Group items matching

in title, tags, annotations or url

chair of the Senate Intelligence Committee (and thus someone complicit in the spying programs).

Snowden has not merely revealed that the U.S. government has forced service providers Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube and Apple to share all their records with itself, in the form of mega-data that can only be accessed for content following the issuance of warrants from (secret) courts, in order to thwart real or imagined terrorist plots. He hasn’t merely shown that the NSA intercepts 1.7 billion electronic records every day (in order, of course, to thwart the terrorists). He has charged the following:

Snowden indicates that those with that power can indeed gain access to what Bill Clinton recently called the “meat” of your communications.

“‘These were just really everyday, average, ordinary Americans who happened to be in the Middle East, in our area of intercept and happened to be making these phone calls on satellite phones,’ said Adrienne Kinne, a 31-year old US Army Reserves Arab linguist assigned to a special military program at the NSA’s Back Hall at Fort Gordon from November 2001 to 2003. Kinne described the contents of the calls as ‘personal, private things with Americans who are not in any way, shape or form associated with anything to do with terrorism.’ [...] Another intercept operator, former Navy Arab linguist, David Murfee Faulk, 39, said he and his fellow intercept operators listened into hundreds of Americans picked up using phones in Baghdad’s Green Zone from late 2003 to November 2007. ‘Calling home to the United States, talking to their spouses, sometimes their girlfriends, sometimes one phone call following another,’ said Faulk. [...] ‘Hey, check this out,’ Faulk says he would be told, ‘there’s good phone sex or there’s some pillow talk, pull up this call, it’s really funny, go check it out. It would be some colonel making pillow talk and we would say, ‘Wow, this was crazy,’ Faulk told ABC News.”

One of its stated missions was to use surveillance on activists to release negative personal information to the public to discredit them. In many instances the agents succeeded, and they ruined lives. And their abilities to do so pale in comparison with the abilities of Obama’s NSA.

the Bush administration would be willing to learn a thing or two about domestic spying from the experts of the former Stasi. What ruling elite has ever gained more total information awareness about its citizens than the old German Democratic Republic?  And done it with such elegant legal scaffolding?

Thus, you see, he’s not a whistle-blower but a criminal.

U.S. to World: “You Must View Snowden as a Criminal, and Give Him Back”

No, there are us, and there are them. The tiny power elite that controls the mainstream press and cable channels, the corporations that dutifully hand over mega-data to the state (and then deny doing so to allay consumer outrage), the twin political parties, are sick to their stomachs that they’ve been so exposed. We in our turn should feel, if not terrorized, nauseated.

Assassinations depend on unreliable intelligence and hurt intelligence gathering

Strikes often kill many more than the intended target

The military labels unknown people it kills as “enemies killed in action”

The number of people targeted for drone strikes and other finishing operations

How geography shapes the assassination campaign

Inconsistencies with White House statements about targeted killing

Optic Nerve, the documents provided by NSA whistleblower Edward Snowden show, began as a prototype in 2008 and was still active in 2012, according to an internal GCHQ wiki page accessed that year.The system, eerily reminiscent of the telescreens evoked in George Orwell's 1984, was used for experiments in automated facial recognition, to monitor GCHQ's existing targets, and to discover new targets of interest. Such searches could be used to try to find terror suspects or criminals making use of multiple, anonymous user IDs.Rather than collecting webcam chats in their entirety, the program saved one image every five minutes from the users' feeds, partly to comply with human rights legislation, and also to avoid overloading GCHQ's servers. The documents describe these users as "unselected" – intelligence agency parlance for bulk rather than targeted collection.One document even likened the program's "bulk access to Yahoo webcam images/events" to a massive digital police mugbook of previously arrested individuals.

Programs like Optic Nerve, which collect information in bulk from largely anonymous user IDs, are unable to filter out information from UK or US citizens. Unlike the NSA, GCHQ is not required by UK law to "minimize", or remove, domestic citizens' information from its databases. However, additional legal authorisations are required before analysts can search for the data of individuals likely to be in the British Isles at the time of the search.There are no such legal safeguards for searches on people believed to be in the US or the other allied "Five Eyes" nations – Australia, New Zealand and Canada.

The documents also show that GCHQ trialled automatic searches based on facial recognition technology, for people resembling existing GCHQ targets: "[I]f you search for similar IDs to your target, you will be able to request automatic comparison of the face in the similar IDs to those in your target's ID".

