December 16, 2014

German investigation of the cooperation between NSA and BND (II)



This is the second report about the German parliamentary committee which investigates NSA spying activities and the cooperation between NSA and the German foreign intelligence service BND.

Here we provide summaries of the hearings of a number of BND employees, who provided some interesting details about satellite interception at the Bad Aibling station, the subsequent processing and storage of data and also about the cooperation between NSA and BND in the Joint SIGINT Activity (JSA).

These summaries are based upon transcripts of a live blog, kept by volunteers of the German digital civil rights website Netzpolitik.org, who attended the hearings.
The employees of the BND are designated by initials, not of their real names, but of those of the cover names they are using when at work(!).




The room where the hearings of the parliamentary committee take place
(photo: DPA)


14th Meeting, September 25, 2014 (Transcript)

- Hearing of the witness Mr. R. U. (BND, head of the site in Bad Aibling):

The BND site in Bad Aibling is for satellite interception. In Bad Aibling there's no interception of point-to-point microwave transmissions, which is done by putting an antenna in between the two microwave antennas that transmit the signals that have to be intercepted.

(This BND satellite station is part of the former NSA Bad Aibling Station that was codenamed GARLICK, from which in 2004, BND took over most of the facilities, including nine of the large satellite dishes hidden under white radomes)

When the Bad Aibling site was led by the witness, it had 120 personnel and was divided into three sections:
- Management
- Technical (operation of the antennas, network security, script programming, installation of computers)
- Analysis (analysing the collected data, language translating capabilities)

An important goal was protection of German troops deployed in countries like Afghanistan. BND was also able to prevent attacks on ISAF forces. Other goals for the satellite interception were anti-terrorism and rescuing people who have been kidnapped.

Satellite interception

In remote countries, domestic communications also use satellite links, which can also be intercepted from inside Germany. This collection is restricted by technical limits, which make that there's access to only a small number of satellites, and from them, only part of the communications can be intercepted. Also, not everything can be analysed, because much of it is in local languages. Therefore, there's no mass surveillance. BND only collects promilles of what would be theoretically possible.

Nonetheless, the amount of satellite traffic from Afghanistan that can be intercepted from Bad Aibling is rather high. Asked about media reports quoting former NSA and CIA director Michael Hayden "We kill people based on metadata", the witness replied that metadata are not specific enough for pinpointing drone attacks on specific people. Metadata like cell-IDs define areas of 50-60 square kilometers, which is not precise enough for bombarding a house.

(Hayden's "we kill people based on metadata" was followed by "but that's not what we do with this metadata", referring to the 215 (domestic metadata) database. How Hayden meant the first part of this statement isn't clear. There was also a report by The Intercept, in which a former JSOC drone operator said that some targets were tracked by metadata and then killed based upon the SIM card they use.)



The former NSA satellite intercept station in Bad Aibling,
parts of which are now used by the BND
(Click to enlarge)

The Joint SIGINT Activity (JSA)

Since 2004, NSA and BND cooperated in the Joint SIGINT Activity (JSA), which was located at the Mangfall Barracks, also in Bad Aibling. The JSA consisted of both German and American personnel. Most of the equipment was provided by NSA. Management was in the hands of BND, and in turn, NSA got access to the German satellite collection.

For this satellite interception, NSA provided BND with selectors, like phone numbers and e-mail addresses, most of them belonging to targets in Afghanistan. These selectors are on an American server, from which BND personnel can pick them up 2, 3 or 4 times a day. Then these selectors were checked at the headquarters in Pullach for whether they included German citizens or companies. These were taken out, just like the ones that contradicted German national interests.

The cooperation between NSA and BND declined since 2004. Since the JSA was closed in 2012, there's only an NSA liaison office and some technical support left in Bad Aibling. Both are located in a building that is nicknamed Tin Can (Blechdose), because of its windowless exterior of black-painted metal. Here, BND personnel has to ring a door bell when they want in, and there's a similar procedure for when US personnel wants to visit BND buildings.



Header of what seems to be a newsletter from the Joint SIGINT Activity (JSA)

Tools and databases used by BND

After selectors have been cleared and entered into the collection system, it results in for example a phone call that appears in the dataprocessing tool of an analyst. This is not a random phone call, but one that has been filtered out based upon the selector. The analyst can then listen to this phone call, maybe has to translate it, and decides whether it is relevant or not. If not, it is deleted, otherwise he writes a report (Meldung), which is sent back to headquarters.

XKeyscore is an analysis tool that is used to look whether internet data that have been collected contain relevant information. BND uses XKeyscore on their own computers and servers. NSA only provides (software) updates and has no access to BND networks through XKeyscore. For sharing data, there was only one-way traffic from BND to NSA through highly secured firewalls.

Collected internet content is stored for only a few days, other (meta)data for a few days up to a few weeks. When there's a match, the selected data are stored for 1 or 2 years at most, not in Bad Aibling, but at the BND headquarters. In Bad Aibling there was no real-time collection. Quasi real-time means many many minutes, and until something shows up on the monitor it takes hours.

Besides XKeyscore, BND uses, among others, the programs MIRA4 und VERAS, which are classified analysis tools. The first one is used to listen in to phone calls, the latter one for visualising metadata and showing who has called who. Metadata are data that contain no content. When for example a website like Amazon.com is viewed from a computer, this creates more than 100 pieces of metadata.


- Hearing of the witness Mr. J. Z. (BND official, since 2008 head of the technical unit of the JSA, which uses XKeyscore). This hearing was entirely behind closed doors.



16th Meeting, October 9, 2014 (Transcript)

- Hearing of the witness Ms. H. F. (BND, legal counsel for data protection):

This witness is responsible for data protection regulations, but not for the implementation of the so-called G-10 Act, which protects the communications privacy of German citizens and corporations under article 10 of the constitution (Grundgesetz).

The witness has set up educational programs for BND employees and is regularly auditing the various systems and databases used by BND, especially in the SIGINT division, where not all databases have formal data protection procedures (like for access control) yet. All BND databases, regardless of where their data come from, fall under the German Data Protection Act (BundesDatenSchutzGesetz).

