Van nieuwsblog.burojansen.nl

Coroner criticises intelligence agency for failing to report missing MI6 officer and rules he was probably killed unlawfully

The coroner in the Gareth Williams case delivered a damning verdict that was highly critical of the Metropolitan police’s counter-terrorism branch and MI6 as she ruled that the officer had probably been killed unlawfully.

The cause of death of Williams, 31, who was found padlocked in a holdall in the bath at his flat in Pimlico, central London, was “unnatural and likely to have been criminally mediated”, said Dr Fiona Wilcox.

Passing a narrative verdict, she said she was satisfied that “a third party placed the bag in the bath and on the balance of probabilities locked the bag”.

She was, therefore, “satisfied that on the balance of probabilities that Gareth was killed unlawfully”.

Wilcox levelled devastating criticism at Williams’s employers at MI6 who failed to report him missing for seven days when he did not turn up for work. The explanation from his line manager lacked credibility, she said, and she could “only speculate as to what effect this [delay] had on the investigation”.

The lawyer for the Secret Intelligence Service, Andrew O’Connor, delivered deep regrets and an unprecedented apology to the family from Sir John Sawers, chief of the SIS, who recognised that “failure to act more swiftly” when Williams was absent had contributed to their “anguish and suffering”.

Officers in the Met’s counter-terrorism branch, SO15, whose role was to interview SIS witnesses, were also strongly criticised. SO15 failed to inform DCI Jackie Sebire, senior investigating officer, of the existence of nine memory sticks and a black holdall found at Williams’ MI6 office until two days before the inquest ended, the coroner said. On discovering this, Wilcox said she had seriously questioned whether she should adjourn the inquest at that point.

No formal statements were taken by S015 officers who interviewed Williams’ colleagues, “and I find this did affect the quality of evidence heard in this court,” she said.

She also criticised the handling of an iPhone belonging to Williams and found in his work locker, which contained deleted images of him naked in a pair of boots. The officer involved kept it in his possession before handing it to homicide detectives the following day, “demonstrating disregard for the rules governing continuity of evidence”, she said.

Many agencies “fell short of the ideal”, she said, including LGC Forensics in relation to DNA contamination, and the coroner’s office for failing to inform police officers of a second postmortem.

Williams, a fitness fanatic from Anglesey, north Wales, was probably alive when put in the bag but probably suffocated very soon afterwards either from CO2 poisoning, hypercapnia, or the effects of a short-acting poison, she said.

Scotland Yard has always treated the death as suspicious and unexplained, but held back from describing it as murder or manslaughter. Recording her verdict, Wilcox stated her belief that a criminal hand was involved, although police said afterwards that there was no evidence of this. The Guardian understands police inquiries have focused on the theory that Williams died accidentally in a private sexual liaison that went wrong.

The coroner, however, ruled out bondage or auto-erotic activity as explanations.

The dead man’s family said in a statement that their grief had been exacerbated by the failure of his employers at MI6 to make “even the most basic inquiries of his whereabouts and welfare” when he was absent from work for seven days.

They were “extremely disappointed at the failure and reluctance of MI6” to provide relevant information and called on the Metropolitan police commissioner, Bernard Hogan-Howe, to conduct a review of how the investigation would proceed “in the light of the total inadequacy of S015’s investigations into MI6”.

Wilcox said there was no evidence to suggest that any SIS colleague had been involved, but it remained a legitimate line of inquiry given Williams socialised with so few people, and never let anyone he didn’t know into his flat. So any third party would be “someone he knew or someone there without invitation”.

An SIS spokesman said: “We fully co-operated with the police and will continue to do so during the ongoing investigation. We gave all the evidence to the police when they wanted it; at no time did we withhold any evidence.”

An iPhone found in his living room had recently been wiped and restored to factory settings, and it could not be ruled out that contact with a third party had been made via the internet on that phone, she said.

Wilcox was “sure that a third party moved the bag containing Gareth into the bath”. There were two possibilities: either he entered the bag outside the bathroom and it was carried in by a third party, or he was locked in the bag by a third party and lifted into the bath.

She dismissed an interest in bondage, and female clothing, as being irrelevant, condemning leaks to the media about him cross-dressing as a possible attempt “by some third party to manipulate a section of the evidence”.

She said: “Gareth was naked in a bag, not cross-dressed, not in high-heeled shoes.” If his interest was bondage, she would have expected much more internet activity on such websites, when his visits made up a tiny percentage of his browsing. His interest was in fashion, she said. Dismissing any auto-erotic activity, she said he was a “scrupulous risk assessor” and if he had locked himself into the bag would have taken a knife in with him to escape.

She said that despite a 21-month police inquiry: “Most of the fundamental questions in relation to how Gareth died remained unanswered.”

Detectives believe scientific tests on a crumpled green hand towel found in his flat may yet yield crucial DNA evidence, as the Metropolitan police launched a review into the case.

The towel was originally in the bathroom, and moved to the kitchen, police believe, by the “third party”. More tests are being conducted on the bag. The memory sticks, which have now been examined by police, are said not to have produced any significant evidence, but will be examined more closely.

Martin Hewitt, deputy assistant commissioner of the Met, said the circumstances of the death were particularly complex and continued to be the subject of a thorough investigation.

He added: “We have listened to the detailed ruling by the coroner and the concerns raised by Gareth’s family. We are giving both very careful consideration.”

Detectives were “currently undertaking actions in order to develop existing DNA profiles, to trace unidentified individuals who may have information about Gareth’s death, and to further develop analysis of telephone communications”.

Caroline Davies and Sandra Laville
Wednesday 2 May 2012 20.31 BST Last modified on Wednesday 21 May 2014 02.01 BST

Find this story at 2 May 2012

© 2015 Guardian News and Media Limited

Dupont op Justitie en Veiligheid

Op 2 oktober 2015 werd in het Limburgse Weert de 28-jarige Mark M. gearresteerd. De man, die het breed liet hangen, was werkzaam bij de politie en werd beschuldigd van het lekken van informatie. In de dagen die volgden werd steeds meer bekend over de man. Werd hij eerst genoemd als 48-jarige agent, nu bleek het te gaan om een 28-jarige man. De man bleek niet alleen loslippig te zijn geweest, maar werd inmiddels beschuldigd van het doelbewust informatie verstrekken aan drugscriminelen en leden van enkele motorclubs. In het huis van M. werd 235.000 euro aan contant geld gevonden.

lees meer

Van nieuwsblog.burojansen.nl

From his first days as commander in chief, the drone has been President Barack Obama’s weapon of choice, used by the military and the CIA to hunt down and kill the people his administration has deemed — through secretive processes, without indictment or trial — worthy of execution. There has been intense focus on the technology of remote killing, but that often serves as a surrogate for what should be a broader examination of the state’s power over life and death.
DRONES ARE A TOOL, not a policy. The policy is assassination. While every president since Gerald Ford has upheld an executive order banning assassinations by U.S. personnel, Congress has avoided legislating the issue or even defining the word “assassination.” This has allowed proponents of the drone wars to rebrand assassinations with more palatable characterizations, such as the term du jour, “targeted killings.”

When the Obama administration has discussed drone strikes publicly, it has offered assurances that such operations are a more precise alternative to boots on the ground and are authorized only when an “imminent” threat is present and there is “near certainty” that the intended target will be eliminated. Those terms, however, appear to have been bluntly redefined to bear almost no resemblance to their commonly understood meanings.

The first drone strike outside of a declared war zone was conducted more than 12 years ago, yet it was not until May 2013 that the White House released a set of standards and procedures for conducting such strikes. Those guidelines offered little specificity, asserting that the U.S. would only conduct a lethal strike outside of an “area of active hostilities” if a target represents a “continuing, imminent threat to U.S. persons,” without providing any sense of the internal process used to determine whether a suspect should be killed without being indicted or tried. The implicit message on drone strikes from the Obama administration has been one of trust, but don’t verify.

Photo: The Intercept
Document
SMALL FOOTPRINT OPERATIONS 2/13Document
SMALL FOOTPRINT OPERATIONS 5/13Document
OPERATION HAYMAKERDocument
GEOLOCATION-WATCHLISTThe Intercept has obtained a cache of secret slides that provides a window into the inner workings of the U.S. military’s kill/capture operations at a key time in the evolution of the drone wars — between 2011 and 2013. The documents, which also outline the internal views of special operations forces on the shortcomings and flaws of the drone program, were provided by a source within the intelligence community who worked on the types of operations and programs described in the slides. The Intercept granted the source’s request for anonymity because the materials are classified and because the U.S. government has engaged in aggressive prosecution of whistleblowers. The stories in this series will refer to the source as “the source.”

The source said he decided to provide these documents to The Intercept because he believes the public has a right to understand the process by which people are placed on kill lists and ultimately assassinated on orders from the highest echelons of the U.S. government. “This outrageous explosion of watchlisting — of monitoring people and racking and stacking them on lists, assigning them numbers, assigning them ‘baseball cards,’ assigning them death sentences without notice, on a worldwide battlefield — it was, from the very first instance, wrong,” the source said.

“We’re allowing this to happen. And by ‘we,’ I mean every American citizen who has access to this information now, but continues to do nothing about it.”
The Pentagon, White House, and Special Operations Command all declined to comment. A Defense Department spokesperson said, “We don’t comment on the details of classified reports.”

The CIA and the U.S. military’s Joint Special Operations Command (JSOC) operate parallel drone-based assassination programs, and the secret documents should be viewed in the context of an intense internal turf war over which entity should have supremacy in those operations. Two sets of slides focus on the military’s high-value targeting campaign in Somalia and Yemen as it existed between 2011 and 2013, specifically the operations of a secretive unit, Task Force 48-4.

Additional documents on high-value kill/capture operations in Afghanistan buttress previous accounts of how the Obama administration masks the true number of civilians killed in drone strikes by categorizing unidentified people killed in a strike as enemies, even if they were not the intended targets. The slides also paint a picture of a campaign in Afghanistan aimed not only at eliminating al Qaeda and Taliban operatives, but also at taking out members of other local armed groups.

One top-secret document shows how the terror “watchlist” appears in the terminals of personnel conducting drone operations, linking unique codes associated with cellphone SIM cards and handsets to specific individuals in order to geolocate them.

A top-secret document shows how the watchlist looks on internal systems used by drone operators.
The costs to intelligence gathering when suspected terrorists are killed rather than captured are outlined in the slides pertaining to Yemen and Somalia, which are part of a 2013 study conducted by a Pentagon entity, the Intelligence, Surveillance, and Reconnaissance Task Force. The ISR study lamented the limitations of the drone program, arguing for more advanced drones and other surveillance aircraft and the expanded use of naval vessels to extend the reach of surveillance operations necessary for targeted strikes. It also contemplated the establishment of new “politically challenging” airfields and recommended capturing and interrogating more suspected terrorists rather than killing them in drone strikes.

The ISR Task Force at the time was under the control of Michael Vickers, the undersecretary of defense for intelligence. Vickers, a fierce proponent of drone strikes and a legendary paramilitary figure, had long pushed for a significant increase in the military’s use of special operations forces. The ISR Task Force is viewed by key lawmakers as an advocate for more surveillance platforms like drones.

The ISR study also reveals new details about the case of a British citizen, Bilal el-Berjawi, who was stripped of his citizenship before being killed in a U.S. drone strike in 2012. British and American intelligence had Berjawi under surveillance for several years as he traveled back and forth between the U.K. and East Africa, yet did not capture him. Instead, the U.S. hunted him down and killed him in Somalia.

Taken together, the secret documents lead to the conclusion that Washington’s 14-year high-value targeting campaign suffers from an overreliance on signals intelligence, an apparently incalculable civilian toll, and — due to a preference for assassination rather than capture — an inability to extract potentially valuable intelligence from terror suspects. They also highlight the futility of the war in Afghanistan by showing how the U.S. has poured vast resources into killing local insurgents, in the process exacerbating the very threat the U.S. is seeking to confront.

