Your Source for Leaks Around the World!

Archive for the ‘UK’ Category

NSA Mapping Networks of Major Telecom/Finance/Oil/Manufacturing Companies, Including From US & Five Eyes Countries

In Archive, Canada, Five Eyes, NSA, NSA Files, Surveillance, UK, USA on March 22, 2015 at 6:32 PM



Colin Freeze/Christine Dobby/Globe&Mail (1)(2)(3):

The U.S. National Security Agency has been trying to map the communications traffic of corporations around the world, and a classified document reveals that at least two of Canada’s largest companies are included.

A 2012 presentation by a U.S. intelligence analyst, a copy of which was obtained by The Globe and Mail, includes a list of corporate networks that names Royal Bank of Canada and Rogers Communications Inc.

The presentation, titled “Private Networks: Analysis, Contextualization and Setting the Vision,” is among the NSA documents taken by former contractor Edward Snowden. It was obtained by The Globe from a confidential source, and has not previously been disseminated or analyzed publicly.

Canada’s biggest bank and its largest wireless carrier are on a list of 15 entities that are visible in a drop-down menu on one of the presentation’s 40 pages. It shows part of an alphabetical list of entries beginning with the letter “R” that also includes two U.K.-headquartered companies – Rolls Royce Marine and Rio Tinto – and U.S.-based RigNet, among other global firms involved in telecom, finance, oil and manufacturing.

The name of Huawei Technologies Co. Ltd. appears in the presentation as well, and the NSA appears to have had a keen interest in isolating the corporation’s data channels. “These links are likely to carry Huawei traffic,” reads one slide.


The document does not say what data the NSA has collected about these firms, or spell out the agency’s objective, but it states that “private networks are important.”


It notes that high-level NSA “targets,” such as foreign countries’ armed forces and diplomats, use private networks. But it also mentions the Brazilian energy firm Petrobras, the Belgium-based SWIFT network of global electronic payments, and even global “Google infrastructure” controlled by the California technology giant.

The presentation obtained by The Globe describes SigDev techniques for finding targets – one is an NSA software program called “ROYALNET”, that can help analysts “identify communicants of private networks” or determine the best “access points for a target’s communications.”


Another technique featured in the presentation involves sorting captured telecommunications traffic into “realms,” which the document says are “a label assigned by the intelligence community.”

A realm appears to be a continually updated list of everything the NSA can gather about how a specific corporation routes communications on the Internet, and any known device on its private networks. One slide in the presentation titled “Realms in Analyst Tools,” shows the drop-down menu listing 15 firms, which is where “RoyalBankOfCanada” and “” are listed.


The list is not visible beyond the letter R entities shown on a screen shot in the presentation, and it is not known whether other Canadian corporations are listed.

Previous leaks show the NSA and its allies indiscriminately capture telecommunications data from Internet routes. In this presentation, the agency appears to be using that “bulk” collected data to map out specific networks. The NSA is not trying at this stage to get at any data inside individual computers, such as specific transactions or customer records.

A comparison of this document with previous Snowden leaks suggests it may be a preliminary step in broad efforts to identify, study and, if deemed necessary, “exploit” organizations’ internal communication networks.

Christopher Parsons, a researcher at the University of Toronto’s Citizen Lab, who reviewed the leaked document with The Globe, said the activity described could help determine useful access points in the future: “This is preparing the battlefield so it could later be used. This is … watching communications come in and out of a network and saying, ‘Okay, these are the places we need to go in.’”

Markings on the document, which is labelled “top secret,” indicate it was shared with the NSA’s Canadian counterpart, the Communications Security Establishment.

“While CSE cannot comment on intelligence capabilities or operations – our own or our allies – there is no evidence in the document in question that intelligence activities have been directed at any Canadian entity, company or individual,” spokesman Ryan Foreman said in an e-mailed statement.

(The Globe did not provide a copy of the document to CSE.)

The Canadian companies named in the document say they have no reason to believe their computer systems or customer records were compromised and insist their networks are secure.

“If such surveillance is taking place, we would find that very troubling,” Rogers spokeswoman Patricia Trott said.

