How GCHQ Tracks Internet Users

The Intercept has a new story from the Snowden documents about the UK’s surveillance of the Internet by the GCHQ:

The mass surveillance operation ­ code-named KARMA POLICE­ was launched by British spies about seven years ago without any public debate or scrutiny. It was just one part of a giant global Internet spying apparatus built by the United Kingdom’s electronic eavesdropping agency, Government Communications Headquarters, or GCHQ.

[…]

One system builds profiles showing people’s web browsing histories. Another analyzes instant messenger communications, emails, Skype calls, text messages, cell phone locations, and social media interactions. Separate programs were built to keep tabs on “suspicious” Google searches and usage of Google Maps.

[…]

As of March 2009, the largest slice of data Black Hole held—41 percent—was about people’s Internet browsing histories. The rest included a combination of email and instant messenger records, details about search engine queries, information about social media activity, logs related to hacking operations, and data on people’s use of tools to browse the Internet anonymously.

Lots more in the article. The Intercept also published 28 new top secret NSA and GCHQ documents.

Tags: , , , , , , ,

Posted on September 29, 2015 at 6:16 AM41 Comments

Comments

Curious September 29, 2015 6:59 AM

Btw, I was looking over this article that I hadn’t read until today, and looking over the last part of that article, I want to point out that any argument that allude to there being a ‘balance’, is probably nonsense, as if it could be a sensible argument when it’s not.

At the very end of the article from Sept. 17, there is a quote from a Mr. Nicholas Lansman , a representative from ISPA (Internet Service Providers Association in UK):

“It is important to get the balance right between privacy, security, maintaining user trust and the cost to industry, as key issues such as retaining third party data, judicial oversight and data hosted abroad are discussed,”

The very absurdity of there possibly being a so called “balance” between such vague things like ‘privacy, ‘security’, ‘maintaining user trust’, and ‘the cost to industry’ can be understood both as a lack of a stated ‘problem’, and as a use of a metaphor for try achieve some other metaphorical meaning (maybe similar to using a ‘dead metaphor’ that for itself has no meaning). I’d say that, for it to make sense that there to be a “balance” between such vague things, is wishful thinking, or simply being dirty damn lie. The word “balance” is thus just a “positive” word.

Like with the design and support for various computer games, “balancing” something usually means changing something about the gameplay, thus not being the alluded equilibrium that would otherwise be the only meaningful part of a act of balancing. The only equilibrium to be had with regard to being pragmatic that makes sense, would be the notion of simply solving a social/policy issue, by deciding on things, something that has nothing to do with using ‘balance’ as a metaphor at all.

“MI5 chief calls for more up-to-date surveillance powers”
http://www.theguardian.com/world/2015/sep/17/mi5-chief-calls-for-more-up-to-date-surveillance-powers

parrot September 29, 2015 7:16 AM

It may be just me, but I feel anxious, frustrated, and increasingly suspicious that novel revelations are coming from the Snowden archive two and a half years later. I don’t know what to make of it. Is there so much material that it is not feasible to go faster? Is the Intercept performing journalistic checks that are so rigorous that their staff can’t manage any better? Is the Intercept stringing it out for profit? Are there some external forces deliberately causing slowdowns to publish?

At some point, these are going to be so stale that agencies will be able to say, “Yes, that was a dark time in our history, but that was our predecessors and we’ve changed.” Then the whole problem gets swallowed by the magic of bureaucratic democracy.

Winter September 29, 2015 7:26 AM

I posted a link in the Friday Squid Blogging to a report on standards oversight of national intelligence agencies. It was quite late in the cycle so I do not think many have seen it. It is relevant as it quotes a lot of case law from the European Court of Human Rights who are not very pleased by such behavior.

Comparing the opinions of the court with the behavior of GCHQ leaves one with the opinion that, on the whole, GCHQ are run by criminals. Which is no news, I suppose.

Ten standards for oversight and transparency of national intelligence services: custodiet ipsos custodes
https://blog.cyberwar.nl/2015/07/report-ten-standards-for-oversight-and-transparency-of-national-intelligence-services-july-2015-eskens-van-daalen-van-eijk/

1: Intelligence services need to be subject to oversight that is complete.
2: Oversight should encompass all stages of the intelligence cycle.
3: Oversight of the intelligence services should be independent.
4: Oversight should take place prior to the imposition of a measure.
5: Oversight bodies should be able to declare a measure unlawful and provide for redress.
6: Oversight should incorporate the adversary principle.
7: Oversight bodies should have sufficient resources to perform effective oversight.
8: Intelligence services and their oversight bodies should provide layered transparency.
9: Oversight bodies, civil society and individuals should be able to receive and access information about surveillance.
10: Companies and other private legal entities should be able to publish aggregate information on surveillance orders they receive.

