Your Source for Leaks Around the World!

Archive for the ‘NSA Files’ Category

WikiLeaks NSA Docs: Surveillance of France Presidents & Economic Espionage; Investigation Underway for New Whistleblower

In Archive, Assange, France, NSA, NSA Files, Surveillance, WikiLeaks on June 30, 2015 at 3:17 AM

wikielaks-nsa-spying-france-presidents

06/23/2015

WikiLeaks:

Today, 23 June 2015, WikiLeaks began publishing “Espionnage Élysée“, a collection of TOP SECRET intelligence reports and technical documents from the US National Security Agency (NSA) concerning targeting and signals intelligence intercepts of the communications of high-level officials from successive French governments over the last ten years.

The top secret documents derive from directly targeted NSA surveillance of the communications of French Presidents Francois Hollande (2012–present), Nicolas Sarkozy (2007–2012), and Jacques Chirac (1995–2007), as well as French cabinet ministers and the French Ambassador to the United States. (Related: Snowden Document Reveals NSA Programs Used to Spy on France Embassies in US)

The documents also contain the “selectors” from the target list, detailing the cell phone numbers of numerous officials in the Elysee up to and including the direct cell phone of the President.

Prominent within the top secret cache of documents are intelligence summaries of conversations between French government officials concerning some of the most pressing issues facing France and the international community, including the global financial crisis, the Greek debt crisis, the leadership and future of the European Union, the relationship between the Hollande administration and the German government of Angela Merkel, French efforts to determine the make-up of the executive staff of the United Nations, French involvement in the conflict in Palestine and a dispute between the French and US governments over US spying on France.

A founding member state of the European Union and one of the five permanent members of the UN Security Council, France is formally a close ally of the United States, and plays a key role in a number of US-associated international institutions, including the Group of 7 (G7), the North Atlantic Treaty Organization (NATO) and the World Trade Organization (WTO).

The revelation of the extent of US spying against French leaders and diplomats echoes a previous disclosure in the German press concerning US spying on the communications of German Chancellor Angela Merkel and other German officials. That disclosure provoked a political scandal in Germany, eventuating in an official inquiry into German intelligence co-operation with the United States, which is still ongoing.

While the German disclosures focused on the isolated fact that senior officials were targeted by US intelligence, WikiLeaks’ publication today provides much greater insight into US spying on its allies, including the actual content of intelligence products deriving from the intercepts, showing how the US spies on the phone calls of French leaders and ministers for political, economic and diplomatic intelligence.

WikiLeaks founder Julian Assange said: “The French people have a right to know that their elected government is subject to hostile surveillance from a supposed ally. We are proud of our work with leading French publishers Liberation and Mediapart to bring this story to light. French readers can expect more timely and important revelations in the near future.”

Documents Released 06/23/2015:

wikileaks-nsa-france-global-sigint-highlights

wikileaks-nsa-france-target-list-selectors

PDF

——————————————————————————————————————————————————————————————————-

06/24/2015

——————————————————————————————————————————————————————————————————-

06/24/2015

RT (1) (2):

French President Francois Hollande has described reports from WikiLeaks that Washington spied on three French presidents as “unacceptable.” The French Foreign Ministry is summoning the US ambassador to shed light on the allegations.

Hollande released the statement following an emergency meeting with key heads of intelligence and ministers at the Elysee Palace in the French capital.

“France will not tolerate actions that threaten its security and the protection of its interests,” the president’s office said, adding that allegations of spying on French interests had been made in the past.

“Commitments were made by the US authorities. They need to be recalled and strictly respected,” Reuters reported.

A French government spokesman said Paris will send a senior intelligence official to the US to discuss the spying reports.

French Foreign Minister Laurent Fabius has also summoned the US ambassador to France, Jane Hartley, to explain reports from WikiLeaks.

Before the hastily scheduled conference, Stephane Le Foll, a politician with the Socialist Party, lashed out at Washington.

“It is difficult to accept that between allies… there can be this kind of activity, particularly related to wiretapping linked to the president of the Republic,” Le Foll told iTele.

“When we are fighting terrorism, one has trouble imagining or understanding what would motivate an ally to spy on his allies,” he added. “There are enough dangerous crises in the world today.”