“We have not provided the NSA access to our network,” RBC spokesman Don Blair said.

A spokesman for Huawei Canada declined to comment on Tuesday, as did representatives for Britain-based Rolls Royce Marine and Rio Tinto. U.S.-based RigNet, which was also named, did not respond to requests seeking comment.

When The Globe asked the NSA for comment, agency spokeswoman Vanee Vines urged the newspaper not to publish names of intelligence employees. Asked about the interest in Rogers and RBC, she said the NSA “will not comment on specific, alleged foreign intelligence activities.” Vines added that the spy agency never collects intelligence “to provide a competitive advantage to U.S. companies.”

However, some documents show the U.S. intelligence community has not ruled out such activities in the future. One previously leaked strategy document envisions a future, in 2025, when U.S. companies are falling behind and policy makers push government spies to conduct aggressive economic-espionage campaigns.

Today, under the terms of a 66-year old reciprocal accord, Washington and Ottawa are supposed to refrain from spying on the communications of each other’s citizens and entities.

For decades the NSA and CSE have spied in co-operation with agencies from Britain, Australia and New Zealand, and are together known as the “Five Eyes.” The powerful alliance relies on near complete trust and sharing, as well as general agreements not to spy on each other.

Because of this, any revelations about member nations directly targeting their own or each other’s citizens or corporations are explosive. A previously leaked U.S. guide for keeping intelligence documents under wraps suggests that the NSA would strive to keep any such spying quiet for decades.

Five Eyes partners “are among NSA/CSS’s strongest,” that document says. “Revealing the fact that the NSA/CSS targeted their communications at any time … could cause irreparable damage.” (CSS refers to the NSA’s military adjunct, the Central Security Service.)

The original source document was not published in this article. All screenshots are from a previous video report via Fantástico and Glenn Greenwald‘s book “No Place to Hide“. More below:









Related Links:

(NSA Programs) Treasure Map: Near Real-Time Interactive Map of Internet, Any Device, Anywhere, All the Time; Packaged Goods: Tracks Traceroutes, Accessed 13 Servers in Unwitting Data Centers

NSA/GCHQ TREASUREMAP Docs: “Map the Entire Internet” for “Computer Attack/Exploit Planning”

HACIENDA: Five Eyes Program Port Scanning Entire Countries for IT Vulnerabilities

MORECOWBELL: NSA’s Covert DNS Monitoring System

Spy Cables: Leaked Correspondence Between Top Intel Agencies & S. Africa Offer Glimpse Into World of Espionage

In Archive, CIA, Espionage, FSB, Iran, Israel, MI6, Mossad, Russia, South Africa, Spy Cables, SSA, Surveillance, UK, USA on February 25, 2015 at 4:29 AM



A digital leak to Al Jazeera of hundreds of secret intelligence documents from the world’s spy agencies has offered an unprecedented insight into operational dealings of the shadowy and highly politicised realm of global espionage.

Over the coming days, Al Jazeera’s Investigative Unit is publishing The Spy Cables, in collaboration with The Guardian newspaper.

Spanning a period from 2006 until December 2014, they include detailed briefings and internal analyses written by operatives of South Africa’s State Security Agency (SSA). They also reveal the South Africans’ secret correspondence with the US intelligence agency, the CIA, Britain’s MI6, Israel’s Mossad, Russia’s FSB and Iran’s operatives, as well as dozens of other services from Asia to the Middle East and Africa.

Unlike the Edward Snowden documents that focus on electronic signals intelligence, commonly referred to in intelligence circles as “SIGINT”, the Spy Cables deal with human intelligence, or “HUMINT”.

Rather than chronicling spy-movie style tales of  ruthless efficiency of intelligence agencies, they offer an unprecedented glimpse into the daily working lives of people whose jobs are kept secret from the public.