Thom September 29, 2015 7:28 AM

Very strange that this is a much, much bigger story that telephony metadata yet has only received a passing mention by the mainstream press. I fear that these revelations are losing their impact and the public at large has internalized perpetual, worldwide surveillance as the new normal.

KARMA CHAMELEON September 29, 2015 9:08 AM

London used to attract its fair share of NGOs, international human rights activists and political refugees, reassured by the supposedly democratic foundations of the country and the tradition of respect towards personal liberties.

I wonder what all these vulnerable people are thinking now as they read that their extremely sensitive communications have been systematically targeted, recorded, cross-referenced and shipped around the world, shared with — at the very least — all members of the FEYES fraternity (which, according to the Snowden revelations, includes contractors and private deals that bring the number of people with clearance up to a few dozen million).

Stephen Mainwaring September 29, 2015 9:09 AM

Some of us have banging on about this since 2007. It is totally clear that ISPs were complicit in this and it is totally clear ministers knew what was going on.

Back then we had a really hard time convincing the media to run with such articles. And so it seems even now, when the evidence is available the media still will not run with it.

Catherine September 29, 2015 9:16 AM

“Karma Police” is surprisingly on-the-nose – almost as honest as outright naming it Operation “Thought Police”.

It’s like the genius who came up with the name wasn’t even a little bit concerned that it was going to be leaked eventually.

Bob S. September 29, 2015 9:30 AM

This vast intrusion doesn’t speak well of the British government in relation to fundamental human rights. So much for the Magna Carta, etc. Indeed, the American Revolution was fought in part due to intrusive General Warrant physical searches of homes and businesses by the British government/corporation.

No chance of revolt here in the USA again however. Our government whole heartedly supports ransacking our electronic communications and devices using the excuse we are all targets or adversaries, euphemisms for the enemy.

No wonder Americans are so dissatisfied with Congress and government. As for the Brits, ….?

Riccardo Cabeza September 29, 2015 10:28 AM

No word on how the American Government protects it’s citizens from alien surveillance.

Presumably there is no NSA protection offered in order to get around the last vestiges of useless US law, therefore making US citizens vulnerable to every other bad guy and government on the planet.

Simply stated the US Government actively harms its citizenry, including sitting members of congress, because it can. Without the benefit of…any benefits or even due process, just the way the founding fathers wanted.

Thank God there is no ‘evidence laundering’ or ‘parallel construction’ whereby some faceless vindictive Government employee could abuse the domestic surveillance system to physically harm US Citizens.

Yes, we scan! September 29, 2015 10:31 AM

Well, as a British citizen you know you’re up the creek without a paddle when yuou read that the NSA guys praise their GCHQ counterparts for the amount of shit they can get away with! All I can say is I’m glad I don’t live in the UK.

Safe Harbour September 29, 2015 10:49 AM

Makes you wonder what these scumbags tell their families when they get back home from work.

“Good day at the office?”
“Yeah, the usual the usual stuff: I recorded the browsing history of a few million people in the country (none of whom have anything whatsoever to do with terrorism), I “hunted” a few dozen civilian sys admins to obtain access to their databases and steal their clients’ data, I fucked up some critical infrastructure in Eastern Europe, hacked a few hundred unpatched Windows boxes belonging to completely innocent people around the world (in case we need to use them as unsuspecting launchpads to perform DDoS or spread malware), and recorded the IP addresses of several thousand people in the UK who visited YouPorn today, in case we need to blackmail our own citizens at some point in the near future.”

me September 29, 2015 11:02 AM

Airstrip one…

As far as drip drip drip goes.. If they know you have, say, C:\FISACOURT*.pdf and during two and a half years only one doc from that folder has been published, isn’t there an inherent message that, hey, get your sh*t together before we publish another one?

The clock is ticking…

Elda Fishler September 29, 2015 11:04 AM

I’m not sure whether people have given some thought to the implications of this bit: a system that automatically analyzes cell phone locations in real time. Until now, the official stand was that telecoms could sometimes triangulate a user’s location based on cell phone signal and that this data could, under very special circumstances, be retrieved through a court order. What we’re reading here paints a very different picture. GCHQ automatically records and analyzes the real-time location of every person in the country. Basically, we’ve all been fitted with an electronic tag, like pedophiles, beaming or exact location to the GCHQ (and presumably its foreign allies) every second of the day, every day of the year. I can’t believe mainstream newspapers in the country are covering this one up!

TascoBlossom September 29, 2015 11:08 AM

Know what’s worse? A nation of liars, cheats and thieves.
An army of scumbags who can each be bought for a small amount of money, who knowingly participate in money laundering and identity theft and who know what they’re doing, but later claim they didn’t realize the money originated from fraud and extortion nor that the money was being sent overseas to some of the most wicked organizations on the planet. How ’bout them people?

parrot September 29, 2015 11:12 AM

@Safe Harbour

More like:

“Good day at the office?”