US President Barack Obama has assured his French counterpart Francois Hollande that Washington was not tapping his communications, the White House says.

In the phone call, Obama“reiterated that we have abided by the commitment we made to our French counterparts in late 2013 that we are not targeting and will not target the communications of the French president,” the White House said in a statement.

Nothing was said about the period beween 2006 and 2012, wwhich was mentioned by Wikileaks, though.

The statement released by Hollande’s office after the conversation, said in turn that “President Obama reiterated unequivocally his firm commitment … to end the practices that may have happened in the past and that are considered unacceptable among allies.”

Despite the surveillance scandal, the statement then said that French intelligence officials will soon go to Washington to “strengthen cooperation.”

US media cited a statement from the NSA saying it was not targeting and would not target Hollande’s communications. The statement did not deny spying had taken place in the past.

——————————————————————————————————————————————————————————————————-

06/24/2015

Mark Hosenball/Reuters:

U.S. and European security authorities are investigating whether a previously unknown leaker provided sensitive intelligence documents to WikiLeaks about alleged U.S. spying on French politicians, according to sources familiar with the matter.

U.S. and European security sources said the United States and allied governments were actively considering the possibility that someone other than former NSA contractor Edward Snowden provided the latest documents to WikiLeaks and its founder, Julian Assange.

Two people familiar with documentation which Snowden acquired when he worked as an NSA contractor and later supplied to media outlets said that they do not recall seeing these kind of reports among those materials.

But some sources familiar with the investigations said it was still possible that these documents originated with Snowden.

The U.S. and European sources cautioned that they did not know for sure that Assange had developed a source other than Snowden inside U.S. intelligence. Assange has been in contact with associates of Snowden and helped arrange for him to flee from Hong Kong to Russia, where he was later granted asylum.

But until now, Assange, who three years ago took refuge in Ecuador’s Embassy in London, has published few if any documents directly attributed to either Snowden’s leaks or to the NSA.

Associates of Snowden have said that they believe he deliberately avoided giving sensitive U.S. documents to Assange.

——————————————————————————————————————————————————————————————————-

——————————————————————————————————————————————————————————————————-

——————————————————————————————————————————————————————————————————-

 

wikileaks-nsa-france-economic-espionage

06/29/2015

WikiLeaks:

Today, 29 June 2015, WikiLeaks continues “Espionnage Élysée”, our ongoing publication of a collection of TOP SECRET documents from United States surveillance operations against France.

Today’s publication comprises seven top secret documents detailing how the US has had a decade- long policy of economic espionage against France, including the interception of all French corporate contracts and negotiations valued at more than $200 million. The documents demonstrate that the US National Security Agency, far from being a rogue organisation, is carrying out an economic espionage policy created by the US Director of National Intelligence. The documents detail the intelligence process, from the tasking of the NSA with collection of desired economic information to the production of developed intelligence reports, which are sent to “Supported Elements” of the US government, including the US Department of Commerce, the US Trade Represenative, the US Treasury and the Central Intelligence Agency.

Central within the cache of documents are two long-term spying orders (“collection requirements”) which define the kinds of intelligence the NSA is tasked with collecting in its surveillance operations against France.

The documents make clear that the NSA has been tasked with obtaining intelligence on all aspects of the French economy, from government policy, diplomacy, banking and participation in international bodies to infrastructural development, business practices and trade activities. The documents establish that the US economic intelligence operations against France have run for more than a decade and started as early as 2002.

Some of the documents are authorised for sharing with the “Five Eyes” partners – the group of Anglophone countries in close intelligence co-operation with the United States: Canada, New Zealand, Australia and France’s fellow member state of the European Union, the United Kingdom, strongly suggesting that the United Kingdom has also benefited from the United States’ economic espionage activities against France.

The cache also includes five TOP SECRET intelligence summaries from US spying on the conversations and communications of French officials. The documents show US spying on the French Finance Minister, a French Senator, officials within the Treasury and Economic Policy Directorate, the French ambassador to the United States, and officials with direct responsibility for EU trade policy. The intercepts reveal internal French deliberation and policy on the World Trade Organization, the Trans-Pacific Partnership Agreement, the G7 and the G20, the 2013 French budget, the decline of the automotive industry in France, and the involvement of French companies in the Oil for Food programme in Iraq during the 1990s.