(36 PDFs/309 Pages/305MB/RAR)


(11 PDFs/132 Pages/128MB/RAR)


(14 PDFs/56 Pages/79MB/RAR)



Al Jazeera:


Abbas and Israel ally against 2009 UN probe

Israeli cable reveals S Africa missile theft cover-up

South African spies wary of Iran operations

British attempt to recruit N Korean spy

‘Desperate’ US approach to Hamas

Mossad contradicted Netanyahu on Iran nuclear programme


US meddling in African Union election

Inside the battle for intelligence in South Africa

Greenpeace among intelligence targets

African Union assassination threat

S. Africa’s alarming security failings

Israel airline used as intelligence ‘front’

Israel’s Mossad tactics

‘Ex-Israeli agents’ threatened cyber attack on S Africa

‘Arrogant’ Israeli spy infuriates S Africa intelligence

The car-jacking and the friendly Moroccan ambassador

Mossad’s questionable questions about Morsi


The echo chamber: the politics of intelligence

Israel’s Africa policies ‘an exercise in cynicism’

‘China behind S Africa nuclear break-ins’

S. Africa spied on Russia for satellite project details

Spy Cables raise South Africa privacy concerns

Cables reveal S. Africa at odds with allies on al-Qaeda


Israel’s Africa policies ‘an exercise in cynicism’

Mossad’s ‘moderate Muslim’ scorecard



Netanyahu’s Iran bomb claim contradicted by Mossad

South Africa monitored Iranian agents under US pressure

MI6 intervened to halt South African firm’s deal with Iranian client

CIA attempted to contact Hamas despite official US ban


Africa is new ‘El Dorado of espionage’

The unglamorous life of a modern spy in the new ‘El Dorado of espionage’

Greenpeace head targeted by intelligence agencies before Seoul G20

South Africa scrambles to deal with fallout from leaked spy cables


Al-Shabaab Calls for Westgate-Style Attacks on Shopping Malls in US/Canada/UK/France (VIDEO)

In Al-Qaeda, Al-Shabaab, Archive, Canada, France, Kenya, Somalia, Terrorism, UK, USA on February 23, 2015 at 11:15 PM


The Somali militant group Al-Shabaab released a video Saturday night calling for attacks on on Western shopping malls, just hours after the extremists killed dozens of people at a luxury hotel in Somalia’s capital.

Al Shabaab posted a 77-minute video that attempts to justify their brutal assault on Kenya’s Westgate Mall that left more than 60 people dead in 2013. In the video, filled with passages of Islamic scripture, a narrator claims that Kenya’s government has oppressed Muslims and that it is time to fight back — both against Kenya and against the West.

“The mall is popular with expats, diplomats, and scores of other Westerners,” the narrator says as previously released footage of the three-day siege taken from security cameras is shown.

“This video by the Shabaab resembles older releases by the group, such as ‘Woolwich attack: It’s an eye for an eye’, wherein the group commented on jihadist Michael Adebolajo’s killing of British Solider Lee Rigby,” said SITE Director Rita Katz.

“The English-speaking narrator in this video sounds remarkably similar to the narrator from past Shabaab releases, including the ‘Eye for an Eye’ video, as well as another regarding the group’s June 2013 suicide attack on the U.N. Common Compound in Mogadishu.”

At the end of the video, a man in camouflage appears on the screen and speculates on the damage that could be done at several of the Western world’s largest shopping destinations.

“If just a handful of mujahideen fighters could bring Kenya to a complete standstill for nearly a week, then imagine what a dedicated mujahideen in the West could do to the American or Jewish-owned shopping centers across the world,” the man says. “What if such an attack were to occur in the Mall of America in Minnesota? Or the West Edmonton Mall in Canada? Or in London’s Oxford Street?”

Then the speaker challenges a “man with firm determination” to carry out such a scheme.

“What would be the implications of such an attack? One could only imagine,” the speaker muses. “And all it takes is a man with firm determination.”

The US homeland security chief responded Sunday that he took the threat seriously, and said the video was a dangerous incitement to extremists already in the US.

“This latest statement reflects the new phase we’ve evolved into in the global terrorist threat, in that you have groups such as al Shabaab and ISIL publicly calling for independent actors in their homelands to carry out attacks,” Department of Homeland Security Secretary Jeh Johnson told CNN.

He also warned shoppers in Minnesota to stay vigilant. “I would say that if anyone is planning to go to the Mall of America today, they’ve got to be particularly careful,” Johnson said.