Jewel is suing on behalf of all AT&T customers, and Shubert is suing on behalf of all Americans.

At issue is the NSA’s program to intercept phone and e-mail communications without a warrant, which was placed under court supervision in 2007 and then authorized by Congress in 2007 and 2008. Jewel also is challenging the agency’s collection of Americans’ phone metadata, or call logs that include numbers dialed and call lengths and times. That program was placed under court supervision in 2006 on the basis of a statute that has been reauthorized several times since then. Its existence was revealed in June following a leak by former NSA contractor Edward Snowden. The government has already suffered a setback in the case. U.S. District Judge Jeffrey S. White in July ruled that the government could not assert a state-secrets privilege when the underlying law, the Foreign Intelligence Surveillance Act, offers a process to hear classified evidence in closed chambers.

The declassification of the Bush administration’s authorization of the programs came in response to White’s order to the government to review declarations filed in the case. The judge wanted to see what could be declassified in light of Snowden’s revelations as well as subsequent disclosures made by the government. The government also declassified eight other declarations filed in the litigation by senior intelligence officials alleging national security would be harmed by disclosing program information.

TURBINE was designed to make deploying malware much easier for the NSA’s hackers by reducing their role in overseeing its functions. The system would “relieve the user from needing to know/care about the details,” the NSA’s Technology Directorate notes in one secret document from 2009. “For example, a user should be able to ask for ‘all details about application X’ and not need to know how and where the application keeps files, registry entries, user application data, etc.” In practice, this meant that TURBINE would automate crucial processes that previously had to be performed manually – including the configuration of the implants as well as surveillance collection, or “tasking,” of data from infected systems. But automating these processes was about much more than a simple technicality. The move represented a major tactical shift within the NSA that was expected to have a profound impact – allowing the agency to push forward into a new frontier of surveillance operations. The ramifications are starkly illustrated in one undated top-secret NSA document, which describes how the agency planned for TURBINE to “increase the current capability to deploy and manage hundreds of Computer Network Exploitation (CNE) and Computer Network Attack (CNA) implants to potentially millions of implants.” (CNE mines intelligence from computers and networks; CNA seeks to disrupt, damage or destroy them.)

But not all of the NSA’s implants are used to gather intelligence, the secret files show. Sometimes, the agency’s aim is disruption rather than surveillance. QUANTUMSKY, a piece of NSA malware developed in 2004, is used to block targets from accessing certain websites. QUANTUMCOPPER, first tested in 2008, corrupts a target’s file downloads. These two “attack” techniques are revealed on a classified list that features nine NSA hacking tools, six of which are used for intelligence gathering. Just one is used for “defensive” purposes – to protect U.S. government networks against intrusions.

The NSA has a diverse arsenal of malware tools, each highly sophisticated and customizable for different purposes. One implant, codenamed UNITEDRAKE, can be used with a variety of “plug-ins” that enable the agency to gain total control of an infected computer. An implant plug-in named CAPTIVATEDAUDIENCE, for example, is used to take over a targeted computer’s microphone and record conversations taking place near the device. Another, GUMFISH, can covertly take over a computer’s webcam and snap photographs. FOGGYBOTTOM records logs of Internet browsing histories and collects login details and passwords used to access websites and email accounts. GROK is used to log keystrokes. And SALVAGERABBIT exfiltrates data from removable flash drives that connect to an infected computer. The implants can enable the NSA to circumvent privacy-enhancing encryption tools that are used to browse the Internet anonymously or scramble the contents of emails as they are being sent across networks. That’s because the NSA’s malware gives the agency unfettered access to a target’s computer before the user protects their communications with encryption. It is unclear how many of the implants are being deployed on an annual basis or which variants of them are currently active in computer systems across the world.

Infiltrating cellphone networks, however, is not all that the malware can be used to accomplish. The NSA has specifically tailored some of its implants to infect large-scale network routers used by Internet service providers in foreign countries. By compromising routers – the devices that connect computer networks and transport data packets across the Internet – the agency can gain covert access to monitor Internet traffic, record the browsing sessions of users, and intercept communications. Two implants the NSA injects into network routers, HAMMERCHANT and HAMMERSTEIN, help the agency to intercept and perform “exploitation attacks” against data that is sent through a Virtual Private Network, a tool that uses encrypted “tunnels” to enhance the security and privacy of an Internet session.