WikiLeaks founder Julian Assange said: “The United States has been conducting economic espionage against France for more than a decade. Not only has it spied on the French Finance Minister, it has ordered the interception of every French company contract or negotiation valued at more than $200 million. That covers not only all of France’s major companies, from BNP Paribas, AXA and Credit Agricole to Peugeot and Renault, Total and Orange, but it also affects the major French farming associations. $200 million is roughly 3,000 French jobs. Hundreds of such contracts are signed every year. The United States not only uses the results of this spying itself, but swaps these intercepts with the United Kingdom. Do French citizens deserve to know that their country is being taken to the cleaners by the spies of supposedly allied countries? Mais oui!”

Documents Released 06/29/2015:

PDF

——————————————————————————————————————————————————————————————————-

Related Links:

NSA Spying on France: 70.3 Million Phone Calls Intercepted in 30 Days; Average of 3 Million Data Intercepts Per Day

NSA Document: 2012 “Flame” Cyberattack on France Presidential Computer Network; US Denies Involvement, Israel May Be Culprit

NSA’s SKYNET Behavior Analytics Program IDs Prominent Al Jazeera Journalist as Terrorist

In Archive, NSA, NSA Files, Pakistan, Surveillance, Terrorism on May 8, 2015 at 12:39 PM

nsa-skynet

05/08/2015

Cora Currier/Glenn Greenwald/Andrew Fishman/TheIntercept:

The U.S. government labeled a prominent journalist as a member of Al Qaeda and placed him on a watch list of suspected terrorists, according to a top-secret document that details U.S. intelligence efforts to track Al Qaeda couriers by analyzing metadata.

The briefing singles out Ahmad Muaffaq Zaidan, Al Jazeera’s longtime Islamabad bureau chief, as a member of the terrorist group. A Syrian national, Zaidan has focused his reporting throughout his career on the Taliban and Al Qaeda, and has conducted several high-profile interviews with senior Al Qaeda leaders, including Osama bin Laden.

A slide dated June 2012 from a National Security Agency PowerPoint presentation provided by Edward Snowden, bears Zaidan’s photo, name, and a terror watch list identification number, and labels him a “member of Al-Qa’ida” as well as the Muslim Brotherhood. It also notes that he “works for Al Jazeera.”

nsa-skynet-1

The document cites Zaidan as an example to demonstrate the powers of SKYNET, a program that analyzes location and communication data (or metadata) from bulk call records in order to detect suspicious patterns.

In the Terminator movies, SKYNET is a self-aware military computer system that launches a nuclear war to exterminate the human race, and then systematically kills the survivors.


According to the presentation, the NSA uses its version of SKYNET to identify people that it believes move like couriers used by Al Qaeda’s senior leadership.

The document poses the question: “Given a handful of courier selectors, can we find others that ‘behave similarly’” by analyzing cell phone metadata? “We are looking for different people using phones in similar ways,” the presentation continues, and measuring “pattern of life, social network, and travel behavior.”

For the experiment, the analysts fed 55 million cell phone records from Pakistan into the system, the document states.

nsa-skynet-2

The results identified someone who is “PROB” — which appears to mean probably — Zaidan as the “highest scoring selector” traveling between Peshawar and Lahore.

The following slide appears to show other top hits, noting that 21 of the top 500 were previously tasked for surveillance, indicating that the program is “on the right track” to finding people of interest. A portion of that list visible on the slide includes individuals supposedly affiliated with Al Qaeda and the Taliban, as well as members of Pakistan’s spy agency, Inter-Services Intelligence. But sometimes the descriptions are vague. One selector is identified simply as “Sikh Extremist.”

nsa-skynet-3

It appears, however, that Zaidan had already been identified as an Al Qaeda member before he showed up on SKYNET’s radar. That he was already assigned a watch list number would seem to indicate that the government had a prior intelligence file on him. The Terrorist Identities Datamart Environment, or TIDE, is a U.S. government database of over one million names suspected of a connection to terrorism, which is shared across the U.S. intelligence community.

The presentation contains no evidence to explain the designation.