The witness audited many databases, like for example:
- INBE (INhaltliche BEarbeitung)
- VERAS (VERkehrsAnalyseSystem)
- PBDB (PersonenBezogene DatenBestände)
In total, there are about 25 databases (Auftragsdatenbanken) which serve the SIGINT collection process. Besides these databases, BND uses about 20 programs provided by NSA, most of them are technical tools, like for language translation.

In Bad Aibling, only satellite communications are intercepted. After German communications have been filtered out, they are stored in databases according to their type: metadata go to VERAS and content goes to INBE. The latter database succeeded MIRA4 in 2010 and currently contains several hundred thousand data sets, including data from German citizens. Both VERAS and INBE were developed by BND.

The witness couldn't estimate how many data are in VERAS (which was set up in 2002), which contains mainly metadata from telephone communications, with the purpose of call chaining for creating contact graphs. BND uses this tool for connecting phone numbers as far as 4 or 5 hops from a known target. This doesn't mean that it always goes that far, because the further away from the initial known target, the more difficult it is to discover the connections.


In several cases, like for example with INBE and VERAS, BND failed to comply with the formal requirement from the Data Protection Act for a so-called "Dateianordnungsverfahren", even for several years. After the witness recognized this, she forced to fulfill these legal requirements, although it was more a bureaucratic formality than a big shortcoming.

There's still discussion at BND about whether metadata are always personal data. Metadata like German telephone numbers are considered to be personal data, because it is easy to look up to whom such a number belongs. In foreign countries, like Afghanistan and Pakistan, that's not so easy. Phone numbers are also used by a whole clan for example.

The president of the BND has decided that collection in Bad Aibling is not subject to the provisions of the BND Act (BND-Gesetz), because only foreign satellite communications are intercepted. The witness disagrees, but was overruled by the president.


- The planned hearing of the witness A. F. (also a BND employee) was postponed to November 13.



18th Meeting, October 16, 2014 (Transcript)

- Hearing of the witness Mr. T. B. (BND, at Bad Aibling from 2002-2007):

The witness explained that one phone call creates between 20 and 30 pieces of metadata. Not all of them are usefull for targeting because they are not specific enough, like for example a mobile phone cell-ID. Metadata include the number that was called, the cell-ID, the provider, the duration of the call, etc.

Raw data are signals (like radio frequencies) that have been processed. Raw data on their turn can be processed into metadata and content. These are then automatically filtered and selected, and when finally a human takes a look at them, this can result in a report (Meldung).

Raw data were not counted by BND, only the reports, of which only a handful were produced at Bad Aibling. This low number was also due to the fact that only a small part of the collected communications was actually translated.

XKeyscore was first used by BND in 2007, but back then this tool wasn't by far as sophisticated as in 2013.

- After just a short while, this hearing was ended after it became clear that the witness had read internal BND documents that had not yet been fully handed over to the committee.


> Next time: More hearings of various BND employees


> Scheduled meetings with a public hearing:

28th Meeting, December 18, 2014

- Hearing of the witnesses Mr. Breitfelder (BND) and Ms. K. L. (BND)



Links and Sources
- Offical page of the committee: 1. Untersuchungsausschuss ("NSA")
- Internal NSA presentation: Structure of the BND (pdf)
- Spiegel.de: Spying Together: Germany's Deep Cooperation with the NSA

> See also: BND Codewords and Abbreviations

December 13, 2014

Update on tapping German chancellor Merkel's phone



Over the last days, there were some new developments regarding the eavesdropping on the mobile phone of the German chancellor Angela Merkel, which was revealed in October last year. It was clarified that the record from an NSA database that was presented as evidence for this tapping, wasn't actually an original NSA document, but just a transcription.

Also, this database record wasn't among the Snowden-documents. This means the information about monitoring Merkel's phone was not provided by Edward Snowden, but by another leaker, something that many people may not have been aware of.


Criminal investigation

In June of this year, the highest German public prosecutor (Generalbundesanwalt) started a criminal investigation against NSA regarding the alleged eavesdropping on chancellor Merkel. Last month it was reported that this case had been closed as no sufficient evidence had been found, but this was not fully correct.

In his annual press conference on December 11, prosecutor Harald Range said that the investigation of the eavesdropping on chancellor Merkel is still going on:



Annual press conference of the federal public prosecutor Harald Range
(information about the Merkel eavesdropping starts at 23:20)


Regarding the eavesdropping case, prosecutor Range said the following things:

- The phone number which is at stake is not registered by the German Chancellery, but it's a number that has been used since 1999 by the headquarters of Merkel's party CDU. Therefore the number wasn't used by Gerhard Schröder (chancellor from the SPD party from 1998-2005).

- The document (see below) that was publicly presented as a proof of this eavesdropping is not an authentic NSA interception order, nor is it from an NSA database. Actually, it was made by a reporter of Der Spiegel, based upon an NSA document he had seen.

- The prosecutor asked the editors of Der Spiegel to hand over the original document or to be questioned about it, but this was refused pointing to the journalist's privilege to protect their sources. NSA was asked for a statement through the BND, but also refused to comment.

- This makes that under these circumstances, a serious evaluation of the authenticity of the document is not possible.

- Through his German lawyer, Edward Snowden was also given the opportunity to provide a written statement, but until now there was no reaction.

- Presently, there is no sufficient evidence that could lead to an indictment, but the case is not yet closed. The investigation continues, and this will also include the results of the parliamentary committee that is currently investigating NSA spying activities.

- Based upon the Snowden revelations and other media reports it can be assumed that in general, foreign intelligence agencies are trying to spy on German targets by electronic means. But according to German law, that is not enough to open a criminal case, because that would be investigating without reasonable suspicion, which the public prosecutor isn't allowed to do under the rule of law. Where neccessary, such investigations are the responsibility of the security services.


Misinterpretation

Parts of what prosecutor Range said was misinterpreted by a number of foreign news websites, like Business Insider UK and Vox.com, which said that the NSA document might not be authentic or even faked by Der Spiegel.

It seems these media only took the first part of Range's statement that the document "was made by a reporter of Der Spiegel, based upon an NSA document he had seen" and overlooked/left out the last part.

Although the German public prosecutor's office couldn't find any concrete evidence for the eavesdropping by NSA, Der Spiegel stresses that neither NSA nor the US government has denied that phone calls of chancellor Merkel had been monitored.