“Yep. Saving the world from evil.”

I’m reminded of a C.S. Lewis quote:

“Of all tyrannies, a tyranny exercised for the good of its victims may be the most oppressive. It may be better to live under robber barons than under omnipotent moral busybodies. The robber baron’s cruelty may sometimes sleep, his cupidity may at some point be satiated; but those who torment us for our own good will torment us without end, for they do so with the approval of their own conscience.”

croco mix September 29, 2015 11:24 AM

Recoding visits to porn sites and cross-referencing ip addresses… thats some nasty stuff! You’d have to be nuts to browse the internet from the UK without tor etc.

Johnny Tinklenberg September 29, 2015 11:31 AM

@TascoBlossom

You know what’s really bad too? Hemorrhoids! So let’s insert malware in every one of the 7 billion cell phones around the world! That’ll teach ’em piles.

Sam September 29, 2015 11:49 AM

The article talks about the Radiohead songs and notes the lyric “This is what you’ll get, when you mess with us.” The song it a bit more cynical than that though, especially in the current context – “arrest this man he talks in math” etc – and then also:

Yorke explained that the song was about stress and “having people looking at you in that certain [malicious] way” … “It’s for someone who has to work for a large company. This is a song against bosses. F*ck the middle management!” … “not entirely serious, I hope people will realize that.”

It might be that some of the people doing the grunt work – writing the code and making the platform operational – knew that it was a terrible goal but reckoned they could slide an in-joke past a manager.

sweater tea September 29, 2015 11:52 AM

Those who don’t live in the UK might not realise that, here, the internet comes censored out of the box, courtesy of David Cameron (joining the ranks of such freedom-loving nations as China, Iran, Syria, South Sudan and Yemen). It turns out that the very man who gave passionate speeches proudly defending what he euphemistically calls “family filters” spent his university years sticking his meat and two veg into severed pigs’ heads. You couldn’t make it up.

CallMeLateForSupper September 29, 2015 12:19 PM

@Yes, we scan!
“All I can say is I’m glad I don’t live in the UK.”

Lest you really do feel relief, understand that GCHQ readily shares this booty with the rest of Five Eyes. Besidees, because of the way the internet works, even your email to Aunt Tillie who lives across town might well travel through several foreign countries, G.B. among them..

If I recall correctly, upwards of 150 undersea cables land on G.B.’s shores. You can bet that every one of them feeds GCHQ’s numerous maws.

name.withheld.for.obvious.reasons September 29, 2015 1:01 PM

Bet there is a rational for not providing other-site indirection, it may lie with you to determine the reason for this non-appropriation. My apologizes for commenting here, torn between subjective observation and a general notice to the comm.

name.withheld.for.obvious.reasons September 29, 2015 1:22 PM

OOPS–seems I DIDN’T speak too soon…reference the following URL (text linkage only, filter as necessary). If it wasn’t disconcerting enough, here’s an update for you Bruce…

https:[slash,slash]cryptome[dot.addr]org[slash]2015[slash]09[slash]gchq-illegal-spying-us.htm

A Ghost of its Former Self September 29, 2015 2:00 PM

We need to realize that once people become aware of the hanky-panky occurring they take counter measures to circumvent the eavesdropping. Here is just one BIG example:

All the eavesdropping by England and the USA could not even detect the 21 million Top Secret Investigations being stolen.
Now China, Russia, Iraq and Iran have reached a comprehensive accord to fight the Islamic State leaving the USA military and Intelligence clueless.

Whatever happened to the “the War on Terror” fight guys?

Instead our huge security apparatus is being used to control the USA population (the Pope’s visit) and fight petty internal crime.

Is spying (even on friends) a way to build a productive relationship? Who’s proud to be an American?

We need to realize that once people become aware of the hanky-panky occurring

dizzy snail September 29, 2015 2:48 PM

As the GCHQ busily records and cross-references the IP addresses and geolocation data of all the participants in this thread, @Bruce: how about a .onion mirror for those who want the option, please?

unbob September 29, 2015 3:06 PM

There was a brief moment with the Snowden revelations where the general public’s perception almost aligned with those in the security and privacy communities. These days if you mention Snowden all most remember is something about metadata at best.

Anura September 29, 2015 3:23 PM

@dizzy snail

They also track everyone who uses Tor, in fact, probably more so than people who read this blog.

BoppingAround September 29, 2015 4:25 PM

Safe Harbour,
Don’t ask, don’t tell. Just like for any other cheeky line of work (mafia and other organised crime activities come to mind).

Even better when the person does not realise what they are [really] doing.

