Tag Archives: The Intercept

GCHQ Outed – Collecting Just As Much Data As The NSA

As I said last night in the article about the European Court of Justice, every national intelligence agency that has the ability to do so is vacuuming data from the Internet.

The Intercept wrote a very detailed article analyzing some new documents from the Edward Snowden document dump.  The article links to the original documents for those who are interested in even more details.

The goal of this particular program was simple:  Record the website browsing habits of “every visible user on the Internet”.  Pretty simple.  A lot of data.

The program, called Karma Police, was launched by GCHQ, the British equivalent of the NSA, about 7 years ago, quietly.

The documents reveal a series of interrelated programs.  One profiles your browsing habits.  Another analyzes instant messages, emails, Skype usage, text messages, cell phone locations and social media use.  Still other programs track “suspicious” Google searches and another the usage of Google Maps.

Just like the formerly secret NSA programs, the British programs do away with the need for court orders or warrants.

According to the documents, in 2010 GCHQ was logging about 30 billion records a day.  By 2012 they were up to 50 billion records a day with plans to upgrade it to 100 billion records a day.  The claim was that this would be the biggest government surveillance system in the world.

One use, for example, was to collect intelligence about what Internet radio stations people were listening to.  Suspicious listening habits call for more surveillance.  The web browsing habits could be examined.  For one lucky soul who was targeted, they discovered that, in addition to a suspicious radio station, the person also visited Facebook, Yahoo, You Tube, the porn site Redtube, Blogspot and other web sites.

The code name Karma Police likely comes from the British band  Radiohead’s song of the same name.  The lyrics “This is what you’ll get, when you mess with us” is repeated throughout the song.

Like similar NSA programs, the raw data is fed into a holding pen, in this case called The Black Hole.  Between 2007 and 2009, it collected 1.1 trillion events or about 10 billion a day.  Given other numbers in the documents, that volume is likely many times that big now.

Given the volume of data, analysis tools are needed.  One tool, called MUTANT BROTH, was used to sift through all of the cookies captured to correlate data to a particular user.  They can use the cookies to figure out what you do at what time of day.

You may remember that the Dutch SIM card maker Gemalto was hacked (that was revealed last year).  These documents indicate that GCHQ was behind that attack and it now makes sense.  At the time, Gemalto said that the hackers only got 2G (second generation) cellphone SIM card crypto keys, not the 3G or 4G SIMs used in the US and Britain.  Why would the hackers want that?  Because it is likely that middle eastern countries are still running 2G cell networks.  Make sense?  They used the data from Karma Police to target Gemalto employees and then hack their computers to hack the encryption keys they wanted.  While Gemalto denied it, it may be that there was not enough isolation between the administrative network and the network where the encryption keys were stored.

In addition to these programs, there are many other programs, each of which has a special function – analyze emails, analyze search engine queries, look at Google Map queries and other things.

Because of Britain’s location on the planet, many fiber optic cables between the U.S. and the rest of the world flow through Britain, making them a rich opportunity for tapping.  In 2010, GCHQ said there were 1,600 cables passing through Britain and they could tap most of them.  One would assume that capability has increased since then.

Like with the NSA, the rules say that GCHQ is not supposed read the content of citizen’s data they snare, but that does not include metadata of citizens.  This loophole of sifting through the metadata of British citizens also allows for the same action for citizens of the Five Eyes (US, Britain, Canada, Australia and New Zealand).

Because of the volume of data, like with the NSA, GCHQ stores the metadata for between 30 and 180 days and communications for 3 to 30 days, unless they want to keep it longer.

In one document it says that, compared to oversight rules in the U.S., the U.K. has “a light oversight regime”.

One challenge for all of the intelligence agencies is encryption.  While most encryption may not be bullet proof, it is likely bullet resistant and until the encryption is cracked you may not know whether the content is about what to bring home from the store or who the next terrorist target is.

It will be interesting to see if the Brits make a big deal over this.

Information for this post came from The Intercept.