A second leaker

After the public prosecutor's press conference, Der Spiegel provided a statement saying that prior to their reporting about the eavesdropping on chancellor Merkel, they had access to information from an NSA database, which it copied.

This sounds like Der Spiegel got access to the content of an NSA database from which it selected and copied the information related to chancellor Merkel. But in the book "Der NSA Komplex" written by Spiegel reporters Marcel Rosenbach and Holger Stark, it is said that early October 2013, "we received the excerpt from an NSA database about Merkel's cell phone".*

That phrase suggests that someone from outside, and also someone not being Edward Snowden, provided Der Spiegel with just that one particular record which includes Merkel's phone number. How and in what form is not said. Greenwald confirms that this information didn't came from Snowden, and earlier on, also Bruce Schneier was convinced that this came from a second leaker.


Just a transcription

After having obtained the database record, Der Spiegel presented it to the Chancellery, so they could verify it. According to their statement, Der Spiegel made it very clear that this information was not an original document, but just a transcription. Apparently for this reason, the magazine never published the database record, but only reported about its contents.

However, some other German newspapers somehow managed to get a copy of the letter that was sent to the Chancellery and published it in their print editions. One of them was the tabloid paper BILD, from which this scan was made:




So what we see here is a printed copy of a copy (either by xerox, a scanner or a (mobile phone) camera, which explains the fuzzyness) of the print on a DIN A4-sheet of paper that was sent to Merkel's Chancellary.

Maybe this was a xerox copy of the excerpt which the mysterious source handed over to Der Spiegel, but more likely (else it could be used to trace the source) is that a reporter copied the original text by hand. Probably he used an Apple computer, as the result is in the Ayuthaya font, which comes with Apple's OS X.

For a detailed explanation of the record: How NSA targeted chancellor Merkel's mobile phone

Right after this "document" was first published, some people wondered why it looks like a piece of paper, whereas all other leaked NSA documents are digital files (with a few similar exceptions though). This has now been cleared, but again we see that it can take some time and some pressure before such questions are answered.


From which database?

Initially, Der Spiegel reported that the record that mentions Merkel's phone number comes from an NSA database in which the agency records its targets.* My suggestion was that this could have been a database codenamed OCTAVE, which was used for tasking telephony targets, but which reportedly was replaced by the Unified Targeting Tool (UTT) in 2011.

But a more recent Spiegel article from early June 2014, seems to say that it's an entry from the NYMROD database. A slide in which Merkel was listed among 122 other heads of state in the NYMROD database was published by Der Spiegel on March 29, 2014. This slide was from an NSA presentation about content extraction analytics that was fully published in June.

However, in another NSA document it is explained that NYMROD is a name-matching system that is used for finding "garbled or misspelled names" of targets. It contains names taken from CREST (a translating database) and from intelligence reports from NSA, CIA and DoD databases.

If we compare that function with the data in the record that was published, it seems not very likely that the entry is from NYMROD. A tasking database still seems the best option.



Links and Sources
- Spiegel.de: When Germany's federal prosecutor appeared to discredit SPIEGEL
- Golem.de: Spiegel soll NSA-Dokument zu Merkel-Handy hergestellt haben
- LittleGreenFootballs.com: Did a German Prosecutor Really Claim That Der Spiegel’s NSA Document Was a Fake?

November 29, 2014

INCENSER, or how NSA and GCHQ are tapping internet cables

(Last edited: December 2, 2014)

Recently disclosed documents show that the NSA's fourth-largest cable tapping program, codenamed INCENSER, pulls its data from just one single source: a submarine fiber optic cable linking Asia with Europe.

Until now, it was only known that INCENSER was a sub-program of WINDSTOP and that it collected some 14 billion pieces of internet data a month. The latest revelations now say that these data were collected with the help of the British company Cable & Wireless (codenamed GERONTIC, now part of Vodafone) at a location in Cornwall in the UK, codenamed NIGELLA.

For the first time, this gives us a view on the whole interception chain, from the parent program all the way down to the physical interception facility. Here we will piece together what is known about these different stages and programs from recent and earlier publications.




The cables tapped at NIGELLA by GERONTIC under the INCENSER and WINDSTOP programs
(Map: ARD.de - Text: Electrospaces.net - Click to enlarge)

 

NIGELLA

Last week's joint reporting by the British broadcaster Channel 4, the German regional broadcasters WDR and NDR and the German newspaper Süddeutsche Zeitung, identified NIGELLA as an interception facility at the intersection of Cable & Wireless and Reliance cables at Skewjack Farm.

There, just north-west of Polgigga Cottage in Cornwall, is a large building that was constructed in 2001 for FLAG Telecom UK Ltd for 5.3 million pounds. It serves as a terminus for the two ends of a submarine optical cable: one from across the Atlantic which lands at the beach of nearby Sennen, and one that crosses the Channel to Brittany in France:

- FLAG Atlantic 1 (FA1)
Connecting the east coast of North America to the United Kingdom and France (6.000 kilometers)

The FLAG Atlantic 1 cable to America consists of 6 fibre pairs, each capable of carrying 40 (eventually up to 52) separate light wavelengths, and each wavelength can carry 10 Gigabit/s of traffic. This gives a potential capacity of 2.4 terabit/s per cable. However, in 2009, only 640 gigabit/s were actually used, which went apparently up to 921 gigabit/s in 2011.



The FLAG terminus station in Skewjack Farm, Cornwall
(photo: Sheila Russell - Click to enlarge)


The cable was initially owned by FLAG Telecom, where FLAG stands for Fiber-optic Link Around the Globe. This company was renamed into Reliance Globalcom when it became a fully owned subsidiary of the Indian company Reliance Communications (RCOM). In March 2014, Reliance Globalcom was again renamed, now into Global Cloud Xchange (GCX).

More important is another, much longer submarine cable, which was also owned by this company, and which has its landing point on the shore of Porthcurno, a few miles south-west of Skewjack Farm:

- FLAG Europe-Asia (FEA)
Connecting the United Kingdom to Japan through the Mediterranean, with landing points in Egypt, the Saudi Peninsula, India, Malaysia, Thailand, Hong Kong, China, Taiwan, South Korea and Japan (28.000 kilometers)

This cable has 2 fibre pairs, each capable of carrying up to 40 separate light wavelengths, and each wavelength can again carry 10 gigabit/s of traffic. This gives a potential capacity of 800 gigabit/s, but in 2009 only 70 gigabit/s were used, which went up to 130 gigabit/s in 2011 - still an unimaginable 130.000.000.000 bits per second.



