Squeaky Dolphin, GCHQ’s broad social media monitoring tool, is part of the agency’s campaign to “understand and shape the Human Terrain”—that is, regional public sentiment.
Documents obtained by former NSA contractor Edward Snowden and published on The Intercept show that NSA analysts monitored content on The Pirate Bay and used the agency’s surveillance systems to track where it came from. The documents also show that the NSA’s British partners at the GCHQ used XKeyscore data as part of a surveillance program on sites that included WikiLeaks. That was part of a broader psychological profiling and targeting program to collect intelligence, influence individuals online, and disrupt groups like Anonymous that were considered threats.
The new documents show that the GCHQ conducted “broad real-time monitoring of social media activities, processing data on activities like watching YouTube videos and Facebook Likes to profile, categorize, and target individuals for psychological operations.” The NSA documents in the latest disclosure refer to monitoring for content that could be considered “malicious foreign activity.” But it’s clear that the NSA also used its XKeyscore surveillance to dig through traffic to the torrent-sharing site, and it could very well have profiled foreign users of sites like WikiLeaks and monitored their access to that and other websites.
However, the documents—one an internal NSA “frequently asked questions” Wiki page and the other a set of GCHQ slides on psychological operations—do not provide a picture of how much information about people accessing WikiLeaks was shared between the GCHQ and the NSA. And while the documents point to NSA monitoring of Pirate Bay, there’s no suggestion of how the information gathered was used or if it was used at all.
A third, unpublished document shows that the Obama administration apparently encouraged foreign governments in 2010 (including the UK) to pursue charges against WikiLeaks for the publication of diplomatic “wires” provided by Chelsea Manning, formerly known as Bradley Manning.
“Squeaky Dolphin,” “Airwolf,” and “AnticrisisGirl”
The GCHQ slide deck, published in 2012, highlights two tools used to conduct social networking, Web monitoring, and profiling. The first, called “Squeaky Dolphin,” pulls online activities within Web traffic caught by the agency’s monitoring systems. The monitoring systems are called “Airwolf” in the slides, which may be a UK codeword for the GCHQ’s equivalent of XKeyscore. That data includes webmail, blogs visited, YouTube views, Facebook “likes” clicked on websites themselves, and other data culled from individual users’ captured activity.
It runs those activities, captured in real-time, through IBM’s InfoSphere Streams processing software to create analytical feeds. Those feeds are then piped into a Splunk database and surfaced through a “dashboard” view that allows analysts to find trends in sentiment. As an example, the slides showed activity related to cricket matches in London and the surge in Facebook likes for Conservative member of Parliament Liam Fox. It can also be used to spot trends in traffic that might indicate upcoming events such as protests or other civil unrest.
While Squeaky Dolphin tends to look at things with a wider view, “AnticrisisGirl” is a bit more targeted. It can be used to passively monitor specific websites—including traffic to WikiLeaks, as the slides demonstrate. The tool can be tuned to a specific set of Internet user signatures or keywords, and it provides analytics of their behavior in real time, capturing search terms or direct Web addresses used to get to the sites in question.
“Nothing to worry about”
The final document in the latest disclosure, from an NSA internal Wiki, is entitled “Discovery SIGINT Targeting Scenarios and Compliance.” Created in 2011, it provides guidance on what is and isn’t allowed in performing XKeyscore queries and using other analytics tools to capture and analyze data. The document explains when it’s allowed to query against US “selectors”—people or systems running within the United States.
One of the entries is entitled “Unknowingly targeting a US person”:
I screwed up…the selector had a strong indication of being foreign, but it turned out to be US…now what?
NOC/OGC RESPONSE: With all querying, if you discover it actually is US, then it must be submitted and go in the [Office of General Counsel] quarterly report…’but it’s nothing to worry about.’ (Source #001)
Several of the entries on the Wiki page relate to monitoring of PirateBay. One question posted asked whether it was OK to back-trace connections to thepiratebay.org “even if it hops through US based proxies.” The NSA’s Office of General Counsel responded that it was allowed only by use of metadata “chaining” in compliance with the Department of Defense’s Supplemental Procedures Governing Communications Metadata Analysis” (SPCMA). That order requires that analysts “enter a foreign intelligence (FI) justification for making a query or starting a chain”—in other words, analysts can’t just start a query of a post on The Pirate Bay without documenting their cause.
Another question posted about The Pirate Bay asked if a password for an account associated with a US person was enough to rule out tracking the source. “If a list of .mil passwords were released to thepiratebay.org…can we go back into [XKeyscore data] (using a custom created fingerprint) to search for traffic containing that password in foreign traffic just before the release?” The official response was that while a password alone would not normally be considered to a “US person,” searching for the password data for military accounts would be allowed due to the NSA’s support role for the Defense Department. Such actions would be “consistent with the SIGINT Consensual Collection package signed by [the commander of] USCYBERCOM and [director of the NSA], appropriate to both of his hats”—referring to Gen. Keith Alexander’s dual role as head of both DOD’s cyber operations and the NSA.
Ironically, the NSA’s privacy regulations do keep it from collecting one type of data—private information published by hackers. In a response to a question on whether it was legal to store data exposed by Anonymous or other groups for forensic purposes, the NSA general counsel said it was only legal to retain “.mil information.” It wasn’t clear whether it was legal to retain data from other government agencies.
by Sean Gallagher – Feb 18 2014, 8:35pm +0100
Find this story at 18 February 2014
© 2014 Condé Nast.