Read more
FIND, FIX, FINISH These secret slides help provide historical context to Washington’s ongoing wars, and are especially relevant today as the U.S. military intensifies its drone strikes and covert actions against ISIS in Syria and Iraq. Those campaigns, like the ones detailed in these documents, are unconventional wars that employ special operations forces at the tip of the spear.

The “find, fix, finish” doctrine that has fueled America’s post-9/11 borderless war is being refined and institutionalized. Whether through the use of drones, night raids, or new platforms yet to be unleashed, these documents lay bare the normalization of assassination as a central component of U.S. counterterrorism policy.

“The military is easily capable of adapting to change, but they don’t like to stop anything they feel is making their lives easier, or is to their benefit. And this certainly is, in their eyes, a very quick, clean way of doing things. It’s a very slick, efficient way to conduct the war, without having to have the massive ground invasion mistakes of Iraq and Afghanistan,” the source said. “But at this point, they have become so addicted to this machine, to this way of doing business, that it seems like it’s going to become harder and harder to pull them away from it the longer they’re allowed to continue operating in this way.”

The articles in The Drone Papers were produced by a team of reporters and researchers from The Intercept that has spent months analyzing the documents. The series is intended to serve as a long-overdue public examination of the methods and outcomes of America’s assassination program. This campaign, carried out by two presidents through four presidential terms, has been shrouded in excessive secrecy. The public has a right to see these documents not only to engage in an informed debate about the future of U.S. wars, both overt and covert, but also to understand the circumstances under which the U.S. government arrogates to itself the right to sentence individuals to death without the established checks and balances of arrest, trial, and appeal.

Among the key revelations in this series:

HOW THE PRESIDENT AUTHORIZES TARGETS FOR ASSASSINATION

Read more
KILL CHAINIt has been widely reported that President Obama directly approves high-value targets for inclusion on the kill list, but the secret ISR study provides new insight into the kill chain, including a detailed chart stretching from electronic and human intelligence gathering all the way to the president’s desk. The same month the ISR study was circulated — May 2013 — Obama signed the policy guidance on the use of force in counterterrorism operations overseas. A senior administration official, who declined to comment on the classified documents, told The Intercept that “those guidelines remain in effect today.”

U.S. intelligence personnel collect information on potential targets, as The Intercept has previously reported, drawn from government watchlists and the work of intelligence, military, and law enforcement agencies. At the time of the study, when someone was destined for the kill list, intelligence analysts created a portrait of a suspect and the threat that person posed, pulling it together “in a condensed format known as a ‘baseball card.’” That information was then bundled with operational information and packaged in a “target information folder” to be “staffed up to higher echelons” for action. On average, it took 58 days for the president to sign off on a target, one slide indicates. At that point, U.S. forces had 60 days to carry out the strike. The documents include two case studies that are partially based on information detailed on baseball cards.

The system for creating baseball cards and targeting packages, according to the source, depends largely on intelligence intercepts and a multi-layered system of fallible, human interpretation. “It isn’t a surefire method,” he said. “You’re relying on the fact that you do have all these very powerful machines, capable of collecting extraordinary amounts of data and information,” which can lead personnel involved in targeted killings to believe they have “godlike powers.”

ASSASSINATIONS DEPEND ON UNRELIABLE INTELLIGENCE AND HURT INTELLIGENCE GATHERING

Read more
FIRING BLINDIn undeclared war zones, the U.S. military has become overly reliant on signals intelligence, or SIGINT, to identify and ultimately hunt down and kill people. The documents acknowledge that using metadata from phones and computers, as well as communications intercepts, is an inferior method of finding and finishing targeted people. They described SIGINT capabilities in these unconventional battlefields as “poor” and “limited.” Yet such collection, much of it provided by foreign partners, accounted for more than half the intelligence used to track potential kills in Yemen and Somalia. The ISR study characterized these failings as a technical hindrance to efficient operations, omitting the fact that faulty intelligence has led to the killing of innocent people, including U.S. citizens, in drone strikes.

The source underscored the unreliability of metadata, most often from phone and computer communications intercepts. These sources of information, identified by so-called selectors such as a phone number or email address, are the primary tools used by the military to find, fix, and finish its targets. “It requires an enormous amount of faith in the technology that you’re using,” the source said. “There’s countless instances where I’ve come across intelligence that was faulty.” This, he said, is a primary factor in the killing of civilians. “It’s stunning the number of instances when selectors are misattributed to certain people. And it isn’t until several months or years later that you all of a sudden realize that the entire time you thought you were going after this really hot target, you wind up realizing it was his mother’s phone the whole time.”

Within the special operations community, the source said, the internal view of the people being hunted by the U.S. for possible death by drone strike is: “They have no rights. They have no dignity. They have no humanity to themselves. They’re just a ‘selector’ to an analyst. You eventually get to a point in the target’s life cycle that you are following them, you don’t even refer to them by their actual name.” This practice, he said, contributes to “dehumanizing the people before you’ve even encountered the moral question of ‘is this a legitimate kill or not?’”

By the ISR study’s own admission, killing suspected terrorists, even if they are “legitimate” targets, further hampers intelligence gathering. The secret study states bluntly: “Kill operations significantly reduce the intelligence available.” A chart shows that special operations actions in the Horn of Africa resulted in captures just 25 percent of the time, indicating a heavy tilt toward lethal strikes.

STRIKES OFTEN KILL MANY MORE THAN THE INTENDED TARGET

Read more
MANHUNTING IN THE HINDU KUSH The White House and Pentagon boast that the targeted killing program is precise and that civilian deaths are minimal. However, documents detailing a special operations campaign in northeastern Afghanistan, Operation Haymaker, show that between January 2012 and February 2013, U.S. special operations airstrikes killed more than 200 people. Of those, only 35 were the intended targets. During one five-month period of the operation, according to the documents, nearly 90 percent of the people killed in airstrikes were not the intended targets. In Yemen and Somalia, where the U.S. has far more limited intelligence capabilities to confirm the people killed are the intended targets, the equivalent ratios may well be much worse.

“Anyone caught in the vicinity is guilty by association,” the source said. When “a drone strike kills more than one person, there is no guarantee that those persons deserved their fate. … So it’s a phenomenal gamble.”

THE MILITARY LABELS UNKNOWN PEOPLE IT KILLS AS “ENEMIES KILLED IN ACTION”

Read more
MANHUNTING IN THE HINDU KUSH The documents show that the military designated people it killed in targeted strikes as EKIA — “enemy killed in action” — even if they were not the intended targets of the strike. Unless evidence posthumously emerged to prove the males killed were not terrorists or “unlawful enemy combatants,” EKIA remained their designation, according to the source. That process, he said, “is insane. But we’ve made ourselves comfortable with that. The intelligence community, JSOC, the CIA, and everybody that helps support and prop up these programs, they’re comfortable with that idea.”

The source described official U.S. government statements minimizing the number of civilian casualties inflicted by drone strikes as “exaggerating at best, if not outright lies.”

THE NUMBER OF PEOPLE TARGETED FOR DRONE STRIKES AND OTHER FINISHING OPERATIONS

Read more
KILL CHAINAccording to one secret slide, as of June 2012, there were 16 people in Yemen whom President Obama had authorized U.S. special operations forces to assassinate. In Somalia, there were four. The statistics contained in the documents appear to refer only to targets approved under the 2001 Authorization for Use of Military Force, not CIA operations. In 2012 alone, according to data compiled by the Bureau of Investigative Journalism, there were more than 200 people killed in operations in Yemen and between four and eight in Somalia.

HOW GEOGRAPHY SHAPES THE ASSASSINATION CAMPAIGN

Read more
FIRING BLINDIn Afghanistan and Iraq, the pace of U.S. strikes was much quicker than in Yemen and Somalia. This appears due, in large part, to the fact that Afghanistan and Iraq were declared war zones, and in Iraq the U.S. was able to launch attacks from bases closer to the targeted people. By contrast, in Somalia and Yemen, undeclared war zones where strikes were justified under tighter restrictions, U.S. attack planners described a serpentine bureaucracy for obtaining approval for assassination. The secret study states that the number of high-value targeting operations in these countries was “significantly lower than previously seen in Iraq and Afghanistan” because of these “constraining factors.”

Even after the president approved a target in Yemen or Somalia, the great distance between drone bases and targets created significant challenges for U.S. forces — a problem referred to in the documents as the “tyranny of distance.” In Iraq, more than 80 percent of “finishing operations” were conducted within 150 kilometers of an air base. In Yemen, the average distance was about 450 kilometers and in Somalia it was more than 1,000 kilometers. On average, one document states, it took the U.S. six years to develop a target in Somalia, but just 8.3 months to kill the target once the president had approved his addition to the kill list.

INCONSISTENCIES WITH WHITE HOUSE STATEMENTS ABOUT TARGETED KILLING

Read more
KILL CHAINThe White House’s publicly available policy standards state that lethal force will be launched only against targets who pose a “continuing, imminent threat to U.S. persons.” In the documents, however, there is only one explicit mention of a specific criterion: that a person “presents a threat to U.S. interest or personnel.” While such a rationale may make sense in the context of a declared war in which U.S. personnel are on the ground in large numbers, such as in Afghanistan, that standard is so vague as to be virtually meaningless in countries like Yemen and Somalia, where very few U.S. personnel operate.

While many of the documents provided to The Intercept contain explicit internal recommendations for improving unconventional U.S. warfare, the source said that what’s implicit is even more significant. The mentality reflected in the documents on the assassination programs is: “This process can work. We can work out the kinks. We can excuse the mistakes. And eventually we will get it down to the point where we don’t have to continuously come back … and explain why a bunch of innocent people got killed.”

The architects of what amounts to a global assassination campaign do not appear concerned with either its enduring impact or its moral implications. “All you have to do is take a look at the world and what it’s become, and the ineptitude of our Congress, the power grab of the executive branch over the past decade,” the source said. “It’s never considered: Is what we’re doing going to ensure the safety of our moral integrity? Of not just our moral integrity, but the lives and humanity of the people that are going to have to live with this the most?”

Jeremy Scahill
Oct. 15 2015, 1:57 p.m.

Find this story at 15 October 2015

Copyright https://theintercept.com/

Van nieuwsblog.burojansen.nl

The German intelligence service has spied on European and American embassies in ways that may have been beyond its mandate, German media ARD and Spiegel Online reported on Wednesday (14 October).
The Bundesnachtrichtendienst (BND) reportedly targeted French and US institutions and eavesdropped on them to acquire information about countries like Afghanistan.

The news follows reports in April that the BND spied on France and the European Commission on behalf of the US’ National Security Agency (NSA). But according to the new reports, BND also spied on allies on its own initiative.
For its spying programme, the BND used thousands of search queries, so-called selectors, including phone numbers and IP addresses, possibly queries the service chose itself.

“The question is … whether the used queries were covered by the BND’s mandate”, MP Clemens Binninger of chancellor Angela Merkel’s centre-right CDU party told ARD.

Binninger is head of the Bundestag’s supervisory body that oversees the intelligence service.

The German media sourced their news at a secret meeting of the overseeing body on Wednesday evening.

The revelations are remarkable considering the criticism that followed revelations by Edward Snowden in 2013 that the NSA had spied on EU leaders, including Merkel.

“Spying among friends – that is just not done”, Merkel said following the scandal.

The BND programme stopped around the same time as the Snowden revelations revealed the NSA practices, in the autumn of 2013.

German MPs are planning to interview staff next week at the BND headquarters in Pullach and review the list of search queries to determine if there has been any illegal practice.