The FLAG Atlantic 1 and FLAG Europe-Asia landing points
and the Skewjack Farm terminus station
(Map: Channel 4 - Click to enlarge)


The backhaul connection between the FLAG Atlantic 1 (FA1) and the FLAG Europe-Asia (FEA) is provided by a local area network of Cable & Wireless, which also connects both submarine cables to its terrestrial internet backbone network.

According to the newly disclosed GHCQ Cable Master List from 2009, the interception of the FA1 and the FEA cables takes place at the intersection with this backhaul connection:


This list also shows that the interception of these two cables is accompanied by a Computer Network Exploitation (CNE) or hacking operation codenamed PFENNING ALPHA.

Because the owner of the cables (Reliance Globalcom, now Global Cloud Xchange) is not a cooperating partner of GCHQ, they hacked into their network for getting additional "router monitoring webpages" and "performance statistics for GTE [Global Telecoms Exploitation]".


Interception equipment

How the actual interception takes place, can be learned from an article in The Guardian from June 2013, which provides some details about the highly sophisticated computer equipment at cable tapping points.

First, the data stream is filtered through what is known as MVR (Massive Volume Reduction), which immediately rejects high-volume, low-value traffic, such as peer-to-peer downloads. This reduces the volume by about 30%.


Selectors

The next step is to pull out packets of information that contain selectors like phone numbers and e-mail, IP and MAC addresses of interest. In 2011, some 40,000 of these were chosen by GCHQ and 31,000 by the NSA, according to The Guardian. This filtering is most likely done by devices from Boeing-subsidiary Narus, which can analyse high-volume internet traffic in real-time.

A single NarusInsight machine can monitor traffic up to 10 Gigabit/second, which means there have to be up to a dozen of them to filter the relevant traffic from the FA1 and FEA submarine cables. Most of the information extracted in this way is internet content, such as the substance of e-mail messages.


Full sessions

Besides the filtering by using specific selectors, the data are also sessionized, which means all types of IP traffic, like VoIP, e-mail, web mail and instant messages are reconstructed. This is something the Narus devices are also capable of.

These "full take" sessions are stored as a rolling buffer on XKEYSCORE servers: content data for only three to five days, and metadata for up to 30 days. But "at some sites, the amount of data we receive per day (20+ terabytes) can only be stored for as little as 24 hours" according to an NSA document from 2008.

The aim is to extract the best 7,5% of the traffic that flows past the access, which is then "backhauled" from the tapping point to GCHQ Bude through two 10 gigabit/s channels (the "egress" capacity). This might be a dedicated cable, or a secure VPN path over the regular Cable & Wireless backbone that connects Bude with the south-west of Cornwall:



The Cable & Wireless internet backbone (yellow) in Cornwall
and the connections to submarine fiber-optic cables (red)
(Map from before 2006 - Click for the full verion)

 

GERONTIC (Cable & Wireless)

The secret GCHQ documents about these cable tapping operations only refer to the cooperating telecommunications provider with the cover name GERONTIC. The real name is protected by STRAP 2 dissemination restrictions. But nonetheless, German media already revealed that GERONTIC is Cable & Wireless last year.

In july 2012, Cable & Wireless Worldwide was taken over by Vodafone for 1.04 billion pounds, but according to the GCHQ documents, the covername GERONTIC was continued, and was seen active until at least April 2013.

According to the press reports, GCHQ had access to 63 undersea internet cables, 29 of which with the help of GERONTIC. This accounted for about 70% of the total amount of internet data that GCHQ had access to in 2009.

Cable & Wireless was involved in these 29 cables, either because it had Direct Cable Ownership (DCO), an Indefeasible Right of Use (IRU) or Leased Capacity (LC). Besides that, the GCHQ Cable Master List from 2009 lists GERONTIC also as a landing partner for the following nine cables:
- FLAG Atlantic 1 (FA1)
- FLAG Europe-Asia (FEA)
- Apollo North
- Apollo South
- Solas
- UK-Netherlands 14
- UK-France 3
- Europe India Gateway (EIG)
- GLO-1

Disclosed excerpts from internal GCHQ wiki pages show that Cable & Wireless held regular meetings with GCHQ from 2008 until at least 2010, in order to improve the access possibilites, like selecting which cables and wavelenghts would provide the best opportunities for catching the communications GCHQ wanted.

GCHQ also paid Cable & Wireless tens of millions of pounds for the expenses. For example, in February 2009 6 million pound was paid and a 2010 budget references a 20.3 million pound payment to the company. By comparison, NSA paid all its cooperating telecommunications companies a total of 278 million dollars in 2013.


The intensive cooperation between Cable & Wireless and GCHQ may not come as a surprise for those knowing a bit more of British intelligence history. The company already worked with predecessors of GHCQ during World War I: all international telegrams were handed over so they could be copied before being sent on their way, a practice that continued for over 50 years.*

 

INCENSER (DS-300)

Among the documents about the GCHQ cable tapping is also a small part of an internal glossary. It contains an entry about INCENSER, which says that this is a special source collection system at Bude. This is further specified as the GERONTIC delivery from the NIGELLA access, which can be viewed in XKEYSCORE (XKS):



This entry was also shown in the German television magazine Monitor, although not fully, but without the redactions, so from this source we know the few extra words that were redacted for some reason.

The entry also says that INCENSER traffic is labeled TICKETWINDOW with the SIGINT Activity Designator (Sigad) DS-300. From another source we know that TICKETWINDOW is a system that makes cable tapping collection available to 2nd Party partners. The exact meaning of Sigads starting with DS is still not clear, but probably also denotes 2nd Party collection.


TEMPORA

In Bude, GCHQ has its Regional Processing Center (RPC), which in 2012 had a so-called "Deep Dive" processing capability for 23 channels of 10 gigabit/second each under the TEMPORA program.