Edmonton police say there is “no imminent threat” to the city.

“This was a very general comment … it wasn’t a specific threat,” said Brian Simpson, deputy chief of the Edmonton Police Service.  “However, we as a policing agency …  absolutely paying attention to this.”

Simpson said despite the lack of a specific threat, Edmonton police have reviewed its procedures when it came to safety in all of the city’s malls. He said the services is working closely with RCMP and West Edmonton Mall security.

He said police have a “very good working relationship” with the mall, and that he is confident in the building’s security.

“I would dare say they have one of the best systems that I’ve seen,” he said.

West Edmonton Mall and the Mall of America are owned by Canada’s Ghermezian family, who are of Iranian-Jewish origins. Both malls have issued statements saying they were implementing additional security measures.

Scotland Yard said they were “assessing the content” of a video urging Muslims to attack London shopping sites including Oxford Street and Westfield Stratford City.

A Metropolitan Police spokesman said: “The MPS Counter Terrorism Command is aware of the video and is assessing the content. We remind the public that downloading extremist material may constitute an offence.”

Other malls listed in the video include two in Paris, Les Quatre Temps and Forum des Halles.

UK Interception of Communications & Equipment Interference Codes of Practice

In Archive, GCHQ, Hacking, MI5, MI6, NSA Files, Surveillance, UK on February 22, 2015 at 4:31 AM



Alan Travis/Guardian (1) (2)/James Ball/Guardian:

The British government has for the first time offered an official definition of computer hacking by the security services. In a Home Office “draft equipment interference code of practice” released on Friday, the government defines it as:

Any interference (whether remotely or otherwise) by the intelligence services, or persons acting on their behalf or in their support, with equipment producing electromagnetic, acoustic and other emissions, or information derived from or related to such equipment, which is to be authorised under section 5 of the 1994 [Intelligence Services] Act, in order to do any or all of the following:

a) obtain information from the equipment in pursuit of intelligence requirements;

b) obtain information concerning the ownership, nature and use of the equipment with a view to meeting intelligence requirements;

c) locate and examine, remove, modify or substitute equipment hardware or software which is capable of yielding information of the type described in a) and b);

d) enable and facilitate surveillance activity by means of the equipment.

‘Information’ may include communications content, and communications data as defined in section 21 of the 2000 [Regulation of Investigatory Powers] Act.

Britain’s security services have acknowledged they have the worldwide capability to bypass the growing use of encryption by internet companies by attacking the computers themselves.

The Home Office release of the innocuously sounding “draft equipment interference code of practice” on Friday put into the public domain the rules and safeguards surrounding the use of computer hacking outside the UK by the security services for the first time.

The publication of the draft code follows David Cameron’s speech last month in which he pledged to break into encryption and ensure there was no “safe space” for terrorists or serious criminals which could not be monitored online by the security services with a ministerial warrant, effectively spelling out how it might be done.

Privacy campaigners said the powers outlined in the draft guidance detail the powers of intelligence services to sweep up content of a computer or smartphone, listen to their phonecalls, track their locations or even switch on the microphones or cameras on mobile phones. The last would allow them to record conversations near the phone or laptop and snap pictures of anyone nearby.

The code spells this out by saying the new rules give the security services the power to use hacked computers to “enable and facilitate surveillance activity”.

Eric King of Privacy International, said: “They hack their way, remove and substitute your hardware and software and enable intelligence collection by turning on your webcams and mice and shipping the data back to GCHQ at Cheltenham.”

The security minister, James Brokenshire, said the draft code, which is subject to a six-week consultation ending on 20 March, details the safeguards applied to different surveillance techniques, including “computer network exploitation” to identify, track and disrupt the most sophisticated targets.

Computer network exploitation, or mass hacking, is a technique through which computer networks are used to infiltrate target computers’ networks in order to extract and gather intelligence data.

It enables intelligence services to penetrate and collect any sensitive or confidential data which is typically kept hidden and protected from the public. It may also be used to bypass the end-to-end encryption increasingly used by the US internet companies to protect their customers’ communications in the aftermath of the Snowden disclosures of bulk internet surveillance. End-to-end encryption secures messages by ensuring that only the recipient of a message can decode it: not any of the supplying companies computers’ in between.

