Group items tagged

This would correspond to internal NSA documents seen by SPIEGEL. They show, for example, an SCS office in another US embassy -- a small windowless room full of cables with a work station of "signal processing racks" containing dozens of plug-in units for "signal analysis." On Friday, author and NSA expert James Bamford also visited SPIEGEL's Berlin bureau, which is located on Pariser Platz diagonally opposite the US Embassy. "To me, it looks like NSA eavesdropping equipment is hidden behind there," he said. "The covering seems to be made of the same material that the agency uses to shield larger systems." The Berlin-based security expert Andy Müller Maguhn was also consulted. "The location is ideal for intercepting mobile communications in Berlin's government district," he says, "be it technical surveillance of communication between cellphones and wireless cell towers or radio links that connect radio towers to the network."

Wiretapping from an embassy is illegal in nearly every country. But that is precisely the task of the SCS, as is evidenced by another secret document. According to the document, the SCS operates its own sophisticated listening devices with which they can intercept virtually every popular method of communication: cellular signals, wireless networks and satellite communication. The necessary equipment is usually installed on the upper floors of the embassy buildings or on rooftops where the technology is covered with screens or Potemkin-like structures that protect it from prying eyes. That is apparently the case in Berlin, as well. SPIEGEL asked British investigative journalist Duncan Campbell to appraise the setup at the embassy. In 1976, Campbell uncovered the existence of the British intelligence service GCHQ. In his so-called "Echelon Report" in 1999, he described for the European Parliament the existence of the global surveillance network of the same name.

Campbell refers to window-like indentations on the roof of the US Embassy. They are not glazed but rather veneered with "dielectric" material and are painted to blend into the surrounding masonry. This material is permeable even by weak radio signals. The interception technology is located behind these radio-transparent screens, says Campbell. The offices of SCS agents would most likely be located in the same windowless attic.

Apparently, SCS agents use the same technology all over the world. They can intercept cellphone signals while simultaneously locating people of interest. One antenna system used by the SCS is known by the affable code name "Einstein." When contacted by SPIEGEL, the NSA declined to comment on the matter. The SCS are careful to hide their technology, especially the large antennas on the roofs of embassies and consulates. If the equipment is discovered, explains a "top secret" set of classified internal guidelines, it "would cause serious harm to relations between the United States and a foreign government." According to the documents, SCS units can also intercept microwave and millimeter-wave signals. Some programs, such as one entitled "Birdwatcher," deal primarily with encrypted communications in foreign countries and the search for potential access points. Birdwatcher is controlled directly from SCS headquarters in Maryland.

With the growing importance of the Internet, the work of the SCS has changed. Some 80 branches offer "thousands of opportunities on the net" for web-based operations, according to an internal presentation. The organization is now able not only to intercept cellphone calls and satellite communication, but also to proceed against criminals or hackers. From some embassies, the Americans have planted sensors in communications equipment of the respective host countries that are triggered by selected terms.

The operation was conducted with the involvement of the White House intelligence coordinator and the FBI. One document states that the threat posed by Huawei is "unique". The agency also stated in a document that "the intelligence community structures are not suited for handling issues that combine economic, counterintelligence, military influence and telecommunications infrastructure from one entity."

Editor's note: A longer version of this story will appear in German in the issue of SPIEGEL to be published on Monday.

After Obama assumed office, the US government opted for a new strategy. In June 2009, then Defense Secretary Robert Gates installed Stanley McChrystal, a four-star general who had served in Iraq, as commander of US forces in Afghanistan. McChrystal promoted the aggressive pursuit of the Taliban. Obama sent 33,000 additional troops to Afghanistan, but their deployment was tied to a demand that military officials provide a binding date for the withdrawal of US forces. At the same time, the president distanced himself from the grand objectives the West had proclaimed when it first marched into Kabul. The United States would not try to make Afghanistan "a perfect place," said Obama. Its new main objective was to fight the insurgency.