Clive Robinson September 29, 2015 5:23 PM

@ CallMeLate…,

Besidees, because of the way the internet works, even your email to Aunt Tillie who lives across town might well travel through several foreign countries, G.B. among them..

You need to go take a closer look at RIPA.

Basically it’s any part of the infrastructure that can be reached from the UK. That is your air-gapped home network in the deepest darkest cave in the most remote part of the globe, is fair game if it connects in some way to a network that can be reached from the UK no matter how improbably.

Thus your air-gaped network with the usuall PC speakers and microphone, and where there is a phone in the same room at some point is as far as the UK is concerned covered by RIPA…

tyr September 29, 2015 6:42 PM

I cannot think of a more horrible job than rummaging
though the contents of the crap on the Net for some
scrap that might be useful (for some values of useful).
For every spark of real information you’d have to wade
the stream of porn, cookie recipes, spam, Nigerian
prince Phishing, and the totally boring shite that is
most peoples email exchanges. The Spooks deserve to
spend their time doing this while the world falls apart
around them. Anyone assigned to read the Tor and Bruce
material probably thinks they have died and gone to an
imagined heaven. I read a lot of comment threads and
you won’t find much there unless you’re a Kraft-Ebbing
fanboy. This Blog is different.

There’s not much commentary about the SOF deployments
to 135 different countries which seem to be clandestine
and without much in the way of oversight. The IC seem to
have positioned themselves as a world government without
the consent of the governed. Like the Ancien Regime of
France who thought they had it made, hubris isn’t a
real gameplan for long term viability.

Daniel September 29, 2015 6:50 PM

“I fear that these revelations are losing their impact and the public at large has internalized perpetual, worldwide surveillance as the new normal.”

No, I don’t think so. What I think is that people are accepting a reality “until the night of the long knives”. Eventually the USSR fell. This regime too.

The World is Laughing September 29, 2015 8:19 PM

We learned that every digital form of communication in Afghanistan was being monitored by American British Intelligence years ago.
So how were 500 Taliban able to take over a city and send 3000 Afghanistan police and soldiers running away?
Do you become invisible once you remove your cell phone battery? LOL!

After the wimp attack was over they turned on their cell phones and took selfies for all the world to see! The humiliation and impotency of our intelligence services was highlighted by the American national news.

r September 29, 2015 10:16 PM

@unused

Do you become invisible once you remove your cell phone battery?

yeah, pretty much.

not counting the license plate readers and intersection cams right?

better to start collecting phones for replicant now, bottom line —

don’t take your little brother anywhere.
he’s probably on payroll and you can damn well bet he’ll rat you out to mom or big brother the very first chance he gets.

Karma Revolution September 30, 2015 12:52 AM

Yes, the internet is totally pwned by the military-spook-corporate buddies complex.

Everything they can get their hands on will be monitored in real time and fed into their monstrous systems in the final end-game. There is simply no longer any doubt.

Until the night of the long knives and we see enemies of the state strung up by their feet (like those old black and white photos they should be taking note of), there will be no end to the data harvesting.

The rank abuses we face in the meantime will simply boggle the mind, let alone the full realisation by the people that the shadow government is actually being fully run by the intelligence agencies everywhere.

Corrupt and perverted as they already are.

Notice they never catch a filthy financial fraudster, king-pin CIA traffickers, ‘The Fast and the Furious’ scandal-makers, or take-down their buddy cartel members etc. Funny that.

This is not possible with the technology already at their disposal, unless it is purposeful avoidance and wasting their time on those that challenge the status quo i.e. anyone who is not a .01%er.

This is the reason no bastard ever pulls the plug on these shit-eaters, and that is because they are already subject to blackmail e.g. think of Cameron-style photos with your crown jewels in the maw of an animal….

z September 30, 2015 7:15 AM

@unbob

Agreed, and I think the metadata story was probably not the right one with which to lead. It’s hard to explain why people should care about metadata. The first Snowden story was always going to stick in the public’s mind better than the rest. It should have been something easier to care about.

albert September 30, 2015 10:41 AM

@CallMeLateForSupper,
@Yes, we scan!,
.
At least in the US, we can still call ’em douchebags…at least, for now. Apparently, US citizens in the UK can do so as well.

. .. . .. _ _ _

tyr September 30, 2015 5:30 PM

Apparently the Rus military has unplugged their cellphone
batteries. The cries of we didn’t know about their airstrkes
in Syria make the entire IC bunch look like idiots again.
You’d think that 5 years would be long enough to get some
surveillance in place around and over Syria. It seems the
hunt for teenaged girlie selfies has consumed their time.

Expect pleas for more money because their data haystack is
too big to manage thanks to Spandam Alexanders clown act.

(mandatory scurrilous ant-Brit sarcasm goes here to waste
GCHQs time) Snouting is the new outing for the posh

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.