According to another 2012 presentation describing SKYNET, the program looks for terrorist connections based on questions such as “who has traveled from Peshawar to Faisalabad or Lahore (and back) in the past month? Who does the traveler call when he arrives?” and behaviors such as “excessive SIM or handset swapping,” “incoming calls only,” “visits to airports,” and “overnight trips.”

That presentation states that the call data is acquired from major Pakistani telecom providers, though it does not specify the technical means by which the data is obtained.

nsa-skynet-4

The program assessing Zaidan as a likely match, raises troubling questions about the U.S. government’s method of identifying terrorist targets based on metadata.

As other documents from Snowden revealed, drone targets are often identified in part based on metadata analysis and cell phone tracking. Former NSA director Michael Hayden famously put it more bluntly in May 2014, when he said, “we kill people based on metadata.”

Metadata also played a key role in locating and killing Osama bin Laden. The CIA used cell phone calling patterns to track an Al Qaeda courier and identify bin Laden’s hiding place in Pakistan.

Yet U.S. drone strikes have killed many hundreds of civilians and unidentified alleged militants who may have been marked based on the patterns their cell phones gave up.

People whose work requires contact with extremists and groups that the U.S. government regards as terrorists have long worried that they themselves could look suspicious in metadata analysis.

In a brief phone interview with The Intercept, Zaidan “absolutely” denied that he is a member of Al Qaeda or the Muslim Brotherhood. In a statement provided through Al Jazeera, Zaidan noted that his career has spanned many years of dangerous work in Afghanistan and Pakistan, and required interviewing key people in the region — a normal part of any journalist’s job. 

“For us to be able to inform the world, we have to be able to freely contact relevant figures in the public discourse, speak with people on the ground, and gather critical information. Any hint of government surveillance that hinders this process is a violation of press freedom and harms the public’s right to know,” he wrote. “To assert that myself, or any journalist, has any affiliation with any group on account of their contact book, phone call logs, or sources is an absurd distortion of the truth and a complete violation of the profession of journalism.” 

A spokesman for Al Jazeera, a global news service funded by the government of Qatar, cited a long list of instances in which its journalists have been targeted by governments on which it reports, and described the labeling and surveillance of Zaidan as “yet another attempt at using questionable techniques to target our journalists, and in doing so, enforce a gross breach of press freedom.”

PDFs:
SKYNET: Applying Advanced Cloud-based Behavior Analytics
SKYNET: Courier Detection via Machine Learning

NSA’s “Human Language Technology”: Speech Recognition/Converting Intercepted Phone Calls Into Searchable Text

In Archive, NSA, NSA Files, Surveillance, Technology on May 5, 2015 at 4:06 PM

05/05/2015

Dan Froomkin/TheIntercept:

Most people realize that emails and other digital communications they once considered private can now become part of their permanent record.

But even as they increasingly use apps that understand what they say, most people don’t realize that the words they speak are not so private anymore, either.

Top-secret documents from the archive of former NSA contractor Edward Snowden show the National Security Agency can now automatically recognize the content within phone calls by creating rough transcripts and phonetic representations that can be easily searched and stored.

The documents show NSA analysts celebrating the development of what they called “Google for Voice” nearly a decade ago.

Though perfect transcription of natural conversation apparently remains the Intelligence Community’s “holy grail,” the Snowden documents describe extensive use of keyword searching as well as computer programs designed to analyze and “extract” the content of voice conversations, and even use sophisticated algorithms to flag conversations of interest.

The documents include vivid examples of the use of speech recognition in war zones like Iraq and Afghanistan, as well as in Latin America. But they leave unclear exactly how widely the spy agency uses this ability, particularly in programs that pick up considerable amounts of conversations that include people who live in or are citizens of the United States.

A 2008 document from the Snowden archive shows that  transcribing news broadcasts was already working well seven years ago, using a program called Enhanced Video Text and Audio Processing:

sidtoday-non-linguists

A version of the system the NSA uses is now even available commercially.

See Also: NSA Technology Transfer Program (TTP) Catalog for Licensing Products to U.S. Companies

The NSA has been repeatedly releasing new and improved speech recognition systems for more than a decade.

The first-generation tool, which made keyword-searching of vast amounts of voice content possible, was rolled out in 2004 and code-named RHINEHART.