Eventually, the secret files indicate, the NSA’s plans for TURBINE came to fruition. The system has been operational in some capacity since at least July 2010, and its role has become increasingly central to NSA hacking operations. Earlier reports based on the Snowden files indicate that the NSA has already deployed between 85,000 and 100,000 of its implants against computers and networks across the world, with plans to keep on scaling up those numbers. The intelligence community’s top-secret “Black Budget” for 2013, obtained by Snowden, lists TURBINE as part of a broader NSA surveillance initiative named “Owning the Net.” The agency sought $67.6 million in taxpayer funding for its Owning the Net program last year. Some of the money was earmarked for TURBINE, expanding the system to encompass “a wider variety” of networks and “enabling greater automation of computer network exploitation.”

Before it can extract data from an implant or use it to attack a system, the NSA must first install the malware on a targeted computer or network. According to one top-secret document from 2012, the agency can deploy malware by sending out spam emails that trick targets into clicking a malicious link. Once activated, a “back-door implant” infects their computers within eight seconds. There’s only one problem with this tactic, codenamed WILLOWVIXEN: According to the documents, the spam method has become less successful in recent years, as Internet users have become wary of unsolicited emails and less likely to click on anything that looks suspicious. Consequently, the NSA has turned to new and more advanced hacking techniques. These include performing so-called “man-in-the-middle” and “man-on-the-side” attacks, which covertly force a user’s internet browser to route to NSA computer servers that try to infect them with an implant.

To perform a man-on-the-side attack, the NSA observes a target’s Internet traffic using its global network of covert “accesses” to data as it flows over fiber optic cables or satellites. When the target visits a website that the NSA is able to exploit, the agency’s surveillance sensors alert the TURBINE system, which then “shoots” data packets at the targeted computer’s IP address within a fraction of a second. In one man-on-the-side technique, codenamed QUANTUMHAND, the agency disguises itself as a fake Facebook server. When a target attempts to log in to the social media site, the NSA transmits malicious data packets that trick the target’s computer into thinking they are being sent from the real Facebook. By concealing its malware within what looks like an ordinary Facebook page, the NSA is able to hack into the targeted computer and covertly siphon out data from its hard drive. A top-secret animation demonstrates the tactic in action.

The TURBINE implants system does not operate in isolation. It is linked to, and relies upon, a large network of clandestine surveillance “sensors” that the agency has installed at locations across the world.

The NSA’s headquarters in Maryland are part of this network, as are eavesdropping bases used by the agency in Misawa, Japan and Menwith Hill, England. The sensors, codenamed TURMOIL, operate as a sort of high-tech surveillance dragnet, monitoring packets of data as they are sent across the Internet. When TURBINE implants exfiltrate data from infected computer systems, the TURMOIL sensors automatically identify the data and return it to the NSA for analysis. And when targets are communicating, the TURMOIL system can be used to send alerts or “tips” to TURBINE, enabling the initiation of a malware attack. The NSA identifies surveillance targets based on a series of data “selectors” as they flow across Internet cables. These selectors, according to internal documents, can include email addresses, IP addresses, or the unique “cookies” containing a username or other identifying information that are sent to a user’s computer by websites such as Google, Facebook, Hotmail, Yahoo, and Twitter. Other selectors the NSA uses can be gleaned from unique Google advertising cookies that track browsing habits, unique encryption key fingerprints that can be traced to a specific user, and computer IDs that are sent across the Internet when a Windows computer crashes or updates.

Documents published with this article: Menwith Hill Station Leverages XKeyscore for Quantum Against Yahoo and Hotmail Five Eyes Hacking Large Routers NSA Technology Directorate Analysis of Converged Data Selector Types There Is More Than One Way to Quantum NSA Phishing Tactics and Man in the Middle Attacks Quantum Insert Diagrams The NSA and GCHQ’s QUANTUMTHEORY Hacking Tactics TURBINE and TURMOIL VPN and VOIP Exploitation With HAMMERCHANT and HAMMERSTEIN Industrial-Scale Exploitation Thousands of Implants

The agency’s core secrets are outlined in a 13-page “brief sheet” about Sentry Eagle, an umbrella term that the NSA used to encompass its most sensitive programs “to protect America’s cyberspace.” “You are being indoctrinated on Sentry Eagle,” the 2004 document begins, before going on to list the most highly classified aspects of its various programs. It warns that the details of the Sentry Eagle programs are to be shared with only a “limited number” of people, and even then only with the approval of one of a handful of senior intelligence officials, including the NSA director. “The facts contained in this program constitute a combination of the greatest number of highly sensitive facts related to NSA/CSS’s overall cryptologic mission,” the briefing document states. “Unauthorized disclosure…will cause exceptionally grave damage to U.S. national security. The loss of this information could critically compromise highly sensitive cryptologic U.S. and foreign relationships, multi-year past and future NSA investments, and the ability to exploit foreign adversary cyberspace while protecting U.S. cyberspace.”