TEMPORA comprises different components, like the actual access points to fiber-optic cables, a Massive Volume Reduction (MVR) capability, a sanitisation program codenamed POKERFACE, and the XKEYSCORE system. As we have seen, most of the hardware components are located at the interception point, in this case the facility in Skewjack (NIGELLA).


Analysing

These collection systems can be remotely instructed ("tasked") from Bude, or maybe even also from NSA headquarters. For one part that involves entering the "strong selectors" like phone numbers and internet addresses. For another part, that is by using the additional capabilities of XKEYSCORE.

Because the latter system buffers full take sessions, analysts can also perform queries using "soft selectors", like keywords, against the body texts of e-mail and chat messages, digital documents and spreadsheets in English, Arabic and Chinese. XKEYSCORE also allows analysts to look for the usage of encryption, the use of a VPN or the TOR network, and a number of other things that could lead to a target.

This is particularly useful to trace target's internet activities that are performed anonymous, and therefore cannot be found by just looking for the known e-mail addresses of a target. When such content has been found, the analyst might be able to find new intelligence or new strong selectors, which can then be used for starting a traditional search.


Possible targets

The disclosed GCHQ documents contain no specific targets or goals for the INCENSER program, which provided Channel 4 the opportunity to claim that this Cable & Wireless/Vodafone access allows "Britain's spies to gather the private communications of millions of internet users worldwide". Vodafone, which also has a large share of the telecommuncations market in Germany, was even linked to the eavesdropping on chancellor Merkel.

Both claims are rather sensationalistic. Merkel's phone was probably tapped by other means, and both GCHQ and NSA aren't interested in the private communications of ordinary internet users. On the contrary, by tapping into a submarine cable that connects to Asia and the Middle East, INCENSER looks rather focussed at high-priority targets in the latter region.

Reporting

Despite INCENSER being NSA's fourth-largest cable tapping program regarding to the volume which is collected, the intelligence reports analysts are able to write based upon this only made it to the 11th position of contributors to the President's Daily Brief - according to a slide from a 2010 presentation about Special Source Collection, published by The Washington Post in October last year:



 

WINDSTOP (2nd Party)

Data collected under the INCENSER program are not only used by GHCQ, but also by NSA, which groups such 2nd Party sources under the codename WINDSTOP. As such, INCENSER was first mentioned in a slide that was published by the Washington Post on in October 2013 for a story about the MUSCULAR program:




According to NSA's Foreign Partner Access budget for 2013, which was published by Information and The Intercept last June, WINDSTOP involves all 2nd Party countries (primarily Britain, but also Canada, Australia and New Zealand) and focusses on access to (mainly internet) "communications into and out of Europe and the Middle East" through an integrated and overarching collection system.

MUSCULAR is a program under which cables linking big data centers of Google and Yahoo are tapped. The intercept facility is also located somewhere in the United Kingdom and the data are processed by GCHQ and NSA in a Joint Processing Centre (JPC) using the Stage 2 version of XKEYSCORE.


A new slide from this presentation about WINDSTOP was published by Süddeutsche Zeitung on November 25, which reveals that a third program is codenamed TRANSIENT THURIBLE. About this program The Guardian reported once in June 2013, saying that it is an XKeyscore Deep Dive capability managed by GHCQ, with metadata flowing into NSA repositories since August 2012.




In November 2013, the Washington Post published a screenshot from BOUNDLESSINFORMANT with numbers about data collection under the WINDSTOP program. Between December 10, 2012 and January 8, 2013, more than 14 billion metadata records were collected:




The bar chart in the top part shows the numbers by date, with DNR (telephony) in green and DNI (internet) in blue. The section in the center of the lower part shows these data were collected by the following programs:

- DS-300 (INCENSER): 14100 million records
- DS-200B (MUSCULAR): 181 million records

XKEYSCORE, which is used to index and search the data collected under the INCENSER program, can be seen in the bottom right section of the chart.


With just over 14 billion pieces of internet data a month, INCENSER is the NSA's fourth-largest cable tapping program, accounting for 9% of the total amount collected by Special Source Operations (SSO), the division responsible for collecting data from internet cables. According to another BOUNDLESSINFORMANT chart, the NSA's Top 5 of cable tapping programs is:

SSO worldwide total:

DANCINGSOASIS:
SPINNERET (part of RAMPART-A):
MOONLIGHTPATH (part of RAMPART-A):
INCENSER (part of WINDSTOP):
AZUREPHOENIX (part of RAMPART-A):
...
Other programs:
 
160.168.000.000 (100%)

57.788.148.908  (36%)
23.003.996.216  (14%)
15.237.950.124   (9%)
14.100.359.119   (9%)
13.255.960.192   (8%)
...
(24%)


It's remarkable that just one single cable access (NIGELLA in Cornwall) provides almost one tenth of everything NSA collects from internet cables. This also means that besides a large number of small cables accesses, NSA seems to rely on just a few important cables for about 2/3 of it's collection from this type of source.





Links and Sources
- Golem.de: Die Abhörkette der Geheimdienste
- The recently disclosed documents about GCHQ cable tapping:
   - NetzPolitik.org: Cable Master List: Wir spiegeln die Snowden-Dokumente über angezapfte Glasfasern, auch von Vodafone
   - Sueddeutsche.de: Snowden-Leaks: How Vodafone-Subsidiary Cable & Wireless Aided GCHQ’s Spying Efforts
- ArsTechnica.com: New Snowden docs: GCHQ’s ties to telco gave spies global surveillance reach
- Sueddeutsche.de: Vodafone-Firma soll GCHQ und NSA beim Spähen geholfen haben
- WDR.de: Neue Snowden-Dokumente enthüllen Ausmaß der Zusammenarbeit von Geheimdiensten und Telekommunikationsunternehmen
- TheRegister.co.uk: REVEALED: GCHQ's BEYOND TOP SECRET Middle Eastern INTERNET SPY BASE
- Weblog about Uk Submarine Cable Landings & Cable Stations
- Article about Explaining submarine system terminology – Part 1

- Thanks also to Henrik Moltke, who did most of the research for the German press reports

More reactions on Hacker News and Schneier's Blog

November 23, 2014

German investigation of the cooperation between NSA and BND (I)

(Updated: December 5, 2014)

In Germany, a parliamentary commission is currently investigating the relationship between the National Security Agency (NSA) and the German foreign intelligence service Bundesnachrichtendienst (BND).

Initially the hearings were about the main accusations made by Edward Snowden about NSA spying on countries like Germany and the experts only provided the usual statements that were already heard oftentimes since last year.

But recently the commission focussed on the cooperation between NSA and BND and a number of officials of the German agency were heard. Their statements provided very interesting details about how BND is operating and how they were cooperating with NSA. As all this is only in German, we will start providing summaries in English of the most interesting parts of these hearings.



The room where the hearings of the parliamentary committee take place
(photo: DPA)


The committee of inquiry (in German: NSA-Untersuchungsausschuss, twitter hashtag: #NSAUA) was installed on March 20, 2014. It consists of eight members of parliament and is now led by professor Patrick Sensburg from the christian democrat party CDU/CSU. He succeeded Christian Binninger, who resigned after just 6 days because the opposition parties seemed only interested in hearing Edward Snowden.

The goal of the committee is to investigate the extent and the backgrounds of espionage in Germany conducted by foreign agencies. A detailed listing of all the tasks of the committee in English is in this document (pdf).


Time path

The committee wants to hear over one hundred witnesses and experts, including CEOs of US internet companies like Mark Zuckerberg (Facebook), Eric Schmidt (Google) and Tim Cook (Apple). Also German chancellor Merkel, former and current federal ministers and the directors of German intelligence agencies are invited to appear before the committee.

Because of this, the hearings will last throughout the next year and the final report with the recommendations is expected late 2016. According to an explanation by chairman Sensburg, the current hearings about the NSA-BND cooperation will continue at least until early 2015, then the investigation will shift to the Five Eyes. The exact schedule will be decided upon by all committee members.

The witnesses are not under oath, but if they lie or give a false testimony, that's a criminal offence for which they can be prosecuted.


Edward Snowden

Right from the beginning, opposition members of the committee made a big point of inviting Edward Snowden for a hearing, but the German government refused to provide a visum and guarantees for his security.

Chairman Sensburg however was skeptical about how useful a hearing of Snowden could be, given the fact that he was never tasked with spying on Germany and so far hadn't provided any new information that was not already on the internet (he probably meant that Snowden only speaks about things as far as they have been published by media outlets and almost never goes beyond that on his own).

Then in June 2014, Snowden let his lawyer say that there was no opportunity for him to meet a delegation of the committee in Moscow.


Glenn Greenwald

A hearing of Glenn Greenwald was scheduled for September 11, 2014, but in August he refused the invitation, because he thinks the committee isn't interested in a serious investigation of NSA spying on German citizens. With Snowden not being heard, the whole inquiry became a ritual, according to Greenwald.

Greenwald's refusal might also have to do with his misinterpretation of the BOUNDLESSINFORMANT charts. Last year he published them as proof of NSA's spying on the citizens of various European countries, including Germany, but afterwards it came out that the charts were actually about data collected by European military intelligence agencies, who shared them with NSA.

Apparently the committee didn't asked access to the Snowden-documents itself, which is strange, as one full copy is in the hands of filmmaker Laura Poitras who lives in Berlin. It's not known whether Poitras was also invited for a hearing.


Security measures

Besides public hearings, the committee also conducts hearings behind closed doors, so witnesses can be questioned about sensitive and classified topics. These hearings take place in a highly secured room (Geheimschutzstelle), where the committee members can also access the over 800 file folders with both classified and unclassified documents provided by the government. When witnesses are heard, all attendants have to put their phones and tablets into a metal box, and classical music is played in order to prevent any kind of eavesdropping.*

Despite these security measures, some weird espionage cases happened already: early July 2014, a low-level employee of the BND was arrested, as he was suspected of collecting information about the investigation commission for the CIA. Also some members of parliament had indications that communications from their mobile phones had been intercepted. After this, the senior members of the committee were provided with secure mobile phones.



Sign outside the highly secured room where the
hearings behind closed doors take place
(photo: Konstantin von Notz @ Twitter)


Public hearings

The public hearings of experts can be recorded, but when witnesses, like BND officials, are heard, it's not allowed to make video or audio recordings or take pictures. Therefore, some people from the visitor's bench reported via Twitter, and at every meeting there was also a volunteer from the German digital civil rights website Netzpolitik.org who kept a live blog.


Here we will start listing all the committee meetings with a public hearing, including a summary of the most interesting information from the testimonies:



5th Meeting, May 22, 2014 (Transcript):

- Hearing of experts in constitutional law: Wolfgang Hoffmann-Riem, Matthias Bäcker, Hans-Jürgen Papier

It was not the best choice to ask the opinion of these legal experts first, before all other witnesses, including BND-employees, were heard. They could therefore only testify in a very general way, based on the media stories, which, as we have seen in multiple cases, were often exaggerated and not always correct. Legal opinions only make sense when all the relevant facts are known, because every detail can make a difference.

The reason for this was apparently that the commission started quite unsystematic, in part because the members had to work into the complex topic, but also because they were divided and focussed only on Snowden. At some point they realized that this went to nowhere, and changed their method. They decided to first focus on BND, because here they had some power to demand witnesses and documents from the German government. And the hope was to "incidentally" get some insight into the foreign agencies as well.



7th Meeting, June 5, 2014 (Transcript - Video-stream):

- Hearing of experts in international law: Stefan Talmon, Helmut Philipp Aust, Douwe Korff, Russell A. Miller (Washington), Ian Brown (Oxford)



?th Meeting, June 26, 2014 (Transcript):

- Hearing of technical experts: Michael Waidner (Fraunhofer Institut), Sandro Gaycken, Christopher Soghoian (ACLU). The latter wasn't able to be there in time, so in his place Frank Rieger (Chaos Computer Club) was heard



11th Meeting, July 3, 2014 (Transcript):

- Hearing of former NSA whistleblowers: William Binney, Thomas Drake

Binney presented himself as a technical director at NSA, although other sources say he was just a crypto-mathematician. He left the agency in 2001, so about everything that happened after that year, he only speculates. It also seems that he mixed up some things. His main point was that NSA wants to collect everything, for example, NSA needed the huge Utah Data Center because they are eavesdropping on the "whole of humanity".

Thomas Drake said he worked as a security engineer for NSA from 2001 until 2008. He stated that we are standing before the abyss of a panoptical surveillance state. The BND has become a mere vermiform appendix of NSA and is also conducting mass surveillance, both nationally and internationally.

As we will see later on, this accusation is strongly denied by BND officials, who, unlike Binney and Drake, also provided some relevant technical insights.





Links and Sources
- Offical page of the committee: 1. Untersuchungsausschuss ("NSA")
- Wikipedia-article: NSA-Untersuchungsausschuss
- Internal NSA presentation: Structure of the BND (pdf)

> See also: BND Codewords and Abbreviations

November 5, 2014

The phones of the Dutch Prime Minister

(Updated: November 7, 2014)

With last year's news of NSA eavesdropping on the mobile phone of German chancellor Angela Merkel in mind, Dutch online media assumed it was big news that the Dutch prime minister Mark Rutte has a phone that cannot be intercepted.

As was the case with chancellor Merkel, most people do not seem aware of the fact that political leaders usually have two kind of phones: an ordinary one that is easy to intercept and a secure one, that is very difficult to tap.

That prime minister Rutte has a secure phone was said by the director for Cyber Security in a radio-interview last week. Afterwards this was seen a slip of the tongue, because the government has the policy to never say anything about the security methods they use.

But from pictures and other sources we can still get a fairly good idea of which phones, both secure and non-secure, are used by the Dutch prime minister. As we will show here, he currently has three landline and two mobile phones at his disposal, only one being a highly secure one.



Dutch prime minister Mark Rutte working at his desk, May 29, 2012
At his right hand are three desktop phones and in front of him an iPhone 4
(photo: Prime Minister @ Flickr - Click for the full picture)


Since 1982, the office of the Dutch prime minister is on the second floor of a small tower that is part of the parliament buildings and which dates back to the 14th century. In Dutch this office is called Het Torentje.

From the left to the right we see the following telephones on the desk of the prime minister:
1. Ericsson DBC212 (black)
2. Sectra Tiger XS Office (silver)
3. Unidentified office phone (gray)

First we will discuss the two phones without encryption capability and then the secure phone:


1. The Ericsson DBC212

This is a common office telephone which has been part of the internal private branch exchange (PBX) network of the Department of General Affairs for over a decade. Other pictures from rooms in the same building also show the same and similar models of this telephone series, which was made by Ericsson, a Swedish company that manufactured many home and office phones used in The Netherlands. The prime minister can use this phone for every phone call he wants to make that doesn't require encryption.


3. The gray office phone

The make and type of this phone couldn't be identified yet, but it seems to be a common office telephone too. However, this phone is most likely connected to the Emergency Communications Provision (Dutch: NoodCommunicatieVoorziening or NCV).

This is an IP-based network which is completely separated from the public telephone network. Communications over this network are not encrypted, but the switches are in secure locations and connect redundantly.

The purpose of the NCV-network is to enable communications between government agencies and emergency services when during a disaster or a crisis situation (parts of) the regular communication networks collapse. This network replaced the former National Emergency Network (Nationaal Noodnet) as of January 1, 2012 (see below).



Close-up of the phones on the desk of the prime minister in 2013
(picture: Google Street View - Click for the full picture)
 

2. The Sectra Tiger XS Office

The silver-colored telephone which sits in between the two other ones is a Tiger XS Office (XO). This device is capable of highly secured phone calls and can therefore be used by the prime minister for conversations about things that are classified up to the level of Secret.

The Tiger XS Office is manufactured since 2005 by the communications division of the Swedish company Sectra AB, which was founded in 1978 by some cryptology researchers from Linköping University. Sectra, which is an acronym of Secure Transmission, also has a division in the Netherlands: Sectra Communications BV.

Tiger is the brand name for their high-end secure voice products, but with everyone assuming that this refers to the exotic animal, it's also Swedish for "keep silent" (see for example: En Svensk Tiger).


Tiger XS

Although the Tiger XS Office looks like a futuristic desktop phone, it actually consists of a small encryption device which is docked into a desktop cradle with a keypad and handset. The encryption device, the Tiger XS, was originally developed for securing mobile phone communications and has special protections against tampering and so-called TEMPEST attacks.



The Sectra Tiger XS docked into the office unit
(Photo: Sectra - Click to enlarge)


The desktop unit has no encryption capabilities, but with the Tiger XS inserted, it can encrypt landline phone calls and fax transmissions, so it turns into a secure desktop telephone. The Tiger XS enables secure communications on GSM, UMTS, ISDN and the Iridium, Inmarsat and Thuraya satellite networks. When inserted into the office unit, it also works on the standard Public Switched Telephone Network (PSTN).


Workings

On its own, the Tiger XS device can be used to secure certain types of cell phones. For this, the Tiger XS is connected in between a headset (consisting of an earpiece and a microphone) and a mobile phone, to which it connects via Bluetooth. A secure connection is set up by putting a personal SIM-sized access card into the Tiger XS, entering a PIN code and selecting the person to connect to from the phonebook.

What is said into the microphone of the headset is encrypted by the Tiger XS and then this encrypted voice data go to an ordinary mobile phone through the Bluetooth connection. The phone then sends it over the cell phone network to the receiving end, where another Tiger XS decrypts the data and makes it audible again.



The Tiger XS with personal
access card and headset

Mobility

At first sight it seems to be a very flexible solution: connecting a separate encryption device to common cell phones. But in reality the Tiger XS can only connect to older mobile phones which suppport the original Circuit Switched Data (CSD) channel and a Bluetooth version that is fully tested and compatible with the way the Tiger XS has to use it. Because of this, the Tiger XS is rarely used for mobile phones anymore, but mostly in combination with the desktop unit.

To restore the intended mobility, Sectra introduced the Tiger 7401 as a replacement for the Tiger XS. The Tiger 7401 is a custom made mobile telephone with TEMPEST verified design that is capable of encrypting phone calls by itself. In 2014, this new device was ordered to replace the Tiger XS for high-level officials of the Dutch Ministery of Defense.


Encryption

The encryption algorithms used by the Sectra Tiger XS are secret, so we don't know whether public standard algorithms like AES and ECDH are used, or ones that are especially designed for the Dutch government, or a combination thereof. The algorithms and the encryption keys are created by the National Communications Security Bureau (Dutch: Nationaal Bureau voor Verbindingsbeveiliging or NBV), which is part of the General Intelligence and Security Service AIVD.

This bureau has approved the Tiger XS for communications up to and including the level Secret (in Dutch marked as Stg. Geheim) in 2007. In the Netherlands, there's no phone that is approved for communications at the level Top Secret (Stg. Zeer Geheim), so these matters cannot be discussed over phones that use public networks. This is different from the US, where there are secure telephones approved for Top Secret and even above.

Encrypted communications are only possible if both parties have the same key: the sender to encrypt the message and the receiver to decrypt it. This means that all people to which the prime minister needs a secure line, also have to have a Tiger XS. That's why we can see this device also on the desk of for example the Dutch foreign minister:



The desk of the Dutch foreign minister in 2013. Between the computer
and a Cisco 7965 IP phone we see the Sectra Tiger XS Office.
(photo: Ministerie van Buitenlandse Zaken - Click for the full picture)


Management

Besides encrypting phone calls and text messages, the Tiger XS also provides user authentication, so one can be sure to talk to the right person. For the actual implementation of these features there are centrally managed user groups.

This remote management, which includes supplying up-to-date phonebooks and encryption keys for the Tiger XS devices is provided by Fox-IT, a Dutch cybersecurity company founded in 1999. Since Dutch state secrets are involved, it is considered essential that this remote management is in the hands of a trusted Dutch partner.

The partnership between Fox-IT for the management and Sectra as the supplier of the hardware was established in 2007 by the VECOM (Veilige Communicatie or Secure Communications) contract. Under this contract all Dutch cabinet members and high-level officials of their departments are provided with secure phones.


Usage

The Tiger XS has also been installed at all government departments in order to provide secure fax transmissions, for example to distribute the necessary documents for the weekly Council of Ministers meeting. Dutch embassies and military units deployed overseas probably also use the Tiger XS for securing satellite communications. For this, Sectra also made a manpack communications set which uses the Tiger XS.

The fact that the Tiger XS uses highly sensitive technology and secret encryption methods, also means that it is not possible to use this device to make secure phone calls to for example foreign heads of state. That's the reason why, as we can see in the picture below, prime minister Rutte used his standard non-secure phone when he was called by US president Obama in 2010:



Prime minister Mark Rutte talks with president Obama
In front of him is probably his Blackberry
(photo: RVD, November 2, 2010)



The mobile phones of prime minister Rutte

Besides the three landline telephones, current prime minister Mark Rutte also uses an iPhone 4 and a Blackberry. He is seen with these devices on several photos and Rutte also confirmed that he uses a Blackberry when he publicly admitted that it accidently fell into a toilet in January 2011.

The iPhone is probably his private phone, because the Blackberry is the device used by Rutte's own Department of General Affairs, as well as by other departments, including those of Foreign Affairs and Social Affairs. Blackberrys are preferred by many companies and governments because they provide standard end-to-end encryption for chat and e-mail messages through the Blackberry Enterprise Server (BES).



Prime minister Rutte showing his iPhone during
a school visit in Heerhugowaard, September 3, 2014


Blackberrys do not encrypt voice, but the Dutch computer security company Compumatica has developed a solution called CompuMobile, which consists of a MicroSD card that can be inserted into a Blackberry and then encrypts phone calls and text messages by using the AES 256 and ECDH algorithms. CompuMobile has been approved for communications at the lowest Dutch classification level (Departementaal Vertrouwelijk) in 2012, but whether government departments actually use it, is not known.

Without this security measure, phone calls from both the iPhone and the Blackberry of prime minister Rutte can rather easily be intercepted by foreign intelligence agencies, just like NSA apparently did with the non-secure cell phone of his German counterpart.




The prime minister's phones in 2006

The telephones that are currently installed in the office of prime minister Mark Rutte can be compared with those from his predecessor, prime minister Jan Peter Balkenende. From his office we have this picture, which gives a great view on the communication devices on his desk:



Former prime minister Jan Peter Balkenende (left) being interviewed
by Willem Breedveld (right) in his Torentje office, May 2006.
(photo: Werry Crone/Trouw - Click for the full picture)


In this picture we see from the left to the right the following three phones, all of them provided by KPN, the former state owned landline operator of the Netherlands:
1. Ericsson DBC212 (black)
2. Siemens Vox 415 (gray)
3. Ericsson Vox 120 (white)



1. The Ericsson DBC212

This is the same telephone which is still in use today, as we could see in the pictures above. It's a common office telephone made by the Swedish company Ericsson and which is part of the internal private branch exchange (PBX) network of the Department of General Affairs.


2. The Siemens Vox 415

The dark gray Vox 415 was an ordinary telephone from a series that was manufactured by Siemens for both home and office use. For private customers this model was sold by KPN under the name Bari 10.

This phone has no security features whatsoever, but as it is in the same place where later the Sectra Tiger XS Office sits, it seems very likely the Vox 415 was also used for secure communications.

For that, it was probably connected to a separate encryption device, maybe one that was compatible with the PNVX, the secure phone which was manufactured by Philips and used by the Dutch government since the late 1980s.


3. The Ericsson Vox 120

The Vox 120 was the business version of a telephone developed by Ericsson around 1986 and that was sold for home use under the name Twintoon. Attached to the back is a separate speaker unit so a third person can listen in to a conversation.

In the bottom left corner the phone has a black label with its extension number for the National Emergency Network (Dutch: Nationaal Noodnet or NN). This was a separate network which enabled government agencies to communicate with emergency services when the public telephone network collapsed.

The National Emergency Network was established in 1991 and was operated by KPN. It had some 5500 connections for 2500 end users, like the departments of the national government, city halls, hospitals, and local police and firefighter headquarters. As of January 2012, it was replaced by the IP-based Emergency Communications Provision NCV (see above).



Links and sources
- Background article in Dutch: De wereld van staatsgeheim geheim (2007)
- Academic paper about Secure Text Communication for the Tiger XS (pdf) (2006)
- The first version: Tiger XS Mobile security terminal (2005)