By PETER TEFFER
BRUSSELS, 15. OCT, 09:11

Find this story at 15 October 2015

Copyright https://euobserver.com/

Van nieuwsblog.burojansen.nl

Prosecutors have charged a German spy with treason, breach of official secrecy and taking bribes for allegedly providing secret documents to both the CIA and Russia’s intelligence agency. Prosecutors say Thursday Aug. 20, 2015, the 32-year-old man,handled mail and classified documents for Germany’s foreign intelligence agency BND. ( Stephan Jansen/dpa via AP)
BERLIN (AP) — A German spy who allegedly acted as a double agent for the United States and Russia has been charged with treason, breach of official secrecy and taking bribes, Germany’s federal prosecutors’ office said Thursday.

The 32-year-old, identified only as Markus R. due to privacy rules, is accused of offering his services to the CIA in early 2008 while working for Germany’s foreign intelligence agency BND. Documents he gave the U.S. spy agency would have revealed details of the BND’s work and personnel abroad, officials said.

“In doing so the accused caused serious danger to Germany’s external security,” prosecutors said in a statement. “In return the accused received sums amounting to at least 95,000 euros ($104,900) from the CIA.”

Shortly before his arrest in July 2014, Markus R. also offered to work for Russian intelligence and provided them with three documents, again harming Germany’s national security, prosecutors said.

The discovery that the CIA had allegedly been spying on its German counterpart caused anger in Berlin, adding to diplomatic tension between Germany and the United States over reports about U.S. surveillance of Chancellor Angela Merkel’s cellphone.

Following the arrest, the German government demanded the removal of the CIA station chief in Berlin.

Prosecutors said Markus R. would have had access to sensitive documents because his job involved handling mail and classified documents for the BND’s foreign operations department.

German weekly Der Spiegel reported that the 218 documents Markus R. allegedly passed to the CIA included a list of all BND agents abroad, a summary of an eavesdropped phone call between former U.S. Secretary of State Hillary Rodham Clinton and former U.N. Secretary-General Kofi Annan, as well as a draft counter-espionage strategy. A spokeswoman for the federal prosecutors’ office declined to comment on the report.

If convicted, Markus R. could face between one and 15 years in prison.

Associated Press By FRANK JORDANS
August 20, 2015 11:07 AM

Find this story at 20 August 2015
Copyright http://news.yahoo.com/

Van nieuwsblog.burojansen.nl

For months, the German government sought to create the impression it was still waiting for an answer from the US on whether it could share NSA target lists for spying with a parliamentary investigation. The response came months ago.

The order from Washington was unambiguous. The United States Embassy in Berlin didn’t want to waste any time and moved to deliver the diplomatic cable without delay. It was May 10, 2015, a Sunday — and even diplomats aren’t crazy about working weekends. On this day, though, they had no other choice. James Melville, the embassy’s second-in-command, hand delivered the mail from the White House to Angela Merkel’s Chancellery at 9 p.m.

The letter that Melville handed over to Merkel’s staff contained the long-awaited answer to how the German federal government could proceed with highly classified lists of NSA spying targets. The so-called “selector” lists had become notorious in Germany and the subject of considerable grief for Merkel because her foreign intelligence agency, the BND, may have helped the NSA to spy on German firms as a result of them. The selector lists, which were fed into the BND’s monitoring systems on behalf of the NSA, are reported to have included both German and European targets that were spied on by the Americans.

The letter put the German government in a very delicate position. The expectation had been that the US government would flat out refuse to allow officials in Berlin to present the lists to members of the federal parliament, which is currently investigating NSA spying in Germany, including the eavesdropping of Merkel’s own mobile phone. But that wasn’t the case. Instead, the Americans delivered a more differentiated letter, making it all the more interesting.

Canned Answers

Nevertheless, the German government remained silent about the letter’s existence. It disposed of all queries by saying that talks with the US on how to deal with the lists were still ongoing. The government kept giving the same reply whenever journalists from SPIEGEL or other media asked if it had received an answer from the Americans.

On May 11, for example, one day after Chancellery officials received the letter, Merkel’s spokesman Steffen Seibert responded to a query by saying: “The heads of the Parliamentary Control Panel (responsible for parliamentary oversight of Germany’s intelligence agencies) and the NSA investigative committee are all being informed about all relevant things in the context of this consultation process.” Is it not relevant when the US government provides its first official response to the Germans’ request to present the lists to parliament?

Two days later, on May 13, Seibert was asked explicitly by a reporter whether there had been any new developments on the NSA issue. “I have nothing new to report,” the government spokesman answered. At the very least, his reply was a deliberate deception of the public by the government. The letter, after all, didn’t come from just anyone — it came from US President Barack Obama’s White House chief of staff, Denis McDonough. A letter from such a high-ranking official is most certainly a new development. When questioned by SPIEGEL on the matter, the German government responded that “it would not publicly comment on confidential communications with foreign parties.”

Several sources familiar with the contents of the letter claim that in it, Obama’s people express their great respect for the parliamentary oversight of intelligence services and also accept that the committee will learn more about the NSA target list. At the same time, the letter also includes the decisive requirement: that the German government had to make sure no information contained in the target lists went public.

Keeping the Public in the Dark

The demand created a dilemma for the government. It meant, on the one Hand, that Merkel’s Chancellery could no longer hide behind the Americans as an excuse to withhold the information from parliament. On the other hand, the Chancellery didn’t want to take the risk of sharing the lists with members of the Bundestag because doing so, they worried, would create the risk that someone might then leak them to the media.

Merkel and her people instead deliberately kept German citizens and members of parliament in the dark about the Americans’ position. Almost two weeks after receipt of the letter from Washington, Merkel’s chief of staff, Chancellery Minister Peter Altmaier, informed the heads of the NSA investigative committee in a highly confidential meeting of an answer by the Americans, but he implied it had been vague, and there was no mention of any willingness on the part of the US government to allow the German parliament to clarify the issue. Instead, Altmaier argued that Washington had listed a number of legal concerns. He said it was unlikely further discussions would lead to any green light.

When the German weekly Die Zeit reported 10 days ago that the Americans had given their okay for the release of the lists, Altmaier responded: “We could have spared ourselves a difficult debate if permission to pass (the lists) on had actually been given by the US.” Altmaier clearly attempted to skirt the question of whether the US had made any statements on the issue.

Officials in the Chancellery are now doing their best to portray the McDonough letter as a kind of kick-off in German-American consultations on how to deal with the selector lists. After receiving the letter, Chancellery Minister Altmaier had a number of exchanges with his US counterpart by phone and email. In addition, Klaus-Dieter Fritsche, the Chancellery’s intelligence coordinator, also spoke several times with the Americans.

Berlin’s approach to the negotiations says quite a bit about the outcome one should expect. Officially, the German government is asking for permission to release the selector lists without the application of any restrictions by the US government. It had to have been clear to everyone involved that a demand like that would be unrealistic, but in this instance, the government didn’t want to risk making any mistakes. Within the Chancellery, officials then agreed that any time they were approached with questions, they would always answer that the consultations were still in progress — even if a decision had already been made.

Pushback from the Opposition

“The Federal Chancellery is doing exactly the opposite of what Merkel promised,” criticizes Konstantin von Notz, the Green Party’s representative on the NSA investigative committee. “Instead of clearing things up, things are being concealed behind the scenes, also using improper means.”

As the course of the NSA scandal showed, Merkel and her people already have practice when it comes to cover-up attempts. During her election campaign in 2013, Merkel created the impression for months that there was a chance Germany might be able to reach a no-spy agreement with the US. Throughout, the White House signaled behind the scenes that it would never agree to one, but the German government told the public nothing about these discussions.

Now, a special ombudsman is supposed to steer the government out of the difficult situation in which it finds itself. It’s an idea that originated with Altmaier. Rather than providing the selector lists to the NSA investigative committee in parliament, they will instead be viewed by Kurt Graulich, a former justice with the Federal Administrative Court. Altmaier’s hope is that this path will prevent details from being leaked to the press.

The opposition parties in parliament are against the idea. And why shouldn’t they be? In recent years, the Chancellery has done everything in its power to downplay spying by US intelligence services on Germany. Altmaier’s predecessor, Ronald Pofalla, even went so far in August 2013 as to say that the NSA scandal had been “cleared up.” The revelation, arguably the biggest, that Merkel’s own mobile phone had been tapped by the NSA followed two months later. Now the Green and Left parties want to prevent the government from choosing its own inspector. They are considering a legal challenge at the Federal Constitutional Court to stop Merkel’s government.

08/21/2015 07:44 PM
By Matthias Gebauer, René Pfister and Holger Stark

Find this story at 21 August 2015

© SPIEGEL ONLINE 2015

Van nieuwsblog.burojansen.nl

BERLIN — In the summer of 2011, American intelligence agencies spied on a senior German official who they concluded had been the likely source of classified information being leaked to the news media.

The Obama administration authorized the top American spy in Germany to reveal to the German government the identity of the official, according to German officials and news media reports. The decision was made despite the risk of exposing that the United States was monitoring senior national security aides to Chancellor Angela Merkel.

The tip-off appears to have led to a senior German intelligence official being barred from access to sensitive material. But it also raises suspicions that Ms. Merkel’s government had strong indications of the extent of American surveillance at least two years before the disclosures by Edward J. Snowden, which included the number of a cellphone used by the chancellor.

The decision by the United States to risk disclosing a surveillance operation against a close ally indicates the high level of concern over the perceived security breach. It is unclear, however, what that information might have been or if it involved intelligence provided to Germany by the United States.

The German newsmagazine Der Spiegel reported Friday that it believed the American effort to expose the German intelligence official arose from conversations by its own journalists. It filed a complaint with the federal prosecutor in Germany over espionage activity and a violation of Germany’s data protection laws. The prosecutor’s office declined to comment, other than to confirm that the filing had been received.

In Washington, a spokesman for the National Security Council, Ned Price, declined on Friday to comment on the reported surveillance other than to indicate that the government does not spy on foreign journalists. “The United States is not spying on ordinary people who don’t threaten our national security,” Mr. Price said.

The disclosure is the latest intelligence revelation to shake the alliance, even though it is unclear that the National Security Agency actively listened to Ms. Merkel’s calls. Among other actions that widened the rift, the Germans last summer expelled the then-C.I.A. chief. And this week material uncovered by the antisecrecy group WikiLeaks suggested that the Americans had been spying on their German allies back to the 1990s.

The first hints emerged in the German media this year. The Bild am Sonntag newspaper reported that Hans Josef Vorbeck, a deputy director of the chancellery’s intelligence division, had been “put out in the cold” in 2011 after the then-C.I.A. station chief in Berlin gave information to Mr. Vorbeck’s boss, Günter Heiss. Der Spiegel said Mr. Heiss was specifically told of contacts with its journalists.

Mr. Heiss, a quiet but powerful figure in German intelligence activities, was questioned for nearly six hours at an open hearing of a German parliamentary committee on Thursday. Mr. Heiss was particularly reticent when asked about Mr. Vorbeck. He repeatedly declined to answer questions about him, challenging the mandate of the committee to pose such queries, and arguing that he was not allowed to discuss a third party in public.

Konstantin von Notz, a lawmaker for the opposition Green Party, which has been vocal in its criticism of Ms. Merkel and the German handling of alleged American espionage, accused Mr. Heiss of hiding behind a “cascade” of excuses.

Eventually, Hans-Christian Ströbele, a longtime lawmaker for the Greens, asked Mr. Heiss whether he ever had a “concrete suspicion” that Mr. Vorbeck was leaking classified information. Mr. Heiss said there was no “concrete suspicion” that would have led to “concrete action.” He indicated the matter had been discussed in the chancellery, but declined to give specifics.