The most controversial revelation in Sentry Eagle might be a fleeting reference to the NSA infiltrating clandestine agents into “commercial entities.” The briefing document states that among Sentry Eagle’s most closely guarded components are “facts related to NSA personnel (under cover), operational meetings, specific operations, specific technology, specific locations and covert communications related to SIGINT enabling with specific commercial entities (A/B/C).” It is not clear whether these “commercial entities” are American or foreign or both. Generally the placeholder “(A/B/C)” is used in the briefing document to refer to American companies, though on one occasion it refers to both American and foreign companies. Foreign companies are referred to with the placeholder “(M/N/O).” The NSA refused to provide any clarification to The Intercept.

Documents: Sentry Eagle Brief Sheet (13 pages) TAREX Classification Guide (7 pages) Exceptionally Controlled Information Listing (6 pages) ECI WHIPGENIE Classification Guide (7 pages) ECI Pawleys Classification Guide (4 pages) ECI Compartments (4 pages) CNO Core Secrets Slide Slices (10 pages) CNO Core Secrets Security Structure (3 pages) Computer Network Exploitation Classification Guide (8 pages) CNO Core Secrets (7 pages)

A Justice Department spokesman told Reuters Wednesday that “all of the information has been deleted” and that the DEA was “no longer collecting bulk telephony metadata from U.S. service providers.” What the spokesman did not say is that the DEA has access to troves of phone records from multiple sources — and not all of them are obtained from U.S. service providers. As The Intercept’s reporting on Project Crisscross revealed, the DEA has had large-scale access to data covertly collected by the NSA, CIA and other agencies for years. According to NSA documents obtained by Snowden, the DEA can sift through billions of metadata records collected by other agencies about emails, phone calls, faxes, Internet chats and text messages using systems named ICREACH and CRISSCROSS/PROTON.

Notably, the DEA spying reported by USA Today encompassed phone records collected by the DEA using administrative subpoenas to obtain data from phone companies without the approval of a judge. The phone records collected by the agency as part of Project Hemisphere and the data stored on the DICE system were also collected through subpoenas and warrants. But ICREACH alone was designed to handle two to five billion new records every day — the majority of them not collected using any conventional search warrant or a subpoena. Instead, most of the data accessible to the DEA through ICREACH is vacuumed up by the NSA using Executive Order 12333, a controversial Reagan-era presidential directive that underpins several NSA bulk surveillance operations that monitor communications overseas. The 12333 surveillance takes place with no court oversight and has received minimal Congressional scrutiny because it is targeted at foreign, not domestic, communication networks.

This means that some of the DEA’s access to mass surveillance data — records collected in bulk through subpoenas or warrants — may have been shut down by Holder in 2013. But it is likely that the agency still has the ability to tap into other huge data repositories, and questions remain about how that access is being used.

The new paper is the first in-depth technical analysis of government proposals by leading cryptographers and security thinkers, including Whitfield Diffie, a pioneer of public key cryptography, and Ronald L. Rivest, the “R” in the widely used RSA public cryptography algorithm. In the report, the group said any effort to give the government “exceptional access” to encrypted communications was technically unfeasible and would leave confidential data and critical infrastructure like banks and the power grid at risk. Handing governments a key to encrypted communications would also require an extraordinary degree of trust. With government agency breaches now the norm — most recently at the United States Office of Personnel Management, the State Department and the White House — the security specialists said authorities could not be trusted to keep such keys safe from hackers and criminals. They added that if the United States and Britain mandated backdoor keys to communications, China and other governments in foreign markets would be spurred to do the same.

“Such access will open doors through which criminals and malicious nation-states can attack the very individuals law enforcement seeks to defend,” the report said. “The costs would be substantial, the damage to innovation severe and the consequences to economic growth hard to predict. The costs to the developed countries’ soft power and to our moral authority would also be considerable.”