This marked the beginning of one of the bloodiest phases of the war. Some 2,412 civilians died in Afghanistan in 2009. Two-thirds of them were killed by insurgents and 25 percent by NATO troops and Afghan security forces. The number of operations against the Taliban rose sharply, to between 10 and 15 a night. The operations were based on the lists maintained by the CIA and NATO -- Obama's lists. The White House dubbed the strategy "escalate and exit." McChrystal's successor, General David Petraeus, documented the strategy in "Field Manual 3-24" on fighting insurgencies, which remains a standard work today. Petraeus outlined three stages in fighting guerilla organizations like the Taliban. The first was a cleansing phase, in which the enemy leadership is weakened. After that, local forces were to regain control of the captured areas. The third phase was focused on reconstruction. Behind closed doors, Petraeus and his staff explained exactly what was meant by "cleansing." German politicians recall something that Michael T. Flynn, the head of ISAF intelligence in Afghanistan, once said during a briefing: "The only good Talib is a dead Talib."

Under Petraeus, a merciless campaign began to hunt down the so-called shadow governors and local supporters aligned with the Islamists. For the Americans, the fact that the operations often ended in killings was seen as a success. In August 2010, Petraeus proudly told diplomats in Kabul that he had noticed a shifting trend. The figures he presented as evidence made some of the ambassadors feel uneasy. At least 365 insurgent commanders, Petraeus explained, had been neutralized in the last three months, for an average of about four killings a day. The existence of documents relating to the so-called Joint Prioritized Effects List (JPEL) has only been described in vague terms until now. The missions by US special units are mentioned but not discussed in detail in the US Army Afghanistan war logs published by WikiLeaks in 2010, together with the New York Times, the Guardian and SPIEGEL. The documents that have now become accessible provide, for the first time, a systematic view of the targeted killings. They outline the criteria used to determine who was placed on the list and why.

According to the NSA document, in October 2008 the NATO defense ministers made the momentous decision that drug networks would now be "legitimate targets" for ISAF troops. "Narcotics traffickers were added to the Joint Prioritized Effects List (JPEL) list for the first time," the report reads. In the opinion of American commanders like Bantz John Craddock, there was no need to prove that drug money was being funneled to the Taliban to declare farmers, couriers and dealers as legitimate targets of NATO strikes.

The document also reveals how vague the basis for deadly operations apparently was. In the voice recognition procedure, it was sufficient if a suspect identified himself by name once during the monitored conversation. Within the next 24 hours, this voice recognition was treated as "positive target identification" and, therefore, as legitimate grounds for an airstrike. This greatly increased the risk of civilian casualties. Probably one of the most controversial decisions by NATO in Afghanistan is the expansion of these operations to include drug dealers. According to an NSA document, the United Nations estimated that the Taliban was earning $300 million a year through the drug trade. The insurgents, the document continues, "could not be defeated without disrupting the drug trade."

When an operation could potentially result in civilian casualties, ISAF headquarters in Kabul had to be involved. "The rule of thumb was that when there was estimated collateral damage of up to 10 civilians, the ISAF commander in Kabul was to decide whether the risk was justifiable," says an ISAF officer who worked with the lists for years. If more potential civilian casualties were anticipated, the decision was left up to the relevant NATO headquarters office. Bodyguards, drivers and male attendants were viewed as enemy combatants, whether or not they actually were. Only women, children and the elderly were treated as civilians. Even officers who were involved in the program admit that these guidelines were cynical. If a Taliban fighter was repeatedly involved in deadly attacks, a "weighing of interests" was performed. The military officials would then calculate how many human lives could be saved by the "kill," and how many civilians would potentially be killed in an airstrike.