But when asked whether Mr. Vorbeck had been the target of spying, Mr. Heiss declared: “No. That much I can say.”

In a report in the edition it published on Saturday, Der Spiegel said Mr. Heiss had learned of the suspicions against Mr. Vorbeck in the summer of 2011, when invited by the C.I.A. station chief to take a walk.

Appearing before the committee last month, Guido Müller, a senior intelligence official, at first said he could not recall Mr. Vorbeck’s transfer to a lower-level job. Mr. Müller then said he could remember it only if testifying behind closed doors.

When he appeared before the committee, two days shy of his 64th birthday, Mr. Vorbeck himself was cagey. When Mr. von Notz raised the Bild am Sonntag reports and asked for more detail, the demoted intelligence officer replied that he “did not know much more than what has been in the papers,” according to a transcript on a live-blog at netzpolitik.org, a website that tracks intelligence matters.

André Hahn, a lawmaker for the opposition Left party, asked Mr. Vorbeck whether he had a good relationship with Mr. Heiss — “at first,” Mr. Vorbeck answered — and whether he had ever been charged with betraying secrets. “Not then and not now,” Mr. Vorbeck replied, according to the netzpolitik blog.

Mr. Vorbeck is suing the government for material damages he said he suffered as a result of being transferred to a senior archival post concerning the history of German intelligence. His lawyer declined to return a call seeking comment or access to his client.

The dimensions of German anger over American espionage have been evidenced in public opinion polls and in protests against a possible trans-Atlantic trade pact. German officials have talked about creating an internal Internet so that communications among Germans do not have to pass outside the country.

What makes these disclosures different is that they suggest that German publications have been either direct or indirect targets of American surveillance. “Spiegel suspects spying by U.S. secret services,” the online edition of the respected weekly Die Zeit reported Friday.

The latest disclosures by WikiLeaks — a summary of an October 2011 conversation Ms. Merkel had with an adviser about the debt crisis in Greece, a document from her senior adviser on European affairs, plus a list of 69 telephone numbers of important ministries and senior officials that appeared to date back to the 1990s — had already prompted Ms. Merkel’s chief of staff on Thursday to invite the United States ambassador, John B. Emerson, to explain.

A government statement following that meeting did not confirm the material, but made plain that violations of German laws would be prosecuted. The government defended its heightened counterintelligence operations, hinting at the depth of anger with the United States.

Steffen Seibert, the German government spokesman, referred inquiries on Friday to another government spokesman who said he could not be identified by name. He reiterated that the government did not comment on personnel moves, and that it reported on intelligence services only to the relevant supervisory committee in Parliament.

The spokesman added in an email that Mr. Heiss had testified on Thursday that there was no reason to take disciplinary or other action regarding Mr. Vorbeck.

Alison Smale and Melissa Eddy reported from Berlin, David E. Sanger from Vienna and Eric Schmitt from Washington.

By ALISON SMALE, MELISSA EDDY, DAVID E. SANGER and ERIC SCHMITTJULY 3, 2015

Find this story at 3 July 2015

© 2015 The New York Times Company

Van nieuwsblog.burojansen.nl

Spies keen to use XKeyscore, less keen to tell German government or citizens.

In order to obtain a copy of the NSA’s main XKeyscore software, whose existence was first revealed by Edward Snowden in 2013, Germany’s domestic intelligence agency agreed to hand over metadata of German citizens it spies on. According to documents seen by the German newspaper Die Zeit, after 18 months of negotiations, the US and Germany signed an agreement in April 2013 that would allow the Federal Office for the Protection of the Constitution (Bundesamtes für Verfassungsschutz—BfV) to obtain a copy of the NSA’s most important program and to adopt it for the analysis of data gathered in Germany.

This was a lower level of access compared to the non-US “Five Eyes” nations—the UK, Australia, Canada, and New Zealand—which had direct access to the main XKeyscore system. In return for the software, the BfV would “to the maximum extent possible share all data relevant to NSA’s mission.” Interestingly, there is no indication in the Die Zeit story that the latest leak comes from Snowden, which suggests that someone else has made the BfV’s “internal documents” available.

Unlike Germany’s foreign intelligence service, the Bundesnachrichtendienst (BND), the domestic-oriented BfV does not employ bulk surveillance of the kind also deployed on a vast scale by the NSA and GCHQ. Instead, it is only allowed to monitor individual suspects in Germany and, even to do that, must obtain the approval of a special parliamentary commission. Because of this targeted approach, BfV surveillance is mainly intended to gather the content of specific conversations, whether in the form of e-mails, telephone exchanges, or even faxes, if anyone still uses them. Inevitably, though, metadata is also gathered, but as Die Zeit explains, “whether the collection of this [meta]data is consistent with the restrictions outlined in Germany’s surveillance laws is a question that divides legal experts.”

The BfV had no problems convincing itself that it was consistent with Germany’s laws to collect metadata, but rarely bothered since—remarkably—all analysis was done by hand before 2013, even though metadata by its very nature lends itself to large-scale automated processing. This explains the eagerness of the BfV to obtain the NSA’s XKeyscore software after German agents had seen its powerful metadata analysis capabilities in demonstrations.

It may also explain the massive expansion of the BfV that the leaked document published by Netzpolitik had revealed earlier this year. As Die Zeit notes, the classified budget plans “included the information that the BfV intended to create 75 new positions for the ‘mass data analysis of Internet content.’ Seventy-five new positions is a significant amount for any government agency.”

FURTHER READING

GERMANY’S TOP PROSECUTOR FIRED OVER NETZPOLITIK “TREASON” PROBE
Heads begin to roll, but the investigation has not yet been dropped.
The BfV may have been keen to deploy XKeyscore widely, but it wasn’t so keen to inform the German authorities about the deal with the NSA. Peter Schaar, who was data protection commissioner at the time, told Die Zeit: “I knew nothing about such an exchange deal [of German metadata for US software].” He says that he only discovered that the BfV was using XKeyscore when he asked the surveillance service explicitly after reading about the program in Snowden’s 2013 revelations. The same is true for another key oversight body: “The Parliamentary Control Panel learned that the BfV had received XKeyscore software and had begun using it. But even this very general briefing was only made after the panel had explicitly asked following the Snowden revelations,” according to Die Zeit.

This post originated on Ars Technica UK
by Glyn Moody (UK) – Aug 27, 2015 5:32pm CEST

Find this story at 27 August 2015

© 2015 Condé Nast

Van nieuwsblog.burojansen.nl

BERLIN — WikiLeaks on Wednesday published a new list of German phone numbers it claims showed the U.S. National Security Agency targeted phones belonging to Chancellor Angela Merkel’s close aides and chancellery offices for surveillance.

Wednesday’s publication came a week after WikiLeaks released a list of numbers it said showed the NSA targeted officials at various other German ministries and elsewhere. That rekindled concerns over U.S. surveillance in Germany after reports two years ago that Merkel’s own cellphone was targeted.

Merkel’s chief of staff last week asked the U.S. ambassador to a meeting and told him that German law must be followed.

There was no immediate comment from the German government on the latest publication.

The list includes a cellphone number attributed to Ronald Pofalla, Merkel’s chief of staff from 2009-13; a landline number that appears to belong to the leader of Merkel’s parliamentary caucus; various other connections at Merkel’s office; and a cellphone number for the chancellor that WikiLeaks says was used until 2013.

It was unclear when exactly the partially redacted list of 56 German phone numbers dates from and it wasn’t immediately possible to confirm the accuracy of that and other documents released by WikiLeaks.

Those documents, WikiLeaks said, are NSA reports based on interceptions — including one from 2009 that details Merkel’s views on the international financial crisis and another from 2011 summarizing advisers’ views on plans for the eurozone’s rescue fund.

According to the secret-spilling site, the list of phone numbers was updated for more than a decade after 2002 and a “close study” of it shows it evolved from an earlier target list dating back into the 1990s.

July 8, 2015
Associated Press

Find this story at 8 July 2015

Copyright http://www.matthewaid.com/

Van nieuwsblog.burojansen.nl

The sheer quantity of communications that XKEYSCORE processes, filters and queries is stunning. Around the world, when a person gets online to do anything — write an email, post to a social network, browse the web or play a video game — there’s a decent chance that the Internet traffic her device sends and receives is getting collected and processed by one of XKEYSCORE’s hundreds of servers scattered across the globe.

In order to make sense of such a massive and steady flow of information, analysts working for the National Security Agency, as well as partner spy agencies, have written thousands of snippets of code to detect different types of traffic and extract useful information from each type, according to documents dating up to 2013. For example, the system automatically detects if a given piece of traffic is an email. If it is, the system tags if it’s from Yahoo or Gmail, if it contains an airline itinerary, if it’s encrypted with PGP, or if the sender’s language is set to Arabic, along with myriad other details.

This global Internet surveillance network is powered by a somewhat clunky piece of software running on clusters of Linux servers. Analysts access XKEYSCORE’s web interface to search its wealth of private information, similar to how ordinary people can search Google for public information.

Based on documents provided by NSA whistleblower Edward Snowden, The Intercept is shedding light on the inner workings of XKEYSCORE, one of the most extensive programs of mass surveillance in human history.

How XKEYSCORE works under the hood

It is tempting to assume that expensive, proprietary operating systems and software must power XKEYSCORE, but it actually relies on an entirely open source stack. In fact, according to an analysis of an XKEYSCORE manual for new systems administrators from the end of 2012, the system may have design deficiencies that could leave it vulnerable to attack by an intelligence agency insider.

XKEYSCORE is a piece of Linux software that is typically deployed on Red Hat servers. It uses the Apache web server and stores collected data in MySQL databases. File systems in a cluster are handled by the NFS distributed file system and the autofs service, and scheduled tasks are handled by the cron scheduling service. Systems administrators who maintain XKEYSCORE servers use SSH to connect to them, and they use tools such as rsync and vim, as well as a comprehensive command-line tool, to manage the software.

John Adams, former security lead and senior operations engineer for Twitter, says that one of the most interesting things about XKEYSCORE’s architecture is “that they were able to achieve so much success with such a poorly designed system. Data ingest, day-to-day operations, and searching is all poorly designed. There are many open source offerings that would function far better than this design with very little work. Their operations team must be extremely unhappy.”

Analysts connect to XKEYSCORE over HTTPS using standard web browsers such as Firefox. Internet Explorer is not supported. Analysts can log into the system with either a user ID and password or by using public key authentication.

As of 2009, XKEYSCORE servers were located at more than 100 field sites all over the world. Each field site consists of a cluster of servers; the exact number differs depending on how much information is being collected at that site. Sites with relatively low traffic can get by with fewer servers, but sites that spy on larger amounts of traffic require more servers to filter and parse it all. XKEYSCORE has been engineered to scale in both processing power and storage by adding more servers to a cluster. According to a 2009 document, some field sites receive over 20 terrabytes of data per day. This is the equivalent of 5.7 million songs, or over 13 thousand full-length films.

This map from a 2009 top-secret presentation does not show all of XKEYSCORE’s field sites.
When data is collected at an XKEYSCORE field site, it is processed locally and ultimately stored in MySQL databases at that site. XKEYSCORE supports a federated query system, which means that an analyst can conduct a single query from the central XKEYSCORE website, and it will communicate over the Internet to all of the field sites, running the query everywhere at once.

There might be security issues with the XKEYSCORE system itself as well. As hard as software developers may try, it’s nearly impossible to write bug-free source code. To compensate for this, developers often rely on multiple layers of security; if attackers can get through one layer, they may still be thwarted by other layers. XKEYSCORE appears to do a bad job of this.

When systems administrators log into XKEYSCORE servers to configure them, they appear to use a shared account, under the name “oper.” Adams notes, “That means that changes made by an administrator cannot be logged.” If one administrator does something malicious on an XKEYSCORE server using the “oper” user, it’s possible that the digital trail of what was done wouldn’t lead back to the administrator, since multiple operators use the account.