The court decision allowed the NSA “to query the vast majority” of its e-mail and phone call databases using the e-mail addresses and phone numbers of Americans and legal residents without a warrant, according to Bates’s opinion. The queries must be “reasonably likely to yield foreign intelligence information.” And the results are subject to the NSA’s privacy rules.

But in 2011, to more rapidly and effectively identify relevant foreign intelligence communications, “we did ask the court” to lift the ban, ODNI general counsel Robert S. Litt said in an interview. “We wanted to be able to do it,” he said, referring to the searching of Americans’ communications without a warrant.

But — and this was the nub of the criticism — a warrant for each target would no longer be required. That means that communications with Americans could be picked up without a court first determining that there is probable cause that the people they were talking to were terrorists, spies or “foreign powers.”That is why it is important to require a warrant before searching for Americans’ data, Udall said. “Our founders laid out a roadmap where Americans’ privacy rights are protected before their communications are seized or searched — not after the fact,” he said in a statement to The Post.

The [surveillance] Court documents declassified recently show that in late 2011 the court authorized the NSA to conduct warrantless searches of individual Americans’ communications using an authority intended to target only foreigners,” Wyden said in a statement to The Washington Post. “Our intelligence agencies need the authority to target the communications of foreigners, but for government agencies to deliberately read the e-mails or listen to the phone calls of individual Americans, the Constitution requires a warrant.”

Senior administration officials disagree. “If we’re validly targeting foreigners and we happen to collect communications of Americans, we don’t have to close our eyes to that,” Litt said. “I’m not aware of other situations where once we have lawfully collected information, we have to go back and get a warrant to look at the information we’ve already collected.” The searches take place under a surveillance program Congress authorized in 2008 under Section 702 of the Foreign Intelligence Surveillance Act. Under that law, the target must be a foreigner “reasonably believed” to be outside the United States, and the court must approve the targeting procedures in an order good for one year.

The court’s expansion of authority went largely unnoticed when the opinion was released, but it formed the basis for cryptic warnings last year by a pair of Democratic senators, Ron Wyden (Ore.) and Mark Udall (Colo.), that the administration had a “back-door search loophole” that enabled the NSA to scour intercepted communications for those of Americans. They introduced legislation to require a warrant, but they were barred by classification rules from disclosing the court’s authorization or whether the NSA was already conducting such searches.

The NSA intercepts more than 250 million Internet communications each year under Section 702. Ninety-one percent are from U.S. Internet companies such as Google and Yahoo. The rest come from “upstream” companies that route Internet traffic to, from and within the United States. The expanded search authority applies only to the downstream collection.

This language is broad, circular, and technically incoherent, so it takes some effort to parse appropriately. When the minimization procedures were disclosed in 2013, this language was interpreted by outside commentators to mean that NSA may keep all encrypted data that has been incidentally collected under Section 702 for at least as long as is necessary to decrypt that data. Is this the correct interpretation? I think so. It is important to realize that the language above isn’t just broad. It seems purposefully broad. The part regarding relevance seems to mirror the rationale NSA has used to justify its bulk phone records collection program. Under that program, all phone records were relevant because some of those records could be valuable to terrorism investigations and (allegedly) it isn’t possible to collect only those valuable records. This is the “to find a needle a haystack, you first have to have the haystack” argument. The same argument could be applied to encrypted data and might be at play here.

This exception doesn’t just apply to encrypted data that might be relevant to a current foreign intelligence investigation. It also applies to cases in which the encrypted data is likely to become relevant to a future intelligence requirement. This is some remarkably generous language. It seems one could justify keeping any type of encrypted data under this exception. Upon close reading, it is difficult to avoid the conclusion that these procedures were written carefully to allow NSA to collect and keep a broad category of encrypted data under the rationale that this data might contain the communications of NSA targets and that it might be decrypted in the future. If NSA isn’t doing this today, then whoever wrote these minimization procedures wanted to at least ensure that NSA has the authority to do this tomorrow.

