits a vulnerability in Cisco's implementation of the Internet Key Exchange, a protocol that uses digital certificates to establish a secure connection between two parties. The attack sends maliciously manipulated packets to a vulnerable PIX device. The packets cause the vulnerable device to return a chunk of memory. A parser tool included in the exploit is then able to extract the VPN's pre-shared key and other configuration data out of the response. According to one of the researchers who helped confirm the exploit, it works remotely on the outside PIX interface. This means that anyone on the Internet can use it. No pre-requirements are necessary to make the exploit work. The researcher provided this packet capture to show the end result of the attack.

A screenshot of BenignCertain extracting a shared key from a Cisco PIX firewall.
Enlarge / A screenshot of BenignCertain extracting a shared key from a Cisco PIX firewall.
https://twitter.com/XORcat
Interestingly, Cisco's Adaptive Security Appliance, the firewall that replaced PIX, contained a similarly critical Internet Key Exchange vulnerability that was fixed three months ago. What's more, during the time the PIX vulnerability was active, firewalls from almost a dozen other providers were similarly vulnerable. While BenignCertain worked only against PIX, it's possible that still-undiscovered exploits were developed for other products.


The key-extraction exploit could be even more powerful when combined with other attack tools in the possession of Equation Group, the elite, NSA-connected hacking team tied to it. Another tool called FalseMorel appears to extract the "enable" password that's required to gain administrative control over the PIX firewall itself. The BenignCertain tool lets attackers know if a given firewall is vulnerable to FalseMorel. BenignCertain, FalseMorel, and more than a dozen other tools were mysteriously published last weekend by a previously unknown group calling itself ShadowBrokers.
"Despite the existence of 0days, these tools seem to be overwhelmingly post-exploitation," security expert Rob Graham, CEO of Errata Security, wrote in a blog post published Thursday afternoon. "They aren't the sorts of tools you use to break into a network—but the sorts of tools you use afterwards."

Graham's comments came before the capabilities of BenignCertain were revealed. Now that they have been documented, it's clear at least some of the tools gave, and possibly still give, attackers an initial foothold into targeted networks.


To Create Value, Businesses Must Be Proactive—Not Reactive—About Cybersecurity

http://arstechnica.com/security/2016/08 ... n-traffic/




How the NSA willfully exposes Americans to danger

Ryan Cooper

August 22, 2016


In the discourse around the American intelligence apparatus, agencies like the CIA and NSA are commonly described as protecting U.S. "national security." This phrase evokes a sort of collective interest of the American people, as if those agencies are manning the barricades between the citizenry and a scary world.

But events last week brought out the hidden contradictions behind this slogan. A group calling themselves the "Shadow Brokers" — possibly Russian hackers — leaked a large suite of NSA hacking tools, causing enormous embarrassment and fury at the agency. It's a serious breach — but also a stark demonstration of how the NSA's desire for unlimited access to computer networks exposes American companies and citizens to hacking by spies and criminals.

The leaked materials probably came from the "Equation Group," the mysterious NSA-linked hacking team that has previously been found behind cutting-edge computer malware. The trove contains various hacks, exploits, and even a few "zero-day" vulnerabilities in widely-used firewall software. The Intercept's Sam Biddle found confirmation in the Snowden documents that these are definitely NSA programs. Edward Snowden himself chimed in with informed speculation about how it might have happened as part of the cat-and-mouse game between competing spy agencies.

Cisco Systems, whose firewall was a direct target of some of the leaked tools, told Ars Technica they are scrambling to patch the vulnerability. As Marcy Wheeler writes, the "NSA has been exploiting vulnerabilities in America’s top firewall companies for years."

And that brings me to the basic problem with the NSA and national security. Cisco is a U.S. company whose security products are used by millions of U.S. businesses and individuals. The largest manufacturer of networking equipment in the world, it probably built your router or cable modem. So when it comes to security holes in their products, a pretty literal interpretation of "protecting national security" might be to tell the company about them immediately so that they can patch the holes. After all, if the NSA can find them, then chances are decent that some other hacker can too — or find it out from the NSA itself, as was the case in this instance. What's more, it's a safe bet that the Shadow Brokers leveraged their knowledge of the exploits before leaking them — or only released a portion of what they have.

An NSA partisan might respond that espionage can also defend American interests, and leaving U.S. citizens open to attack from online criminals is merely the price that has to be paid.

The problem with this line of reasoning is there is little evidence NSA surveillance and hacking is all that useful for ordinary Americans. So far as anyone can tell, their dragnet programs have never stopped a major terrorist attack. The Stuxnet worm — a hugely sophisticated piece of malware probably developed in part by the Equation Group — was a success of sorts in slightly delaying the Iranian nuclear program, but it's small beer compared to the guarantees contained in the Iranian nuclear deal. Other malware might have disrupted some computers in the Middle East, but as with the drone program, it's highly unclear whether this is paying off overall.

But more to the point, the whole security apparatus gives no sign whatsoever of having carefully weighed the pros and cons of espionage versus stronger firewalls and encryption. Instead they just loudly insist that there is no tradeoff while demanding security-crippling access to every American system — as when the FBI tried to force Apple to write a program they could use to crack any iPhone, thereby drastically weakening the phone's encryption.


This isn't the only way the defenders of "national security" can harm Americans, of course. I've written previously about how NSA hacking poses a threat to Silicon Valley tech companies, because the perception that American technology products are a periscope for U.S. government surveillance is a powerful argument in favor of banning those imports.

But when it comes to NSA-engineered malware, the distinction is even clearer. Here "national security" really refers to the ability of government spooks to root around in as many computer networks as possible, whenever they feel like it. Keeping ordinary citizens secure from corporate espionage, data or identity theft, fraud, hacking, and the like doesn't enter into the equation.
http://theweek.com/articles/643904/how- ... ans-danger

[identity]

nsa.jpg

http://ask.metafilter.com/299816/What-is-this-sign

[seemslikeadream]

published on
Tuesday, September 06, 2016
byCommon Dreams
The NSA Abroad: The UK Base That Makes US Targeted Killing Possible

Newly revealed documents leaked by Edward Snowden and reported by the Intercept detail the inner workings of the NSA's largest overseas base, Menwith Hill
byLauren McCauley, staff writer

In a damning exposé published Monday, The Intercept reporter Ryan Gallagher dives into the inner workings of National Security Agency's (NSA) largest overseas spying base, the U.K.'s Menwith Hill Station, and reveals concrete evidence that the British government is complicit in the United States' targeted killing program.

Citing top-secret documents obtained from NSA whistleblower Edward Snowden, Gallagher reports, "The files reveal for the first time how the NSA has used the British base to aid 'a significant number of capture-kill operations' across the Middle East and North Africa, fueled by powerful eavesdropping technology."

And given the British government's repeated assertion that activities at Menwith Hill "have always been, and continue to be" carried out with its "knowledge and consent," the findings are all the more damning.

"For years, Reprieve and others have sought clarification from the British government about the role of U.K. bases in the U.S. covert drone program, which has killed large numbers of civilians in countries where we are not at war," Kat Craig, legal director of London-based human rights group Reprieve, told The Intercept. "We were palmed off with platitudes and reassured that any U.S. activities on or involving British bases were fully compliant with domestic and international legal provisions. It now appears that this was far from the truth."

Built in North Yorkshire in the 1950s to spy on Soviet communications, the base experienced a rebirth after the 9/11 attacks and is now used "extensively to tap into communications in otherwise hard-to-reach areas," which includes countries outside of declared war zones, such as Yemen, Pakistan, and Somalia.

Menwith Hill is unique, as far as spy outposts go, because it pioneered programs specifically focused on "eavesdropping on communications as they are being transmitted through the air," which makes it a vital asset in targeting individuals in remote regions, such as northern Africa or the Middle East, who are more reliant on satellite communications.

The documents reveal two major surveillance capabilities at the site: one, called FORNSAT, "uses powerful antennae...to eavesdrop on communications as they are being beamed between foreign satellites"; the second, OVERHEAD, employs "U.S. government satellites orbiting above targeted countries to locate and monitor wireless communications on the ground below—such as cellphone calls and even WiFi traffic."

What's more, Menwith Hill "can harvest data from more than 300 million emails and phone calls a day," Gallagher reports, and—more worrisome—"pinpoint" the exact location of groups or individuals so that they can be captured or killed.

"The programs—with names such as GHOSTHUNTER and GHOSTWOLF—have provided support for conventional British and American military operations in Iraq and Afghanistan," Gallagher reports. "But they have also aided covert missions in countries where the U.S. has not declared war."

Gallagher continues:

The NSA’s documents describe GHOSTHUNTER as a means "to locate targets when they log onto the internet." It was first developed in 2006 as "the only capability of its kind" and it enabled "a significant number of capture-kill operations" against alleged terrorists. Only a few specific examples are given, but those cases give a remarkable insight into the extraordinary power of the technology.

Another document detailing the GHOSTWOLF project, according to Gallagher, provides the first concrete evidence directly implicating the U.K. in covert, lethal actions in Yemen.

British human rights lawyer Jemima Stratford QC told Gallagher that these documents show that the operations at Menwith Hill could have violated the European Convention on Human Rights, which specifically states that "no one shall be deprived of his life intentionally" except when found guilty in a court of law.

And Leeds-based Parliament member Fabian Hamilton said, "Any nation-state that uses military means to attack any target, whether it is a terrorist, whether it is legitimate or not, has to be accountable to its electorate for what it does."

"That's the basis of our Parliament, it's the basis of our whole democratic system," Hamilton continued. "How can we say that Menwith can carry out operations of which there is absolutely no accountability to the public? I don't buy this idea that you say the word 'security' and nobody can know anything. We need to know what is being done in our name."
http://www.commondreams.org/news/2016/0 ... g-possible

[seemslikeadream]

INSIDE MENWITH HILL
The NSA’s British Base at the Heart of U.S. Targeted Killing

Sep. 6 2016, 4:05 a.m.

THE NARROW ROADS are quiet and winding, surrounded by rolling green fields and few visible signs of life beyond the occasional herd of sheep. But on the horizon, massive white golf ball-like domes protrude from the earth, protected behind a perimeter fence that is topped with piercing razor wire. Here, in the heart of the tranquil English countryside, is the National Security Agency’s largest overseas spying base.

Once known only by the code name Field Station 8613, the secret base — now called Menwith Hill Station — is located about nine miles west of the small town of Harrogate in North Yorkshire. Originally used to monitor Soviet communications through the Cold War, its focus has since dramatically shifted, and today it is a vital part of the NSA’s sprawling global surveillance network.

For years, journalists and researchers have speculated about what really goes on inside Menwith Hill, while human rights groups and some politicians have campaigned for more transparency about its activities. Yet the British government has steadfastly refused to comment, citing a longstanding policy not to discuss matters related to national security.

Now, however, top-secret documents obtained by The Intercept offer an unprecedented glimpse behind Menwith Hill’s razor wire fence. The files reveal for the first time how the NSA has used the British base to aid “a significant number of capture-kill operations” across the Middle East and North Africa, fueled by powerful eavesdropping technology that can harvest data from more than 300 million emails and phone calls a day.

Over the past decade, the documents show, the NSA has pioneered groundbreaking new spying programs at Menwith Hill to pinpoint the locations of suspected terrorists accessing the internet in remote parts of the world. The programs — with names such as GHOSTHUNTER and GHOSTWOLF — have provided support for conventional British and American military operations in Iraq and Afghanistan. But they have also aided covert missions in countries where the U.S. has not declared war. NSA employees at Menwith Hill have collaborated on a project to help “eliminate” terrorism targets in Yemen, for example, where the U.S. has waged a controversial drone bombing campaign that has resulted in dozens of civilian deaths.

The disclosures about Menwith Hill raise new questions about the extent of British complicity in U.S. drone strikes and other so-called targeted killing missions, which may in some cases have violated international laws or constituted war crimes. Successive U.K. governments have publicly stated that all activities at the base are carried out with the “full knowledge and consent” of British officials.

The revelations are “yet another example of the unacceptable level of secrecy that surrounds U.K. involvement in the U.S. ‘targeted killing’ program,” Kat Craig, legal director of London-based human rights group Reprieve, told The Intercept.

“It is now imperative that the prime minister comes clean about U.K. involvement in targeted killing,” Craig said, “to ensure that British personnel and resources are not implicated in illegal and immoral activities.”

The British government’s Ministry of Defence, which handles media inquires related to Menwith Hill, declined to comment for this story.

The NSA referred a request for comment to the Director of National Intelligence’s office.

Richard Kolko, a spokesperson for the DNI, said in a statement: “The men and women serving the intelligence community safeguard U.S. national security by collecting information, conducting analysis, and providing intelligence for informed decision making under a strict set of laws, policies and guidelines. This mission protects our nation and others around the world.”

MenwithHill_03 Menwith Hill on March 11, 2014. Photo: Trevor Paglen
THE EQUIPMENT AT Menwith Hill covers roughly one square mile, which is patrolled 24 hours a day by armed British military police and monitored by cameras perched on posts that peer down on almost every section of the 10-foot perimeter fence.
Most visible from the outside are a cluster of about 30 of the giant white domes. But the site also houses a self-contained community, accessible only to those with security clearance. Among operations buildings in which analysts listen in on monitored conversations, there is a bowling alley, a small pool hall, a bar, a fast food restaurant, and a general store.

Most of the world’s international phone calls, internet traffic, emails, and other communications are sent over a network of undersea cables that connect countries like giant arteries. At spy outposts across the world, the NSA and its partners tap into these cables to monitor the data flowing through them. But Menwith Hill is focused on a different kind of surveillance: eavesdropping on communications as they are being transmitted through the air.

According to top-secret documents obtained by The Intercept from NSA whistleblower Edward Snowden, Menwith Hill has two main spying capabilities. The first is called FORNSAT, which uses powerful antennae contained within the golf ball-like domes to eavesdrop on communications as they are being beamed between foreign satellites. The second is called OVERHEAD, which uses U.S. government satellites orbiting above targeted countries to locate and monitor wireless communications on the ground below — such as cellphone calls and even WiFi traffic.

A spy satellite launched in 2009 and operated from Menwith Hill. Its role was to intercept communications flowing across “commercial satellite uplinks,” according to NSA documents.
In the late 1980s, international communication networks were revolutionized by new fiber-optic undersea cables. The technology was cheaper than satellites and could transmit data across the world much faster than ever before, at almost the speed of light. For this reason, according to the NSA’s documents, in the mid-1990s the U.S. intelligence community was convinced that satellite communications would soon become obsolete, to be fully replaced by fiber-optic cable networks.
But the prediction proved to be wrong. And millions of phone calls are still beamed between satellites today, alongside troves of internet data, which the NSA has readily exploited at Menwith Hill.

“The commercial satellite communication business is alive and well and bursting at the seams with increasingly sophisticated bulk DNI (Digital Network Intelligence) traffic that is largely unencrypted,” the NSA reported in a 2006 document. “This data source alone provides more data for Menwith Hill analysts to sift through than our entire enterprise had to deal with in the not-so-distant past.”

The U.S. and U.K. governments have actively misled the public for years through a “cover story.”
As of 2009, Menwith Hill’s foreign satellite surveillance mission, code-named MOONPENNY, was monitoring 163 different satellite data links. The intercepted communications were funneled into a variety of different repositories storing phone calls, text messages, emails, internet browsing histories, and other data.

It is not clear precisely how many communications Menwith Hill is capable of tapping into at any one time, but the NSA’s documents indicate the number is extremely large. In a single 12-hour period in May 2011, for instance, its surveillance systems logged more than 335 million metadata records, which reveal information such as the sender and recipient of an email, or the phone numbers someone called and at what time.

To keep information about Menwith Hill’s surveillance role secret, the U.S. and U.K. governments have actively misled the public for years through a “cover story” portraying the base as a facility used to provide “rapid radio relay and conduct communications research.” A classified U.S. document, dated from 2005, cautioned spy agency employees against revealing the truth. “It is important to know the established cover story for MHS [Menwith Hill Station] and to protect the fact that MHS is an intelligence collection facility,” the document stated. “Any reference to satellites being operated or any connection to intelligence gathering is strictly prohibited.”

MenwithHill_04 Menwith Hill Station on March 11, 2014. Photo: Trevor Paglen
THE OUTPOST WAS built in the 1950s as part of a deal made by the British and American governments to house U.S. personnel and surveillance equipment. In its early days, Menwith Hill’s technology was much more primitive. According to Kenneth Bird, who worked at the base in the 1960s during the Cold War, it was focused then on monitoring high frequency radio signals in Eastern Europe. Intercepted conversations were recorded on Ampex tape recorders, Bird noted in his published 1997 account, with some transcribed by analysts in real-time using typewriters.

The modern Menwith Hill is a very different place. Now, not only are its spying systems capable of vacuuming up far more communications, but they also have a far broader geographic reach. In addition, the targets of the surveillance have drastically changed, as have the purposes for which the eavesdropping is carried out.

The documents obtained by The Intercept reveal that spy satellites operated at Menwith Hill today can target communications in China and Latin America, and also provide “continuous coverage of the majority of the Eurasian landmass,” where they intercept “tactical military, scientific, political, and economic communications signals.” But perhaps the most significant role the base has played in recent years has been in the Middle East and North Africa.

Especially in remote parts of the world where there are no fiber-optic cable links, it is common for internet connections and phone calls to be routed over satellite. Consequently, Menwith Hill became a vital asset in the U.S. government’s counterterrorism campaign after the 9/11 attacks. Since then, the base has been used extensively to tap into communications in otherwise hard-to-reach areas where Islamic extremist groups such as al Qaeda and al Shabaab have been known to operate — for example, in the Afghanistan-Pakistan border region, Somalia, and Yemen.

An aerial image captured by a U.S. satellite in support of a covert GHOSTHUNTER operation.
Crucially, however, Menwith Hill has been used for more than just gathering intelligence on people and governments across countries in the Middle East and North Africa. Surveillance tools such as the GHOSTHUNTER system were developed to directly aid military operations, pinpointing the locations of targeted people or groups so that they could then be captured or killed.
The NSA’s documents describe GHOSTHUNTER as a means “to locate targets when they log onto the internet.” It was first developed in 2006 as “the only capability of its kind” and it enabled “a significant number of capture-kill operations” against alleged terrorists. Only a few specific examples are given, but those cases give a remarkable insight into the extraordinary power of the technology.

In 2007, for instance, analysts at Menwith Hill used GHOSTHUNTER to help track down a suspected al Qaeda “facilitator” in Lebanon who was described as “highly actionable,” meaning he had been deemed a legitimate target to kill or capture. The location of the target — who was known by several names, including Abu Sumayah — was traced to within a few hundred meters based on intercepts of his communications. Then a spy satellite took an aerial photograph of the neighborhood in Sidon, south Lebanon, in which he was believed to be living, mapping out the surrounding streets and houses. A top-secret document detailing the surveillance indicates that the information was to be passed to a secretive special operations unit known as Task Force 11-9, which would have been equipped to conduct a covert raid to kill or capture Sumayah. The outcome of the operation, however, is unclear, as it is not revealed in the document.

In another case in 2007, GHOSTHUNTER was used to identify an alleged al Qaeda “weapons procurer” in Iraq named Abu Sayf. The NSA’s surveillance systems spotted Sayf logging into Yahoo email or messenger accounts at an internet cafe near a mosque in Anah, a town on the Euphrates River that is about 200 miles northwest of Baghdad. Analysts at Menwith Hill used GHOSTHUNTER to track down his location and spy satellites operated from the British base captured aerial images. This information was passed to U.S. military commanders based in Fallujah to be included as part of a “targeting plan.”

A few days later, a special operations unit named Task Force-16 stormed two properties, where they detained Sayf, his father, two brothers, and five associates.

By 2008, the apparent popularity of GHOSTHUNTER within the intelligence community meant that it was rolled out at other surveillance bases where NSA has a presence, including in Ayios Nikolaos, Cyprus, and Misawa, Japan. The expansion of the capability to the other bases meant that it now had “near-global coverage.” But Menwith Hill remained its most important surveillance site. “[Menwith Hill] still supplies about 99% of the FORNSAT data used in GHOSTHUNTER geolocations,” noted a January 2008 document about the program.

A 2009 document added that GHOSTHUNTER’s focus was at that time “on geolocation of internet cafés in the Middle East/North Africa region in support of U.S. military operations” and said that it had to date “successfully geolocated over 5,000 VSAT terminals in Iraq, Afghanistan, Syria, Lebanon, and Iran.” VSAT, or Very Small Aperture Terminal, is a satellite system commonly used by internet cafés and foreign governments in the Middle East to send and receive communications and data. GHOSTHUNTER could also home in on VSATs in Pakistan, Somalia, Algeria, the Philippines, Mali, Kenya, and Sudan, the documents indicate.

Menwith Hill’s unique ability to track down satellite devices across the world at times placed it on the front line of conflicts thousands of miles away. In Afghanistan, for instance, analysts at the base used the VSAT surveillance to help track down suspected members of the Taliban, which led to “approximately 30 enemy killed” during one series of attacks that were mentioned in a top-secret July 2011 report. In early 2012, Menwith Hill’s analysts were again called upon to track down a VSAT: this time, to assist British special forces in Afghanistan’s Helmand Province. The terminal was swiftly located, and within an hour an MQ-9 Reaper drone was dispatched to the area, presumably to launch an airstrike.

But the lethal use of the surveillance data does not appear to have been restricted to conventional war zones such as Afghanistan or Iraq. The NSA developed similar methods at Menwith Hill to track down terror suspects in Yemen, where the U.S. has waged a covert drone war against militants associated with al Qaeda in the Northern Peninsula.

In early 2010, the agency revealed in an internal report that it had launched a new technique at the British base to identify many targets “at almost 40 different geolocated internet cafés” in Yemen’s Shabwah province and in the country’s capital, Sanaa. The technique, the document revealed, was linked to a broader classified initiative called GHOSTWOLF, described as a project to “capture or eliminate key nodes in terrorist networks” by focusing primarily on “providing actionable geolocation intelligence derived from [surveillance] to customers and their operational components.”

The description of GHOSTWOLF ties Menwith Hill to lethal operations in Yemen, providing the first documentary evidence that directly implicates the U.K. in covert actions in the country.

MenwithHill_hero Menwith Hill, March 13, 2013. Photo: Trevor Paglen
MENWITH HILL’S PREVIOUSLY undisclosed role aiding the so-called targeted killing of terror suspects highlights the extent of the British government’s apparent complicity in controversial U.S. attacks — and raises questions about the legality of the secret operations carried out from the base.

There are some 2,200 personnel at Menwith Hill, the majority of whom are Americans. Alongside NSA employees within the complex, the U.S. National Reconnaissance Office also has a major presence at the site, running its own “ground station” from which it controls a number of spy satellites.

But the British government has publicly asserted as recently as 2014 that operations at the base “have always been, and continue to be” carried out with its “knowledge and consent.” Moreover, roughly 600 of the personnel at the facility are from U.K. agencies, including employees of the NSA’s British counterpart Government Communications Headquarters, or GCHQ.

For several years, British human rights campaigners and lawmakers have been pressuring the government to provide information about whether it has had any role aiding U.S. targeted killing operations, yet they have been met with silence. In particular, there has been an attempt to establish whether the U.K. has aided U.S. drone bombings outside of declared war zones — in countries including Yemen, Pakistan, and Somalia — which have resulted in the deaths of hundreds of civilians and are in some cases considered by United Nations officials to possibly constitute war crimes and violations of international law.

Though the Snowden documents analyzed by The Intercept state that Menwith Hill has aided “a significant number” of “capture-kill” operations, they do not reveal specific details about all of the incidents that resulted in fatalities. What is clear, however, is that the base has targeted countries such as Yemen, Pakistan, and Somalia as part of location-tracking programs like GHOSTHUNTER and GHOSTWOLF — which were created to help pinpoint individuals so they could be captured or killed — suggesting it has played a part in drone strikes in these countries.

“An individual involved in passing that information is likely to be an accessory to murder.”
Craig, the legal director at Reprieve, reviewed the Menwith Hill documents — and said that they indicated British complicity in covert U.S. drone attacks. “For years, Reprieve and others have sought clarification from the British government about the role of U.K. bases in the U.S. covert drone program, which has killed large numbers of civilians in countries where we are not at war,” she told The Intercept. “We were palmed off with platitudes and reassured that any U.S. activities on or involving British bases were fully compliant with domestic and international legal provisions. It now appears that this was far from the truth.”

Jemima Stratford QC, a leading British human rights lawyer, told The Intercept that there were “serious questions to be asked and serious arguments to be made” about the legality of the lethal operations aided from Menwith Hill. The operations, Stratford said, could have violated the European Convention on Human Rights, an international treaty that the U.K. still remains bound to despite its recent vote to leave the European Union. Article 2 of the Convention protects the “right to life” and states that “no one shall be deprived of his life intentionally” except when it is ordered by a court as a punishment for a crime.

Stratford has previously warned that if British officials have facilitated covert U.S. drone strikes outside of declared war zones, they could even be implicated in murder. In 2014, she advised members of the U.K. Parliament that because the U.S. is not at war with countries such as Yemen or Pakistan, in the context of English and international law, the individuals who are targeted by drones in these countries are not “combatants” and their killers are not entitled to “combatant immunity.”

“If the U.K. government knows that it is transferring data that may be used for drone strikes against non-combatants … that transfer is probably unlawful,” Stratford told the members of Parliament. “An individual involved in passing that information is likely to be an accessory to murder.”

GCHQ refused to answer questions for this story, citing a “long standing policy that we do not comment on intelligence matters.” A spokesperson for the agency issued a generic statement asserting that “all of GCHQ’s work is carried out in accordance with a strict legal and policy framework, which ensures that our activities are authorised, necessary and proportionate, and that there is rigorous oversight.” The spokesperson insisted that “U.K.’s interception regime is entirely compatible with the European Convention on Human Rights.”

MenwithHill_05 A Gate at Menwith Hill Station prohibiting entrance on March 12, 2014. Photo: Trevor Paglen
IN FEBRUARY 2014, the U.S. Department of Defense announced after a review that it was planning to reduce personnel at Menwith Hill by 2016, with about 500 service members and civilians set to be removed from the site. A U.S. Air Force spokesperson told the military newspaper Stars and Stripes that the decision was based on technological advances, which he declined to discuss, though he mentioned improvements in “server capacity to the hardware that we’re using; we’re doing more with less.”

The documents provided by Snowden shine light on some of the specific technological changes. Most notably, they show that there has been significant investment in introducing new and more sophisticated mass surveillance systems at Menwith Hill in recent years. A crucial moment came in 2008, when then-NSA Director Keith Alexander introduced a radical shift in policy. Visiting Menwith Hill in June that year, Alexander set a challenge for employees at the base. “Why can’t we collect all the signals, all the time?” he said, according to NSA documents. “Sounds like a good summer homework project for Menwith.”

As a result, a new “collection posture” was introduced at the base, the aim being to “collect it all, process it all, exploit it all.” In other words, it would vacuum up as many communications within its reach as technologically possible.

Between 2009 and 2012, Menwith Hill spent more than $40 million on a massive new 95,000-square-foot operations building — nearly twice the size of an average American football field. A large chunk of this space — 10,000 square feet — was set aside for a data center that boasted the ability to store huge troves of intercepted communications. During the renovations, the NSA shipped in new computer systems and laid 182 miles of cables, enough to stretch from New York City to the outskirts of Boston. The agency also had a 200-seat-capacity auditorium constructed to host classified operations meetings and other events.

“How can Menwith carry out operations of which there is absolutely no accountability to the public?”
Some of the extensive expansion work was visible from the road outside the secure complex, which triggered protests from a local activist group called the Campaign for the Accountability of American Bases. Since the early 1990s, the group has closely monitored activities at Menwith Hill. And for the last 16 years, its members have held a small demonstration every Tuesday outside the base’s main entrance, greeting NSA employees with flags and colorful homemade banners bearing slogans critical of U.S. foreign policy and drone strikes.

Fabian Hamilton, a member of Parliament based in the nearby city of Leeds, has become a supporter of the campaign’s work, occasionally attending events organized by the group and advocating for more transparency at Menwith Hill. Hamilton, who represents the Labour Party, has doggedly attempted to find out basic information about the base, asking the government at least 40 parliamentary questions since 2010 about its activities. He has sought clarification on a variety of issues, such as how many U.S. personnel are stationed at the site, whether it is involved in conducting drone strikes, and whether members of a British parliamentary oversight committee have been given full access to review its operations. But his efforts have been repeatedly stonewalled, with British government officials refusing to provide any details on the grounds of national security.

Hamilton told The Intercept that he found the secrecy shrouding Menwith Hill to be “offensive.” The revelations about the role it has played in U.S. killing and capture operations, he said, showed there needed to be a full review of its operations. “Any nation-state that uses military means to attack any target, whether it is a terrorist, whether it is legitimate or not, has to be accountable to its electorate for what it does,” Hamilton said. “That’s the basis of our Parliament, it’s the basis of our whole democratic system. How can we say that Menwith can carry out operations of which there is absolutely no accountability to the public? I don’t buy this idea that you say the word ‘security’ and nobody can know anything. We need to know what is being done in our name.”
https://theintercept.com/2016/09/06/nsa ... veillance/