“Voice word search technology allows analysts to find and prioritize intercept based on its intelligence content,” says an internal 2006 NSA memo entitled “For Media Mining, the Future Is Now!”

sidtoday-future-is-now

A newer, more sophisticated product rolled out by the NSA’s Human Language Technology (HLT) program office called VoiceRT, was first introduced in Baghdad in 2006. The goal, according to another 2006 memo, was to use voice processing technology to be able “index, tag and graph,” all intercepted communications.

sidtoday-future-is-now-conclusion

The memo says an “important enhancement under development is the ability for this HLT capability to predict what intercepted data might be of interest to analysts based on the analysts’ past behavior.”

To Phillip Rogaway, a professor of computer science at the University of California, Davis, keyword-search is probably the “least of our problems.” In an email to The Intercept, Rogaway warned that “When the NSA identifies someone as ‘interesting’ based on contemporary NLP [Natural Language Processing] methods, it might be that there is no human-understandable explanation as to why beyond: ‘his corpus of discourse resembles those of others whom we thought interesting’; or the conceptual opposite: ‘his discourse looks or sounds different from most people’s.’”

If the algorithms NSA computers use to identify threats are too complex for humans to understand, Rogaway wrote, “it will be impossible to understand the contours of the surveillance apparatus by which one is judged.  All that people will be able to do is to try your best to behave just like everyone else.”

A 2009 memo from the NSA’s British partner, GCHQ, describes how “NSA have had the BBN speech-to-text system Byblos running at Fort Meade for at least 10 years. (Initially they also had Dragon.) During this period they have invested heavily in producing their own corpora of transcribed SIGINT in both American English and an increasing range of other languages.” (GCHQ also noted that it had its own small corpora of transcribed voice communications, most of which happened to be “Northern Irish accented speech.”)

VoiceRT, in turn, was surpassed a few years after its launch. According to the intelligence community’s “Black Budget” for fiscal year 2013, VoiceRT was decommissioned and replaced in 2011 and 2012, so that by 2013, NSA could operationalize a new system.

black-budget-pp-361-363

This system, apparently called SPIRITFIRE, could handle more data, faster. SPIRITFIRE would be “a more robust voice processing capability based on speech-to-text keyword search and paired dialogue transcription.”

black-budget-p-262

According to a 2011 memo, “How is Human Language Technology (HLT) Progressing?“, NSA that year deployed “HLT Labs” to Afghanistan, NSA facilities in Texas and Georgia, and listening posts in Latin America run by the Special Collection Service, a joint NSA/CIA unit that operates out of embassies and other locations.

sidtoday-is-hlt-progressing

A June 2006 NSA powerpoint presentation describing the role of VoiceRT:

In a 2011 article, “Finding Nuggets — Quickly — in a Heap of Voice Collection, From Mexico to Afghanistan,” an intelligence analysis technical director from NSA Texas described the “rare life-changing instance” when he learned about human language technology, and its ability to “find the exact traffic of interest within a mass of collection.”

sidtoday-finding-nuggets

What’s less clear from the archive is how extensively this capability is used to transcribe or otherwise index and search voice conversations that primarily involve what the NSA terms “U.S. persons.”

The NSA did not answer a series of detailed questions about automated speech recognition, even though an NSA “classification guide” that is part of the Snowden archive explicitly states that “The fact that NSA/CSS has created HLT models” for speech-to-text processing as well as gender, language and voice recognition, is “UNCLASSIFIED.”

hlt-classification-guide

Spying on international telephone calls has always been a staple of NSA surveillance, but the requirement that an actual person do the listening meant it was effectively limited to a tiny percentage of the total traffic. By leveraging advances in automated speech recognition, the NSA has entered the era of bulk listening.

And this has happened with no apparent public oversight, hearings or legislative action. Congress hasn’t shown signs of even knowing that it’s going on.