There are a few additional observations that are worth making regarding these nominally new retention guidelines and Section 702 collection. First, the concept of incidental collection as it has typically been used makes very little sense when applied to encrypted data. The way that NSA’s Section 702 upstream “about” collection is understood to work is that technology installed on the network does some sort of pattern match on Internet traffic; say that an NSA target uses example@gmail.com to communicate. NSA would then search content of emails for references to example@gmail.com. This could notionally result in a lot of incidental collection of U.S. persons’ communications whenever the email that references example@gmail.com is somehow mixed together with emails that have nothing to do with the target. This type of incidental collection isn’t possible when the data is encrypted because it won’t be possible to search and find example@gmail.com in the body of an email. Instead, example@gmail.com will have been turned into some alternative, indecipherable string of bits on the network. Incidental collection shouldn’t occur because the pattern match can’t occur in the first place. This demonstrates that, when communications are encrypted, it will be much harder for NSA to search Internet traffic for a unique ID associated with a specific target.

This lends further credence to the conclusion above: rather than doing targeted collection against specific individuals, NSA is collecting, or plans to collect, a broad class of data that is encrypted. For example, NSA might collect all PGP encrypted emails or all Tor traffic. In those cases, NSA could search Internet traffic for patterns associated with specific types of communications, rather than specific individuals’ communications. This would technically meet the definition of incidental collection because such activity would result in the collection of communications of U.S. persons who aren’t the actual targets of surveillance. Collection of all Tor traffic would entail a lot of this “incidental” collection because the communications of NSA targets would be mixed with the communications of a large number of non-target U.S. persons. However, this “incidental” collection is inconsistent with how the term is typically used, which is to refer to over-collection resulting from targeted surveillance programs. If NSA were collecting all Tor traffic, that activity wouldn’t actually be targeted, and so any resulting over-collection wouldn’t actually be incidental. Moreover, greater use of encryption by the general public would result in an ever-growing amount of this type of incidental collection.

This type of collection would also be inconsistent with representations of Section 702 upstream collection that have been made to the public and to Congress. Intelligence officials have repeatedly suggested that search terms used as part of this program have a high degree of specificity. They have also argued that the program is an example of targeted rather than bulk collection. ODNI General Counsel Robert Litt, in a March 2014 meeting before the Privacy and Civil Liberties Oversight Board, stated that “there is either a misconception or a mischaracterization commonly repeated that Section 702 is a form of bulk collection. It is not bulk collection. It is targeted collection based on selectors such as telephone numbers or email addresses where there’s reason to believe that the selector is relevant to a foreign intelligence purpose.” The collection of Internet traffic based on patterns associated with types of communications would be bulk collection; more akin to NSA’s collection of phone records en mass than it is to targeted collection focused on specific individuals. Moreover, this type of collection would certainly fall within the definition of bulk collection provided just last week by the National Academy of Sciences: “collection in which a significant portion of the retained data pertains to identifiers that are not targets at the time of collection.”

The Section 702 minimization procedures, which will serve as a template for any new retention guidelines established for E.O. 12333 collection, create a large loophole for encrypted communications. With everything from email to Internet browsing to real-time communications moving to encrypted formats, an ever-growing amount of Internet traffic will fall within this loophole.

“The specific uses that they talk about in this [counter-terrorism] context may not be the problem, but it’s what else they can do,” said Tamir Israel, a lawyer with the University of Ottawa’s Canadian Internet Policy and Public Interest Clinic. Picking which downloads to monitor is essentially “completely at the discretion of CSE,” Israel added. The file-sharing surveillance also raises questions about the number of Canadians whose downloading habits could have been swept up as part of LEVITATION’s dragnet. By law, CSE isn’t allowed to target Canadians. In the LEVITATION presentation, however, two Canadian IP addresses that trace back to a web server in Montreal appear on a list of suspicious downloads found across the world. The same list includes downloads that CSE monitored in closely allied countries, including the United Kingdom, United States, Spain, Brazil, Germany and Portugal. It is unclear from the document whether LEVITATION has ever prevented any terrorist attacks. The agency cites only two successes of the program in the 2012 presentation: the discovery of a hostage video through a previously unknown target, and an uploaded document that contained the hostage strategy of a terrorist organization. The hostage in the discovered video was ultimately killed, according to public reports.

LEVITATION does not rely on cooperation from any of the file-sharing companies. A separate secret CSE operation codenamed ATOMIC BANJO obtains the data directly from internet cables that it has tapped into, and the agency then sifts out the unique IP address of each computer that downloaded files from the targeted websites. The IP addresses are valuable pieces of information to CSE’s analysts, helping to identify people whose downloads have been flagged as suspicious. The analysts use the IP addresses as a kind of search term, entering them into other surveillance databases that they have access to, such as the vast repositories of intercepted Internet data shared with the Canadian agency by the NSA and its British counterpart Government Communications Headquarters. If successful, the searches will return a list of results showing other websites visited by the people downloading the files – in some cases revealing associations with Facebook or Google accounts. In turn, these accounts may reveal the names and the locations of individual downloaders, opening the door for further surveillance of their activities.

Canada’s leading surveillance agency is monitoring millions of Internet users’ file downloads in a dragnet search to identify extremists, according to top-secret documents. The covert operation, revealed Wednesday by CBC News in collaboration with The Intercept, taps into Internet cables and analyzes records of up to 15 million downloads daily from popular websites commonly used to share videos, photographs, music, and other files. The revelations about the spying initiative, codenamed LEVITATION, are the first from the trove of files provided by National Security Agency whistleblower Edward Snowden to show that the Canadian government has launched its own globe-spanning Internet mass surveillance system. According to the documents, the LEVITATION program can monitor downloads in several countries across Europe, the Middle East, North Africa, and North America. It is led by the Communications Security Establishment, or CSE, Canada’s equivalent of the NSA. (The Canadian agency was formerly known as “CSEC” until a recent name change.)

According to one secret GCHQ slide, the British intelligence agency penetrated Gemalto’s internal networks, planting malware on several computers, giving GCHQ secret access. We “believe we have their entire network,” the slide’s author boasted about the operation against Gemalto. Additionally, the spy agency targeted unnamed cellular companies’ core networks, giving it access to “sales staff machines for customer information and network engineers machines for network maps.” GCHQ also claimed the ability to manipulate the billing servers of cell companies to “suppress” charges in an effort to conceal the spy agency’s secret actions against an individual’s phone. Most significantly, GCHQ also penetrated “authentication servers,” allowing it to decrypt data and voice communications between a targeted individual’s phone and his or her telecom provider’s network. A note accompanying the slide asserted that the spy agency was “very happy with the data so far and [was] working through the vast quantity of product.”

The U.S. and British intelligence agencies pulled off the encryption key heist in great stealth, giving them the ability to intercept and decrypt communications without alerting the wireless network provider, the foreign government or the individual user that they have been targeted. “Gaining access to a database of keys is pretty much game over for cellular encryption,” says Matthew Green, a cryptography specialist at the Johns Hopkins Information Security Institute. The massive key theft is “bad news for phone security. Really bad news.”

Effects operations are used to disseminate deception and disruption online. A full catalog of JTRIG’s capabilities as of 2012 can be seen here. Operation QUITO, the group’s operation to support the Foreign Office’s “goals relating to Argentina and the Falkland Islands” is called a “pioneering effects operation.” That operation, still in the planning stages, had undergone “a significant amount of prep work” and was “almost complete” as of 2009.

GCHQ’s mission regarding the Falkland Islands also appears to extend beyond just Argentina and involve regional leaders and attitudes. A November 2011 workshop on “Mission Driven Access” gathered staff to “build on pioneering work already done” and tried to develop new ideas for real world scenarios. One such scenario: “GCHQ has consistently underperformed on Brazil, with growing concerns that [South] American attitudes on the Falklands are swinging behind Argentina. A forthcoming Ministerial visit to Chile provides an opportunity to counter the trend. The Foreign Office are looking for advice.”

There may be many other potential influence-peddling stories, but the State Department has not released all of the emails from Clinton’s private server and other meeting log documents, while redacting identifying information that could shed light on other stories. For example, Mother Jones and The Intercept have reported that Clinton used the State Department to promote fracking development across the globe, and in particular her agency acted to benefit particular companies such as a Chevron project in Bulgaria and ExxonMobil’s efforts in Poland. Both ExxonMobil and Chevron are major donors to the Clinton Foundation. The release of more meeting log documents and emails would certainly reveal a better picture of potential influence.