In early 2009, Craddock, NATO's Supreme Allied Commander for Europe at the time, issued an order to expand the targeted killings of Taliban officials to drug producers. This led to heated discussions within NATO. German NATO General Egon Ramms declared the order "illegal" and a violation of international law. The power struggle within NATO finally led to a modification of Craddock's directive: Targets related to the drug production at least had to be investigated as individual cases. The top-secret dossier could be highly damaging to the German government. For years, German authorities have turned over the mobile phone numbers of German extremists in Afghanistan to the United States. At the same time, the German officials claimed that homing in on mobile phone signals was far too imprecise for targeted killings. This is apparently an untenable argument. According to the 2010 document, both Eurofighters and drones had "the ability to geolocate a known GSM handset." In other words, active mobile phones could serve as tracking devices for the special units.

The classified documents could now have legal repercussions. The human rights organization Reprieve is weighing legal action against the British government. Reprieve believes it is especially relevant that the lists include Pakistanis who were located in Pakistan. "The British government has repeatedly stated that it is not pursuing targets in Pakistan and not doing air strikes on Pakistani territory," says Reprieve attorney Jennifer Gibson. The documents, she notes, also show that the "war on terror" was virtually conflated with the "war on drugs." "This is both new and extremely legally troubling," says Gibson.

A 2009 CIA study that addresses targeted killings of senior enemy officials worldwide reaches a bitter conclusion. Because of the Taliban's centralized but flexible leadership, as well as its egalitarian tribal structures, the targeted killings were only moderately successful in Afghanistan. "Morover, the Taliban has a high overall ability to replace lost leaders," the study finds.

SPIEGEL: You yourself worked as a spy for the NSA. What made you become a whistleblower? Drake: It was only months after 9/11. Back then it became clear to me that in order to avoid another failure to protect people we just set aside the rules of law. The NSA violated our constitution by spying on its own people. Today, we have the greatest surveillance platform the world has ever seen. This is why I shudder. National security has become a state religion. They say they want to keep us safe, but from whom?

From a military perspective, surveillance of the Internet is merely "Phase 0" in the US digital war strategy. Internal NSA documents indicate that it is the prerequisite for everything that follows. They show that the aim of the surveillance is to detect vulnerabilities in enemy systems. Once "stealthy implants" have been placed to infiltrate enemy systems, thus allowing "permanent accesses," then Phase Three has been achieved -- a phase headed by the word "dominate" in the documents. This enables them to "control/destroy critical systems & networks at will through pre-positioned accesses (laid in Phase 0)." Critical infrastructure is considered by the agency to be anything that is important in keeping a society running: energy, communications and transportation. The internal documents state that the ultimate goal is "real time controlled escalation". One NSA presentation proclaims that "the next major conflict will start in cyberspace." To that end, the US government is currently undertaking a massive effort to digitally arm itself for network warfare. For the 2013 secret intelligence budget, the NSA projected it would need around $1 billion in order to increase the strength of its computer network attack operations. The budget included an increase of some $32 million for "unconventional solutions" alone.

Part 2: How the NSA Reads Over Shoulders of Other Spies

NSA Docs on ExfiltrationExplanation of the APEX method of combining passive with active methods to exfiltrate data from networks attacked Explanation of APEX shaping to put exfiltrating network traffic into patterns that allow plausible deniability Presentation on the FASHIONCLEFT protocol that the NSA uses to exfiltrate data from trojans and implants to the NSA Methods to exfiltrate data even from devices which are supposed to be offline Document detailing SPINALTAP, an NSA project to combine data from active operations and passive signals intelligence Technical description of the FASHIONCLEFT protocol the NSA uses to exfiltrate data from Trojans and implants to the NSA

NSA Docs on Malware and ImplantsCSEC document about the recognition of trojans and other "network based anomaly" The formalized process through which analysts choose their data requirement and then get to know the tools that can do the job QUANTUMTHEORY is a set of technologies allowing man-on-the-side interference attacks on TCP/IP connections (includes STRAIGHTBIZARRE and DAREDEVIL) Sample code of a malware program from the Five Eyes alliance

According to top secret documents from the archive of NSA whistleblower Edward Snowden seen exclusively by SPIEGEL, they are planning for wars of the future in which the Internet will play a critical role, with the aim of being able to use the net to paralyze computer networks and, by doing so, potentially all the infrastructure they control, including power and water supplies, factories, airports or the flow of money. During the 20th century, scientists developed so-called ABC weapons -- atomic, biological and chemical. It took decades before their deployment could be regulated and, at least partly, outlawed. New digital weapons have now been developed for the war on the Internet. But there are almost no international conventions or supervisory authorities for these D weapons, and the only law that applies is the survival of the fittest. Canadian media theorist Marshall McLuhan foresaw these developments decades ago. In 1970, he wrote, "World War III is a guerrilla information war with no division between military and civilian participation." That's precisely the reality that spies are preparing for today.

And the final thing I want to say is, you know, all this talk about amnesty for Edward Snowden, and it’s so important that the rule of law be applied to him, it’s really quite amazing. Here’s Michael Hayden. He oversaw the illegal warrantless eavesdropping program implemented under the Bush administration. He oversaw torture and rendition as the head of the CIA. James Clapper lied to the face of Congress. These are felonies at least as bad, and I would say much worse, than anything Edward Snowden is accused of doing, and yet they’re not prosecuted. They’re free to appear on television programs. The United States government in Washington constantly gives amnesty to its highest officials, even when they commit the most egregious crimes. And yet the idea of amnesty for a whistleblower is considered radical and extreme. And that’s why a hardened felon like Michael Hayden is free to walk around on the street and is treated on American media outlets as though he’s some learned, wisdom-drenched elder statesman, rather than what he is, which is a chronic criminal.

These NSA agents, who specialize in secret back doors, are able to keep an eye on all levels of our digital lives -- from computing centers to individual computers, and from laptops to mobile phones. For nearly every lock, ANT seems to have a key in its toolbox. And no matter what walls companies erect, the NSA's specialists seem already to have gotten past them. This, at least, is the impression gained from flipping through the 50-page document. The list reads like a mail-order catalog, one from which other NSA employees can order technologies from the ANT division for tapping their targets' data. The catalog even lists the prices for these electronic break-in tools, with costs ranging from free to $250,000. In the case of Juniper, the name of this particular digital lock pick is "FEEDTROUGH." This malware burrows into Juniper firewalls and makes it possible to smuggle other NSA programs into mainframe computers. Thanks to FEEDTROUGH, these implants can, by design, even survive "across reboots and software upgrades." In this way, US government spies can secure themselves a permanent presence in computer networks. The catalog states that FEEDTROUGH "has been deployed on many target platforms."

The ANT division doesn't just manufacture surveillance hardware. It also develops software for special tasks. The ANT developers have a clear preference for planting their malicious code in so-called BIOS, software located on a computer's motherboard that is the first thing to load when a computer is turned on. This has a number of valuable advantages: an infected PC or server appears to be functioning normally, so the infection remains invisible to virus protection and other security programs. And even if the hard drive of an infected computer has been completely erased and a new operating system is installed, the ANT malware can continue to function and ensures that new spyware can once again be loaded onto what is presumed to be a clean computer. The ANT developers call this "Persistence" and believe this approach has provided them with the possibility of permanent access. Another program attacks the firmware in hard drives manufactured by Western Digital, Seagate, Maxtor and Samsung, all of which, with the exception of the latter, are American companies. Here, too, it appears the US intelligence agency is compromising the technology and products of American companies.

Other ANT programs target Internet routers meant for professional use or hardware firewalls intended to protect company networks from online attacks. Many digital attack weapons are "remotely installable" -- in other words, over the Internet. Others require a direct attack on an end-user device -- an "interdiction," as it is known in NSA jargon -- in order to install malware or bugging equipment. There is no information in the documents seen by SPIEGEL to suggest that the companies whose products are mentioned in the catalog provided any support to the NSA or even had any knowledge of the intelligence solutions. "Cisco does not work with any government to modify our equipment, nor to implement any so-called security 'back doors' in our products," the company said in a statement. Contacted by SPIEGEL reporters, officials at Western Digital, Juniper Networks and Huawei also said they had no knowledge of any such modifications. Meanwhile, Dell officials said the company "respects and complies with the laws of all countries in which it operates." Many of the items in the software solutions catalog date from 2008, and some of the target server systems that are listed are no longer on the market today. At the same time, it's not as if the hackers within the ANT division have been sleeping on the job. They have continued to develop their arsenal. Some pages in the 2008 catalog, for example, list new systems for which no tools yet exist. However, the authors promise they are already hard at work developing new tools and that they will be "pursued for a future release."