Additional 2006 NSA document published with but not mentioned in article:

sidtoday-dealing-w-tsunami-of-intercept

Source Documents (PDF):

Coming Soon! A Tool that Enables Non-Linguists to Analyze Foreign-TV News Programs (October 23, 2008)
For Media Mining, the Future is Now! (August 1, 2006)
For Media Mining, the Future is Now! (conclusion) (August 7, 2006)
SIRDCC Speech Technology WG assessment of current STT technology (December 7, 2009)
“Black Budget” — FY 2013 Congressional Budget Justification/National Intelligence Program, pp. 360-364 (February 2012)
“Black Budget” — FY 2013 Congressional Budget Justification/National Intelligence Program, p. 262 (February 2012)
How Is Human Language (HLT) Progressing?(September 26, 2011)
RT10 Overview (June 2006)
Finding Nuggets – Quickly – in a Heap of Voice Collection, From Mexico to Afghanistan (May 25, 2011)
Classification Guide for Human Language Technology (HLT) Models (May 18, 2011)
Dealing With a ‘Tsunami’ of Intercept (August 29, 2006)

CSE’s Cyberwarfare Toolbox: False Flag Ops/Deception Techniques/Destroying Infrastructure Among 32 Tactics Revealed

In Archive, Canada, CSEC, False Flag, Hacking, NSA, NSA Files, PSYOP, Surveillance on April 2, 2015 at 11:07 AM

cse-cyber-activity-spectrum

03/23/2015

CBC/Ryan Gallagher/TheIntercept:

Top-secret documents obtained by the CBC show Canada’s electronic spy agency Communication Security Establishment (CSE) has developed a vast arsenal of cyberwarfare tools alongside its U.S. and British counterparts to hack into computers and phones in many parts of the world, including in friendly trade countries like Mexico and hotspots like the Middle East.

Details of the CSE’s capabilities are revealed in several top-secret documents analyzed by CBC News in collaboration with The Intercept.

The latest top-secret documents illustrate the development of a large stockpile of Canadian cyber-spy capabilities that go beyond hacking for intelligence, including:

  • destroying infrastructure, which could include electricity, transportation or banking systems
  •  “false flag” operations to “create unrest” — ie. carrying out an attack, but making it look like it was performed by another group — in this case, likely another government or hacker
  • “effects” operations to “alter adversary perception” – ie. sending out propaganda across social media or disrupting communications services with such techniques as deleting emails, freezing internet connections, blocking websites and redirecting wire money transfers
  • “honeypots” – ie. some sort of bait posted online that lures in targets so that they can be hacked or monitored

It’s unclear which of the 32 cyber tactics listed in the 2011 document are actively used or in development. CSE wanted to become more aggressive by 2015, the documents also said.

Document: CSEC Cyber Threat Capabilities – SIGINT and ITS: An End-to-End Approach (2011)

Previous Snowden leaks have disclosed that the CSE uses the highly sophisticated WARRIORPRIDE malware to target cellphones, and maintains a network of infected private computers — what’s called a botnet ​— that it uses to disguise itself when hacking targets.

Other leaked documents revealed back in 2013 that the CSE spied on computers or smartphones connected to Brazil’s mining and energy ministry to get economic intelligence.

Canada’s electronic spy agency and the U.S. National Security Agency “cooperate closely” in “computer network access and exploitation” of certain targets, according to an April 2013 briefing note for the NSA.

Document: NSA Intelligence Relationship with CSEC (April 2013)

Their targets are located in the Middle East, North Africa, Europe and Mexico, plus other unnamed countries connected to the two agencies’ counterterrorism goals, the documents say. Specific techniques used against the targets are not revealed.

Some of the capabilities mirror what CSE’s U.S. counterpart, the NSA, can do under a powerful hacking program called QUANTUM, which was created by the NSA’s elite cyberwarfare unit, Tailored Access Operations.

The apparent involvement of CSE in using the deception tactics suggests it is operating in the same area as a secretive British unit known as JTRIG, a division of the country’s eavesdropping agency, Government Communications Headquarters, or GCHQ. Last year, documents from Snowden revealed that JTRIG uses a range of effects operations to manipulate information online, such as by rigging the outcome of online polls, sending out fake messages on Facebook across entire countries, and posting negative information about targets online to damage their reputations.

According to the documents, the CSE wanted more aggressive powers for use both at home and abroad.

In 2011, the Canadian agency presented its vision for 2015 to the Five Eyes allies at a conference.

“We will seek the authority to conduct a wide spectrum of Effects operations in support of our mandates,” the top-secret presentation says.