Earlier this year, in similar fashion to the questions raised about the Clinton Foundation, Democrats in Arizona raised influence peddling concerns regarding the reported $1 million donation from the Saudi Arabian government to the McCain Institute for International Leadership, a nonprofit group closely affiliated with Sen. John McCain, R-Ariz. As chairman of the Armed Services Committee, McCain oversees a range of issues concerning Saudi Arabia, including arms sales. But none of the pundits rushing to the defense of the Clinton Foundation defended McCain. In fact, the more Clinton’s allies have worked to defend big money donations to the Clinton Foundation, the more closely they resemble the right-wing principles they once denounced. In one telling argument in defense of the Clinton Foundation, Media Matters, another group run by David Brock, argued this week that there was “no evidence of ethics breaches” because there was no explicit quid pro quo cited by the AP. The Media Matters piece mocked press figures for focusing on the “optics” of corruption surrounding the foundation. Such a standard is quite a reversal for the group. In a piece published by Media Matters only two years ago, the organization criticized conservatives for focusing only on quid pro quo corruption — the legal standard used to decide the Citizens United and McCutcheon Supreme Court decisions — calling such a narrow focus a “new perspective of campaign finance” that dismisses “concerns about institutional corruption in politics.” The piece notes that ethics laws concerning the role of money in politics follow a standard, set forth since the Watergate scandal, in which even the appearance, or in other words, the “optics” of corruption, is cause for concern.

One slide from a May 2010 NSA presentation on getting data from smartphones – breathlessly titled "Golden Nugget!" – sets out the agency's "perfect scenario": "Target uploading photo to a social media site taken with a mobile device. What can we get?"The question is answered in the notes to the slide: from that event alone, the agency said it could obtain a "possible image", email selector, phone, buddy lists, and "a host of other social working data as well as location".

The latest disclosures could also add to mounting public concern about how the technology sector collects and uses information, especially for those outside the US, who enjoy fewer privacy protections than Americans. A January poll for the Washington Post showed 69% of US adults were already concerned about how tech companies such as Google used and stored their information.The documents do not make it clear how much of the information that can be taken from apps is routinely collected, stored or searched, nor how many users may be affected. The NSA says it does not target Americans and its capabilities are deployed only against "valid foreign intelligence targets".The documents do set out in great detail exactly how much information can be collected from widely popular apps. One document held on GCHQ's internal Wikipedia-style guide for staff details what can be collected from different apps. Though it uses Android apps for most of its examples, it suggests much of the same data could be taken from equivalent apps on iPhone or other platforms.The GCHQ documents set out examples of what information can be extracted from different ad platforms, using perhaps the most popular mobile phone game of all time, Angry Birds – which has reportedly been downloaded more than 1.7bn times – as a case study.

Other apps choose to transmit much more data, meaning the agency could potentially net far more. One mobile ad platform, Millennial Media, appeared to offer particularly rich information. Millennial Media's website states it has partnered with Rovio on a special edition of Angry Birds; with Farmville maker Zynga; with Call of Duty developer Activision, and many other major franchises.

It appears the government hackers succeeded here once again using the QUANTUMINSERT method. The document states that the TAO team hacked an internal website of the operator consortium and copied documents stored there pertaining to technical infrastructure. But that was only the first step. "More operations are planned in the future to collect more information about this and other cable systems," it continues. But numerous internal announcements of successful attacks like the one against the undersea cable operator aren't the exclusive factors that make TAO stand out at the NSA. In contrast to most NSA operations, TAO's ventures often require physical access to their targets. After all, you might have to directly access a mobile network transmission station before you can begin tapping the digital information it provides.

To conduct those types of operations, the NSA works together with other intelligence agencies such as the CIA and FBI, which in turn maintain informants on location who are available to help with sensitive missions. This enables TAO to attack even isolated networks that aren't connected to the Internet. If necessary, the FBI can even make an agency-owned jet available to ferry the high-tech plumbers to their target. This gets them to their destination at the right time and can help them to disappear again undetected after as little as a half hour's work.

Sometimes it appears that the world's most modern spies are just as reliant on conventional methods of reconnaissance as their predecessors. Take, for example, when they intercept shipping deliveries. If a target person, agency or company orders a new computer or related accessories, for example, TAO can divert the shipping delivery to its own secret workshops. The NSA calls this method interdiction. At these so-called "load stations," agents carefully open the package in order to load malware onto the electronics, or even install hardware components that can provide backdoor access for the intelligence agencies. All subsequent steps can then be conducted from the comfort of a remote computer. These minor disruptions in the parcel shipping business rank among the "most productive operations" conducted by the NSA hackers, one top secret document relates in enthusiastic terms. This method, the presentation continues, allows TAO to obtain access to networks "around the world."