the eavesdropping described in the Snowden documents would have violated agreements that the United States has made. The report said that the N.S.A. succeeded last year in cracking an encrypted video teleconferencing system at the United Nations, and even stumbled across Chinese spies who were apparently invading the same communications system. The magazine also published a floor plan, evidently from N.S.A. files, of the third floor of the European mission to the United Nations on Third Avenue in New York, showing the locations of offices and computer servers. Der Spiegel suggested that the spying on allies and the United Nations made President Obama’s defense of surveillance programs as a counterterrorism effort seem misleading at best.

Jim Lewis, a director and senior fellow with the Center for Strategic and International Studies, adds that the Chinese view state-sponsored espionage a little differently than the U.S. does. Both countries believe in espionage for national security purposes, but the Chinese argue that such spying might include the theft of commercial secrets. “The Chinese will tell you that stealing technology and business secrets is a way of building their economy, and that this is important for national security,” says Lewis, who has helped oversee meetings between the U.S. and the Chinese, including officers in the PLA. “I’ve been in the room when they’ve said that. The last time was when a PLA colonel said: ‘In the U.S., military espionage is heroic and economic espionage is a crime. In China, the line is not that clear.’” But here in the United States, we now know, the NSA may blur other lines in the name of national security. Segal says that although he, as an American, believes the U.S. government is on stronger ethical ground than the Chinese, other nations are beginning to question its motives. “The U.S has to convince other countries that our type of intelligence gathering is different,” he says. “I don’t think that the Brazils and the Indias and the Indonesias and the South Africas are convinced. That’s a big problem for us.”

The thing to realize, as the revelations of NSA snooping continue to pour out, is that everyone deserves scrutiny — the U.S government and its allies, as well as the Chinese and others you may be more likely to view with skepticism. “All big countries,” Lewis says, “are going to try and do this.”

Regin has been used to spy on telecom providers, financial institutions, energy companies, airlines, research institutes and the hospitality industry, and on European Union officials. The 14 countries found to have been penetrated include Russia, Malaysia, Afghanistan, and Fiji. Even though the trail is hot now, security experts say that Regin is still out there committing wholesale espionage. That’s because parts of it like QWERTY help mask other components. Like any good spy, it’s constantly changing disguises.

Writing in the book’s introduction, Assange proposes that the diplomatic cables provide “the vivisection of a living empire, showing what substance flowed from which state organ and when”. Assange notes in his introduction that academic disciplines outside international relations, and where career aspirations do not go hand in hand with patronage by government institutions, have voluminous coverage of the cables. But the ISA does not accept submissions citing WikiLeaks’ material. Although ISA executive director Mark Boyer denies that the association has a formal policy against publishing WikiLeaks’ material, he says that journal editors have discussed the implications of publishing material that is legally prohibited by the US government. According to Gabriel J. Michael, author of the Yale Law School paper Who’s Afraid of WikiLeaks? Missed Opportunities in Political Science Research, the ISQ has adopted a “provisional policy” against handling manuscripts that make use of leaked documents if such use could be interpreted as mishandling “classified” material. According to an ISQ editor quoted in Michael’s paper, this policy prohibits direct quotations as well as data mining, and was developed in consultation with legal counsel. Stating that editors are currently “in an untenable position”. According to the editor, ISQ’s policy will remain in place pending broader action from the ISA, which publishes several other disciplinary journals. The ISA and ISQ concerns about handling material that the US government forbids —  which include WikiLeaks’ cables —  amount to throwing the baby out with the bathwater. The cables go into the heart of an empire, and reflect on matters that affect everyone.

Without WikiLeaks, the public would still be in the dark about the Trans-Pacific Partnership “agreement” currently being negotiated. The treaty aims to rewrite the global rules on intellectual property rights and would create spheres of trade which would be protected from judicial oversight. Such agreements have the potential to change the fabric of how states operate, and the leaked cables shed light on how states negotiate significant treaties, aiming to keep citizenship participation in politics out. Where academia bans the use of important leaked documents the public loses out.

Der Spiegel reported that Breedlove “stunned” German leaders with a surprise announcement in 2015 claiming that pro-Russian separatists had “upped the ante” in eastern Ukraine with “well over a thousand combat vehicles, Russian combat forces, some of the most sophisticated air defense, battalions of artillery” sent to Donbass, a center of the conflict. Breedlove’s numbers were “significantly higher” than the figures known to NATO intelligence agencies and seemed exaggerated to German officials. The announcement appeared to be a provocation designed to disrupt mediation efforts led by Chancellor Angela Merkel. In previous instances, German officials believed Breedlove overestimated Russian forces along the border with Ukraine by as many as 20,000 troops and found that the general had falsely claimed that several Russian military assets near the Ukrainian border were part of a special build-up in preparation for a large-scale invasion of the country. In fact, much of the Russian military equipment identified by Breedlove, the Germans said, had been stored there well before the revolution in Ukraine.

The emails, however, depict a desperate search by Breedlove to build his case for escalating the conflict, contacting colleagues and friends for intelligence to illustrate the Russian threat. Karber, who visited Ukrainian politicians and officials in Kiev on several occasions, sent frequent messages to Breedlove — “per your request,” he noted — regarding information he had received about separatist military forces and Russian troop movements. In several updates, Breedlove received military data sourced from Twitter and social media. Karber, the president of the Potomac Foundation, became the center of a related scandal last year when it was discovered that he had facilitated a meeting during which images of purported Russian forces in Ukraine were distributed to the office of Sen. James Inhofe, R-Okla., and were published by a neoconservative blog. The pictures turned out to be a deception; one supposed picture of Russian tanks in Ukraine was, in fact, an old photograph of Russian tanks in Ossetia during the war with Georgia.

The emails were released by D.C. Leaks, a database run by self-described “hacktivists” who are collecting the communications of elite stakeholders such as political parties, major politicians, political campaigns, and the military. The website currently has documents revealing some internal communications of the Hillary Clinton presidential campaign and George Soros’s Open Society Foundation, among others.

The U.S. government maintains that its drone strikes against al Qaeda and its “associated forces” are legal, even outside of declared war zones. But German legal officials have suggested that such operations are only justifiable in actual war zones. Moreover, Germany has the right to prosecute “criminal offenses against international law … even when the offense was committed abroad and bears no relation to Germany,” according to Germany’s Code of Crimes against International Law, which passed in 2002. This means that American personnel stationed at Ramstein could, in theory, be vulnerable to German prosecution if they provide drone pilots with data used in attacks. While the German government has been reluctant to pursue such prosecutions, it may come under increasing pressure to do so. “It is simply murder,” says Björn Schiffbauer of the Institute for International Law at the University of Cologne. Legal experts interviewed by Der Spiegel claimed that U.S. personnel could be charged as war criminals by German prosecutors.

“If in fact this is a post-Snowden NSA leak, then it’s probably just proof that you can always build a bigger mousetrap; that doesn’t mean you’re going to catch the mice,” said Stephen Vladeck, a law professor at American University who specializes in national security issues.Vladeck added that leaks about controversial national security programs are in many ways inevitable, and may not be tied to Snowden’s leaks in any way.For Greenwald, however, a second leaker would be affirmation of Snowden’s actions.“I've long thought one of the most significant and enduring consequences of Snowden's successful whistleblowing will be that he will inspire other leakers to come forward,” he told The Hill.