There appears to be another way an ill-intentioned systems administrator may be able to cover their tracks. Analysts wishing to query XKEYSCORE sign in via a web browser, and their searches are logged. This creates an audit trail, on which the system relies to assure that users aren’t doing overly broad searches that would pull up U.S. citizens’ web traffic. Systems administrators, however, are able to run MySQL queries. The documents indicate that administrators have the ability to directly query the MySQL databases, where the collected data is stored, apparently bypassing the audit trail.

AppIDs, fingerprints and microplugins

Collecting massive amounts of raw data is not very useful unless it is collated and organized in a way that can be searched. To deal with this problem, XKEYSCORE extracts and tags metadata and content from the raw data so that analysts can easily search it.

This is done by using dictionaries of rules called appIDs, fingerprints and microplugins that are written in a custom programming language called GENESIS. Each of these can be identified by a unique name that resembles a directory tree, such as “mail/webmail/gmail,” “chat/yahoo,” or “botnet/blackenergybot/command/flood.”

One document detailing XKEYSCORE appIDs and fingerprints lists several revealing examples. Windows Update requests appear to fall under the “update_service/windows” appID, and normal web requests fall under the “http/get” appID. XKEYSCORE can automatically detect Airblue travel itineraries with the “travel/airblue” fingerprint, and iPhone web browser traffic with the “browser/cellphone/iphone” fingerprint.

PGP-encrypted messages are detected with the “encryption/pgp/message” fingerprint, and messages encrypted with Mojahedeen Secrets 2 (a type of encryption popular among supporters of al Qaeda) are detected with the “encryption/mojaheden2” fingerprint.

When new traffic flows into an XKEYSCORE cluster, the system tests the intercepted data against each of these rules and stores whether the traffic matches the pattern. A slideshow presentation from 2010 says that XKEYSCORE contains almost 10,000 appIDs and fingerprints.

AppIDs are used to identify the protocol of traffic being intercepted, while fingerprints detect a specific type of content. Each intercepted stream of traffic gets assigned up to one appID and any number of fingerprints. You can think of appIDs as categories and fingerprints as tags.

If multiple appIDs match a single stream of traffic, the appID with the lowest “level” is selected (appIDs with lower levels are more specific than appIDs with higher levels). For example, when XKEYSCORE is assessing a file attachment from Yahoo mail, all of the appIDs in the following slide will apply, however only “mail/webmail/yahoo/attachment” will be associated with this stream of traffic.

To tie it all together, when an Arabic speaker logs into a Yahoo email address, XKEYSCORE will store “mail/yahoo/login” as the associated appID. This stream of traffic will match the “mail/arabic” fingerprint (denoting language settings), as well as the “mail/yahoo/ymbm” fingerprint (which detects Yahoo browser cookies).

Sometimes the GENESIS programming language, which largely relies on Boolean logic, regular expressions and a set of simple functions, isn’t powerful enough to do the complex pattern-matching required to detect certain types of traffic. In these cases, as one slide puts it, “Power users can drop in to C++ to express themselves.” AppIDs or fingerprints that are written in C++ are called microplugins.

Here’s an example of a microplugin fingerprint for “botnet/conficker_p2p_udp_data,” which is tricky botnet traffic that can’t be identified without complicated logic. A botnet is a collection of hacked computers, sometimes millions of them, that are controlled from a single point.

Here’s another microplugin that uses C++ to inspect intercepted Facebook chat messages and pull out details like the associated email address and body of the chat message.

One document from 2009 describes in detail four generations of appIDs and fingerprints, which begin with only the ability to scan intercepted traffic for keywords, and end with the ability to write complex microplugins that can be deployed to field sites around the world in hours.

If XKEYSCORE development has continued at a similar pace over the last six years, it’s likely considerably more powerful today.

—

Illustration for The Intercept by Blue Delliquanti

Documents published with this article:

Advanced HTTP Activity Analysis
Analyzing Mobile Cellular DNI in XKS
ASFD Readme
CADENCE Readme
Category Throttling
CNE Analysis in XKS
Comms Readme
DEEPDIVE Readme
DNI101
Email Address vs User Activity
Free File Uploaders
Finding and Querying Document Metadata
Full Log vs HTTP
Guide to Using Contexts in XKS Fingerprints
HTTP Activity in XKS
HTTP Activity vs User Activity
Intro to Context Sensitive Scanning With XKS Fingerprints
Intro to XKS AppIDs and Fingerprints
OSINT Fusion Project
Phone Number Extractor
RWC Updater Readme
Selection Forwarding Readme
Stats Config Readme
Tracking Targets on Online Social Networks
TRAFFICTHIEF Readme
Unofficial XKS User Guide
User Agents
Using XKS to Enable TAO
UTT Config Readme
VOIP in XKS
VOIP Readme
Web Forum Exploitation Using XKS
Writing XKS Fingerprints
XKS Application IDs
XKS Application IDs Brief
XKS as a SIGDEV Tool
XKS, Cipher Detection, and You!
XKS for Counter CNE
XKS Intro
XKS Logos Embedded in Docs
XKS Search Forms
XKS System Administration
XKS Targets Visiting Specific Websites
XKS Tech Extractor 2009
XKS Tech Extractor 2010
XKS Workflows 2009
XKS Workflows 2011
UN Secretary General XKS

Micah Lee, Glenn Greenwald, Morgan Marquis-Boire
July 2 2015, 4:42 p.m.
Second in a series.

Find this story at 2 July 2015

Copyright https://theintercept.com/

Van nieuwsblog.burojansen.nl

One of the National Security Agency’s most powerful tools of mass surveillance makes tracking someone’s Internet usage as easy as entering an email address, and provides no built-in technology to prevent abuse. Today, The Intercept is publishing 48 top-secret and other classified documents about XKEYSCORE dated up to 2013, which shed new light on the breadth, depth and functionality of this critical spy system — one of the largest releases yet of documents provided by NSA whistleblower Edward Snowden.

The NSA’s XKEYSCORE program, first revealed by The Guardian, sweeps up countless people’s Internet searches, emails, documents, usernames and passwords, and other private communications. XKEYSCORE is fed a constant flow of Internet traffic from fiber optic cables that make up the backbone of the world’s communication network, among other sources, for processing. As of 2008, the surveillance system boasted approximately 150 field sites in the United States, Mexico, Brazil, United Kingdom, Spain, Russia, Nigeria, Somalia, Pakistan, Japan, Australia, as well as many other countries, consisting of over 700 servers.

These servers store “full-take data” at the collection sites — meaning that they captured all of the traffic collected — and, as of 2009, stored content for 3 to 5 days and metadata for 30 to 45 days. NSA documents indicate that tens of billions of records are stored in its database. “It is a fully distributed processing and query system that runs on machines around the world,” an NSA briefing on XKEYSCORE says. “At field sites, XKEYSCORE can run on multiple computers that gives it the ability to scale in both processing power and storage.”

XKEYSCORE also collects and processes Internet traffic from Americans, though NSA analysts are taught to avoid querying the system in ways that might result in spying on U.S. data. Experts and privacy activists, however, have long doubted that such exclusions are effective in preventing large amounts of American data from being swept up. One document The Intercept is publishing today suggests that FISA warrants have authorized “full-take” collection of traffic from at least some U.S. web forums.

The system is not limited to collecting web traffic. The 2013 document, “VoIP Configuration and Forwarding Read Me,” details how to forward VoIP data from XKEYSCORE into NUCLEON, NSA’s repository for voice intercepts, facsimile, video and “pre-released transcription.” At the time, it supported more than 8,000 users globally and was made up of 75 servers absorbing 700,000 voice, fax, video and tag files per day.

The reach and potency of XKEYSCORE as a surveillance instrument is astonishing. The Guardian report noted that NSA itself refers to the program as its “widest reaching” system. In February of this year, The Intercept reported that NSA and GCHQ hacked into the internal network of Gemalto, the world’s largest provider of cell phone SIM cards, in order to steal millions of encryption keys used to protect the privacy of cell phone communication. XKEYSCORE played a vital role in the spies’ hacking by providing government hackers access to the email accounts of Gemalto employees.

Numerous key NSA partners, including Canada, New Zealand and the U.K., have access to the mass surveillance databases of XKEYSCORE. In March, the New Zealand Herald, in partnership with The Intercept, revealed that the New Zealand government used XKEYSCORE to spy on candidates for the position of World Trade Organization director general and also members of the Solomon Islands government.

These newly published documents demonstrate that collected communications not only include emails, chats and web-browsing traffic, but also pictures, documents, voice calls, webcam photos, web searches, advertising analytics traffic, social media traffic, botnet traffic, logged keystrokes, computer network exploitation (CNE) targeting, intercepted username and password pairs, file uploads to online services, Skype sessions and more.

Bulk collection and population surveillance

XKEYSCORE allows for incredibly broad surveillance of people based on perceived patterns of suspicious behavior. It is possible, for instance, to query the system to show the activities of people based on their location, nationality and websites visited. For instance, one slide displays the search “germansinpakistn,” showing an analyst querying XKEYSCORE for all individuals in Pakistan visiting specific German language message boards.

As sites like Twitter and Facebook become increasingly significant in the world’s day-to-day communications (a Pew study shows that 71 percent of online adults in the U.S. use Facebook), they become a critical source of surveillance data. Traffic from popular social media sites is described as “a great starting point” for tracking individuals, according to an XKEYSCORE presentation titled “Tracking Targets on Online Social Networks.”

When intelligence agencies collect massive amounts of Internet traffic all over the world, they face the challenge of making sense of that data. The vast quantities collected make it difficult to connect the stored traffic to specific individuals.

Internet companies have also encountered this problem and have solved it by tracking their users with identifiers that are unique to each individual, often in the form of browser cookies. Cookies are small pieces of data that websites store in visitors’ browsers. They are used for a variety of purposes, including authenticating users (cookies make it possible to log in to websites), storing preferences, and uniquely tracking individuals even if they’re using the same IP address as many other people. Websites also embed code used by third-party services to collect analytics or host ads, which also use cookies to track users. According to one slide, “Almost all websites have cookies enabled.”

The NSA’s ability to piggyback off of private companies’ tracking of their own users is a vital instrument that allows the agency to trace the data it collects to individual users. It makes no difference if visitors switch to public Wi-Fi networks or connect to VPNs to change their IP addresses: the tracking cookie will follow them around as long as they are using the same web browser and fail to clear their cookies.

Apps that run on tablets and smartphones also use analytics services that uniquely track users. Almost every time a user sees an advertisement (in an app or in a web browser), the ad network is tracking users in the same way. A secret GCHQ and CSE program called BADASS, which is similar to XKEYSCORE but with a much narrower scope, mines as much valuable information from leaky smartphone apps as possible, including unique tracking identifiers that app developers use to track their own users. In May of this year, CBC, in partnership with The Intercept, revealed that XKEYSCORE was used to track smartphone connections to the app marketplaces run by Samsung and Google. Surveillance agency analysts also use other types of traffic data that gets scooped into XKEYSCORE to track people, such as Windows crash reports.

In a statement to The Intercept, the NSA reiterated its position that such sweeping surveillance capabilities are needed to fight the War on Terror:

“The U.S. Government calls on its intelligence agencies to protect the United States, its citizens, and its allies from a wide array of serious threats. These threats include terrorist plots from al-Qaeda, ISIL, and others; the proliferation of weapons of mass destruction; foreign aggression against the United States and our allies; and international criminal organizations.”

Indeed, one of the specific examples of XKEYSCORE applications given in the documents is spying on Shaykh Atiyatallah, an al Qaeda senior leader and Osama bin Laden confidant. A few years before his death, Atiyatallah did what many people have often done: He googled himself. He searched his various aliases, an associate and the name of his book. As he did so, all of that information was captured by XKEYSCORE.