Document: CASCADE: Joint Cyber Sensor Architecture (2011)

Effects operations refer to manipulating and disrupting computers or devices.

In an increasingly hostile cyberspace, Canada has also turned its attention to figuring out ways to better protect itself against such attacks.

Documents: CSEC Cyber Threat Detection (November 2009)
                          CSEC SIGINT Cyber Discovery (November 2010)

See Also: EONBLUE: CSE’s Cyber Threat Detection Platform; Access Internet Core Infrastructure with 200 Sensors Across Globe

Back in 2011, CSE envisioned creating a “perimeter around Canada” to better defend the country’s interests from potential threats from other countries and criminals, raising the prospect the agency was preparing a broad surveillance program to target Canadians’ online traffic.

At the time, “full visibility of our national infrastructure” was among its goals, according to a planning document for 2015. Security analysts wanted the means to detect an attack before it hit a target like a government website.

“If we wish to enable defence, we must have intelligence to know when attacks enter our national infrastructure,” the 2011 top-secret CSE presentation says.

The agency would not answer how far it got with the 2015 plan.

Document: CSE Response to CBC Re: Cyberwarfare Revelations

Experts say the Anti-Terrorism Act, Bill C-51, currently being debated, could legalize use of some of the capabilities outlined in these classified documents.

Though the act would give CSIS, Canada’s domestic intelligence agency, the power to disrupt threats to the security of Canada both at home and abroad, the Canadian Security Intelligence Service relies on its sister service, the CSE, for technical help with surveillance and infiltration of cellphones and computers.

NSA Mapping Networks of Major Telecom/Finance/Oil/Manufacturing Companies, Including From US & Five Eyes Countries

In Archive, Canada, Five Eyes, NSA, NSA Files, Surveillance, UK, USA on March 22, 2015 at 6:32 PM

nsa-private-networks-sigdev

03/17/2015

Colin Freeze/Christine Dobby/Globe&Mail (1)(2)(3):

The U.S. National Security Agency has been trying to map the communications traffic of corporations around the world, and a classified document reveals that at least two of Canada’s largest companies are included.

A 2012 presentation by a U.S. intelligence analyst, a copy of which was obtained by The Globe and Mail, includes a list of corporate networks that names Royal Bank of Canada and Rogers Communications Inc.

The presentation, titled “Private Networks: Analysis, Contextualization and Setting the Vision,” is among the NSA documents taken by former contractor Edward Snowden. It was obtained by The Globe from a confidential source, and has not previously been disseminated or analyzed publicly.

Canada’s biggest bank and its largest wireless carrier are on a list of 15 entities that are visible in a drop-down menu on one of the presentation’s 40 pages. It shows part of an alphabetical list of entries beginning with the letter “R” that also includes two U.K.-headquartered companies – Rolls Royce Marine and Rio Tinto – and U.S.-based RigNet, among other global firms involved in telecom, finance, oil and manufacturing.

The name of Huawei Technologies Co. Ltd. appears in the presentation as well, and the NSA appears to have had a keen interest in isolating the corporation’s data channels. “These links are likely to carry Huawei traffic,” reads one slide.

nsa-private-networks-huawei

The document does not say what data the NSA has collected about these firms, or spell out the agency’s objective, but it states that “private networks are important.”

nsa-private-networks-important

It notes that high-level NSA “targets,” such as foreign countries’ armed forces and diplomats, use private networks. But it also mentions the Brazilian energy firm Petrobras, the Belgium-based SWIFT network of global electronic payments, and even global “Google infrastructure” controlled by the California technology giant.

The presentation obtained by The Globe describes SigDev techniques for finding targets – one is an NSA software program called “ROYALNET”, that can help analysts “identify communicants of private networks” or determine the best “access points for a target’s communications.”

nsa-private-networks-royalnet

Another technique featured in the presentation involves sorting captured telecommunications traffic into “realms,” which the document says are “a label assigned by the intelligence community.”

A realm appears to be a continually updated list of everything the NSA can gather about how a specific corporation routes communications on the Internet, and any known device on its private networks. One slide in the presentation titled “Realms in Analyst Tools,” shows the drop-down menu listing 15 firms, which is where “RoyalBankOfCanada” and “RogersWireless.ca” are listed.

nsa-private-networks-realms

The list is not visible beyond the letter R entities shown on a screen shot in the presentation, and it is not known whether other Canadian corporations are listed.

Previous leaks show the NSA and its allies indiscriminately capture telecommunications data from Internet routes. In this presentation, the agency appears to be using that “bulk” collected data to map out specific networks. The NSA is not trying at this stage to get at any data inside individual computers, such as specific transactions or customer records.

A comparison of this document with previous Snowden leaks suggests it may be a preliminary step in broad efforts to identify, study and, if deemed necessary, “exploit” organizations’ internal communication networks.

Christopher Parsons, a researcher at the University of Toronto’s Citizen Lab, who reviewed the leaked document with The Globe, said the activity described could help determine useful access points in the future: “This is preparing the battlefield so it could later be used. This is … watching communications come in and out of a network and saying, ‘Okay, these are the places we need to go in.’”

Markings on the document, which is labelled “top secret,” indicate it was shared with the NSA’s Canadian counterpart, the Communications Security Establishment.

“While CSE cannot comment on intelligence capabilities or operations – our own or our allies – there is no evidence in the document in question that intelligence activities have been directed at any Canadian entity, company or individual,” spokesman Ryan Foreman said in an e-mailed statement.

(The Globe did not provide a copy of the document to CSE.)

The Canadian companies named in the document say they have no reason to believe their computer systems or customer records were compromised and insist their networks are secure.

“If such surveillance is taking place, we would find that very troubling,” Rogers spokeswoman Patricia Trott said.

“We have not provided the NSA access to our network,” RBC spokesman Don Blair said.

A spokesman for Huawei Canada declined to comment on Tuesday, as did representatives for Britain-based Rolls Royce Marine and Rio Tinto. U.S.-based RigNet, which was also named, did not respond to requests seeking comment.

When The Globe asked the NSA for comment, agency spokeswoman Vanee Vines urged the newspaper not to publish names of intelligence employees. Asked about the interest in Rogers and RBC, she said the NSA “will not comment on specific, alleged foreign intelligence activities.” Vines added that the spy agency never collects intelligence “to provide a competitive advantage to U.S. companies.”

However, some documents show the U.S. intelligence community has not ruled out such activities in the future. One previously leaked strategy document envisions a future, in 2025, when U.S. companies are falling behind and policy makers push government spies to conduct aggressive economic-espionage campaigns.

Today, under the terms of a 66-year old reciprocal accord, Washington and Ottawa are supposed to refrain from spying on the communications of each other’s citizens and entities.

For decades the NSA and CSE have spied in co-operation with agencies from Britain, Australia and New Zealand, and are together known as the “Five Eyes.” The powerful alliance relies on near complete trust and sharing, as well as general agreements not to spy on each other.

Because of this, any revelations about member nations directly targeting their own or each other’s citizens or corporations are explosive. A previously leaked U.S. guide for keeping intelligence documents under wraps suggests that the NSA would strive to keep any such spying quiet for decades.

Five Eyes partners “are among NSA/CSS’s strongest,” that document says. “Revealing the fact that the NSA/CSS targeted their communications at any time … could cause irreparable damage.” (CSS refers to the NSA’s military adjunct, the Central Security Service.)

The original source document was not published in this article. All screenshots are from a previous video report via Fantástico and Glenn Greenwald‘s book “No Place to Hide“. More below:

nsa-private-networks-more-1

nsa-private-networks-more-2

nsa-private-networks-more-3

nsa-private-networks-more-4

nsa-private-networks-more-5

nsa-private-networks-more-6

nsa-private-networks-more-7

nsa-private-networks-more-8

Related Links:

(NSA Programs) Treasure Map: Near Real-Time Interactive Map of Internet, Any Device, Anywhere, All the Time; Packaged Goods: Tracks Traceroutes, Accessed 13 Servers in Unwitting Data Centers

NSA/GCHQ TREASUREMAP Docs: “Map the Entire Internet” for “Computer Attack/Exploit Planning”

HACIENDA: Five Eyes Program Port Scanning Entire Countries for IT Vulnerabilities

MORECOWBELL: NSA’s Covert DNS Monitoring System

%d bloggers like this: