Showing posts with label Surveillance. Show all posts
Showing posts with label Surveillance. Show all posts

Sunday, November 10, 2013

The Dark Road from the Clipper Chip to PRISM Reveals 'Crypto Wars' Never Ended



Back in the 1990s, security researchers and privacy watchdogs were alarmed by government demands that hardware and software firms build "backdoors" into their products, the millions of personal computers and cell phones propelling communication flows along the now-quaint "information superhighway."

Never mind that the same factory-installed kit that allowed secret state agencies to troll through private communications also served as a discrete portal for criminal gangs to loot your bank account or steal your identity.

To make matters worse, instead of the accountability promised the American people by Congress in the wake of the Watergate scandal, successive US administrations have worked assiduously to erect an impenetrable secrecy regime backstopped by secret laws overseen by secret courts which operate on the basis of secret administrative subpoenas, latter day lettres de cachet.

But now that all their dirty secrets are popping out of Edward Snowden's "bottomless briefcase," we also know the "Crypto Wars" of the 1990s never ended.

Documents published by The Guardian and The New York Times revealed that the National Security Agency "actively engages the US and IT industries" and has "broadly compromised the guarantees that internet companies have given consumers to reassure them that their communications, online banking and medical records would be indecipherable to criminals or governments."

"Those methods include covert measures to ensure NSA control over setting of international encryption standards," The Guardian disclosed, along with "the use of supercomputers to break encryption with 'brute force', and--the most closely guarded secret of all--collaboration with technology companies and internet service providers themselves."

According to The New York Times, NSA "had found ways inside some of the encryption chips that scramble information for businesses and governments, either by working with chipmakers to insert back doors or by surreptitiously exploiting existing security flaws, according to the documents."

In fact, "vulnerabilities" inserted "into commercial encryption systems" would be known to NSA alone. Everyone else, including commercial customers, are referred to in the documents as "adversaries."

The cover name for this program is Project BULLRUN. An agency classification guide asserts that "Project BULLRUN deals with NSA's abilities to defeat the encryption used in specific network communication technologies. BULLRUN involves multiple sources, all of which are extremely sensitive. They include CNE [computer network exploitation], interdiction, industry relationships, collaboration with other IC entities, and advanced mathematical techniques."

In furtherance of those goals, the agency created a "Commercial Solutions Center (NCSC) to leverage sensitive, cooperative relationships with industry partners" that will "further NSA/CSS capabilities against encryption used in network communications technologies," and already "has some capabilities against the encryption used in TLS/SSL. HTTPS, SSH, VPNs, VoIP, WEBMAIL, and other network communications technologies."

Time and again, beginning in the 1970s with the publication of perhaps the earliest NSA expos矇 by Ramparts Magazine, we learned that when agency schemes came to light, if they couldn't convince they resorted to threats, bribery or the outright subversion of the standard setting process itself, which destroyed trust and rendered all our electronic interactions far less safe.

Tunneling underground, NSA, telcos and corporate tech giants worked hand-in-glove to sabotage what could have been a free and open system of global communications, creating instead the Frankenstein monster which AT&T whistleblower Mark Klein denounced as a "Big Brother machine."

The Secret State and the Internet

Five years after British engineer Tim Berners-Lee, Belgian computer scientist Robert Cailliau and their team at CERN developed a system for assembling, and sharing, hypertext documents via the internet, which they dubbed the World Wide Web, in 1994 the Clinton administration announced it would compel software and hardware developers to install what came to known as the "Clipper Chip" into their products.

The veritable explosion of networked communication systems spawned by the mass marketing of easy-to-use personal computers equipped with newly-invented internet browsers, set off a panic amongst political elites.

How to control these seemingly anarchic information flows operating outside "normal" channels?

In theory at least, those doing the communicating--academics, dissidents, journalists, economic rivals, even other spies, hackers or "terrorists" (a fungible term generally meaning outsider groups not on board with America's imperial goals)--were the least amenable users of the new technology and would not look kindly on state efforts to corral them.

As new communication systems spread like wildfire, especially among the great unwashed mass of "little people," so too came a stream of dire pronouncements that the internet was now a "critical national asset" which required close attention and guidance.

President Clinton's Commission on Critical Infrastructure Protection released a report that called for a vast increase in funding to protect US infrastructure along with one of the first of many "cyberwar" tropes that would come to dominate the media landscape.

"In the cyber dimension," the report breathlessly averred, "there are no boundaries. Our infrastructures are exposed to new vulnerabilities--cyber vulnerabilities--and new threats--cyber threats. And perhaps most difficult of all, the defenses that served us so well in the past offer little protection from the cyber threat. Our infrastructures can now be struck directly by a variety of malicious tools."

And when a commercial market for cheap, accessible encryption software was added to the mix, security mandarins at Ft. Meade and Cheltenham realized the genie would soon be out of the bottle.

After all they reasoned, NSA and GCHQ were the undisputed masters of military-grade cryptography who had cracked secret Soviet codes which helped "win" the Cold War. Were they to be out maneuvered by some geeks in a garage who did not share or were perhaps even hostile to the "post-communist" triumphalism which had decreed America was now the world's "indispensable nation"?

Technological advances were leveling the playing field, creating new democratic space in the realm of knowledge creation accessible to everyone; a new mode for communicating which threatened to bypass entrenched power centers, especially in government and media circles accustomed to a monopoly over the Official Story.

US spies faced a dilemma. The same technology which created a new business model worth hundreds of billions of dollars for US tech corporations also offered the public and pesky political outliers across the political spectrum, the means to do the same.

How to stay ahead of the curve? Why not control the tempo of product development by crafting regulations, along with steep penalties for noncompliance, that all communications be accessible to our guardians, strictly for "law enforcement" purposes mind you, by including backdoors into commercially available encryption products.

Total Information Awareness 1.0

Who to turn to? Certainly such hush-hush work needed to be in safe hands.

The Clinton administration, in keeping with their goal to "reinvent government" by privatizing everything, turned to Mykotronx, Inc., a California-based company founded in 1983 by former NSA engineers, Robert E. Gottfried and Kikuo Ogawa, mining gold in the emerging information security market.

Indeed, one of the firm's top players was Ralph O'Connell, was described in a 1993 document published by Computer Professionals for Social Responsibility (CPSR) as "the father of COMSEC" and the "Principle NSA Technical Contact" on Clipper and related cryptography projects.

A 1993 Business Wire release quoted the firm's president, Leonard J. Baker, as saying that Clipper was "a good example of the transfer of military technology to the commercial and general government fields with handsome cost benefits. This technology should now pay big dividends to US taxpayers."

It would certainly pay "big dividends" to Mykotronx's owners.

Acquired by Rainbow Technologies in 1995, and eventually by Military-Industrial-Surveillance Complex powerhouse Raytheon in 2012, at the time the Los Angeles Times reported that "Mykotronx had been privately held, and its owners will receive 1.82 million shares of Rainbow stock--making the deal worth $37.9 million."

The Clipper chip was touted by the administration as a simple device that would protect the private communications of users while also allowing government agents to obtain the keys that unlocked those communications, an early manifestation of what has since become know as law enforcement's alleged "going dark" problem.

Under color of a vague "legal authorization" that flew in the face of the 1987 Computer Security Act (CSA), which sought to limit the role of the National Security Agency in developing standards for civilian communications systems, the administration tried an end-run around the law through an export ban on Clipper-free encryption devices overseen by the Commerce Department.

This wasn't the first time that NSA was mired in controversy over the watering down of encryption standards. During the development of the Data Encryption Standard (DES) by IBM in the 1970s, the agency was accused of forcing developers to implement changes in the design of its basic cipher. There were strong suspicions these changes had weakened the algorithm to such a degree that one critical component, the S-box, had been altered and that a backdoor was inserted by NSA.

Early on, the agency grasped CSA's significance and sought to limit damage to global surveillance and economic espionage programs such as ECHELON, exposed by British and New Zealand investigative journalists Duncan Campbell and Nicky Hager.

Before the 1987 law was passed however, Clinton Brooks, a Special Assistant to NSA Director Lieutenant General William Odom, wrote a Top Secret Memorandum which stated: "In 1984 NSA engineered a National Security Decision Directive, NSDD-145, through the Reagan Administration that gave responsibility for the security of all US information systems to the Director of NSA, removing NBS [National Bureau of Standards] from this."

Conceived as a follow-on to the Reagan administration's infamous 1981 Executive Order 12333, which trashed anemic congressional efforts to rein-in America's out-of-control spy agencies, NSDD-145 handed power back to the National Security Agency and did so to the detriment of civilian communication networks.

Scarcely a decade after Senator Frank Church warned during post-Watergate hearings into government surveillance abuses, that NSA's "capability at any time could be turned around on the American people, and no American would have any privacy left, such is the capability to monitor everything: telephone conversations, telegrams, it doesn't matter . . . there would be no place to hide," the agency was at it with a vengeance.

"This [NSDD-145] also stated," Brooks wrote, "that we would assist the private sector. This was viewed as Big Brother stepping in and generated an adverse reaction" in Congress that helped facilitate passage of the Act.

Engineered by future Iran-Contra felon, Admiral John Poindexter, President Reagan's National Security Adviser who would later serve as President George W. Bush's Director of DARPA's Information Awareness Office, the Pentagon satrapy that brought us the Total Information Awareness program, NSDD-145 stated that the "Director, National Security Agency is designated the National Manager for Telecommunications and Automated Information Systems Security."

NSA's new mandate meant that the agency would "act as the government focal point for cryptography, telecommunications systems security, and automated information systems security."

Additionally, NSA would "conduct, approve, or endorse research and development of techniques and equipment for telecommunications and automated information systems security for national security information."

But it also authorized the agency to do more than that, granting it exclusive authority to "review and approve all standards, techniques, systems and equipments for telecommunications and automated information systems security." As well, NSA was directed to "enter into agreements for the procurement of technical security material and other equipment, and their provision to government agencies, where appropriate, to private organizations, including government contractors, and foreign governments."

In other words, NSA was the final arbiter when it came to setting standards for all government and private information systems; quite a coup for the agency responsible for standing-up Project MINARET, the Cold War-era program that spied on thousands of antiwar protesters, civil rights leaders, journalists and members of Congress, as recently declassified documents published by the National Security Archive disclosed.

NSA Games the System

Although the Computer Security Act passed unanimously by voice vote in both Houses of Congress, NSA immediately set-out to undercut the law and did so by suborning the National Bureau of Standards, now the National Institute of Standards and Technology (NIST).

The battle over the Clipper Chip would be the template for future incursions by the agency for the control, through covert infiltration, of regulatory bodies overseeing civilian communications.

According to the Clinton White House, Clipper "would provide Americans with secure telecommunications without compromising the ability of law enforcement agencies to carry out legally authorized wiretaps."

Neither safe nor secure, Clipper instead would have handed government security agencies the means to monitor all communications while giving criminal networks a leg up to do the same.

In fact, as the Electronic Privacy Information Center (EPIC) discovered in documents unearthed through the Freedom of Information Act, the underlying algorithm deployed in Clipper, Skipjack, had been developed by NSA.

Cryptography expert Matt Blaze wrote a now famous 1994 paper on the subject before the algorithm was declassified, Protocol Failure in the Escrowed Encryption Standard: "The EES cipher algorithm, called 'Skipjack', is itself classified, and implementations of the cipher are available to the private sector only within tamper-resistant modules supplied by government-approved vendors. Software implementations of the cipher will not be possible. Although Skipjack, which was designed by the US National Security Agency (NSA), was reviewed by a small panel of civilian experts who were granted access to the algorithm, the cipher cannot be subjected to the degree of civilian scrutiny ordinarily given to new encryption systems."

This was precisely as NSA and the Clinton administration intended.

A partially declassified 1993 NSA memo noted that "there will be vocal public doubts expressed about having a classified algorithm in the device we propose for the US law enforcement problem, the CLIPPER chip, we recommend the following to address this." We don't know what those agency recommendations were, however; more than 20 years after the memo was written they remain secret.

The memo continued: "If such people agree to this clearance and non disclosure process, we could go over the algorithm with them to let them develop confidence in its security, and we could also let them examine the detail design of the CLIPPER chip made for the US law enforcement problem to assure themselves that there were no trapdoors or other techniques built in. This would likely require crypto-mathematicians for the algorithm examination and microelectronics chip design engineers for the chip examination."

But the extreme secrecy surrounding Skipjack's proposed deployment in commercial products was the problem. Even if researchers learned that Clipper was indeed the government-mandated backdoor they feared, non-disclosure of these facts, backed-up by the threat of steep fines or imprisonment would hardly assure anyone of the integrity of this so-called review process.

"By far, the most controversial aspect of the EES system," Blaze wrote, "is key escrow."

"As part of the crypto-synchronization process," Blaze noted, "EES devices generate and exchange a 'Law Enforcement Access Field' (LEAF). This field contains a copy of the current session key and is intended to enable a government eavesdropper to recover the cleartext."

"The LEAF copy of the session key is encrypted with a device-unique key called the 'unit key,' assigned at the time the EES device is manufactured. Copies of the unit keys for all EES devices are to be held in 'escrow' jointly by two federal agencies that will be charged with releasing the keys to law enforcement under certain conditions."

What those conditions were however, was far from clear. In fact, as we've since learned from Snowden's cache of secret documents, even when the government seeks surveillance authorization from the FISA court, the court must rely on government assurances that dragnet spying is critical to the nation's security. Such assurances, FISA court judge Reggie B. Walton noted, were systematically "misrepresented" by secret state agencies.

That's rather rich considering that Walton presided over the farcical "trial" that upheld Bush administration demands to silence FBI whistleblower Sibel Edmonds under the state secrets privilege. Edmonds, a former contract linguist with the Bureau charged that top FBI officials had systematically covered-up wrongdoing at its language division and had obstructed agents' attempts to roll-up terrorist networks before and after the 9/11 provocation, facts attested to by FBI whistleblower Coleen Rowley in her 2002 Memo to then-FBI Director Robert Mueller.

In 2009, Walton wrote that "The minimization procedures proposed by the government in each successive application and approved and adopted as binding by the orders of the FISC have been so frequently and systemically violated that it can fairly be said that this critical element of the overall BR regime has never functioned effectively."

"The Court," Walton averred, "must have every confidence that the government is doing its utmost to ensure that those responsible for implementation fully comply with the Court's orders. The Court no longer has such confidence."

Predating those critical remarks, a heavily-redacted 1993 Memo to then-Special Assistant to the President and future CIA chief, George Tenet, from FBI Director William Sessions noted that NSA "has developed a new encryption methodology and computer chip which affords encryption strength vastly superior to DES [Digital Encryption Standard], yet which allows for real time decryption by law enforcement, acting pursuant to legal process. It is referred to as 'Clipper'."

[Two redacted paragraphs] "if the devices are modified to include the 'Clipper' chip, they would be of great value to the Federal, state and local law enforcement community, especially in the area of counter narcotics, investigations, where there is a requirement to routinely communicate in a secure fashion."

But even at the time Sessions' memo was written, we now know that AT&T; provided the Drug Enforcement Administration "routine access" to "an enormous AT&T; database that contains the records of decades of Americans' phone calls," The New York Times reported, and had done so since 1987 under the auspices of DEA's Hemisphere Project.

Furthermore, in the wake of Snowden revelations we also learned that listening in on the conversations of drug capos is low on NSA's list of priorities. However, programs like X-KEYSCORE and TEMPORA, which copies all data flowing along fiber optic cables, encrypted and unencrypted alike, at petabyte scales, is supremely useful when it comes to building profiles of internet users by intelligence agencies.

This was an implicit goal of Clinton administration maneuvers to compel developers to insert Clipper into their product designs.

According to Sessions, "the 'Clipper' methodology envisions the participation of three distinct types of parties." [Redacted] It is proposed that the second party, the two custodians of the 'split' key infostructure [sic], be comprised of two disinterested and trustworthy non law enforcement Government agencies or entities. Although, such decision and selection are left for the Administration, a list of reccommended [sic] agencies and entities has been prepared (and included in the text), [redacted]. This party would administer and oversee all facets of the 'Clipper' program and methodology."

Based on NSDD-145's mandate, one can assume "this party" would be NSA, the agency that designed the underlying algorithm that powered Clipper.

The Sessions memo averred: "The Clipper chip provides law enforcement access by using a special chip key, unique to each device. In the AT&T TSD 3600, a unique session key is generated, external to the Clipper chip for each call."

"This session key," the memo explained, "is given to the chip to control the encryption algorithm. A device unique 'chip key' is programmed into each Clipper at the time of manufacture. When two TSD 3600s go to secure operation, the device gives out its identification (ID) number and the session key encrypted in its chip key."

Underlining a key problem with Clipper technology Sessions noted, "Anyone with access to the chip key for that identified device will be able to recover the session key and listen to the transmission simultaneously with the intended receiver. This design means that the list of chip keys associated with the chip ID number provides access to all Clipper secured devices, and thus the list must be carefully generated and protected. Loss of the list would preclude legitmate [sic] access to the encrypted information and compromise of the list could allow unauthorized access."

In fact, that "anyone" could include fabulously wealthy drug gangs or bent corporations with the wherewithal to buy chip keys from suborned government key escrow agents!

Its ubiquity would be a key selling-point for universal deployment. The memo explained, "the NSA developed chip based 'Clipper' solution works with hardware encryption applications, such as those which might be used with regard to certain telecommunications and computers devices," which of course would allow unlimited spying by "law enforcement."

Such vulnerabilities built into EES chip keys by design not only enabled widespread government monitoring of internet and voice traffic, but with a few tweaks by encryption-savvy "rogues" could be exploited by criminal organizations.

In his 1994 paper Blaze wrote that "a rogue system can be constructed with little more than a software modification to a legal system. Furthermore, while some expertise may be required to install and operate a rogue version of an existing system, it is likely that little or no special skill would be required to install and operate the modified software."

"In particular," Blaze noted, "one can imagine 'patches' to defeat key escrow in EES-based systems being distributed over networks such as the Internet in much the same way that other software is distributed today."

In the intervening years since Blaze observed how easy it would be to compromise key escrow systems by various bad actors, governments or criminals take your pick, the proliferation of malware powered botnets that infect hundreds of thousands of computers and smart phones every day--for blanket surveillance, fraud, or both--is a fact of life.

It didn't help matters when it emerged that "escrow agents" empowered to unlock encrypted communications would be drawn from the National Institute of Standards and Technology and the Automated Services Division of the Treasury Department, government outposts riddled with "No Such Agency" moles.

As EPIC pointed out, "Since the enactment of the Computer Security Act, the NSA has sought to undercut NIST's authority. In 1989, NSA signed a Memorandum of Understanding (MOU) which purported to transfer back to NSA the authority given to NIST."

The MOU required that NIST request NSA's "assistance" on all matters related to civilian cryptography. In fact, were NIST and NSA representatives on the Technical Working Group to disagree on standards, the ultimate authority for resolving disputes would rest solely with the Executive Branch acting through the President, the Secretary of Defense and the National Security Council, thus undercutting the clear intent of Congress when they passed the 1987 Computer Security Act.

EPIC noted: "The memorandum effectively returned to NSA many of the powers rejected by the Computer Security Act. The MOU contained several key goals that were to NSA's benefit, including: NSA providing NIST with 'technical security guidelines in trusted technology, telecommunications security, and personal identification that may be used in cost-effective systems for protecting sensitive computer data;' NSA 'initiating research and development programs in trusted technology, telecommunications security, cryptographic techniques and personal identification methods'; and NSA being responsive to NIST 'in all matters related to cryptographic algorithms and cryptographic techniques including but not limited to research, development, evaluation, or endorsement'."

A critique of the Memorandum in 1989 congressional testimony by the General Accounting Office (GAO) emphasized: "At issue is the degree to which responsibilities vested in NIST under the act are being subverted by the role assigned to NSA under the memorandum. The Congress, as a fundamental purpose in passing the act, sought to clearly place responsibility for the computer security of sensitive, unclassified information in a civil agency rather than in the Department of Defense. As we read the MOU, it would appear that NIST has granted NSA more than the consultative role envisioned in the act."

Five years after the GAO's critical appraisal, NSA's coup was complete.

"In 1994," EPIC noted, "President Clinton issued Presidential Decision Directive (PDD-29). This directive created the Security Policy Board, which has recommended that all computer security functions for the government be merged under NSA control."

Since PDD-29 was issued matters have only gotten worse. In fact, NIST is the same outfit exposed in Snowden documents published by The Guardian and The New York Times that allowed NSA to water down encryption and build backdoors into the Dual EC DRBG standard adopted by the Institute in 2006.

"Eventually, NSA became the sole editor."

Besieged by widespread opposition, the Clinton administration was out maneuvered in the court of public opinion and by 1996 had abandoned Clipper. However, this proved to be a pyrrhic victory for security-minded researchers and civil libertarians as we have since learned from Edward Snowden's revelations.

Befitting a military-intelligence agency, the dark core of America's deep state, NSA was fighting a long war--and they were playing for keeps.

Wednesday, October 2, 2013

US Cyber Command: Documents Reveal Pentagon Launching Covert Cyber Attacks



In 2008, the Armed Forces Journal published a prescient piece by Colonel Charles W. Williamson III, a staff judge advocate with the Air Force Intelligence, Surveillance and Reconnaissance Agency at Lackland Air Force Base in Texas, the National Security Agency listening post focused on intercepting communications from Latin America, the Middle East and Europe.

Titled "Carpet bombing in cyberspace," Col. Williamson wrote that "America needs a network that can project power by building an af.mil robot network (botnet) that can direct such massive amounts of traffic to target computers that they can no longer communicate and become no more useful to our adversaries than hunks of metal and plastic. America needs the ability to carpet bomb in cyberspace to create the deterrent we lack."

While Williamson's treatise was fanciful (a DDoS attack can't bring down an opponent's military forces, or for that matter a society's infrastructure), he had hit upon a theme which Air Force researchers had been working towards since the 1980s: the development of software-based weapons that can be "fired" at an adversary, potentially as lethal as a bomb dropped from 30,000 feet.

Two years later, evidence emerged that US and Israeli code warriors did something far more damaging.

Rather than deploying an "af.mil" botnet against Iran's civilian nuclear infrastructure at Natanz, they unleashed a destructive digital worm, Stuxnet. In the largest and most sophisticated attack to date, more than 1,000 centrifuges were sent spinning out of control, "no more useful" to Iranian physicists "than hunks of metal and plastic."

A line had been crossed, and by the time security experts sorted things out, they learned that Stuxnet and its cousins, Duqu, Flame and Gauss, were the most complex pieces of malware ever designed, the opening salvo in the cyberwar that has long-guided the fevered dreams of Pentagon planners.

'Plan X'

Today, that destructive capability exists under the umbrella of US Cyber Command (USCYBERCOM), one which has the potential of holding the world hostage.

Last year the Pentagon allocated $80 million dollars to defense giant Lockheed Martin for ongoing work on the National Cyber Range (NCR), a top secret facility that designs and tests attack tools for the government.

Under terms of the five year contract, Lockheed Martin and niche malware developers have completed work on a test-bed housed in a "specially architected sensitive compartmented information facility with appropriate security protocols" that "emulates the public internet and other networks, and provides for the modeling of cyber attacks."

Originally developed by the Defense Advanced Research Projects Agency (DARPA), the Pentagon's geek squad, NCR has gone live and was transitioned last year to the Office of the Secretary of Defense, federal contracts uncovered by NextGov revealed.

As Antifascist Calling reported back in 2009, "NCR will potentially serve as a new and improved means to bring America's rivals to their knees. Imagine the capacity for death and destruction implicit in a tool that can . . . cause an adversary's chemical plant to suddenly release methyl isocynate (the Bhopal effect) on a sleeping city, or a nuclear power plant to go supercritical, releasing tens of billions of curies of radioactive death into the atmosphere?"

NextGov also reported that the "Pentagon is seeking technology to coordinate and bolster cyberattack capabilities through a funding experiment called 'Plan X,' contract documents indicate."

A notice from DARPA's Information Innovation Office (I2O) informs us that "Plan X is a foundational cyberwarfare program to develop platforms for the Department of Defense to plan for, conduct, and assess cyberwarfare in a manner similar to kinetic warfare. Towards this end the program will bridge cyber communities of interest from academe, to the defense industrial base, to the commercial tech industry, to user-experience experts." (emphasis added)

Although DARPA claims "Plan X will not develop cyber offensive technologies or effects," the program's Broad Agency Announcement, DARPA-BAA-13-02: Foundational Cyberwarfare (Plan X), explicitly states: "Plan X will conduct novel research into the nature of cyberwarfare and support development of fundamental strategies needed to dominate the cyber battlespace. Proposed research should investigate innovative approaches that enable revolutionary advances in science, devices, or systems."

The document also gives notice that DARPA will build "an end-to-end system that enables the military to understand, plan, and manage cyberwarfare in real-time" as an "open platform architecture for integration with government and industry technologies."

The Military & Aerospace Electronics web site reported that DARPA has "chosen six companies so far to define ways of understanding, planning, and managing military cyber warfare operations in real-time, large-scale, and dynamic networks."

Collectively worth some $74 million, beneficiaries of taxpayer largesse include "Data Tactics Corp. in McLean, Va.; Intific Inc. in Peckville Pa.; Raytheon SI Government Solutions in Arlington, Va.; Aptima Inc. in Woburn Mass.; Apogee Research LLC in McLean, Va.; and the Northrop Grumman Corp. Information Systems segment in McLean, Va."

Additional confirmation of US government plans to militarize the internet were revealed in top secret documents provided by former NSA contractor-turned-whistleblower Edward Snowden. Those documents show that the Pentagon's goal of "dominating cyberspace" are one step closer to reality; a nightmare for privacy rights and global peace.

Such capabilities, long suspected by security experts in the wake of Stuxnet, are useful not only for blanket domestic surveillance and political espionage but can also reveal the deepest secrets held by commercial rivals or geostrategic opponents, opening them up to covert cyber attacks which will kill civilians if and when the US decides that critical infrastructure should be been switched off.

Before a cyber attack attack can be launched however, US military specialists must have the means to tunnel through or around security features built into commercial software sold to the public, corporations and other governments.

Such efforts would be all the easier if military specialists held the keys that could open the most secure electronic locks guarding global communications. According to Snowden, NSA, along with their corporate partners and private military contractors embarked on a multiyear, multibillion dollar project to defeat encryption through the subversion of the secure coding process.

Media reports published by Bloomberg Businessweek, The Wall Street Journal and The Washington Post, also revealed that US intelligence agencies are employing "elite teams of hackers" and have sparked "a new arms race" for cyberweapons where the "most enticing targets in this war are civilian--electrical grids, food distribution systems, any essential infrastructure that runs on computers," Businessweek noted.

Confirming earlier reporting, The Washington Post disclosed that the US government "carried out 231 offensive cyber-operations in 2011, the leading edge of a clandestine campaign that embraces the Internet as a theater of spying, sabotage and war, according to top-secret documents" provided by Snowden to the Post.

Since its 2009 stand-up as a "subordinate unified command" under US Strategic Command (USSTRATCOM), whose brief includes space operations (military satellites), information warfare (white, gray and black propaganda), missile defense, global command and control, intelligence, surveillance and reconnaissance (ISR), as well as global strike and strategic deterrence (America's first-strike nuclear arsenal), Cyber Command has grown from 900 personnel to a force that will soon expand to more than "4,900 troops and civilians," The Washington Post reported earlier this year.

Under the USSTRATCOM umbrella, the organization is comprised of "Army Cyber Command (ARCYBER); Air Forces Cyber (AFCYBER); Fleet Cyber Command (FLTCYBERCOM); and Marine Forces Cyber Command (MARFORCYBER)."

"The Command," according to a 2009 Defense Department Fact Sheet, "is also standing up dedicated Cyber Mission Teams" that "conduct full spectrum military cyberspace operations in order to enable actions in all domains, ensure US/Allied freedom of action in cyberspace and deny the same to our adversaries."

The Defense Department Memorandum authorizing it's launch specified that the Command "must be capable of synchronizing warfighting effects across the global security environment as well as providing support to civil authorities and international partners."

In written testimony to the Senate Armed Services Committee during 2010 confirmation hearings, NSA head General Keith Alexander agreed, and The New York Times reported that Cyber Command's target list would "include civilian institutions and municipal infrastructure that are essential to state sovereignty and stability, including power grids, banks and financial networks, transportation and telecommunications."

But what various "newspapers of record" still fail to report is that the deliberate targeting of civilian infrastructure are war crimes that cause catastrophic loss of life and incalculable suffering, as US attacks on the former Yugoslavia, Iraq and more recently, Libya, starkly demonstrate.

In a portrait of Alexander published earlier this summer by Wired, James Bamford noted that for years the US military has "been developing offensive capabilities, giving it the power not just to defend the US but to assail its foes. Using so-called cyber-kinetic attacks, Alexander and his forces now have the capability to physically destroy an adversary's equipment and infrastructure, and potentially even to kill."

While the specter of a temporary "interruption of service" haunt modern cities with blackout or gridlock, a directed cyberattack focused on bringing down the entire system by inducing widespread technical malfunction would transform "the vast edifices of infrastructure" into "so much useless junk," according to urban geographer Stephen Graham.

In Cities Under Siege, Graham discussed the effects of post-Cold War US/NATO air bombing campaigns and concluded that attacks on civilian infrastructure were not accidental; in fact, such "collateral damage" was consciously designed to inflict maximum damage on civilian populations.

"The effects of urban de-electrification," Graham wrote, "are both more ghastly and more prosaic: the mass death of the young, the weak, the ill, and the old, over protracted periods of time and extended geographies, as water systems and sanitation collapse and water-borne diseases run rampant. No wonder such a strategy has been called a 'war on public health,' an assault which amounts to 'bomb now, die later'."

A further turn in US Cyber Command's brief to plan for and wage aggressive war, was telegraphed in a 2012 Defense Department Directive mandating that autonomous weapons systems and platforms be built and tested so that humans won't lose control once they're deployed.

There was one small catch, however.

According to Deputy Secretary of Defense Ashton Carter, a former member of the Board of Trustees at the spook-connected MITRE Corporation, the Directive explicitly states it "does not apply to autonomous or semi-autonomous cyberspace systems for cyberspace operations."

Presidential Policy Directive 20: Authorizing 'Cyber-Kinetic' War Crimes

We now know, based on documents provided by Edward Snowden, that President Barack Obama "has ordered his senior national security and intelligence officials to draw up a list of potential overseas targets for US cyber-attacks," according to the 18-page top secret Presidential Policy Directive 20 published by The Guardian.

Though little commented upon at the time due to the avalanche of revelations surrounding dragnet domestic surveillance carried out by NSA, in light of recent disclosures by The Washington Post on America's bloated $52.6 billion 2013 intelligence budget, PPD-20 deserves close scrutiny.

With Syria now in Washington's crosshairs, PPD-20 offers a glimpse into Executive Branch deliberations before the military is ordered to "put steel to target."

The directive averred that Offensive Cyber Effects Operations (OCEO) "can offer unique and unconventional capabilities to advance US national objectives around the world with little or no warning to the adversary or target and with potential effects ranging from subtle to severely damaging."

These are described in the document as "cyber effects," the "manipulation, disruption, denial, degradation, or destruction of computers, information or communications systems, networks, physical or virtual infrastructure controlled by computers or information systems, or information resident thereon."

To facilitate attacks, the directive gives notice that "cyber collection" will entail "Operations and related programs or activities conducted by or on behalf of the United States Government, in or through cyberspace, for the primary purpose of collecting intelligence--including information that can be used for future operations--from computers, information or communications systems, or networks with the intent to remain undetected."

Such clandestine exercises will involve "accessing a computer, information system, or network without authorization from the owner or operator of that computer, information system, or network or from a party to a communication or by exceeding authorized access."

In fact, PPD-20 authorizes US Cyber Command to "identify potential targets of national importance where OCEO can offer a favorable balance of effectiveness and risk as compared with other instruments of national power."

Indeed, the "directive pertains to cyber operations, including those that support or enable kinetic, information, or other types of operations . . . that are reasonably likely to result in 'significant consequences'" to an adversary.

We are informed that "malicious cyber activity" is comprised of "Activities, other than those authorized by or in accordance with US law, that seek to compromise or impair the confidentiality, integrity, or availability of computers, information or communications systems, networks, physical or virtual infrastructure controlled by computers or information systems, or information resident thereon."

In other words, if such activities are authorized by the President acting as Commander-in-Chief under the dubious "Unitary Executive" doctrine, like Richard Nixon, Obama now claims that "when the President does it that means that it is not illegal," a novel reading of the US Constitution and the separation of powers as it pertains to declaring and waging war!

"Military actions approved by the President and ordered by the Secretary of Defense authorize nonconsensual DCEO [Defensive Cyber Effects Operations] or OCEO, with provisions made for using existing processes to conduct appropriate interagency coordination on targets, geographic areas, levels of effect, and degrees of risk for the operations."

This has long been spelled out in US warfighting doctrine and is fully consistent with the Pentagon's goal of transforming cyberspace into an offensive military domain. In an Air Force planning document since removed from the web, theorists averred:

Cyberspace favors offensive operations. These operations will deny, degrade, disrupt, destroy, or deceive an adversary. Cyberspace offensive operations ensure friendly freedom of action in cyberspace while denying that same freedom to our adversaries. We will enhance our capabilities to conduct electronic systems attack, electromagnetic systems interdiction and attack, network attack, and infrastructure attack operations. Targets include the adversary's terrestrial, airborne, and space networks, electronic attack and network attack systems, and the adversary itself. As an adversary becomes more dependent on cyberspace, cyberspace offensive operations have the potential to produce greater effects. (Air Force Cyber Command, "Strategic Vision," no date)

Those plans were made explicit in 2008, when the Air Force Research Lab issued a Broad Agency Announcement entitled Dominant Cyber Offensive Engagement and Supporting Technology, BAA-08-04-RIKA.

Predating current research under "Plan X" to build "an end-to-end system that enables the military to understand, plan, and manage cyberwarfare in real-time," the earlier notification solicited bids from private military contractors to build cyberweapons.

We learned that the Air Force, now US Cyber Command, the superseding authority in the realm of cyberweapons development, a mandate made explicit in PPD-20, was "interested in technology to provide the capability to maintain an active presence within the adversaries information infrastructure completely undetected. Of interest are any and all techniques to enable stealth and persistence capabilities on an adversaries infrastructure."

"This could be a combination of hardware and/or software focused development efforts."

"Following this," the solicitation read, "it is desired to have the capability to stealthily exfiltrate information from any remotely-located open or closed computer information systems with the possibility to discover information with previously unknown existence."

While the United States has accused China of carrying out widespread espionage on US networks, we know from information Snowden provided the South China Morning Post, that NSA and US Cyber Command have conducted "extensive hacking of major telecommunication companies in China to access text messages"; carried out "sustained attacks on network backbones at Tsinghua University, China's premier seat of learning"; and have hacked the "computers at the Hong Kong headquarters of Pacnet, which owns one of the most extensive fibre optic submarine cable networks in the region."

China isn't the only target of US industrial espionage.

Earlier this month, O Globo disclosed that "one of the prime targets of American spies in Brazil is far away from the center of power--out at sea, deep beneath the waves. Brazilian oil. The internal computer network of Petrobras, the Brazilian oil giant partly owned by the state, has been under surveillance by the NSA, the National Security Agency of the United States."

Top secret documents mined from the Snowden cache revealed that NSA employees are trained "step-by-step how to access and spy upon private computer networks--the internal networks of companies, governments, financial institutions--networks designed precisely to protect information."

In addition to Petrobras, "other targets" included "French diplomats--with access to the private network of the Ministry of Foreign Affairs of France--and the SWIFT network, the cooperative that unites over ten thousand banks in 212 countries and provides communications that enable international financial transactions. All transfers of money between banks across national borders goes through SWIFT," O Globo disclosed.

The 2008 Air Force solicitation stressed that the service was interested in "any and all techniques to enable exfiltration techniques on both fixed and mobile computing platforms are of interest. Consideration should be given to maintaining a 'low and slow' gathering paradigm in these development efforts to enable stealthy operation."

The Air Force however, was not solely interested in defense or industrial spying on commercial rivals; building offensive capabilities were viewed as a top priority. "Finally," the solicitation reads, "this BAA's objective includes the capability to provide a variety of techniques and technologies to be able to affect computer information systems through Deceive, Deny, Disrupt, Degrade, Destroy (D5) effects."

As Bloomberg Businessweek reported in 2011, recipients of that Broad Agency Announcement may have included any number of "boutique arms dealers that trade in offensive cyber weapons. Most of these are 'black' companies that camouflage their government funding and work on classified projects."

"Offensive Cyber Effects Operations" will be enhanced through the development and deployment of software-based weapons; the Obama administration's intent in PPD-20 is clear.

The US government "shall identify potential targets of national importance where OCEO can offer a favorable balance of effectiveness and risk as compared with other instruments of national power, establish and maintain OCEO capabilities integrated as appropriate with other US offensive capabilities, and execute those capabilities in a manner consistent with the provisions of this directive."

Evidence has since emerged these programs are now fully operational.

On the Attack: Economic, Political and Military 'Exploits'

Despite diplomatic posturing and much handwringing from the "humanitarian intervention" crowd, the Obama administration's itchy trigger finger is still poised above the attack Syria button.

The conservative Washington Free Beacon web site reported recently that US forces "are expected to roll out new cyber warfare capabilities during the anticipated military strike on Syria," and that the targets of "cyber attacks likely will include electronic command and control systems used by the Syrian military forces, air defense computers, and other military communications networks."

Whether or not that attack takes place, NSA and US Cyber Command are ramping-up their formidable resources and would not hesitate to use them if given the go-ahead.

This raises the question: what capabilities have already been rolled out?

"Under an extensive effort code-named GENIE, The Washington Post disclosed, "US computer specialists break into foreign networks so that they can be put under surreptitious US control."

According to top secret budget documents provided by Snowden, the Post revealed the "$652 million project has placed 'covert implants,' sophisticated malware transmitted from far away, in computers, routers and firewalls on tens of thousands of machines every year, with plans to expand those numbers into the millions."

"Of the 231 offensive operations conducted in 2011," the Post reported, "nearly three-quarters were against top-priority targets, which former officials say includes adversaries such as Iran, Russia, China and North Korea and activities such as nuclear proliferation. The document provided few other details about the operations."

As other media outlets previously reported, the Post noted that US secret state agencies "are making routine use around the world of government-built malware that differs little in function from the 'advanced persistent threats' that US officials attribute to China."

One firm featured in Bloomberg Businessweek's cyberwar expos矇 is Endgame Systems, which first gained notoriety as a result of the 2011 HBGary Federal hack by Anonymous.

The shadowy firm has received extensive funding from venture capitalists such as Bessemer Venture Partners, Columbia Capital, Kleiner Perkins Caufield & Byers and the intelligence-connected Paladin Capital Group.

Endgame is currently led by CEO Nathaniel Flick, previously the CEO of the "nonpartisan" Center for a New American Security (CNAS), a warmongering Washington think tank focused on "terrorism" and "irregular warfare."

Flick replaced Christopher Rouland, Endgame's founder and CEO in December 2012. A former hacker, Rouland was "turned" by the Air Force during the course of a 1990 investigation where he was suspected of breaking into Pentagon systems, Businessweek reported.

The Board of Directors is currently led by Christopher Darby, the President and CEO of the CIA's venture capital arm, In-Q-Tel. Earlier this year, the firm announced that Kenneth Minihan, a former NSA Director and managing partner at Paladin Capital had joined the Board.

According to Businessweek, Endgame specializes in militarizing zero-day exploits, software vulnerabilities which take months, or even years for vendors to patch; a valuable commodity for criminals or spooks.

"People who have seen the company pitch its technology," Businessweek averred, "say Endgame executives will bring up maps of airports, parliament buildings, and corporate offices. The executives then create a list of the computers running inside the facilities, including what software the computers run, and a menu of attacks that could work against those particular systems."

While the United States has accused the Technical Reconnaissance Bureau of China's People's Liberation Army of launching attacks and stealing economic secrets from US networks, American cyberoperations involve "what one budget document calls 'field operations' abroad, commonly with the help of CIA operatives or clandestine military forces, 'to physically place hardware implants or software modifications,'" according to The Washington Post.

"Endgame weaponry comes customized by region--the Middle East, Russia, Latin America, and China--with manuals, testing software, and 'demo instructions.'"

"There are even target packs for democratic countries in Europe and other US allies," Businessweek noted.

Readers will recall that Snowden documents have exposed how NSA has carried out widespread economic and political espionage against erstwhile "friends and allies" such as Brazil, France, Germany, India, the European Union and the United Nations.

Add to that list, Endgame exploits which are solely military in nature; in all probability these have been incorporated into NSA and US Cyber Command's repertoire of dirty tricks.

"Maui (product names tend toward alluring warm-weather locales) is a package of 25 zero-day exploits that runs clients $2.5 million a year," Businessweek reported. "The Cayman botnet-analytics package gets you access to a database of Internet addresses, organization names, and worm types for hundreds of millions of infected computers, and costs $1.5 million."

"A government or other entity could launch sophisticated attacks against just about any adversary anywhere in the world for a grand total of $6 million. Ease of use is a premium. It's cyber warfare in a box."

Sound familiar?

"An implant is coded entirely in software by an NSA group called Tailored Access Operations (TAO)," Snowden documents revealed. "As its name suggests, TAO builds attack tools that are custom-fitted to their targets," according to The Washington Post.

"The implants that TAO creates are intended to persist through software and equipment upgrades, to copy stored data, 'harvest' communications and tunnel into other connected networks" the Post disclosed.

"This year TAO is working on implants that 'can identify select voice conversations of interest within a target network and exfiltrate select cuts,' or excerpts, according to one budget document. In some cases, a single compromised device opens the door to hundreds or thousands of others."

This does much to explain why NSA's parallel, $800 million SIGINT Enabling Project stresses the importance of obtaining total global access and "full operating capacity" that can "leverage commercial capabilities to remotely deliver or receive information."

With "boutique arms dealers" and others from more traditional defense giants along for the ride, NSA and US Cyber Command hope their investment will help "shape the global network to benefit other collection accesses and allow the continuation of partnering with commercial Managed Security Service Providers and threat researchers, doing threat/vulnerability analysis."

"By the end of this year," the Post noted, "GENIE is projected to control at least 85,000 implants in strategically chosen machines around the world. That is quadruple the number--21,252--available in 2008, according to the US intelligence budget."

The agencies are now poised to expand the number of machines already compromised. "For GENIE's next phase, according to an authoritative reference document," the Post disclosed, "the NSA has brought online an automated system, code-named TURBINE, that is capable of managing 'potentially millions of implants' for intelligence gathering 'and active attack'."

It should be clear, given what we have learned from Edward Snowden and other sources, that the US government views the internet, indeed the entire planet, as a battlespace.

In congressional testimony earlier this year, General Alexander told the House Armed Services Committee that "Cyber offense requires a deep, persistent and pervasive presence on adversary networks in order to precisely deliver effects."

"We maintain that access, gain deep understanding of the adversary, and develop offensive capabilities through the advanced skills and tradecraft of our analysts, operators and developers."

With US Cyber Command fully funded and mobilized, those "offensive capabilities" are only a mouse click away.

Friday, July 12, 2013

ECHELON Today: The Evolution of an NSA Black Program



People are shocked by the scope of secret state spying on their private communications, especially in light of documentary evidence leaked to media outlets by former NSA contractor Edward Snowden.

While the public is rightly angered by the illegal, unconstitutional nature of NSA programs which seize and store data for retrospective harvesting by intelligence and law enforcement officials, including the content of phone calls, emails, geolocational information, bank records, credit card purchases, travel itineraries, even medical records--in secret, and with little in the way of effective oversight--the historical context of how, and why, this vast spying apparatus came to be is often given short shrift.

Revelations about NSA spying didn't begin June 5, 2013 however, the day when The Guardian published a top secret FISA Court Order to Verizon, ordering the firm turn over the telephone records on millions of its customers "on an ongoing daily basis."

Before PRISM there was ECHELON: the top secret surveillance program whose all-encompassing "dictionaries" (high-speed computers powered by complex algorithms) ingest and sort key words and text scooped-up by a global network of satellites, from undersea cables and land-based microwave towers.

Past as Prologue

Confronted by a dizzying array of code-named programs, the casual observer will assume the spymasters running these intrusive operations are all-knowing mandarins with their fingers on the pulse of global events.

Yet, if disastrous US policies from Afghanistan and Iraq to the ongoing capitalist economic meltdown tell us anything, it is that the American superpower, in President Nixon's immortal words, really is "a pitiful, helpless giant."

In fact, the same programs used to surveil the population at large have also been turned inward by the National Security State against itself and targets military and political elites who long thought themselves immune from such close attention.

Coupled with Snowden's disclosures, those of former NSA officer Russell Tice (first reported here and here), revealed that the agency--far in excess of the dirt collected by FBI spymaster J. Edgar Hoover in his "secret and confidential" black files--has compiled dossiers on their alleged controllers, for political leverage and probably for blackmail purposes to boot.

While Tice's allegations certainly raised eyebrows and posed fundamental questions about who is really in charge of American policy--elected officials or unaccountable securocrats with deep ties to private security corporations--despite being deep-sixed by US media, they confirm previous reporting about the agency.

When investigative journalist Duncan Campbell first blew the lid off NSA's ECHELON program, his 1988 piece for New Statesman revealed that a whistleblower, Margaret Newsham, a software designer employed by Lockheed at the giant agency listening post at Menwith Hill in North Yorkshire, England, stepped forward and told the House Permanent Select Committee on Intelligence in closed session, that NSA was using its formidable intercept capabilities "to locate the telephone or other messages of target individuals."

Campbell's reporting was followed in 1996 by New Zealand investigative journalist Nicky Hager's groundbreaking book, Secret Power, the first detailed account of NSA's global surveillance system. A summary of Hager's findings can be found in the 1997 piece that appeared in CovertAction Quarterly.

As Campbell was preparing that 1988 article, a report in the Cleveland Plain Dealer alleged that arch-conservative US Senator Strom Thurman was one target of agency phone intercepts, raising fears in political circles that "NSA has restored domestic, electronic, surveillance programmes," said to have been dialed-back in the wake of the Watergate scandal.

Ironically enough, congressional efforts to mitigate abuses by the intelligence agencies exposed by the Church and Pike Committees in the 1970s, resulted in the 1978 creation of the Foreign Intelligence Surveillance Court. However, as The New York Times reported July 7, that court "in more than a dozen classified rulings . . . has created a secret body of law giving the National Security Agency the power to amass vast collections of data on Americans," a "parallel Supreme Court" whose rulings are beyond legal challenge.

In an 88-page report on ECHELON published in 2000 by the Electronic Privacy Information Center (EPIC) Newsham said that when she worked on the development of SILKWORTH at the secret US base, described as "a system for processing information relayed from signals intelligence satellites," she told Campbell and other reporters, including CBS News' 60 Minutes, that "she witnessed and overheard" one of Thurman's intercepted phone calls.

Like Thomas Drake, the senior NSA official prosecuted by the Obama administration under the 1917 Espionage Act, for information he provided The Baltimore Sun over widespread waste, fraud and abuse in the agency's failed Trailblazer program, Newsham had testified before Congress and filed a lawsuit against Lockheed over charges of sexual harassment, "corruption and mis-spending on other US government 'black' projects."

A year earlier, in a 1999 on the record interview with the Danish newspaper Ekstra Bladet, Newsham spoke to journalists Bo Elkjaer and Kenan Seeberg, telling them of her "constant fear" that "certain elements" within the US secret state would "try to silence her"; a point not lost on Edward Snowden today.

"As a result," the newspaper reported, "she sleeps with a loaded pistol under her mattress, and her best friend is Mr. Gunther--a 120-pound German shepherd that was trained to be a guard and attack dog by a good friend in the Nevada State Police."

"To me," the whistleblower said, "there are only two issues at stake here: right or wrong. And the longer I worked on the clandestine surveillance projects, the more I could see that they were not only illegal, but also unconstitutional."

"Even then," between 1974 and 1984 when she worked on ECHELON, it "was very big and sophisticated."

"As early as 1979 we could track a specific person and zoom in on his phone conversation while he was communicating," Newsham averred. "Since our satellites could in 1984 film a postage stamp lying on the ground, it is almost impossible to imagine how all-encompassing the system must be today."

When queried about "which part of the system is named Echelon," Newsham told the reporters: "The computer network itself. The software programs are known as SILKWORTH and SIRE, and one of the most important surveillance satellites is named VORTEX. It intercepts things like phone conversations."

Despite evidence presented in her congressional testimony about these illegal operations, "no substantive investigation took place, and no report was made to Congress," Campbell later wrote.

"Since then," the British journalist averred, "investigators have subpoenaed other witnesses and asked them to provide the complete plans and manuals of the ECHELON system and related projects. The plans and blueprints are said to show that targeting of US political figures would not occur by accident, but was designed into the system from the start." (emphasis added)

This would explain why members of Congress, the federal Judiciary and the Executive Branch itself, as Tice alleges, tread lightly when it comes to crossing NSA. However, as information continues to emerge about these privacy-killing programs it should also be clear that the agency's prime targets are not "terrorists," judges or politicians, but the American people themselves.

In fact, as Snowden stated in a powerful message published by WikiLeaks: "In the end the Obama administration is not afraid of whistleblowers like me, Bradley Manning or Thomas Drake. We are stateless, imprisoned, or powerless. No, the Obama administration is afraid of you. It is afraid of an informed, angry public demanding the constitutional government it was promised--and it should be."

How did we get here? Is there a direct line from Cold War-era programs which targeted the Soviet Union and their allies, and which now, in the age of capitalist globalization, the epoch of planet-wide theft and plunder, now targets the entire world's population?

ECHELON's Roots: The UKUSA Agreement

Lost in the historical mists surrounding the origins of the Cold War, the close collaboration amongst Britain and the United States as they waged war against Nazi Germany and Imperial Japan, by war's end had morphed into a permanent intelligence-military alliance which predated the founding of NATO. With the defeat of the Axis powers, a new global division of labor was in the offing led by the undisputed superpower which emerged from the conflagration, the United States.

Self-appointed administrator over Europe's old colonial holdings across Africa, Asia and the Middle East (the US already viewed Latin America as its private export dumping ground and source for raw materials), the US used its unparalleled position to benefit the giant multinational American firms grown larger and more profitable than ever as a result of wartime economic mobilization managed by the state.

By 1946, the permanent war economy which later came to be known as the Military-Industrial Complex, a semi-command economy directed by corporate executives, based on military, but also on emerging high-tech industries bolstered by taxpayer-based government investments, was already firmly entrenched and formed the political-economic base on which the so-called "American Century" was constructed.

While resource extraction and export market domination remained the primary goal of successive US administrations (best summarized by the slogan, "the business of government is business"), advances in technology in general and telecommunications in particular, meant that the system's overlords required an intelligence apparatus that was always "on" as it "captured" the flood of electronic signals coursing across the planet.

The secret British and US agencies responsible for cracking German, Japanese and Russian codes during the war found themselves in a quandary. Should they declare victory and go home or train their sights on the new (old) adversary--their former ally, the Soviet Union--but also on home grown and indigenous communist and socialist movements more generally?

In opting for the latter, the UK-US wartime partnership evolved into a broad agreement to share signals and communications intelligence (SIGINT and COMINT), a set-up which persists today.

In 1946, Britain and the United States signed the United Kingdom-United States of America Agreement (UKUSA), a multilateral treaty to share signals intelligence amongst the two nations and Britain's Commonwealth partners, Canada, Australia and New Zealand. Known as the "Five Eyes" agreement, the treaty was such a closely-guarded secret that Australia's Prime Minister was kept in the dark until 1973!

In 2010, the British National Archives released previously classified Government Communications Headquarters (GCHQ) files that provide an important historical overview of the agreement. Also in 2010, the National Security Agency followed suit and published formerly classified files from their archives. Accompanying NSA's release was a 1955 amended version of the treaty.

It's secretive nature is clearly spelled out: "It will be contrary to this Agreement to reveal its existence to any third party unless otherwise agreed by the two parties."

In 2005, 2009 and 2013, The National Security Archive published a series of previously classified documents obtained from NSA under the Freedom of Information Act that revealed agency thinking on a range of subjects, from global surveillance to cyberwar.

What we have learned from these sources and reporting by Duncan Campbell and Nicky Hager, are that the five agencies feeding the surveillance behemoth, America's NSA, Britain's GCHQ, Canada's Communications Security Establishment (CSE), Australia's Defence Signals Directorate (DSD) and New Zealand's Government Communications Security Bureau (GCSB), are subdivided into first and second tier partners, with the US, as befitting a hyperpower, forming the "1st party" and the UK, Australia, Canada and New Zealand forming "2nd party" partners.

Under terms of UKUSA, intelligence "products" are defined as "01. Collection of traffic. 02. Acquisition of communications documents and equipment. 03. Traffic analysis. 04. Cryptanalysis. 05. Decryption and translation. 06. Acquisition of information regarding communications organizations, procedures, practices and equipment."

"Such exchange," NSA informed us, "will be unrestricted on all work undertaken except when specifically excluded from the agreement at the request of either party and with the agreement of the other."

"It is the intention of each party," we're told, "to limit such exceptions to the absolute minimum and to exercise no restrictions other than those reported and mutually agreed upon."

This certainly leaves wide latitude for mischief as we learned with the Snowden disclosures.

Amid serious charges that "Five Eyes" were illegally seizing industrial and trade secrets from "3rd party" European partners such as France and Germany, detailed in the European Parliament's 2001 ECHELON report, it should be clear by now that since its launch in 1968 when satellite communications became a practical reality, ECHELON has evolved into a global surveillance complex under US control.

The Global Surveillance System Today

The echoes of those earlier secret programs reverberate in today's headlines.

Last month, The Guardian reported that the "collection of traffic" cited in UKUSA has been expanded to GCHQ's "ability to tap into and store huge volumes of data drawn from fibre-optic cables for up to 30 days so that it can be sifted and analysed. That operation, codenamed Tempora, has been running for some 18 months."

Then on July 6, The Washington Post disclosed that NSA has tapped directly into those fiber optic cables, as AT&T; whistleblower Mark Klein described to Wired Magazine in 2006, and now scoops-up petabyte scale communications flowing through the US internet backbone. The agency was able to accomplish this due to the existence of "an internal corporate cell of American citizens with government clearances."

"Among their jobs documents show, was ensuring that surveillance requests got fulfilled quickly and confidentially."

Following up on July 10, the Post published a new PRISM slide from the 41-slide deck provided to the paper by Edward Snowden.

The slide revealed that "two types of collection" now occur. One is the PRISM program that collects information from technology firms such as Google, Apple and Microsoft. The second source is "a separate category labeled 'Upstream,' described as accessing 'communications on fiber cables and infrastructure as data flows past'."

Recently, Der Spiegel, reported that NSA averred the agency "does NOT target its 2nd party partners, nor request that 2nd parties do anything that is inherently illegal for NSA to do." This is an outright falsehood exposed by former Canadian Communications Security Establishment (CSE) officer Mike Frost.

In a 1997 CovertAction Quarterly expos矇, Frost recounted how "CSE operated alone or joined with NSA or GCHQ to: intercept communications in other countries from the confines of Canadian embassies around the world with the knowledge of the ambassador; aid politicians, political parties, or factions in an allied country to gain partisan advantage; spy on its allies; spy on its own citizens; and perform 'favors' that helped its allies evade domestic laws against spying."

"Throughout it all," Frost insisted, "I was trained and controlled by US intelligence which told us what to do and how to do it."

Everyone else, Der Spiegel reports, is fair game. "For all other countries, including the group of around 30 nations that are considered to be 3rd party partners, however, this protection does not apply. 'We can, and often do, target the signals of most 3rd party foreign partners,' the NSA boasts in an internal presentation."

It should also be clear that targeting isn't strictly limited to the governments and economic institutions of "3rd party foreign partners," but extends to the private communications of their citizens. Der Spiegel, citing documents supplied by Snowden, reported that the agency "gathered metadata from some 15 million telephone conversations and 10 million Internet datasets." The newsmagazine noted that "the Americans are collecting from up to half a billion communications a month in Germany," describing the surveillance as "a complete structural acquisition of data."

Despite hypocritical protests by European governments, on the contrary, Snowden disclosed that those "3rd party" partners are joined at the hip with their "Five Eyes" cousins.

In a recent interview with Der Spiegel, Snowden was asked if "German authorities or German politicians [are] involved in the NSA surveillance system?"

"Yes, of course. We're in bed together with the Germans the same as with most other Western countries. For example, we tip them off when someone we want is flying through their airports (that we for example, have learned from the cell phone of a suspected hacker's girlfriend in a totally unrelated third country--and they hand them over to us. They don't ask to justify how we know something, and vice versa, to insulate their political leaders from the backlash of knowing how grievously they're violating global privacy."

Disclosing new information on how UKUSA functions today, Snowden told the German newsmagazine: "In some cases, the so-called Five Eye Partners go beyond what NSA itself does. For instance, the UK's General [sic] Communications Headquarters (GCHQ) has a system called TEMPORA."

"TEMPORA," the whistleblower averred, "is the signals intelligence community's first 'full-take' Internet buffer that doesn't care about content type and pays only marginal attention to the Human Rights Act. It snarfs everything, in a rolling buffer to allow retroactive investigation without missing a single bit."

"Right now," Snowden said, "the buffer can hold three days of traffic, but that's being improved. Three days may not sound like much, but remember that that's not metadata. 'Full-take' means it doesn't miss anything, and ingests the entirety of each circuit's capacity. If you send a single ICMP packet and it routes through the UK, we get it. If you download something and the CDN (Content Delivery Network) happens to serve from the UK, we get it. If your sick daughter's medical records get processed at a London call center . . . well, you get the idea."

We do; and thanks to Edward Snowden we now know that everyone is a target.

Monday, July 1, 2013

New Documents Shed Light on NSA's Dragnet Surveillance



With the Obama administration in full damage control mode over revelations of blanket surveillance of global electronic communications, new documents published by The Guardian, including the draft of a 2009 report by the NSA's Inspector General marked Top Secret and a Secret 2007 Justice Department memo prepared for then US Attorney General Michael Mukasey, show that "a federal judge sitting on the secret surveillance panel called the Fisa court would approve a bulk collection order for internet metadata 'every 90 days'."

An unnamed "senior administration official" confirmed the existence of a Bush-era surveillance program which gobbled-up "vast amounts of records detailing the email and internet usage of Americans," but claimed, without evidence, that "it ended in 2001," according to The Guardian.

Early last month, the British newspaper began publishing documents provided by former NSA contractor Edward Snowden, including a Top Secret FISA court order to Verizon Business Services, which requires the firm "on an ongoing, daily basis" to hand over information on all telephone calls within its system.

The Wall Street Journal reported that the NSA's "monitoring of Americans includes customer records from the three major phone networks as well as emails and Web searches, and the agency also has cataloged credit-card transactions." The secret state's spying initiative "also encompasses phone-call data from AT&T; Inc. and Sprint Nextel Corp., records from Internet-service providers and purchase information."

Days later, The Washington Post revealed that the Bush administration's "warrantless wiretapping" program known as STELLAR WIND, had been succeeded by four "collection programs" two of which, MAINWAY and MARINA, "process trillions of 'metadata' records for storage and analysis."

Additional programs, the Post reported, operating "on a much smaller scale, are aimed at content," one of which "intercepts telephone calls and routes the spoken words to a system called NUCLEON."

Although the news outlets principally responsible for bringing these stories to light, principally The Guardian, Washington Post, South China Morning Post, and now Der Spiegel, have not (as yet) published complete sets of NSA documents, and their reporting has barely scratched the surface of content-siphoning deep packet inspection (DPI) programs for internet and telephone surveillance (indeed, PRISM may be a subset of larger and more pernicious programs that collect, analyze and store everything), what we have learned so far is deeply troubling and pose grave threats to civil liberties.

New PRISM Slides, More Questions

Filling in some of the blanks, on June 29 The Washington Post published four additional PRISM slides from the 41-slide deck provided to The Guardian and Post by Edward Snowden.

Confirming what civil libertarians, journalists and political analysts have long maintained, NSA can and probably does "acquire" anything an individual analyst might request as Snowden averred. This includes, according to new information provided by the Post: chats, email, file transfers, internet telephone, login/ID, metadata, photos, social networking, stored data in the cloud, video, video conferencing.

If that isn't a surveillance dragnet, then words fail.

Recall, that previous reporting disclosed that major US internet and high tech firms, Microsoft, Yahoo, Google, Facebook, PalTalk, YouTube, Skype, AOL and Apple gave NSA "direct access" to their systems.

"The program," according to The Guardian, "facilitates extensive, in-depth surveillance on live communications and stored information. The law allows for the targeting of any customers of participating firms who live outside the US, or those Americans whose communications include people outside the US."

"It also opens the possibility of communications made entirely within the US being collected without warrants," a near probability in this writer's opinion.

In a report that appeared the same day, The Washington Post disclosed that NSA and the FBI "are tapping directly into the central servers of nine leading U.S. Internet companies, extracting audio and video chats, photographs, e-mails, documents, and connection logs that enable analysts to track foreign targets," and that the agency "s accustomed to corporate partnerships that help it divert data traffic or sidestep barriers."

Although the firms all denied that they hand over customer data to the government, their self-serving claims are undercut by evidence that NSA-cleared company personnel, including "collection managers," send "content tasking instructions directly to equipment installed at company-controlled locations," rather than directly to company servers.

"Under Prism," the Associated Press reported, "the delivery process varied by company."

"Google, for instance, says it makes secure file transfers. Others use contractors or have set up stand-alone systems. Some have set up user interfaces making it easier for the government, according to a security expert familiar with the process."

"With Prism," AP reported, "the government gets a user's entire email inbox. Every email, including contacts with American citizens, becomes government property."

"Once the NSA has an inbox, it can search its huge archives for information about everyone with whom the target communicated. All those people can be investigated, too."

The slides published June 29 shed some light on how the process works. We learn for example that when an analyst "tasks" PRISM for information on a new "target," it is automatically passed on to a supervisor who "who reviews the 'selectors' or search terms. The supervisor must endorse the analyst's 'reasonable belief,' defined as 51 percent confidence, that the specified target is a foreign national who is overseas at the time of collection."

Tasking orders can be sent to multiple sources, "for example, to a private company and to an NSA access point that taps into the Internet's main gateway switches." (for background see: Mark Klein, Wiring Up the Big Brother Machine, Klein's affidavit in EFF's lawsuit, Hepting v. AT&T; and his groundbreaking 2006 piece for Wired Magazine).

The FBI "uses government equipment on private company property to retrieve matching information from a participating company, such as Microsoft or Yahoo and pass it without further review to the NSA." (see Verizon whistleblower Babak Pasdar's affidavit on how FBI "tasking" is accomplished via its Quantico circuit).

"For stored communications, but not for live surveillance" we're informed that the Bureau's Electronic Communications Surveillance Unit (ECSU) "consults its own databases to make sure the selectors do not match known Americans."

If this is what the Bureau is now claiming, it is disingenuous at best. In fact, as Antifascist Calling reported back in 2009, the FBI's Investigative Data Warehouse (IDW), a virtual Library of Babel, is a content management and data mining system with the ability to access and analyze aggregated data from some fifty hitherto separate datasets. That the Bureau would feel compelled to "minimize" domestic information it provides to a "sister" agency beggars belief.

In fact, one of the new PRISM slides reveal that from "the FBI's interception unit on the premises of private companies, the information is passed to one or more 'customers' at the NSA, CIA or FBI."

"Depending on the company," Barton Gellman and Todd Lindeman report, "a tasking may return e-mails, attachments, address books, calendars, files stored in the cloud, text or audio or video chats and 'metadata' that identify the locations, devices used and other information about a target."

Elapsed times from "tasking to response" from the above-named firms or other "partners" such as banks, credit card companies, etc. range from "minutes to hours." An unnamed "senior intelligence official" told the Post, "Much as we might wish otherwise, the latency is not zero."

"After communications information is acquired," the data is "processed and analyzed by specialized systems that handle voice, text, video and 'digital network information' that includes the locations and unique device signatures of targets."

We also learn how some of these code named systems function.

For example, PRINTURA is described as a tool "which automates the traffic flow." The Post reports that "the same FBI-run equipment sends the search results to the NSA." Once it is received, in bulk, "PRINTURA sorts and dispatches the data stream through a complex sequence of systems that extract and process voice, text, video and metadata."

Once dispatched from PRINTURA, described as a "librarian and traffic cop," SCISSORS and Protocol Exploitation "sort data types for analysis in NUCLEON (voice), PINWALE (video), MAINWAY (call records) and MARINA (internet records)."

While the Post claims that "systems identified as FALLOUT and CONVEYANCE appear to be the final filtering to reduce the intake of information about Americans," information provided by NSA whistleblower William Binney dispute such assertions.

In fact, Binney told investigative journalist James Bamford for his Wired Magazine piece on NSA's giant Utah Data Center, that the agency "could have installed its tapping gear at the nation's cable landing stations--the more than two dozen sites on the periphery of the US where fiber-optic cables come ashore. If it had taken that route, the NSA would have been able to limit its eavesdropping to just international communications, which at the time was all that was allowed under US law."

"Instead," the former cofounder of the agency's Signals Intelligence Automation Research Center (SARC) told Bamford that NSA "chose to put the wiretapping rooms at key junction points throughout the country--large, windowless buildings known as switches--thus gaining access to not just international communications but also to most of the domestic traffic flowing through the US."

"The network of intercept stations goes far beyond the single room in an AT&T; building in San Francisco exposed by a whistle-blower in 2006. 'I think there's 10 to 20 of them,' Binney says. 'That's not just San Francisco; they have them in the middle of the country and also on the East Coast'."

In other words, NSA's network of "secret rooms" were installed at key junctures that would facilitate, not "minimize" wholesale domestic surveillance.

Expanding on just how intrusive NSA "collection" programs are, Binney told The New Yorker in a Jane Mayer piece on the Obama regime's prosecution of NSA whistleblower Thomas Drake, that a surveillance program he helped design as SARC director, ThinThread, was "bastardized" after 9/11 and "stripped of privacy controls" that would filter out Americans' communications.

"'It was my brainchild,' Binney told Mayer. "'But they removed the protections, the anonymization process. When you remove that, you can target anyone.' He said that although he was not 'read in' to the new secret surveillance program, 'my people were brought in, and they told me, 'Can you believe they're doing this? They're getting billing records on US citizens! They're putting pen registers'--logs of dialed phone numbers--'on everyone in the country!'"

And they continue to do so today without one iota of oversight from a thoroughly compromised Congress.

New Programs Exposed

The programs described above all evolved from the Bush administration's so-called President's Surveillance Program, PSP, which has continued under Obama. As Antifascist Calling reported in 2009, citing a declassified 38-page report by inspectors general of the CIA, NSA, the Departments of Defense, Justice and the Office of the Director of National Intelligence, the report failed to disclose what these programs actually do, claiming they are "too sensitive" for an "unclassified setting."

Shrouded beneath impenetrable layers of secrecy and deceit, these undisclosed programs lie at the dark heart of the state's war against the American people.

For example, the DOJ's Office of the Inspector General described FBI participation in the PSP as that of a "passive recipient of intelligence collected under the program." Recent revelations by Edward Snowden expose such statements as bald-faced lies. And when the OIG claimed that Bureau efforts "to improve cooperation with the NSA to enhance the usefulness of PSP-derived information to FBI agents," that too, is a craven misrepresentation given what we now know about the key role the FBI plays in NSA's PRISM program.

However, the unclassified version of NSA's Inspector General's report on the PSP published by The Guardian paints a far-different picture.

A close reading of the document reveals that a federal judge sitting on the FISA would approve a bulk collection order for metadata "every 90 days," as long as it "involved" the "communications with at least one communicant outside the United States or for which no communicant was known to be a citizen of the United States".

"Eventually," Glenn Greenwald and Spencer Ackerman reported, the agency "gained authority to 'analyze communications metadata associated with United States persons and persons believed to be in the United States'."

Although the administration now claims that specific program ended in 2011, online collection of data on Americans continues today.

Last week The Guardian reported that NSA's Special Source Operations (SSO) directorate running PRISM is collecting and analyzing "significant amounts of data from US communications systems in the course of monitoring foreign targets."

"The NSA," Greenwald and Ackerman disclosed, "called it the 'One-End Foreign (1EF) solution'."

That program, code named EVIL OLIVE, was intended to broaden "the scope" of what it is able to surveil and relied, "legally, on 'FAA Authority', a reference to the 2008 Fisa Amendments Act that relaxed surveillance restrictions."

"This new system, SSO stated in December, enables vastly increased collection by the NSA of internet traffic. 'The 1EF solution is allowing more than 75% of the traffic to pass through the filter,' the SSO December document reads. 'This milestone not only opened the aperture of the access but allowed the possibility for more traffic to be identified, selected and forwarded to NSA repositories'."

After EVIL OLIVE's "deployment, traffic has literally doubled."

Referencing another NSA collection program, this one code named SHELL TRUMPET, an SSO official wrote that the program had just "processed its One Trillionth metadata record."

"Explaining that the five-year old program 'began as a near-real-time metadata analyzer ... for a classic collection system', the SSO official noted: 'In its five year history, numerous other systems from across the Agency have come to use ShellTrumpet's processing capabilities for performance monitoring' and other tasks, such as 'direct email tip alerting'," The Guardian reported.

These, and hitherto as yet unknown programs, are advancing by leaps and bounds due to technological breakthroughs, the result of tens of billions of taxpayer dollars showered on the agency in wake of the 9/11 provocation. As Greenwald and Ackerman reported, "almost half of those trillion pieces of internet metadata were processed in 2012, the document detailed: 'though it took five years to get to the one trillion mark, almost half of this volume was processed in this calendar year'."

"Another SSO entry," this one dated February 6, 2013, "described ongoing plans to expand metadata collection. A joint surveillance collection operation with an unnamed partner agency yielded a new program 'to query metadata' that was 'turned on in the Fall 2012'."

Two additional programs, code named MOON LIGHT PATH AND SPINNERET, "are planned to be added by September 2013." Curiously enough, this is when NSA's Utah Data Center is slated to "go live."

In fact, these programs and their siblings are useful not simply for harvesting metadata, but for "collecting" and storing all electronic communications, including their content; hence the rather circumspect reference to "direct email tip alerting."

Fully a transatlantic affair, Greenwald and Ackerman noted that another SSO entry dated September 21, 2012 revealed that a program called TRANSIENT THURIBLE is "'a new Government Communications Head Quarters (GCHQ) managed XKeyScore (XKS) Deep Dive was declared operational.' The entry states that GCHQ 'modified' an existing program so the NSA could 'benefit' from what GCHQ harvested."

There is much we do not yet know about these programs, how "collected" data is exploited by government agencies, nor the present and future implications for civil liberties and privacy in the United States and globally. What we do know however, is that the Obama administration, including their national security spokespeople and their media and political apologists are lying.