XKEYSCORE has, however, also been used to spy on non-terrorist targets. The April 18, 2013 issue of the internal NSA publication Special Source Operations Weekly boasts that analysts were successful in using XKEYSCORE to obtain U.N. Secretary General Ban Ki-moon’s talking points prior to a meeting with President Obama.

XKEYSCORE for hacking: easily collecting user names, passwords and much more

XKEYSCORE plays a central role in how the U.S. government and its surveillance allies hack computer networks around the world. One top-secret 2009 NSA document describes how the system is used by the NSA to gather information for the Office of Tailored Access Operations, an NSA division responsible for Computer Network Exploitation (CNE) — i.e., targeted hacking.

Particularly in 2009, the hacking tactics enabled by XKEYSCORE would have yielded significant returns as use of encryption was less widespread than today. Jonathan Brossard, a security researcher and the CEO of Toucan Systems, told The Intercept: “Anyone could be trained to do this in less than one day: they simply enter the name of the server they want to hack into XKEYSCORE, type enter, and are presented login and password pairs to connect to this machine. Done. Finito.” Previous reporting by The Intercept revealed that systems administrators are a popular target of the NSA. “Who better to target than the person that already has the ‘keys to the kingdom?’” read a 2012 post on an internal NSA discussion board.

This system enables analysts to access web mail servers with remarkable ease.

The same methods are used to steal the credentials — user names and passwords — of individual users of message boards.

Hacker forums are also monitored for people selling or using exploits and other hacking tools. While the NSA is clearly monitoring to understand the capabilities developed by its adversaries, it is also monitoring locations where such capabilities can be purchased.

Other information gained via XKEYSCORE facilitates the remote exploitation of target computers. By extracting browser fingerprint and operating system versions from Internet traffic, the system allows analysts to quickly assess the exploitability of a target. Brossard, the security researcher, said that “NSA has built an impressively complete set of automated hacking tools for their analysts to use.”

Given the breadth of information collected by XKEYSCORE, accessing and exploiting a target’s online activity is a matter of a few mouse clicks. Brossard explains: “The amount of work an analyst has to perform to actually break into remote computers over the Internet seems ridiculously reduced — we are talking minutes, if not seconds. Simple. As easy as typing a few words in Google.”

These facts bolster one of Snowden’s most controversial statements, made in his first video interview published by The Guardian on June 9, 2013. “I, sitting at my desk,” said Snowden, could “wiretap anyone, from you or your accountant, to a federal judge to even the president, if I had a personal email.”

Indeed, training documents for XKEYSCORE repeatedly highlight how user-friendly the program is: with just a few clicks, any analyst with access to it can conduct sweeping searches simply by entering a person’s email address, telephone number, name or other identifying data. There is no indication in the documents reviewed that prior approval is needed for specific searches.

In addition to login credentials and other target intelligence, XKEYSCORE collects router configuration information, which it shares with Tailored Access Operations. The office is able to exploit routers and then feed the traffic traveling through those routers into their collection infrastructure. This allows the NSA to spy on traffic from otherwise out-of-reach networks. XKEYSCORE documents reference router configurations, and a document previously published by Der Spiegel shows that “active implants” can be used to “cop[y] traffic and direc[t]” it past a passive collector.

XKEYSCORE for counterintelligence

Beyond enabling the collection, categorization, and querying of metadata and content, XKEYSCORE has also been used to monitor the surveillance and hacking actions of foreign nation states and to gather the fruits of their hacking. The Intercept previously reported that NSA and its allies spy on hackers in order to collect what they collect.

Once the hacking tools and techniques of a foreign entity (for instance, South Korea) are identified, analysts can then extract the country’s espionage targets from XKEYSCORE, and gather information that the foreign power has managed to steal.

Monitoring of foreign state hackers could allow the NSA to gather techniques and tools used by foreign actors, including knowledge of zero-day exploits—software bugs that allow attackers to hack into systems, and that not even the software vendor knows about—and implants. Additionally, by monitoring vulnerability reports sent to vendors such as Kaspersky, the agency could learn when exploits they were actively using need to be retired because they’ve been discovered by a third party.

Seizure v. searching: oversight, audit trail and the Fourth Amendment

By the nature of how it sweeps up information, XKEYSCORE gathers communications of Americans, despite the Fourth Amendment protection against “unreasonable search and seizure” — including searching data without a warrant. The NSA says it does not target U.S. citizens’ communications without a warrant, but acknowledges that it “incidentally” collects and reads some of it without one, minimizing the information that is retained or shared.

But that interpretation of the law is dubious at best.

XKEYSCORE training documents say that the “burden is on user/auditor to comply with USSID-18 or other rules,” apparently including the British Human Rights Act (HRA), which protects the rights of U.K. citizens. U.S. Signals Intelligence Directive 18 (USSID 18) is the American directive that governs “U.S. person minimization.”

Kurt Opsahl, the Electronic Frontier Foundation’s general counsel, describes USSID 18 as “an attempt by the intelligence community to comply with the Fourth Amendment. But it doesn’t come from a court, it comes from the executive.”

If, for instance, an analyst searched XKEYSCORE for all iPhone users, this query would violate USSID 18 due to the inevitable American iPhone users that would be grabbed without a warrant, as the NSA’s own training materials make clear.

Opsahl believes that analysts are not prevented by technical means from making queries that violate USSID 18. “The document discusses whether auditors will be happy or unhappy. This indicates that compliance will be achieved by after-the-fact auditing, not by preventing the search.”

Screenshots of the XKEYSCORE web-based user interface included in slides show that analysts see a prominent warning message: “This system is audited for USSID 18 and Human Rights Act compliance.” When analysts log in to the system, they see a more detailed message warning that “an audit trail has been established and will be searched” in response to HRA complaints, and as part of the USSID 18 and USSID 9 audit process.

Because the XKEYSCORE system does not appear to prevent analysts from making queries that would be in violation of these rules, Opsahl concludes that “there’s a tremendous amount of power being placed in the hands of analysts.” And while those analysts may be subject to audits, “at least in the short term they can still obtain information that they shouldn’t have.”

During a symposium in January 2015 hosted at Harvard University, Edward Snowden, who spoke via video call, said that NSA analysts are “completely free from any meaningful oversight.” Speaking about the people who audit NSA systems like XKEYSCORE for USSID 18 compliance, he said, “The majority of the people who are doing the auditing are the friends of the analysts. They work in the same office. They’re not full-time auditors, they’re guys who have other duties assigned. There are a few traveling auditors who go around and look at the things that are out there, but really it’s not robust.”

In a statement to The Intercept, the NSA said:

“The National Security Agency’s foreign intelligence operations are 1) authorized by law; 2) subject to multiple layers of stringent internal and external oversight; and 3) conducted in a manner that is designed to protect privacy and civil liberties. As provided for by Presidential Policy Directive 28 (PPD-28), all persons, regardless of their nationality, have legitimate privacy interests in the handling of their personal information. NSA goes to great lengths to narrowly tailor and focus its signals intelligence operations on the collection of communications that are most likely to contain foreign intelligence or counterintelligence information.”

—

Coming next: A Look at the Inner Workings of XKEYSCORE

Source maps: XKS as a SIGDEV Tool, p. 15, and XKS Intro, p. 6

Documents published with this article:

Advanced HTTP Activity Analysis
Analyzing Mobile Cellular DNI in XKS
ASFD Readme
CADENCE Readme
Category Throttling
CNE Analysis in XKS
Comms Readme
DEEPDIVE Readme
DNI101
Email Address vs User Activity
Free File Uploaders
Finding and Querying Document Metadata
Full Log vs HTTP
Guide to Using Contexts in XKS Fingerprints
HTTP Activity in XKS
HTTP Activity vs User Activity
Intro to Context Sensitive Scanning With XKS Fingerprints
Intro to XKS AppIDs and Fingerprints
OSINT Fusion Project
Phone Number Extractor
RWC Updater Readme
Selection Forwarding Readme
Stats Config Readme
Tracking Targets on Online Social Networks
TRAFFICTHIEF Readme
Unofficial XKS User Guide
User Agents
Using XKS to Enable TAO
UTT Config Readme
VOIP in XKS
VOIP Readme
Web Forum Exploitation Using XKS
Writing XKS Fingerprints
XKS Application IDs
XKS Application IDs Brief
XKS as a SIGDEV Tool
XKS, Cipher Detection, and You!
XKS for Counter CNE
XKS Intro
XKS Logos Embedded in Docs
XKS Search Forms
XKS System Administration
XKS Targets Visiting Specific Websites
XKS Tech Extractor 2009
XKS Tech Extractor 2010
XKS Workflows 2009
XKS Workflows 2011
UN Secretary General XKS

Morgan Marquis-Boire, Glenn Greenwald, Micah Lee
July 1 2015, 4:49 p.m.
Illustrations by Blue Delliquanti and David Axe for The Intercept

Find this story at 1 July 2015

copyright https://firstlook.org/theintercept/

Van nieuwsblog.burojansen.nl

Internal documents show that Germany’s domestic intelligence agency, the BfV, received the coveted software program XKeyscore from the NSA – and promised data from Germany in return.

The agents from the Federal Office for the Protection of the Constitution (BfV), Germany’s domestic intelligence agency, were deeply impressed. They wanted to be able to do that too. On Oct. 6, 2011, employees of the US intelligence agency NSA were in the Bavarian town of Bad Aibling to demonstrate all that the spy software XKeyscore could do. To make the demonstration as vivid as possible, the Americans fed data into their program that the BfV had itself collected during a warranted eavesdropping operation. An internal memo shows how enthusiastic the German intelligence agents were: Analyzing data with the help of the software, the memo reads in awkward officialese, resulted in “a high recognition of applications used, Internet applications and protocols.” And in the data, XKeyscore was able to “recognize, for example, Hotmail, Yahoo or Facebook. It was also able to identify user names and passwords.” In other words, it was highly effective.

It was far beyond the capabilities of the BfV’s own system. In response, then-BfV President Heinz Fromm made a formal request five months later to his American counterpart, NSA head Keith Alexander, for the software to be made available to the German intelligence agency. It would, he wrote, superbly complement the current capabilities for monitoring and analyzing Internet traffic.

But fully a year and a half would pass before a test version of XKeyscore could begin operating at the BfV facility in the Treptow neighborhood of Berlin. It took that long for the two agencies to negotiate an agreement that regulated the transfer of the software in detail and which defined the rights and obligations of each side.

The April 2013 document called “Terms of Reference,” which ZEIT ONLINE and DIE ZEIT has been able to review, is more than enlightening. It shows for the first time what Germany’s domestic intelligence agency promised their American counterparts in exchange for the use of the coveted software program. “The BfV will: To the maximum extent possible share all data relevant to NSA’s mission,” the paper reads. Such was the arrangement: data in exchange for software.

It was a good deal for the BfV. Being given the software was a “proof of trust,” one BfV agent exulted. Another called XKeyscore a “cool system.” Politically and legally, however, the accord is extremely delicate. Nobody outside of the BfV oversees what data is sent to the NSA in accordance with the “Terms of Reference,” a situation that remains unchanged today. Neither Germany’s data protection commissioner nor the Parliamentary Control Panel, which is responsible for oversight of the BfV, has been fully informed about the deal. “Once again, I have to learn from the press of a new BfV-NSA contract and of the impermissible transfer of data to the US secret service,” complains the Green Party parliamentarian Hans-Christian Ströbele, who is a member of the Parliamentary Control Panel. The Federal Office for the Protection of the Constitution, for its part, insists that it has adhered strictly to the law.