The publication for the first time of the legal codes of practice under the Regulation of Investigatory Powers Act 2000 surrounding “equipment interference” was timed to coincide with the landmark ruling that GCHQ had been operating a bulk intelligence sharing operation with the Americans within an unlawful framework for the past seven years.

That ruling by the investigatory powers tribunal required the internal GCHQ rules and safeguards to be made public surrounding their receipt of the bulk collection of British citizens’ personal data by the American National Security Agency.

Privacy campaigners say the powers outlined in the draft code were more intrusive than intercepting the content of phone calls or emails or scooping up communications data, because they included sweeping up files and material on the computer that had never been shared with anybody else.

The powers in the draft code at 7.11 also appear to give the security services wide-ranging powers to “self-authorize” or give “internal approval” for particular operations once they have the authorization of a secretary of state for a “broad class of operations”. This would mean that, unlike an operation to put a bug in a particular house, they would not necessarily need a specific warrant to do the same thing by hacking a computer.

A 2008 GCHQ memo from the Snowden cache, addressed to the then foreign secretary, David Miliband, and classified with one of the UK’s very highest restrictive markings: “TOP SECRET STRAP 2 EYES ONLY”, requested a renewal of the legal warrant allowing GCHQ to “modify” commercial software in violation of licensing agreements.

The document cites examples of software the agency had hacked, including commonly used software to run web forums, and website administration tools. Such software are widely used by companies and individuals around the world.

The document also said the agency had developed “capability against Cisco routers”, which would “allow us to re-route selected traffic across international links towards GCHQ’s passive collection systems”.

GCHQ had also been working to “exploit” the anti-virus software Kaspersky, the document said. The report contained no information on the nature of the vulnerabilities found by the agency.

Security experts regularly say that keeping software up to date and being aware of vulnerabilities is vital for businesses to protect themselves and their customers from being hacked. Failing to fix vulnerabilities leaves open the risk that other governments or criminal hackers will find the same security gaps and exploit them to damage systems or steal data, raising questions about whether GCHQ and the NSA neglected their duty to protect internet systems in their quest for more intelligence.

The Home Office also published an updated and revised code of practice surrounding the interception of communications, including details of the rules. There were also stronger safeguards surrounding the security services’ interception of the most sensitive communications, including between lawyers and their clients, doctors and patients and journalists and sources. These are generally protected by laws of confidentiality.

It is thought that these previously secret rules have been put into the public domain for the first time in anticipation of two further rulings challenging the lawfulness of security services’ activity later this year.

In the first ruling expected next month the IPT will rule on whether the intelligence services have routinely intercepted legally privileged communications in sensitive security cases without adequate safeguards. The case involves two Libyans, Abdel-Hakim Belhaj and Sami al-Saadi and their families after they were abducted in a joint MI6-CIA operation and sent back to be tortured by Colonel Muammar Gaddafi’s regime in 2004.

The second ruling follows a legal claim brought by Privacy International demanding an end to the use of computer hacking tools by GCHQ and the NSA. They claim they have used the hacking tools disclosed by the whistleblower Edward Snowden to infect potentially millions of computers and mobile devices around the world with malicious software to surreptitiously conduct a new dimension of surveillance.

UK Gov’t Concedes Policies Re: Intel Agencies Snooping on Lawyer/Client Communications Unlawful, Breached ECHR

In Archive, Belhaj, Gaddafi, GCHQ, IPT, Libya, MI5, MI6, Surveillance, UK on February 22, 2015 at 4:25 AM




The UK Government has today conceded that its policies governing the ability of intelligence agencies to spy on lawyer-client communications were unlawful, in response to a case brought by two victims of an MI6-orchestrated ‘rendition’ operation.

Abdul-hakim Belhaj and Fatima Boudchar were tortured and rendered to Libya in 2004 in a joint MI6-CIA operation. They filed a case in 2013 with the Investigatory Powers Tribunal (IPT) concerning alleged eavesdropping by UK intelligence services on their confidential communications with their lawyers.