SOFTWARE GEGEN DATEN
Interne Dokumente belegen, dass der Verfassungsschutz vom amerikanischen Geheimdienst NSA die begehrte Spionagesoftware XKeyscore bekam. Dafür versprachen die Verfassungsschützer, so viele Daten aus deutschen G-10-Überwachungsmaßnahmen an die NSA zu liefern, wie möglich.

Lesen Sie dazu:

Der Datendeal: Was Verfassungsschutz und NSA miteinander verabredeten – was Parlamentarier und Datenschützer dazu sagen

Read the english version here: A Dubious Deal with the NSA

Dokument: Die Übereinkunft zwischen Verfassungsschutz und NSA im Wortlaut

Read the english version here: XKeyscore – the document

Die Software: Der Datenknacker “Poseidon” findet jedes Passwort

The data in question is regularly part of the approved surveillance measures carried out by the BfV. In contrast, for example, to the Bundesnachrichtendienst (BND), Germany’s foreign intelligence agency, the BfV does not use a dragnet to collect huge volumes of data from the Internet. Rather, it is only allowed to monitor individual suspects in Germany — and only after a special parliamentary commission has granted approval. Because such operations necessarily imply the curtailing of rights guaranteed by Article 10 of Germany’s constitution, they are often referred to as G-10 measures. Targeted surveillance measures are primarily intended to turn up the content of specific conversations, in the form of emails, telephone exchanges or faxes. But along the way, essentially as a side effect, the BfV also collects mass quantities of so-called metadata. Whether the collection of this data is consistent with the restrictions outlined in Germany’s surveillance laws is a question that divides legal experts. Well-respected constitutional lawyers are of the opinion that intelligence agencies are not allowed to analyze metadata as they see fit. The agencies themselves, naturally, have a different view.

It is clear, after all, that metadata also enables interesting conclusions to be drawn about the behavior of those under surveillance and their contacts, just as, in the analog world, the sender and recipient written on an envelope can also be revealing, even if the letter inside isn’t read. Those who know such data can identify communication networks and establish movement and behavioral profiles of individuals. Prior to 2013, Germany’s domestic intelligence agency was only able to analyze metadata by hand — and it was rarely done as a result. But that changed once the agency received XKeyscore. The version of the software obtained by the BfV is unable to collect data on the Internet itself, but it is able to rapidly analyze the huge quantities of metadata that the agency has already automatically collected. That is why XKeyscore is beneficial to the BfV. And, thanks to the deal, that benefit is one that extends to the NSA.

In practice, it assumedly works as follows: When an Islamist who is under surveillance by the BfV regularly receives calls from Afghanistan, for example, then the telephone number is likely exactly the kind of information that is forwarded on to the NSA. That alone is not necessarily cause for concern; after all, combatting terrorism is the goal of intelligence agency cooperation. But nobody outside of the BfV knows whose data, and how much of it, is being shared with the NSA. Nobody can control the practicalities of the data exchange. And it is completely unclear where political responsibility lies.

In 2013 alone, the BfV began 58 new G-10 measures and continued 46 others from the previous year. Who was targeted? What information was passed on to the NSA? Was information pertaining to German citizens also shared? When confronted with such questions, the BfV merely responded: “The BfV is unable to publicly comment on the particulars of the cooperation or on the numbers of data collection operations.”

How important XKeyscore has become for the BfV can also be seen elsewhere. Not long ago, the website Netzpolitik.org published classified budget plans for 2013 which included the information that the BfV intended to create 75 new positions for the “mass data analysis of Internet content.” Seventy-five new positions is a significant amount for any government agency. A new division called 3C was to uncover movement profiles and contact networks and to process raw data collected during G-10 operations. The name XKeyscore does not appear in the documents published by Netzpolitik.org. But it is reasonable to suspect that the new division was established to deploy the new surveillance software.

Germany’s domestic intelligence agency is itself also aware of just how sensitive its deal with the Americans is. Back in July 2012, a BfV division warned that even the tests undertaken with XKeyscore could have “far-reaching legal implications.” To determine the extent of the software’s capabilities, the division warned, employees would have to be involved who didn’t have the appropriate security clearance to view the data used in the tests. The BfV has declined to make a statement on how, or whether, the problem was solved.

Germany’s data protection commissioner was apparently not informed. “I knew nothing about such an exchange deal,” says Peter Schaar, who was data protection commissioner at the time. “I am also hearing for the first time about a test with real data.” He says he first learned that BfV was using XKeyscore after he asked of his own accord in 2013 — in the wake of revelations about the program from whistleblower Edward Snowden.

Schaar is of the opinion that the agency was obliged to inform him. Because real data was used during the tests, Schaar says, it constituted data processing. The BfV, by contrast, is of the opinion that the use of XKeyscore has to be controlled solely by the G-10 commission. It is a question that has long been the source of contention. In testimony before the parliamentary investigative committee that is investigating NSA activities in Germany, Schaar has demanded that the G-10 law be more clearly formulated to remove the ambiguity.

The fact that the BfV recognized the problems with its NSA cooperation can be seen elsewhere in the files as well. During the negotiations over the XKeyscore deal, the BfV noted: “Certain NSA requests … cannot be met insofar as German law prevents it.” But the Americans insisted that the software finally be “used productively.” The NSA wants “working results,” the German agents noted. There is, they wrote, apparently “high internal pressure” to receive information from the Germans.

Ultimately, the BfV arrived at the conclusion that transferring information obtained with the help of XKeyscore to the NSA was consistent with German law. Insights gathered by way of G-10 operations were already being “regularly” shared with “foreign partner agencies.” That, at least, is what the BfV declared to the German Interior Ministry in January 2014. Furthermore, the agency declared, a special legal expert would approve each data transfer.

That, it seems, was enough oversight from the perspective of the BfV. The agency apparently only partially informed its parliamentarian overseers about the deal. The Parliamentary Control Panel learned that the BfV had received XKeyscore software and had begun using it. But even this very general briefing was only made after the panel had explicitly asked following the Snowden revelations. The deal between the intelligence agencies, says the Green Party parliamentarian Ströbele, “is undoubtedly an ‘occurrence of particular import,’ about which, according to German law, the German government must provide sufficient information of its own accord.” He intends to bring the issue before the Parliamentary Control Panel. The NSA investigative committee in German parliament will surely take a closer look as well.

Translated by Charles Hawley
Von Kai Biermann und Yassin Musharbash
26. August 2015, 18:11 Uhr

Find this story at 26 August 2015

copyright http://www.zeit.de/

Van nieuwsblog.burojansen.nl

Wikileaks says its latest release of documents shows the wide reach of economic espionage conducted by the NSA in Germany. Documents released by the whistleblowers suggest an intense interest in the Greek debt crisis.

A new batch of documents released by Wikileaks on Wednesday purports to show the extent to which the spying conducted by the US National Security Agency (NSA) on German officials was economic in nature , as opposed to being focused on security issues.
As far back as the late 1990s, the phone numbers of officials in the German Ministry of Finance, including sometimes the ministers themselves, were targeted by NSA spies, according to a Wikileaks press release. The list of high priority targets for Germany are mostly telephone numbers within the finance ministry, some within the ministry of agriculture, a few within offices responsible for European policy, and advisors who assisted Merkel ahead of G7 and WTO meetings. One of the targets was within the European Central Bank itself.
NSA interest in the course of Greek bailout
Some of the espionage also dealt with the handling of the Greek debt crisis, particularly in “intercepted talk between Chancellor Merkel and her assistant, the Chancellor talks about her views on solutions to the Greek financial crisis and her disagreement with members of her own cabinet, such as Finance Minister Wolfgang Schäuble, on matters of policy.”
The NSA was also interested in Merkel’s discussions of “the positions of French leaders, and of the heads of the key institutions of the Troika: European Commission President Jose Manuel Barroso, European Central Bank President Jean-Claude Trichet and IMF Director Christine Lagarde,” with regard to the Greece’s bailout issues.
This intercept, which is dated to October 2011, is classified as highly sensitive, “two levels above top secret.” Despite this, it was still cleared for distribution among the “US-led ‘Five Eyes’ spying alliance of UK, Canada, Australia and New Zealand.”
Wikileaks also says that the NSA was given a German intercept gathered by British Intelligence (GCHQ), which “details the German government’s position ahead of negotiations on a EU bailout plan for Greece.”
“The report refers to an overview prepared by German Chancellery Director-General for EU Affairs Nikolaus Meyer-Landrut. Germany was, according to the intercept, opposed to giving a banking license to the European Financial Stability Facility (EFSF), however it would support a special IMF fund into which the BRICS nations would contribute to bolster European bailout activities.”
Julian Assange, Wikileaks’ embattled editor-in-chief, made a statement on Wednesday’s release, saying that it “further demonstrates that the United States’ economic espionage campaign extends to Germany and to key European institutions and issues such as the European Central Bank and the crisis in Greece.”
“Would France and Germany have proceeded with the BRICS bailout plan for Greece if this intelligence was not collected and passed to the United States – who must have been horrified at the geopolitical implications?” he asked.
The “Süddeutsche Zeitung” daily was given access to the leaked documents. It reports that a spokesman for the German government said Berlin is not familiar enough with the information published by Wikileaks to offer an analysis or response.
es/gsw

01.07.2015

Find this story at 1 July 2015
© 2015 Deutsche Welle

Van nieuwsblog.burojansen.nl

Anhand der Telefonnummern in dieser Selektorenliste wird deutlich, dass die Ausspähung durch die NSA beispielsweise auch die Telefone von Ronald Pofalla, Peter Altmaier und Volker Kauder umfasste.

Der amerikanische Nachrichtendienst hat die deutsche Politik weitaus systematischer ausgespäht als bisher bekannt – und das seit Jahrzehnten.

Neue Dokumente der Enthüllungsplattform Wikileaks belegen, dass auch die Regierungen der Kanzler Helmut Kohl und Gerhard Schröder von der NSA belauscht wurden.

Bund und Berlin ziehen Bilanz zu HauptstadtbautenBild vergrößern
Das Kanzleramt in Berlin steht im Mittelpunkt der neuen Wikileaks-Enthüllungen. (Foto: dpa)
Diese Erkenntnisse können aus den neuen Enthüllungen gewonnen werden:

Die neuen Wikileaks-Enthüllungen katapultieren die Diskussion in eine neue Höhe. Es geht darin um das Kanzleramt – es wurde über Jahrzehnte von der NSA ausgespäht, in Bonn und in Berlin. Die Liste umfasst 56 Anschlüsse und wurde von Wikileaks am Mittwochabend ins Netz gestellt. SZ, NDR und WDR konnten sie vorab prüfen.
Die Regierungen von Helmut Kohl, Gerhard Schröder und Angela Merkel waren alle im Visier des amerikanischen Nachrichtendienstes. Die halbe Mannschaft von Ex-Kanzler Schröder steht auf der Liste. Bodo Hombach, der für eine kurze Zeit Kanzleramtsminister war und schwierige Operationen in Nahost auszuführen hatte, ist ebenso aufgeführt wie der sicherheitspolitische Berater Michael Steiner und Schröders Mann für die Weltwirtschaftsgipfel, Klaus Gretschmann.
Etwa zwei Dutzend Nummern der Bundeskanzlerin stehen auf der Liste. Darunter ihre Handynummer, die mindestens bis Ende 2013 gültig war; ihre Büronummer; eine ihr zugeschriebene Nummer in der CDU-Bundesgeschäftsstelle und ihre Faxnummern; auch ihr enger Vertrauter Volker Kauder, Vorsitzender der CDU/CSU-Bundestagsfraktion, war Ziel der NSA.
Auch Merkels ehemaliger Kanzleramtsminister Ronald Pofalla steht auf der Liste. Es findet sich darauf seine bis heute aktive Handynummer.
Auffällig ist, dass die Abteilung 2 des Kanzleramts, die für Außen- und Sicherheitspolitik zuständig ist, oft vorkommt. Auch der Bereich Wirtschaftspolitik ist stark vertreten, ebenso Abteilung 6 – sie ist für den Bundesnachrichtendienst zuständig.
Vorige Woche hatte Wikileaks erste Unterlagen der NSA veröffentlicht, die Deutschland betreffen. Drei Bundesministerien – das Wirtschafts-, das Landwirtschafts- und das Finanzministerium – standen dabei im Mittelpunkt.
Lesen Sie mehr zu den neuen Wikileaks-Enthüllungen in der digitalen Ausgabe der Süddeutschen Zeitung.
IhreSZ Flexi-Modul Header
Ihr Forum
Wie sollte sich Merkel angesichts der jüngsten Wikileaks-Enthüllungen verhalten?
Die NSA hat Wikileaks-Dokumenten zufolge über Jahrzehnte das Bundeskanzleramt abgehört. Betroffen von den Spähangriffen waren die Regierungen von Bundeskanzlerin Merkel sowie die ihrer Vorgänger Schröder und Kohl. Das Ausmaß des Lauschangriffs ist damit deutlich größer als bislang angenommen. Ihr Forum

Helmut Kohl mit Gerhard Schröder im Bundestag, 1999
Tatort Kanzleramt
Kurzer Draht zur Macht
Die NSA hat die deutsche Politik weitaus systematischer ausgespäht als bisher bekannt – und das seit Jahrzehnten. Neue Dokumente von Wikileaks belegen, dass auch die Kanzler Helmut Kohl und Gerhard Schröder belauscht wurden.

Kohl NSA
Wikileaks-Dokumente
Von Kohl bis Merkel – die NSA hörte mit
Wikileaks-Dokumente belegen: Jahrzehntelang hat der US-Geheimdienst das Kanzleramt ausgeforscht. Auch die Telefone von Ronald Pofalla, Peter Altmaier und Volker Kauder wurden angezapft.

9. Juli 2015, 06:11 Uhr

Find this story at 9 July 2015

Copyright www.sueddeutsche.de

Van nieuwsblog.burojansen.nl

Die NSA hat nach Informationen von WikiLeaks schon seit Jahrzehnten das Bundeskanzleramt abgehört. Das zeigen neue Dokumente, die NDR, WDR und SZ vor Veröffentlichung einsehen konnten. Betroffen waren demnach neben Kanzlerin Merkel auch ihre Vorgänger Schröder und Kohl.

Noch in der vergangenen Woche hatten der Geheimdienstkoordinator im Kanzleramt, Günter Heiß, und der ehemalige Kanzleramtschef Ronald Pofalla (CDU) bei einer Befragung im NSA-Untersuchungsausschuss abgewiegelt. Auf die Frage, ob Merkels Handy abgehört worden sei, sagte Heiß, es gebe Indizien dafür. Es könne aber auch sein, dass ein Gespräch “zufällig” abgehört worden sei, als ein “Beifang” etwa bei einem Telefonat mit dem russischen Präsidenten Putin. Pofalla sagte, er halte es bis heute für nicht bewiesen, dass das Handy der Kanzlerin abgehört worden sei. Der “Spiegel” hatte 2013 erstmals über diesen Verdacht berichtet.

Nun liegen die neuen WikiLeaks-Dokumente vor – eine Liste mit 56 Telefonnummern, darunter Merkels Handy-Nummer, die sie bis mindestens Ende 2013 genutzt hat. Die Nummern stammen offenbar aus einer Datenbank der NSA, in der Abhörziele erfasst sind. Und in dieser Liste findet sich nicht nur Merkels alte Mobilnummer, sondern auch mehr als ein Dutzend weiterer Festnetz-, Handy- und Faxanschlüsse aus ihrem direkten Umfeld – darunter die Durchwahl ihrer Büroleiterin im Kanzleramt, Beate Baumann, ihres Stellvertreters sowie weitere Nummern aus dem Kanzlerbüro.

Eine Liste mit Telefonnummern von Wikileaks galerieWikiLeaks hat eine Liste mit Telefonnummern und Namen aus dem Bundeskanzleramt veröffentlicht, die offenbar aus einer Datenbank mit Abhörzielen der NSA stammen [die letzten Ziffern wurden von der Redaktion unkenntlich gemacht].
Außerdem steht der Name des Unions-Fraktionschefs Volker Kauder, einem engen Vertrauten von Merkel, samt einer Nummer im Bundestag auf der Liste und eine Merkel zugeordnete Nummer in der CDU-Bundesgeschäftsstelle. Auch die aktuelle Handy-Nummer von Ronald Pofalla ist in der NSA-Datenbank erfasst. Er hatte es anscheinend schon geahnt. In der Sitzung des NSA-Untersuchungsausschusses wies ihn jemand darauf hin, dass seine Nummer bislang nicht aufgetaucht sei. Pofallas Antwort: “Kommt noch.”

Gezieltes Vorgehen der NSA

Die Liste zeigt, dass die NSA offenbar sehr gezielt vorgegangen ist. Außer der Kanzlerin und ihrem Büro umfasst sie vor allem Nummern und Namen von der Leitung des Bundeskanzleramts sowie von den Abteilungen 2, 4 und 6 – zuständig für Außen- und Sicherheitspolitik, Wirtschaftspolitik und die Nachrichtendienste. Selbst die Telefonzentrale des Kanzleramts inklusive der Faxnummer wurde offenbar ausspioniert. Von wann die Liste stammt, ist nicht bekannt. Viele der aufgeführten Nummern sind bis heute aktuell, andere – teils noch aus Bonner Zeiten – sind anscheinend veraltet.

Mitarbeiter von Kohl und Schröder im Visier

Wann der US-Geheimdienst den Lauschangriff auf das Zentrum der deutschen Regierung gestartet hat, ist nicht klar. Aber einiges deutet daraufhin, dass auch Mitarbeiter von Merkels Vorgängern abgehört wurden. Die ersten Ziele hat die NSA offenbar bereits vor mehr als 20 Jahren in die Datenbank aufgenommen und in den folgenden Jahren stetig erweitert. Unter anderem findet sich eine alte Bonner Nummer mit dem Eintrag “DR LUDEWIG CHIEF OF DIV 4” in der Liste. Dr. Johannes Ludewig leitete von 1991 bis 1994 die Wirtschaftsabteilung des Kanzleramts, die Abteilung 4. Danach wechselte er ins Wirtschaftsministerium. Ausgespäht wurde offenbar auch ein persönlicher Referent des damaligen CDU-Staatsministers Anton Pfeiffer, ein enger Vertrauter von Helmut Kohl.

Außerdem stehen unter anderem auf der Liste: Bodo Hombach, der 1998/99 einige Monate lang das Kanzleramt geleitet hat; Schröders sicherheitspolitischer Berater Michael Steiner; Klaus Gretschmann, ehemaliger Leiter der Abteilung für Wirtschaftspolitik, der unter anderem die Weltwirtschaftsgipfel für den Kanzler vorbereitet hat; Ernst Uhrlau, von 1998 bis 2005 im Kanzleramt für die Aufsicht über die Nachrichtendienste zuständig.

NSA hörte Kanzleramt offenbar jahrzehntelang ab
tagesthemen 22:15 Uhr, 08.07.2015, S. Buchen/J. Goetz/C. Deker, NDR
Icon facebook Icon Twitter Icon Google+ Icon Briefumschlag
Download der Videodatei
Weitere “streng geheime” Abhörprotokolle veröffentlicht

WikiLeaks hat außer der Telefonliste erneut einige als “streng geheim” eingestufte Abhörprotokolle der NSA veröffentlicht, darunter abgefangene Gespräche von Kanzlerin Merkel unter anderem mit Scheich Muhammad bin Zayid Al Nahyan aus den Vereinigten Arabischen Emiraten aus dem Jahr 2009 über die Situation im Iran. Laut einem weiteren Protokoll – ebenfalls von 2009 – hat sie intern kurz vor dem damals geplanten G20-Gipfel in London Vorschläge der US-Notenbank zur Lösung der Finanzkrise kritisiert. Es ging um “toxische Anlagen”, die in “bad banks” ausgelagert werden sollten. Merkel habe sich skeptisch dazu geäußert, dass Banken sich komplett ihrer Verantwortung entziehen.

Mitte Juni hat Generalbundesanwalt Harald Range ein Ermittlungsverfahren wegen des mutmaßlichen Ausspähens von Merkels Handy eingestellt. Die Vorwürfe seien nicht gerichtsfest nachzuweisen. Beweisdokumente habe die Behörde nicht beschaffen können. Kurz darauf – Anfang Juli – hat Wikileaks erste Abhörprotokolle und eine Liste mit Abhörzielen veröffentlicht, die auf einen umfassenden Lauschangriff der NSA auf die deutsche Regierung hindeuteten.

Bundesregierung prüft Veröffentlichungen

Als Reaktion auf die erste Enthüllung bat die Bundesregierung den US-Botschafter in Deutschland, John B. Emerson, zu einem Gespräch ins Kanzleramt. Die Bundesanwaltschaft prüft nun mögliche neue Ermittlungen wegen der NSA-Aktivitäten. Und in Regierungskreisen hieß es, man wundere sich in dieser Sache über gar nichts mehr. Beschwerden in Washington seien aber offenbar sinnlos. Die Bundesregierung erklärte nun auf Anfrage von NDR, WDR und SZ, die Veröffentlichung aus der vergangenen Woche werde von den zuständigen Stellen geprüft und bewertet, dies dauere an. “Insbesondere da ein Nachweis der Authentizität der veröffentlichten Dokumente fehlt, ist eine abschließende Bewertung derzeit nicht möglich.”

Zu den in den aktuellen Dokumenten aufgeführten Mobilfunknummern will die Bundesregierung nicht öffentlich Stellung nehmen. Eine Sprecher betonte jedoch, dass weiterhin gelte, was der Chef des Bundeskanzleramts, Peter Altmaier, in der vergangenen Woche gegenüber dem US-Botschaft deutlich gemacht habe: “Die Einhaltung deutschen Rechts ist unabdingbar und festgestellte Verstöße werden mit allen Mitteln des Rechtsstaats verfolgt werden. Darüber hinaus wird die für die Sicherheit unserer Bürger unverzichtbare Zusammenarbeit der deutschen und amerikanischen Nachrichtendienste durch derartige wiederholte Vorgänge belastet. Bereits seit dem vergangenen Jahr hat die Bundesregierung ihre Spionageabwehr verstärkt und fühlt sich darin durch die neuesten Veröffentlichungen bestätigt.”

Die US-Regierung hat sich bislang weder offiziell noch inoffiziell zur aktuellen Abhörpraxis in Deutschland geäußert. Nur Kanzlerin Merkel hat nach den ersten Berichten über das Abhören ihres Handys eine Art No-Spy-Garantie von US-Präsident Obama bekommen. Dabei ging es allerdings tatsächlich nur um sie persönlich, stellte der frühere NSA- und CIA-Direktor Michael Hayden in einem “Spiegel”-Interview klar. “Das war kein Versprechen, das für irgendjemand anderes an der Spitze der Bundesregierung gilt.”

Rechercheverbund
Die investigativen Ressorts von NDR, WDR und “Süddeutscher Zeitung” kooperieren unter Leitung von Georg Mascolo themen- und projektbezogen. Die Rechercheergebnisse, auch zu komplexen internationalen Themen, werden für Fernsehen, Hörfunk, Online und Print aufbereitet.

Stand: 09.07.2015 09:40 Uhr
Von John Goetz, Janina Findeisen und Christian Baars (NDR)

Find this story at 9 July 2015

© ARD-aktuell / tagesschau.de