In 2012, the Belhaj family had brought a separate, civil case against the UK Government over the part it played in their mistreatment.   The IPT case centered around whether Government lawyers and officials involved in the civil case could have, through surveillance, gained access to confidential communications between the family and their lawyers, thereby giving the Government an unfair advantage.

Today, the Government has conceded that safeguards to prevent this from taking place were inadequate, and did not meet the requirements of the European Convention on Human Rights (ECHR). However, the Government has yet to say whether or not these failings of policy specifically affected the Belhaj case, which is due to see a further hearing in the IPT on 10th March.

Cori Crider, a director at Reprieve and one of Mr Belhaj & Ms Boudchar’s lawyers said: “By allowing the intelligence agencies free rein to spy on communications between lawyers and their clients, the Government has endangered the fundamental British right to a fair trial. Reprieve has been warning for months that the security services’ policies on lawyer-client snooping have been full of loopholes big enough to drive a bus through.

“For too long, the security services have been allowed to snoop on those bringing cases against them when they speak to their lawyers. In doing so, they have violated a right that is centuries old in British common law. Today they have finally admitted they have been acting unlawfully for years.

“Worryingly, it looks very much like they have collected the private lawyer-client communications of two victims of rendition and torture, and possibly misused them. While the government says there was no ‘deliberate’ collection of material, it’s abundantly clear that private material was collected and may well have been passed on to lawyers or ministers involved in the civil case brought by Abdul-hakim Belhaj and Fatima Boudchar, who were ‘rendered’ to Libya in 2004 by British intelligence.

“Only time will tell how badly their case was tainted. But right now, the Government needs urgently to investigate how things went wrong and come clean about what it is doing to repair the damage.”

Alan Travis/Owen Bowcott/Guardian:

Government sources, in line with all such cases, refuse to confirm or deny whether the two Libyans were the subject of an interception operation. They insist the concession does not concern the allegation that actual interception took place and say it will be for the investigatory powers tribunal hearing to determine the issue.

An updated draft interception code of practice spelling out the the rules for the first time was quietly published at the same time as the Investigatory Powers Tribunal ruling against GCHQ earlier this month in the case brought by Privacy International and Liberty.

The government spokesman said the draft code set out enhanced safeguards and provided more detail than previously on the protections that had to be applied in the security agencies handling of legally privileged communications.

The draft code makes clear that warrants for snooping on legally privileged conversations, emails and other communications between suspects and their lawyers can be granted if there are exceptional and compelling circumstances. They have to however ensure that they are not available to lawyers or policy officials who are conducting legal cases against those suspects.

Exchanges between lawyers and their clients enjoy a special protected status under UK law. Following exposure of widespread monitoring by the US whistleblower Edward Snowden in 2013, Belhaj’s lawyers feared that their exchanges with their clients could have been compromised by GCHQ’s interception of phone conversations and emails.

To demonstrate that its policies satisfy legal safeguards, MI6 were required in advance of Wednesday’s concession to disclose internal guidance on how intelligence staff should deal with material protected by legal professional privilege.

The MI6 papers noted: “Undertaking interception in such circumstances would be extremely rare and would require strong justification and robust safeguards. It is essential that such intercepted material is not acquired or used for the purpose of conferring an unfair or improper advantage on SIS or HMG [Her Majesty’s government] in any such litigation, legal proceedings or criminal investigation.”

The internal documents also refer to a visit by the interception commissioner, Sir Anthony May, last summer to examine interception warrants, where it was discovered that regulations were not being observed. “In relation to one of the warrants,” the document explained, “the commissioner identified a number of concerns with regard to the handling of [legal professional privilege] material”.

Amnesty UK’s legal programme director, Rachel Logan, said: “We are talking about nothing less than the violation of a fundamental principle of the rule of law – that communications between a lawyer and their client must be confidential.

“The government has been caught red-handed. The security agencies have been illegally intercepting privileged material and are continuing to do so – this could mean they’ve been spying on the very people challenging them in court.

“This is the second time in as many weeks that government spies have been rumbled breaking the law.”

%d bloggers like this: