A DEATH IN ATHENS Did a Rogue NSA Operation Cause the Death of a Greek Telecom Employee?

JUST OUTSIDE THE MAIN DOWNTOWN part of Athens lies Kolonos, an old Athenian neighborhood near the archaeological park of Akadimia Platonos, where Plato used to teach. Along the maze of narrow streets, flower-filled balconies hang above open-air markets, and locals gather for hours at lazy sidewalk cafes, sipping demitasse cups of espresso and downing shots of Ouzo in quick gulps.

It was a neighborhood Costas Tsalikidis knew well. He lived at No. 18 Euclid Street, a loft apartment just down the hall from his parents. Slim and dark-haired, with a strong chin and a sly smile, he was born in Athens 38 years earlier to a middle-class family in the construction business. Talented in math and physics from an early age, he earned a degree in electrical engineering from the National Technical University of Athens, considered the most prestigious college in Greece, where he specialized in telecommunications, and later obtained his master’s in computer science in England. Putting his skills to good use, for the last 11 years he had worked for Vodafone-Panafon, also known as Vodafone Greece, the country’s largest cell phone company, and was promoted in 2001 to network-planning manager at the company’s headquarters in the trendy Halandri section of Athens.

On March 9, 2005, Costas’ brother, Panagiotis, dropped by the apartment. He thought he’d have a coffee before a business meeting scheduled for that morning. But as he entered the building, he found his mother, Georgia, running up and down the corridor yelling for help.

“Cut him down!” she was saying. “Cut him down!”

Panagiotis had no idea what she was talking about until he went inside his brother’s apartment and saw Costas hanging from a rope tied to pipes above the lintel of his bathroom door, an old wooden chair nearby. He and his mother cut the rope and laid Costas down on the bed.

Costas Tsalikidis Photo: Courtesy of the Tsalikidis familyThe day before his death, Costas’ boss at Vodafone had ordered that a newly discovered code — a powerful and sophisticated bug — be deactivated and removed from its systems. The wiretap, placed by persons unknown, targeted more than 100 top officials, including then Prime Minister Kostas Karamanlis and his wife, Natassa; the mayor of Athens; members of the Ministerial Cabinet; as well as journalists, capturing not only the country’s highest secrets, but also its most intimate conversations. The question was, who did it?
For a year, the eavesdropping case remained secret, but when the affair finally became public, it was regarded as Greece’s Watergate. One newspaper called it “a scandal of monumental proportions.” And at its center was the dark underside of the 2004 Summer Olympic Games in Athens. While the athletes were competing for medals as millions watched, far in the shadows spies had hacked into the country’s major telecom systems to listen and record.

A decade later, Costas’ death is caught up in an investigation into what now appears to have been a U.S. covert operation in Greece. Last February, Greek authorities took the extraordinary step of issuing an international arrest warrant for a CIA official the Greeks believe was a key figure in the operation while based in Athens. Unnoticed by the U.S. press, the warrant was a nearly unprecedented action by an allied country. The intelligence official, identified as William George Basil, was accused of espionage and eavesdropping. But by then he had already left the country, and the U.S. government, as it has done for the past 10 years, continues to stonewall Greek authorities on the agency’s involvement.

The Greek charges only touch the surface, however, and Basil may be less a key figure than simply a spy guilty of poor tradecraft. An investigation by The Intercept has uncovered not only the role of the CIA, but also that of the NSA, as well as how and why the operation was carried out. The investigation began while I was producing a documentary for PBS NOVA on cyberwarfare, scheduled to air on October 14, for which some of the interviews were conducted. In addition, I have had exclusive access to highly classified and previously unreported NSA documents released by Edward Snowden.

The Intercept, along with the Greek newspaper Kathimerini, interviewed over two dozen people familiar with the wiretapping case, ranging from U.S. intelligence officials and Greek government officials to those involved in the investigation and its aftermath. Many of those interviewed agreed to talk on condition that their names not be used, fearing criminal prosecution for speaking on intelligence matters or professional retribution. While some questions remain, the evidence points to a massive illegal eavesdropping program that may have led to Costas’ tragic death.

“COSTAS WAS ENGAGED,” his brother, Panagiotis, told me last year. “He was planning to get married.” Like Costas, who was three years younger, Panagiotis spoke fluent English, the product of frequent trips to the U.S., both on business and vacation.

After a dinner of lamb and hummus at a restaurant not far from the apartment where Costas died, Panagiotis spoke emotionally about his brother. “He had met the woman of his life and they were planning to get married really soon. And for that reason, they were looking to get a house and they had already started buying things that they could use in their new household. Costas was happy and optimistic and things had been working out really good for him.”

At the time, Panagiotis couldn’t understand what had happened; Costas was in good health and, at least until recently, seemed to love his job at Vodafone. “I thought there was no reason for him to commit suicide,” he said, although he acknowledged Costas had been under more pressure than usual. “In the last year of his life, he was working very hard because Greece had undertaken the Olympic Games of 2004,” he said. “And that meant a lot of hours at work and a lot of planning to beef up the networks.”

Given the enormous numbers of journalists and tourists who were planning to attend the events, all wanting to communicate, Costas’ workload increased enormously in the months before the games were to begin. Eventually, the technical infrastructure created by the Athens Olympics Organizing Committee for staff and media involved more than 11,000 computers, 23,000 fixed-line telephone devices, and 9,000 mobile phones. But the Olympics ended more than six months before Costas’ death, so there had to be another reason.

At work, things suddenly began to change. Costas told his brother that he wanted to quit. “He tendered his resignation to the company, but it wasn’t accepted,” Panagiotis told me. “He wanted to get out.” And he sent a text to his fiancée, a piano teacher named Sara Galanopoulou, saying he had to leave his job, adding cryptically that it was a “matter of life and death.”

As Costas Tsalikidis and his colleagues at Vodafone worked overtime in the months leading up to the games, thousands of miles away another group was also getting ready for the Summer Olympics in Greece: members of the U.S. National Security Agency. But rather than communicating, they were far more interested in listening. According to previously undisclosed documents from the Snowden archive, NSA has a long history of tapping into Olympic Games, both overseas and within the U.S. “NSA has had an active role in the Olympics since 1984 Los Angeles games,” according to a classified document from 2003, “and has seen its involvement increase with the recent games in Atlanta, Sydney, and Salt Lake City. During the 2002 Winter Olympics in Salt Lake City, the focus was on counterterrorism, and NSA acted largely in support of the FBI in a fusion cell known as the Olympics Intelligence Center (OIC). … NSA’s support to the 2004 Olympics in Athens will be much more complicated.”

In 2004, for the first time since the 9/11 attacks of 2001, the Summer Olympic Games would be held outside the U.S., and thus the difficulties would be far greater. “Several factors will make the Athens Olympics vastly different,” the document continued, “not the least of which is the fact these Olympics will not be held at a domestic location. Also different is that the security organization that NSA will support is the EYP, or Greek National Intelligence Service. NSA will gather information and tip off the EYP of possible terrorist or criminal actions. Without a doubt, the communication between NSA and EYP will take some coordination, and for that reason preparations are already underway.”

According to a former senior U.S. intelligence official involved with the operation, there was close cooperation between NSA and the Greek government. “The Greeks identified terrorist nets, so NSA put these devices in there and they told the Greeks, OK, when it’s done we’ll turn it off,” said the source. “They put them in the Athens communications system, with the knowledge and approval of the Greek government. This was to help with security during the Olympics.”

The Olympic Games ran smoothly — there were no serious terrorist threats and Greece had its best medal tally in more than a century. On August 29, 16 days after the games began, closing ceremonies were held at the Athens Olympic Stadium. As 70,000 people watched, Greek performers displayed traditional dances, a symbolic lantern was lit with the Olympic Flame, and Dr. Jacques Rogge, president of the International Olympics Committee, gave a short speech and then officially closed the games.

Two weeks later, the Paralympics ended, and at that point, keeping their promise to the Greek government, the NSA employees should have quietly disconnected their hardware and deleted their software from the local telecommunications systems, packed up their bugging equipment, and boarded a plane for Fort Meade. The problem was, they didn’t. Instead, they secretly kept the spying operation active, but instead of terrorists, they targeted top Greek officials. According to the former U.S. intelligence official involved with the operation, the NSA began conducting the operation secretly, without the approval or authorization of the CIA chief of station in Athens, the U.S. ambassador, or the Greek government.

“We had a huge problem right after the Greek Olympics,” the source said. “They [NSA] said when the Olympics is over, we’ll turn it off and take it away. And after the Olympics they turned it off but they didn’t take it away and they turned it back on and the Greeks discovered it. They triangulated some signals, anonymous signals, and it all pointed back to the embassy.”

At that point, the source said, someone from the Greek government called Richard Eric Pound, the CIA chief of station at the embassy in Athens and the person officially responsible for all intelligence operations in the country. Pound had arrived in May 2004, replacing Michael F. Walker, the agency’s former deputy director of the paramilitary Special Activities Division, as chief of station in Athens. Describing himself as “a small town boy from Indiana who set off to see the world,” Pound had joined the agency in 1976. Hefty and mustachioed, he was a veteran of the agency’s backwater posts in Africa.

Pound, according to the source, knew nothing about the operation having been turned back on, so he called his boss at CIA headquarters to ask about it. “He says, ‘What in God’s name is this all about?’” said the source (Pound declined to speak to The Intercept). Pound’s boss then immediately called his NSA counterpart. “Oh, yeah, we were going to tell you about that,” the NSA official told Pound’s CIA boss, according to the source. “They didn’t take it out and they turned it back on.”

National Security Agency Deputy Director John Chris Inglis testifies before the House Select Intelligence Committee on the NSA’s PRISM program, which tracks web traffic and US citizens’ phone records, during a hearing on Capitol Hill in Washington, DC, June 18, 2013. AFP PHOTO / Saul LOEB (Photo credit should read SAUL LOEB/AFP/Getty Images) National Security Agency Deputy Director John Chris Inglis in Washington, D.C., June 18, 2013. Photo: Saul Loeb/AFP/Getty ImagesNot informing the chief of station and the ambassador was an enormous breach of protocol. The chain of events surprised another source, a long-time veteran of the CIA’s National Clandestine Service, who was once a colleague of Basil in Athens. “I can’t think of another time in my experience when that ever happened, that’s how unusual it is,” the source said. “I’m astounded by that.”
In 2006, Chris Inglis became the NSA’s deputy director, the agency’s No. 2 official, who was thus in a position to discover what had happened. In an interview, I questioned him about the scandal and the illegal bugging operation. “Was the NSA involved?” I asked. Inglis offered no denial. “I couldn’t say whether NSA was involved in that or any other activity that might have been alleged to be conducted by an intelligence service, let alone NSA.”

Inglis did confirm, however, that NSA operations in foreign countries would normally have the approval of the CIA chief of station. “The chief of station,” he said, “would speak on intelligence matters for the nation, or essentially be expected to adjudicate matters on behalf of the nation.” He added, “So if NSA was expected to conduct an intelligence operation physically in some particular place of the world, I would expect that the chief of mission — the ambassador — and that the chief of station — the intelligence rep — would have some influence on that, some kind of ability to understand what it was and to ensure that it was done in the proper way.”

I also put the question to Gen. Michael Hayden, the NSA director at the time. “Do you remember the incident that came up involving Greece?” I asked. “Not anything we’re going to talk about here,” he said. “Did that come to your attention?” I pressed. “Not something I can talk about,” he replied.

At the time of the Greek bugging operation, Hayden was also secretly running the NSA’s illegal warrantless eavesdropping and metadata dragnet surveillance programs, the largest domestic spying operations in U.S. history.

FILE – In this Dec. 6, 2002 an aerial file photo of the US embassy in Athens, Greece. Theodoros Pangalos a former foreign minister of Greece said on Tuesday, Oct. 29, 2013 the U.S. is not the only country eavesdropping on foreign diplomats: his country’s secret services did that to U.S. ambassadors in Athens and Ankara in the 1990s. (AP Photo/Thanassis Stavrakis, File) An aerial file photo of the U.S. Embassy in Athens, Greece, Dec. 6, 2002. Photo: Thanassis Stavrakis/AP
Stonewalled by the U.S., over the past decade Greek investigators were nevertheless able to follow a digital trail right to the front door of the U.S. Embassy in Athens, and then to William George Basil, a mysterious embassy official with a Greek background.

Although very little is publicly known about Basil, interviews with his relatives and childhood friends in Greece, as well as fellow embassy employees and intelligence officials in Athens and the U.S., shed light on his background.

Basil was born on December 10, 1950, in Baltimore, where many of his relatives had settled after emigrating from Greece. Much of his extended family came from the small Greek island of Karpathos in the Aegean Sea, a port of call for the Argonauts traveling between Libya and Crete, and mentioned in Homer’s Iliad. There, his ancestors worked as stonemasons and as farmhands in mountainside wheat fields.

His father, George, had emigrated to the U.S. where Basil and his sister, Maria, spent their early years. But when Basil was 9, his now-divorced father became engaged to a woman from Karpathos and they all traveled to the island for the wedding. An old snapshot shows a young Basil in a suit jacket sitting uneasily on the back of a donkey. After a few months, the family returned to the U.S., then in the 1960s, when Basil was in his early teens, moved back to Karpathos for good.

Today, childhood friends there still remember Basil as “Billy,” an Americanized youth who liked to spend time on the beach. His cousin Nikos Kritikos often played sports with him. “He played rugby when he was young,” Nikos said. “He was amazingly smart. … We grew up in the same house; his stepmother, Marigoula, raised us.” And Basil’s uncle Manolis Kritikos, a local schoolteacher, remembered him as “a happy kid who smiled.” “He was always restless as a young man, he searched things,” he said. “Most of all he liked the history of this place, the folklore. … And he loved Greece and [the Karpathos village of] Olympos more than anything.”

Basil 9 years old attending his father’s wedding on Karpathos Basil, 9 years old, attending his father’s wedding on Karpathos. After graduating from high school at the American Community Schools in Athens in 1968, Basil joined the Army for five years and was posted to Alaska. Then, according to Basil’s former CIA colleague, he took a job as a Baltimore County deputy sheriff and later joined the CIA’s Office of Security as a polygraph expert. But, after nearly two decades, said the colleague, he grew bored with strapping recruits and potential agents to lie detector machines and sought a position in the agency’s Directorate of Operations. Largely based on his Greek heritage and fluency in the language, he was accepted and quickly disappeared behind the agency’s heavy black curtain, emerging undercover as a Foreign Service Officer with the State Department.
With a black diplomatic passport in his pocket, he was soon on his way to Athens, a city he knew well; he had owned an apartment in the city for many years, which he rented out. Soon after arriving, he moved into an apartment near the beach in Glyfada, one of the most exclusive areas of the city, home to ship owners and wealthy business executives. A long-time biker, he would often cruise around the city on his motorcycle.

At the U.S. Embassy in Athens, he was officially a second secretary in the regional affairs section, later promoted to first secretary. In reality, he joined the CIA station as a terrorism expert. The station, located on the embassy’s top floor (with the forgery section in the basement), was one of the largest in Europe, because it often served smaller Middle East stations with logistical help and temporary personnel. Protected by a bulletproof vest under his shirt, a 9 mm pistol strapped to his belt, and a small M38 handgun on his ankle, Basil, who had a reputation as an Olympic-level shooter, drove around the city in an armored car looking for informants to recruit and liaising with the Greek police organization. According to a confidential report by Greek prosecutor Yiannis Diotis, obtained by The Intercept, Basil played a role in a March 2003 operation — just prior to the U.S. invasion of Iraq — that involved an informant recruited by the embassy’s CIA station. The operation, code-named “Net,” led to the discovery, by a joint U.S.-Greek team, of a small cache of guns and explosives in the basement of the Iraq Embassy in Athens.

While most CIA assignments to Athens were two years, Basil kept extending his tour, giving him an opportunity to spend time on Karpathos, visiting friends and relatives and playing backgammon. “He never withheld where he was working or what he was doing,” recalled his cousin Nikos. “A lot of times we would call each other and he would tell me, ‘I am in the Middle East.’ His job was to report on the sentiment of those countries’ society. … From what he said he had a lot of friends in high places. I understood that he was acquainted with Ministers of Interior and Ministers of Public Order in Greece.”

One person who knew Basil in passing was John Brady Kiesling, a now-retired career Foreign Service Officer who had worked as the embassy’s political officer from July 2000 to March 2003. I spoke to him in his apartment in the historic Plaka section of Athens, a labyrinth of winding streets and colorful shops in the shadow of the Acropolis. After leaving his post at the embassy, he decided to remain in Greece, where he has followed the bugging case closely. When I brought up the possibility of the NSA conducting a covert operation out of the embassy, without the knowledge of either the ambassador or the CIA chief of station, he looked surprised. “I would say that a rogue agency was performing it if it was performed without the prior clearance with the ambassador, as the president’s representative in Greece,” he said. “It definitely is something that is hanging as a sort of swinging sword blade over the U.S.-Greek relationship.”

But according to Basil’s former CIA colleague in Athens, there are occasions when an ambassador is not informed by the agency because of the sensitivity of the operation. However, there was never a time when a chief of station was kept in the dark. “There were times we didn’t inform the ambassador — it was just too sensitive — and we would have to get a waiver signed,” the source said.

william-george-basil Visa from U.S. passport of William George Basil. A half-dozen miles southwest of Athens is the city of Piraeus. The largest passenger port in Europe and the third largest in the world, it services about 20 million passengers a year. Piraeus is to ships what Chicago’s O’Hare Airport is to planes. There are long rows of ferries, endless quays, hydrofoils and mega-yachts, tankers and cruise ships. It was here, not far from the pier for ferries to Karpathos that the planning ended and the operation began. According to the Greek prosecutor’s report, on June 8, 2004, someone entered the Mobile Telecommunication Center at 31 Akti Miaouli Street, and in the name of a “Markos Petrou,” purchased the first four of what would eventually be 14 prepaid cell phones.
They would become the “shadow” phones. As normal calls from Vodafone went to and from legitimate parties, a parallel stream of digitized voice and data — an exact copy — was directed to the NSA’s shadow phones. The data would then be automatically transferred miles away to NSA receivers and computers for monitoring, analysis, and storage.

Not long after, according to the Snowden documents I reviewed, the NSA contingent began arriving at US-966G, the surveillance agency’s code for the Athens embassy. The planning had already been underway. “Although the first race, dive, and somersault are still a year away,” noted a Signals Intelligence Directorate document, “SID Today,” dated August 15, 2003, “in truth, NSA has been gearing up for the 2004 Olympics for quite some time, in anticipation of playing a larger role than ever before at the international games.” The document then noted that NSA would be sending “the largest contingent of personnel in support of the games in our history. A team of 10 NSA analysts will arrive in Greece anywhere from 30-45 days before the Olympics and stay until the flame is extinguished. … The scope of the Olympics is tremendous, and so will be the support of SID [Signals Intelligence Directorate] and NSA.”

Then, in a note of unintended irony, the writer added, “The world will be watching and so will NSA!”

A key part of the operation would be obtaining secret access to the Greek telecom network. And it is here that Costas Tsalikidis may have entered the picture. As a senior engineer in charge of network planning, working for the country’s largest cellular service provider, he would have been one of those in a position to become the team’s inside person. But he was also far from the only one. “Of course, it could have even been me,” said another Vodafone technician interviewed.

The operation could have been accomplished a number of ways. At the beginning, the installation of the bugging software, while illegal according to Greek law, had been secretly authorized by the Greek government. Thus, an inside person would have been operating outside the law in providing assistance to U.S. intelligence, but with the patriotic objective of helping protect Greece from terrorists. Also, the person may never have been told that the software was supposed to be removed following the conclusion of the games. In any case, it is unlikely that the person would have known who the targets were since they were just lists of phone numbers.

In fact, recruiting a foreign telecom employee as an “inside person” for a major bugging operation was standard operating procedure for both the NSA and the CIA, according to the senior intelligence official involved with the Athens operation. “What the NSA really doesn’t like to admit, about 70 percent of NSA’s exploitation is human enabled,” the former official said. “For example, at a foreign Ministry of Post and Telecommunications, if NSA determines it needs to get access to that system, NSA and/or the CIA in coordination would come up with a mechanism that would allow them to replicate the existing switch to be swapped out. The CIA would then go and seek out the person who had access to that switch — like a Nortel switch or a router — go in there, and then it would be the CIA that would effect the operation. And then the take from it would be exploited by the NSA.”

And according to a highly classified NSA document provided by Snowden and previously published by The Intercept, covertly recruiting employees in foreign telecom companies has long been one of the NSA’s deepest secrets. A program code-named “Sentry Owl,” for example, deals with “foreign commercial platform[s]” and “human asset[s] cooperating with the NSA/CSS [Central Security Service].” The document warns that information related to Sentry Owl must be classified at an unusually high level, known as ECI, or Exceptionally Controlled Information, well above top secret.

“Human intelligence guys can provide sometimes the needed physical access without which you just can’t do the signals intelligence activity,” Gen. Hayden, the NSA head at the time of the Athens bugging, who later ran the CIA, told me.

Basil’s ties to Greece made him very good at developing local agents. “He was the best recruiter the station had, the best,” said the former CIA associate in Athens. “[Basil] may have been in charge of recruiting the guy on the inside. He may have made the initial recruitment.”

With an agent in place inside the network, the next step would be to implant spyware capable of secretly transmitting the conversations of the NSA’s targets to the shadow phones where they could be resent to NSA computers. Developing such complex malware is the job of the NSA’s Tailored Access Operations (TAO) organization. And, according to the previously undisclosed Snowden documents, members of the group “performed CNE [Computer Network Exploitation] operations against Greek communications providers” as part of the preparations for the Olympics. In lay terms, this means they developed malware to secretly extract communications data. Also involved were members of the Special Source Operations (SSO) group, the specialists who work covertly with telecom companies, such as AT&T — or in this case Vodafone — to get secret access to their networks.

The key to the operation was hijacking a particular piece of software, the “lawful intercept” program. Installed in most modern telecom systems, it gave a telecom company the technical capability to respond to a legal warrant from the local government to monitor a suspect’s communications. Vodafone’s central switching equipment was made by Ericsson, the large Swedish company, and on January 31, 2002, Ericsson delivered to Vodafone an upgrade containing the lawful intercept program, a piece of software known as the Remote Control Equipment Subsystem (RES). According to a report by Greece’s Authority for Communication Security and Privacy (ADAE), Costas was the Vodafone employee who accepted delivery of the upgrade.

Normally, when a lawful warrant is submitted to a company such as Vodafone Greece, the information, including the target phone numbers, would first be logged into a program called the Interception Management System (IMS). This creates a permanent record of the request that can later be audited. The information is then sent to the RES, which initiates the actual monitoring by secretly creating a duplicate communications stream for the targeted number. That duplicate stream is then transmitted, along with the metadata — date, time, and number calling or being called — to the law enforcement agency.

But despite having the capability to initiate wiretaps with the RES program, at the time of the Olympics Greece did not have laws in place to permit them. As a result, Vodafone never paid the additional fee to Ericsson for the IMS program and the digital key to activate the system. Far behind the NSA, the Greek government had only simple wiretap technology. “All they had was some primitive suitcase methods that would allow very limited surveillance of very specific targets,” said Kiesling, the former U.S. Embassy official. “From an American point of view, that was terrifyingly primitive.”

Thus, according to Greek sources, prior to the Olympics U.S. officials began asking the Greek government for permission to secretly activate the lawful intercept program, which led to the government agreeing to the U.S. bugging operation. Ironically, the presidential decree permitting widespread eavesdropping was finally enacted on March 10, 2005, the day after Costas’ death.

For NSA, the missing IMS program was the technical opening its operatives needed. In essence, they created malware that would secretly turn on the RES program and begin tapping. But without the IMS program there would be no audit trail, no indication or evidence that eavesdropping was going on as the target numbers were being tapped and transmitted to the shadow phones by the RES. “It was a very complex system, because it was invisible to detection,” Vodafone Greece CEO George Koronias told investigators. “It functioned independently of whether the lawful interception system was activated, and bypassed the security alarm.”

Exploiting the weaknesses associated with lawful intercept programs was a common trick for NSA. According to a previously unreleased top-secret PowerPoint presentation from 2012, titled “Exploiting Foreign Lawful Intercept Roundtable,” the agency’s “countries of interest” for this work included, at that time, Mexico, Indonesia, Egypt, and others. The presentation also notes that NSA had about 60 “Fingerprints” — ways to identify data — from telecom companies and industry groups that develop lawful intercept systems, including Ericsson, as well as Motorola, Nokia, and Siemens.

There are also a variety of “Access Methods” used to penetrate other countries’ lawful intercept programs. These include using the highly secret Special Collection Service. Known internally as “F-6,” it is described in another Snowden document as “a joint NSA-CIA organization whose mission is to covertly collect SIGINT [Signals Intelligence] from official U.S. establishments abroad, such as embassies and consulates.” The organization’s job, according to the PowerPoint, is to intercept microwaves, the thousands of communications-packed signals that crisscross a city. The PowerPoint also suggested using the Special Source Operations unit, the people who work out secret arrangements with the local telecom companies. And with the Tailored Access Operations unit, techniques could be developed to hack into the country’s telecom systems. For the Athens Olympics operation, it would be a full house.

With the malware installed, the NSA was set to go, with more than a dozen shadow phones purchased and a contingent of employees from at least 11 different NSA organizations poised to begin eavesdropping during “24-hour watches.” According to the ADAE report, the tappers first activated the malware at Vodafone’s communications centers on August 4, 2004, and five days later they began inserting the target phone numbers. Then on September 28, following the conclusion of the Paralympic Games, some of the malware was removed. But less than a week later, long after the Olympic Torch had been extinguished, new malware was implanted.

“And then,” said Kiesling, looking both troubled and perplexed, “the mystery becomes why it continued after the Olympics, and that’s a mystery that still has not been solved.” It was a question I asked a former senior NSA official with long involvement in worldwide eavesdropping operations. “They never [remove it],” the official said with a laugh. “Once you have access, you have access. You have the opportunity to put implants in, that’s an opportunity.”

“FEVER,” COSTAS WROTE. Several of the antennas used for the bugging operation were heating up, and to Costas, it was as if they had a fever. After the Olympic Games concluded, Costas started having problems at work. In the weeks following Costas’ death, his brother discovered one of his notebooks, dating from October and November 2004, after the Olympics, and it described a number of incidents. “In his notes he said that at certain points in time certain antennas seemed to get overworked and they were trying to figure out why that was happening,” said Panagiotis. “Now it turned out that those antennas were the same antennas that were connected with the system of the wiretapping.” In another entry, which Panagiotis submitted to the prosecutor, Costas wrote about a month before he died: “Something is not right at the company.”

Then, at 7:56 p.m. on January 24, 2005, someone installed a routine update in the NSA’s bugging software at Vodafone’s facility in the Paiania section of the city. It would turn out to be anything but routine. Within seconds, errors appeared, which caused hundreds of text messages from customers to go undelivered, and people began complaining. At the same time, an automatic failure report was sent to Vodafone management. It was as if a burglar alarm had gone off during a robbery. As normally happens, Vodafone sent the voluminous logs and data dumps to Ericsson for analysis, while those involved quietly waited — and worried. The once cheerful and upbeat Costas turned glum and angry. “We have heard that Costas was in meetings inside the company, in meetings that were very loud and a lot of people were arguing,” said Panagiotis. “He tendered his resignation to the company, but it wasn’t accepted. … He wanted to get out.”

On March 4, after weeks of investigation, Ericsson notified Vodafone that it had discovered a sophisticated piece of malware, containing a hefty 6,500 lines of code — evidence of a large bugging operation. The company also turned up the target phone numbers of the prime minister and his wife, the mayor of Athens, members of the Ministerial Cabinet, and scores of high officials, as well as the numbers for the shadow phones and the metadata describing when the calls were made.

Three days later, Vodafone technicians isolated the malware. Then on March 8, before law enforcement had an opportunity to get involved, Koronias, the Vodafone Greece CEO, ordered the software deactivated and removed, thus hampering any future investigation. Apparently alerted, those involved in the bugging operation immediately turned off their shadow phones. “Vodafone’s decision to deactivate the software meant our hands were tied,” Yiannis Korandis, the chief of the EYP, the Greek National Intelligence Service, told investigators.

The next morning Panagiotis discovered his brother’s body hanging from a white rope tied to a pipe above the bathroom doorway. To this day, he is convinced that Costas was murdered to keep him quiet and prevent him from quitting and going public with the details. “He probably wanted answers there and then and I think that led to his demise,” he said. The bugging, Panagiotis suspects, may have been the reason Costas sent the text to his fiancée about leaving his job being a “matter of life and death.”

Athens, GREECE: Vodafone Greece Chief Executive Officer George Koronias holds documents 06 April 2006 before the start of a parliamentary committee hearing investigating the case of a phone-tapping scandal, which targeted Prime Minister Costas Karamanlis and top officials during and after the 2004 Athens Olympics games. AFP PHOTO / Louisa Gouliamaki (Photo credit should read LOUISA GOULIAMAKI/AFP/Getty Images) Vodafone Greece CEO George Koronias holds documents in April 2006 before the start of a parliamentary committee hearing investigating the phone-tapping scandal. Photo: Louisa Gouliamaki /AFP/Getty ImagesWithin hours of Costas’ death, Ericsson prepared a formal “Incident Case Description,” outlining technical details about the malware and how it worked. It contained the warning: “This document is to be treated as highly confidential and … all necessary steps to protect this information must be taken, including the mandatory use of Entrust encryption within Ericsson.” After seven pages of technical detail, the report concluded that someone had loaded unauthorized “corrections,” i.e. malware implants, “designed to introduce RES functionality in such a way that it is not visible to any observer. Neither Ericsson nor Vodafone have any knowledge of the corrections. Nor is it known who supplied the correction, who loaded them or how long they have been loaded in the network.” In other words, someone had introduced malware to secretly activate the lawful intercept’s tapping function while at the same time hiding the fact that it had been turned on. On March 10, the report was turned over to Vodafone Greece CEO Koronias.
The Tsalikidis family’s former lawyer, Themistoklis Sofos, believes that Costas discovered the spy software by chance and then reported it. “Some people were afraid that he would talk so they killed him in a professional manner,” he told a Greek newspaper. Although the official coroner’s report said he took his own life, no suicide note was ever found, and the initial forensic report was inconclusive.

Nevertheless, Supreme Court prosecutor Dimitris Linos said that Costas’ death was clearly tied to the eavesdropping operation. “If there had not been the phone tapping, there would not have been a suicide,” he said in June 2006. In his report, prosecutor Yiannis Diotis also said that Costas had knowledge of the illegal phone-tapping software. And Giorgos Constantinopoulos, a former colleague in charge of communications security for Vodafone, reportedly told prosecutors that he was sure Costas was in a position to know about the spy software, and that his death was likely connected to that discovery.

THROUGHOUT THIS PAST SUMMER in Athens as the debt crisis mounted, crowds of pro-government demonstrators filled Syntagma Square shouting angry chants against European creditors. A few blocks away on Panepistimiou Street, an anarchy symbol was spray-painted on the walls of the headquarters of the Bank of Greece. And behind the Doric columns and yellow neo-classical façade of the Parliament Building, nervous politicians huddled and debated what to do next.

But a mile and a half away, in a heavily guarded compound near Pedion tou Areos, one of the largest parks in Athens, prosecutors were finally bringing to a close a decade of investigations. And on June 26 the finger of guilt was pointed directly at America’s Central Intelligence Agency. Now it is up to the Justices’ Council to decide how to proceed, and it may prove very embarrassing for the United States.

From the very start, according to a former senior Greek official involved in the investigation, there was no doubt within the highest levels of government that the U.S. was behind the bugging. On Friday, March 25, 2005, two weeks after Panagiotis cut the rope from his brother’s neck, Greeks celebrated Independence Day, followed by a weekend of festivities. But in Maximos Mansion, the Greek White House, the talk was far from jubilant. As Greek Navy helicopters flew low over the Acropolis during a military parade, members of the Greek inner circle were meeting with Prime Minister Costas Karamanlis about the bugging scandal that had targeted him and his wife.

A few days before, Foreign Minister Petros Molyviatis was in Washington engaged in high-level meetings with top officials. Secretary of State Condoleezza Rice spoke of the “excellent state of relations between Greece and the United States,” and President George W. Bush issued a proclamation declaring “our special ties of friendship, history, and shared values with Greece.” He noted, “Our two Nations are founded on shared ideals of liberty.” But based on the investigation up to that point, close aides, including Foreign Minister Molyviatis, were convinced that U.S. intelligence was behind the operation. Although at least one member of the group wanted to bury the whole matter rather than cause a rupture in relations with the U.S., Karamanlis disagreed, according to the source. “No way,” Karamanlis said. “If they find this on us 10 years from now, things will prove really difficult.”

The decision was made to have the police and the EYP intelligence service launch an investigation. Although far from exhaustive, with many questions left unanswered, Minister of Public Order George Voulgarakis and several other officials finally held a televised press conference in February 2006. Scribbling with a blue marker on a white board, they noted that the 14 shadow cell phones were using four mobile phone antennas with a radius of about 2 kilometers in central Athens.

Within that area was the U.S. Embassy on Vassilissis Sofias Avenue, which turned out to be a matter of great embarrassment for both the U.S. and Greek governments. “The U.S. has been fingered in the media as the culprit,” U.S. Ambassador Charles P. Ries noted in a classified memo to Washington, released by WikiLeaks. Ries suspected Voulgarakis of the leak. Calling him “a less reliable ally,” Ries said Voulgarakis “has allowed rumors to circulate that the U.S. is behind [the] major eavesdropping case in Greece.” Nevertheless, both sides wanted to pretend all was normal. Thus, Foreign Minister Molyviatis suggested to Ries that they move a previously scheduled meeting between them from the ambassador’s residence to the very public Grande Bretagne Hotel in central Athens. There, Ries noted in his memo, “All could see that the U.S.-Greece relationship was unimpaired.”

It was an odd lunch. Molyviatis was sitting across from the man whose embassy, he believed, had been listening in on his cell phone for months. And Ries, out of the loop because it was a rogue NSA/CIA operation, still may not have known of his embassy’s involvement. “Addressing the eavesdropping case,” Ries said in his memo, “Molyviatis gave his opinion that the whole hullabaloo [the press conference] had been unnecessary. It would have been sufficient to hand the matter to the judicial authorities for investigation and, if appropriate, prosecution, he said. But now, both he and the Prime Minister were keen to show that the current hysteria did not detract from excellent U.S.-Greece relations.”

For some, however, the cozy relations only seemed to increase the anger. In May, a Greek terrorist organization, “Revolutionary Struggle,” attempted to assassinate Voulgarakis with a remote-controlled bomb. Pointing to the wiretapping scandal and weakening Greek sovereignty as a key reason for the attack, the group said it opposed state-sponsored “terrorism of mass surveillance.” At the U.S. Embassy, the deputy chief of mission sent a classified cable to Washington, released by WikiLeaks, with a warning. “This group is to be taken seriously,” he said. “While there is no mention thus far of targeting foreign ‘capitalist-imperialists,’ it would not be a leap of faith for RS to focus its attention on the U.S. presence in Greece.” Ten months later, the group fired a rocket at the embassy.

Around the time the eavesdropping was discovered, Basil left the country, apparently with a quick reassignment by CIA to Sudan. Then, according to Greek documents obtained by The Intercept, on August 4, as things quieted down, he obtained a visa at the Greek Embassy in Khartoum and returned 10 days later to Athens and his cover job as first secretary for regional affairs. The diplomatic position gave him immunity from arrest.

The investigation was the first of what would be five major probes stretching over a decade in which more than 500 witnesses would be questioned, including agents of the EYP. Evidence built up slowly as investigators picked apart the telltale computer logs, traced the cell phone signals, and dissected layers and layers of software. Over the years, piece after piece, the puzzle began to come together.

In his testimony, Ericsson’s managing director for Greece, Bill Zikou, laid out the “how,” describing the method by which the bugging was accomplished. “What happened in this incident,” he said, “is that a complex, sophisticated, non-Ericsson intruder piece of software was planted into the Vodafone Greece network,” which by activating the RES function “thus made illegal interceptions possible.”

william-basil200 William George Basil. Date unknown. Photo: FacebookThen investigators turned to the “who.” At the conclusion of its operation, the NSA was hoping that it could disappear into the night without leaving a trace. “Unlike the athletes, when the Olympics are over, the NSA team is hoping you won’t even know they were there,” said one of the classified documents. It bore the ironic title, “Another Successful Olympics Story.” But as a result of sloppy intelligence tradecraft by the American spies, each step pointed the investigators closer and closer to the U.S.
One person who spent a great deal of time buying shadow phones was William Basil. “We used to call him the telephone man,” said the former CIA colleague in Athens. “All we do is we buy burner phones. Just drive in any direction you want and go to a random phone store and just buy a phone, make a call, and throw the phone away.”

But Basil wasn’t the only one buying shadow phones. According to the prosecutor’s confidential report, issued June 26, 2015 and obtained by The Intercept, investigators traced four of the shadow cell phones to the shop in Piraeus. There, the prosecutor showed pictures of Basil and his wife, Irene, to the store’s manager. “She is known” to the store, the manager said. The prosecutor then noted in his report that Irene was “acting as designated by him [Basil] and on his behalf.” And according to registered deeds, the family of Irene Basil has long owned a home in Piraeus just a few miles from the shop.

Things got even sloppier. After purchasing the four shadow phones, meant to be untraceable, the SIM card from one of them was removed and placed in a cell phone registered to the U.S. Embassy. It was a direct link between the covert operation and the U.S. government. Investigators then traced more than 40 calls to and from the U.S. Embassy involving the phone. The numbers listed in the ADAE report include the embassy’s main number, the emergency after-hours number, the Marine guard, and the FBI office. There was even a call to a women’s clothing store in Athens, Rouge Paris.

Then, on the same shadow phone using another SIM card, investigators found calls to Maryland. Based on the phone numbers, The Intercept was able to determine that those calls were made to Ellicott City, where Basil and his wife used to own property, and to neighboring Cantonsville, both bedroom communities for NSA. The implications greatly worried the investigators. “We were scared,” one told a parliamentary committee. “This is something that the Foreign and Justice Ministries should investigate.”

Finally, after years of slow, ineffective, and politically hindered investigations that produced more fog than clarity, the determined work of the ADAE and a few others began paying off. The evidence pointed at the U.S. Embassy, and with a bit of luck and thanks to the American spies’ mistakes, prosecutors came up with a name, William Basil, and the international arrest warrant was issued last February.

But by then, he was long gone. After Athens, Basil was promoted to deputy chief of station in Islamabad, Pakistan, then sent back to a desk job at headquarters, that of director of human resources at the agency’s Counterterrorism Center. Now retired and no longer protected by diplomatic immunity, he may never see Greece again, the country where his wife currently lives in her family’s home in Piraeus. In 2012, according to a petition he signed protesting a planned marine park on Karpathos, he wrote, “I own property in Karpathos and plan to retire there next year.”

Today the two-story house near the beach in Diafani sits empty; construction materials are stacked on the porch, its exterior unpainted. Nearby, friends and relatives can’t believe that Billy from Karpathos could have secretly wiretapped their top officials, or spied on their government. “There’s no way he did what they say he did,” said Basil’s cousin Nikos. “Because of his love [for] Greece, they would know that if that thing [the wiretapping] needed to be done, they would most certainly ask somebody else to do it. No way he did it. It is well known that he was first and foremost a Greek patriot.”

Months before the arrest warrant was issued, Basil had been in touch by phone with a prominent criminal lawyer in Athens, Ilias G. Anagnostopoulos, according to a Greek source, who asked not to be named because of the confidential nature of the information. When asked by the attorney if he would be willing to testify if it came to that, Basil, according to the source, replied: “If there are questions, of course I can answer them.” The attorney met with the prosecutor, but after leaks to the press, Basil told Anagnostopoulos to drop the matter for the time being. Complicating matters, the prosecutor has filed the eavesdropping case alongside a much larger, but unconnected, conspiratorial case involving an assassination attempt on former Prime Minister Karamanlis, a key target of the wiretapping operation.

CIA Chief of Station Eric Pound left Athens in 2007, returning to headquarters to become chief of the External Operations and Cover Division, the organization responsible for creating front companies overseas for clandestine officers masquerading as business executives or other occupations. After he retired in September 2009, Pound mentioned to a college audience that the CIA has an obsession to learn the truth. He added, “But obsession does not always lead to success.”

Costas Tsalikides March 9, 2005 Costas Tsalikidis, March 9, 2005.
Panagiotis and other family members also want the truth. In 2011, Costas’ family asked two coroners to reexamine the medical records. One was Dr. Steven Karch, a forensic pathologist and former medical examiner in San Francisco, and the other was Dr. Theodoros Vougiouklakis, an associate professor of forensic medicine in Greece. Karch called the original autopsy “farcical.” Based on pictures of the body, the coroners concluded that the marks to Costas’ neck couldn’t have come from simply jumping off the chair. “Something was done to him prior,” Karch told The Intercept.
The family agrees with this conclusion. “I believe there are people who know what happened, what exactly and who exactly did it and they will give us those facts,” said Panagiotis. “I believe that as time goes by the reasons for protecting the perpetrators will fade and mouths will open.” Last March, on the 10th anniversary of Costas’ death, his mother spoke to a local Greek reporter for the first time. “I want to know what happened to my child and nobody that investigated until now, 10 years [later], gave me the slightest response,” she said. “As long as I live I will live with this suffering. I want to punish those who are guilty for what happened, and those who know [but] do not speak.”

There appears little chance that her questions will be answered, however. It is extremely unlikely the Obama administration will ever allow Basil, or any other intelligence official, to be extradited. Nor is it likely that Basil will return to Greece voluntarily with an arrest warrant waiting for him. Around 2009 he appeared in a Facebook picture, seemingly in disguise, sporting a long white beard and moustache. “Dude, Santa’s job isn’t available for what … another seven months,” a friend joked on Facebook. Though he has not responded to requests for an interview, pictures online show him in Greece in 2013 attending his daughter’s wedding, without the beard, in the Glyfada section of Athens. Multiple attempts to reach Basil by phone, and through family members, were unsuccessful. Both the CIA and NSA declined to comment on any issue surrounding the Athens wiretapping, including Basil’s indictment.

As for the NSA, a classified review of the Greek Olympics asked the now ironic question, “After this year’s gold medal performance, what comes next?” Next will certainly be the Olympics scheduled for Rio de Janeiro, Brazil, next summer. According to a previously published top-secret NSA slide, the agency has already planted malware throughout the country’s telecommunications system. And, if history is any guide, in the weeks leading up to the start of the games, teams from the SCS, SSO, TAO, and other organizations will arrive once again to begin 24/7 eavesdropping. And as in Greece, they may just happen to leave some of their monitoring equipment behind.

Sitting in his apartment overlooking Athens’ Plaka, John Brady Kiesling could make little sense of it all. “I don’t see a shred of evidence that this wiretapping did the U.S. government any good,” he said. “I think it’s just important to underscore that intelligence gathering is never free. It always comes at a human and political cost to someone. In this case it was paid by an innocent Vodafone technician.”

Aggelos Petropoulos of the Athens-based newspaper Kathimerini contributed reporting from Greece, and Ryan Gallagher, senior reporter at The Intercept, contributed research and reporting from the Snowden Archive.

Documents published with this story:

Another Successful Olympics Story
Exploiting Foreign Lawful Intercept Roundtable
Gold Medal Support for Olympic Games
NSA Team Selected for Olympics Support
SID Trains for Athens Olympics

James Bamford
Sep. 29 2015, 4:01 a.m.

Find this story at 29 September 2015
Copyright https://theintercept.com/

German spy scandal deepens

The German intelligence service has spied on European and American embassies in ways that may have been beyond its mandate, German media ARD and Spiegel Online reported on Wednesday (14 October).
The Bundesnachtrichtendienst (BND) reportedly targeted French and US institutions and eavesdropped on them to acquire information about countries like Afghanistan.

The news follows reports in April that the BND spied on France and the European Commission on behalf of the US’ National Security Agency (NSA). But according to the new reports, BND also spied on allies on its own initiative.
For its spying programme, the BND used thousands of search queries, so-called selectors, including phone numbers and IP addresses, possibly queries the service chose itself.

“The question is … whether the used queries were covered by the BND’s mandate”, MP Clemens Binninger of chancellor Angela Merkel’s centre-right CDU party told ARD.

Binninger is head of the Bundestag’s supervisory body that oversees the intelligence service.

The German media sourced their news at a secret meeting of the overseeing body on Wednesday evening.

The revelations are remarkable considering the criticism that followed revelations by Edward Snowden in 2013 that the NSA had spied on EU leaders, including Merkel.

“Spying among friends – that is just not done”, Merkel said following the scandal.

The BND programme stopped around the same time as the Snowden revelations revealed the NSA practices, in the autumn of 2013.

German MPs are planning to interview staff next week at the BND headquarters in Pullach and review the list of search queries to determine if there has been any illegal practice.

BRUSSELS, 15. OCT, 09:11

Find this story at 15 October 2015

Copyright https://euobserver.com/

German spy charged with treason for aiding CIA and Russia

Prosecutors have charged a German spy with treason, breach of official secrecy and taking bribes for allegedly providing secret documents to both the CIA and Russia’s intelligence agency. Prosecutors say Thursday Aug. 20, 2015, the 32-year-old man,handled mail and classified documents for Germany’s foreign intelligence agency BND. ( Stephan Jansen/dpa via AP)
BERLIN (AP) — A German spy who allegedly acted as a double agent for the United States and Russia has been charged with treason, breach of official secrecy and taking bribes, Germany’s federal prosecutors’ office said Thursday.

The 32-year-old, identified only as Markus R. due to privacy rules, is accused of offering his services to the CIA in early 2008 while working for Germany’s foreign intelligence agency BND. Documents he gave the U.S. spy agency would have revealed details of the BND’s work and personnel abroad, officials said.

“In doing so the accused caused serious danger to Germany’s external security,” prosecutors said in a statement. “In return the accused received sums amounting to at least 95,000 euros ($104,900) from the CIA.”

Shortly before his arrest in July 2014, Markus R. also offered to work for Russian intelligence and provided them with three documents, again harming Germany’s national security, prosecutors said.

The discovery that the CIA had allegedly been spying on its German counterpart caused anger in Berlin, adding to diplomatic tension between Germany and the United States over reports about U.S. surveillance of Chancellor Angela Merkel’s cellphone.

Following the arrest, the German government demanded the removal of the CIA station chief in Berlin.

Prosecutors said Markus R. would have had access to sensitive documents because his job involved handling mail and classified documents for the BND’s foreign operations department.

German weekly Der Spiegel reported that the 218 documents Markus R. allegedly passed to the CIA included a list of all BND agents abroad, a summary of an eavesdropped phone call between former U.S. Secretary of State Hillary Rodham Clinton and former U.N. Secretary-General Kofi Annan, as well as a draft counter-espionage strategy. A spokeswoman for the federal prosecutors’ office declined to comment on the report.

If convicted, Markus R. could face between one and 15 years in prison.

Associated Press By FRANK JORDANS
August 20, 2015 11:07 AM

Find this story at 20 August 2015
Copyright http://news.yahoo.com/

Deliberate Deception Washington Gave Answer Long Ago in NSA Case

For months, the German government sought to create the impression it was still waiting for an answer from the US on whether it could share NSA target lists for spying with a parliamentary investigation. The response came months ago.

The order from Washington was unambiguous. The United States Embassy in Berlin didn’t want to waste any time and moved to deliver the diplomatic cable without delay. It was May 10, 2015, a Sunday — and even diplomats aren’t crazy about working weekends. On this day, though, they had no other choice. James Melville, the embassy’s second-in-command, hand delivered the mail from the White House to Angela Merkel’s Chancellery at 9 p.m.

The letter that Melville handed over to Merkel’s staff contained the long-awaited answer to how the German federal government could proceed with highly classified lists of NSA spying targets. The so-called “selector” lists had become notorious in Germany and the subject of considerable grief for Merkel because her foreign intelligence agency, the BND, may have helped the NSA to spy on German firms as a result of them. The selector lists, which were fed into the BND’s monitoring systems on behalf of the NSA, are reported to have included both German and European targets that were spied on by the Americans.

The letter put the German government in a very delicate position. The expectation had been that the US government would flat out refuse to allow officials in Berlin to present the lists to members of the federal parliament, which is currently investigating NSA spying in Germany, including the eavesdropping of Merkel’s own mobile phone. But that wasn’t the case. Instead, the Americans delivered a more differentiated letter, making it all the more interesting.

Canned Answers

Nevertheless, the German government remained silent about the letter’s existence. It disposed of all queries by saying that talks with the US on how to deal with the lists were still ongoing. The government kept giving the same reply whenever journalists from SPIEGEL or other media asked if it had received an answer from the Americans.

On May 11, for example, one day after Chancellery officials received the letter, Merkel’s spokesman Steffen Seibert responded to a query by saying: “The heads of the Parliamentary Control Panel (responsible for parliamentary oversight of Germany’s intelligence agencies) and the NSA investigative committee are all being informed about all relevant things in the context of this consultation process.” Is it not relevant when the US government provides its first official response to the Germans’ request to present the lists to parliament?

Two days later, on May 13, Seibert was asked explicitly by a reporter whether there had been any new developments on the NSA issue. “I have nothing new to report,” the government spokesman answered. At the very least, his reply was a deliberate deception of the public by the government. The letter, after all, didn’t come from just anyone — it came from US President Barack Obama’s White House chief of staff, Denis McDonough. A letter from such a high-ranking official is most certainly a new development. When questioned by SPIEGEL on the matter, the German government responded that “it would not publicly comment on confidential communications with foreign parties.”

Several sources familiar with the contents of the letter claim that in it, Obama’s people express their great respect for the parliamentary oversight of intelligence services and also accept that the committee will learn more about the NSA target list. At the same time, the letter also includes the decisive requirement: that the German government had to make sure no information contained in the target lists went public.

Keeping the Public in the Dark

The demand created a dilemma for the government. It meant, on the one Hand, that Merkel’s Chancellery could no longer hide behind the Americans as an excuse to withhold the information from parliament. On the other hand, the Chancellery didn’t want to take the risk of sharing the lists with members of the Bundestag because doing so, they worried, would create the risk that someone might then leak them to the media.

Merkel and her people instead deliberately kept German citizens and members of parliament in the dark about the Americans’ position. Almost two weeks after receipt of the letter from Washington, Merkel’s chief of staff, Chancellery Minister Peter Altmaier, informed the heads of the NSA investigative committee in a highly confidential meeting of an answer by the Americans, but he implied it had been vague, and there was no mention of any willingness on the part of the US government to allow the German parliament to clarify the issue. Instead, Altmaier argued that Washington had listed a number of legal concerns. He said it was unlikely further discussions would lead to any green light.

When the German weekly Die Zeit reported 10 days ago that the Americans had given their okay for the release of the lists, Altmaier responded: “We could have spared ourselves a difficult debate if permission to pass (the lists) on had actually been given by the US.” Altmaier clearly attempted to skirt the question of whether the US had made any statements on the issue.

Officials in the Chancellery are now doing their best to portray the McDonough letter as a kind of kick-off in German-American consultations on how to deal with the selector lists. After receiving the letter, Chancellery Minister Altmaier had a number of exchanges with his US counterpart by phone and email. In addition, Klaus-Dieter Fritsche, the Chancellery’s intelligence coordinator, also spoke several times with the Americans.

Berlin’s approach to the negotiations says quite a bit about the outcome one should expect. Officially, the German government is asking for permission to release the selector lists without the application of any restrictions by the US government. It had to have been clear to everyone involved that a demand like that would be unrealistic, but in this instance, the government didn’t want to risk making any mistakes. Within the Chancellery, officials then agreed that any time they were approached with questions, they would always answer that the consultations were still in progress — even if a decision had already been made.

Pushback from the Opposition

“The Federal Chancellery is doing exactly the opposite of what Merkel promised,” criticizes Konstantin von Notz, the Green Party’s representative on the NSA investigative committee. “Instead of clearing things up, things are being concealed behind the scenes, also using improper means.”

As the course of the NSA scandal showed, Merkel and her people already have practice when it comes to cover-up attempts. During her election campaign in 2013, Merkel created the impression for months that there was a chance Germany might be able to reach a no-spy agreement with the US. Throughout, the White House signaled behind the scenes that it would never agree to one, but the German government told the public nothing about these discussions.

Now, a special ombudsman is supposed to steer the government out of the difficult situation in which it finds itself. It’s an idea that originated with Altmaier. Rather than providing the selector lists to the NSA investigative committee in parliament, they will instead be viewed by Kurt Graulich, a former justice with the Federal Administrative Court. Altmaier’s hope is that this path will prevent details from being leaked to the press.

The opposition parties in parliament are against the idea. And why shouldn’t they be? In recent years, the Chancellery has done everything in its power to downplay spying by US intelligence services on Germany. Altmaier’s predecessor, Ronald Pofalla, even went so far in August 2013 as to say that the NSA scandal had been “cleared up.” The revelation, arguably the biggest, that Merkel’s own mobile phone had been tapped by the NSA followed two months later. Now the Green and Left parties want to prevent the government from choosing its own inspector. They are considering a legal challenge at the Federal Constitutional Court to stop Merkel’s government.

08/21/2015 07:44 PM
By Matthias Gebauer, René Pfister and Holger Stark

Find this story at 21 August 2015


An American Tip to German Spies Points to a More Complex Relationship

BERLIN — In the summer of 2011, American intelligence agencies spied on a senior German official who they concluded had been the likely source of classified information being leaked to the news media.

The Obama administration authorized the top American spy in Germany to reveal to the German government the identity of the official, according to German officials and news media reports. The decision was made despite the risk of exposing that the United States was monitoring senior national security aides to Chancellor Angela Merkel.

The tip-off appears to have led to a senior German intelligence official being barred from access to sensitive material. But it also raises suspicions that Ms. Merkel’s government had strong indications of the extent of American surveillance at least two years before the disclosures by Edward J. Snowden, which included the number of a cellphone used by the chancellor.

The decision by the United States to risk disclosing a surveillance operation against a close ally indicates the high level of concern over the perceived security breach. It is unclear, however, what that information might have been or if it involved intelligence provided to Germany by the United States.

The German newsmagazine Der Spiegel reported Friday that it believed the American effort to expose the German intelligence official arose from conversations by its own journalists. It filed a complaint with the federal prosecutor in Germany over espionage activity and a violation of Germany’s data protection laws. The prosecutor’s office declined to comment, other than to confirm that the filing had been received.

In Washington, a spokesman for the National Security Council, Ned Price, declined on Friday to comment on the reported surveillance other than to indicate that the government does not spy on foreign journalists. “The United States is not spying on ordinary people who don’t threaten our national security,” Mr. Price said.

The disclosure is the latest intelligence revelation to shake the alliance, even though it is unclear that the National Security Agency actively listened to Ms. Merkel’s calls. Among other actions that widened the rift, the Germans last summer expelled the then-C.I.A. chief. And this week material uncovered by the antisecrecy group WikiLeaks suggested that the Americans had been spying on their German allies back to the 1990s.

The first hints emerged in the German media this year. The Bild am Sonntag newspaper reported that Hans Josef Vorbeck, a deputy director of the chancellery’s intelligence division, had been “put out in the cold” in 2011 after the then-C.I.A. station chief in Berlin gave information to Mr. Vorbeck’s boss, Günter Heiss. Der Spiegel said Mr. Heiss was specifically told of contacts with its journalists.

Mr. Heiss, a quiet but powerful figure in German intelligence activities, was questioned for nearly six hours at an open hearing of a German parliamentary committee on Thursday. Mr. Heiss was particularly reticent when asked about Mr. Vorbeck. He repeatedly declined to answer questions about him, challenging the mandate of the committee to pose such queries, and arguing that he was not allowed to discuss a third party in public.

Konstantin von Notz, a lawmaker for the opposition Green Party, which has been vocal in its criticism of Ms. Merkel and the German handling of alleged American espionage, accused Mr. Heiss of hiding behind a “cascade” of excuses.

Eventually, Hans-Christian Ströbele, a longtime lawmaker for the Greens, asked Mr. Heiss whether he ever had a “concrete suspicion” that Mr. Vorbeck was leaking classified information. Mr. Heiss said there was no “concrete suspicion” that would have led to “concrete action.” He indicated the matter had been discussed in the chancellery, but declined to give specifics.

But when asked whether Mr. Vorbeck had been the target of spying, Mr. Heiss declared: “No. That much I can say.”

In a report in the edition it published on Saturday, Der Spiegel said Mr. Heiss had learned of the suspicions against Mr. Vorbeck in the summer of 2011, when invited by the C.I.A. station chief to take a walk.

Appearing before the committee last month, Guido Müller, a senior intelligence official, at first said he could not recall Mr. Vorbeck’s transfer to a lower-level job. Mr. Müller then said he could remember it only if testifying behind closed doors.

When he appeared before the committee, two days shy of his 64th birthday, Mr. Vorbeck himself was cagey. When Mr. von Notz raised the Bild am Sonntag reports and asked for more detail, the demoted intelligence officer replied that he “did not know much more than what has been in the papers,” according to a transcript on a live-blog at netzpolitik.org, a website that tracks intelligence matters.

André Hahn, a lawmaker for the opposition Left party, asked Mr. Vorbeck whether he had a good relationship with Mr. Heiss — “at first,” Mr. Vorbeck answered — and whether he had ever been charged with betraying secrets. “Not then and not now,” Mr. Vorbeck replied, according to the netzpolitik blog.

Mr. Vorbeck is suing the government for material damages he said he suffered as a result of being transferred to a senior archival post concerning the history of German intelligence. His lawyer declined to return a call seeking comment or access to his client.

The dimensions of German anger over American espionage have been evidenced in public opinion polls and in protests against a possible trans-Atlantic trade pact. German officials have talked about creating an internal Internet so that communications among Germans do not have to pass outside the country.

What makes these disclosures different is that they suggest that German publications have been either direct or indirect targets of American surveillance. “Spiegel suspects spying by U.S. secret services,” the online edition of the respected weekly Die Zeit reported Friday.

The latest disclosures by WikiLeaks — a summary of an October 2011 conversation Ms. Merkel had with an adviser about the debt crisis in Greece, a document from her senior adviser on European affairs, plus a list of 69 telephone numbers of important ministries and senior officials that appeared to date back to the 1990s — had already prompted Ms. Merkel’s chief of staff on Thursday to invite the United States ambassador, John B. Emerson, to explain.

A government statement following that meeting did not confirm the material, but made plain that violations of German laws would be prosecuted. The government defended its heightened counterintelligence operations, hinting at the depth of anger with the United States.

Steffen Seibert, the German government spokesman, referred inquiries on Friday to another government spokesman who said he could not be identified by name. He reiterated that the government did not comment on personnel moves, and that it reported on intelligence services only to the relevant supervisory committee in Parliament.

The spokesman added in an email that Mr. Heiss had testified on Thursday that there was no reason to take disciplinary or other action regarding Mr. Vorbeck.

Alison Smale and Melissa Eddy reported from Berlin, David E. Sanger from Vienna and Eric Schmitt from Washington.


Find this story at 3 July 2015

© 2015 The New York Times Company

Germany trades citizens’ metadata for NSA’s top spy software

Spies keen to use XKeyscore, less keen to tell German government or citizens.

In order to obtain a copy of the NSA’s main XKeyscore software, whose existence was first revealed by Edward Snowden in 2013, Germany’s domestic intelligence agency agreed to hand over metadata of German citizens it spies on. According to documents seen by the German newspaper Die Zeit, after 18 months of negotiations, the US and Germany signed an agreement in April 2013 that would allow the Federal Office for the Protection of the Constitution (Bundesamtes für Verfassungsschutz—BfV) to obtain a copy of the NSA’s most important program and to adopt it for the analysis of data gathered in Germany.

This was a lower level of access compared to the non-US “Five Eyes” nations—the UK, Australia, Canada, and New Zealand—which had direct access to the main XKeyscore system. In return for the software, the BfV would “to the maximum extent possible share all data relevant to NSA’s mission.” Interestingly, there is no indication in the Die Zeit story that the latest leak comes from Snowden, which suggests that someone else has made the BfV’s “internal documents” available.

Unlike Germany’s foreign intelligence service, the Bundesnachrichtendienst (BND), the domestic-oriented BfV does not employ bulk surveillance of the kind also deployed on a vast scale by the NSA and GCHQ. Instead, it is only allowed to monitor individual suspects in Germany and, even to do that, must obtain the approval of a special parliamentary commission. Because of this targeted approach, BfV surveillance is mainly intended to gather the content of specific conversations, whether in the form of e-mails, telephone exchanges, or even faxes, if anyone still uses them. Inevitably, though, metadata is also gathered, but as Die Zeit explains, “whether the collection of this [meta]data is consistent with the restrictions outlined in Germany’s surveillance laws is a question that divides legal experts.”

The BfV had no problems convincing itself that it was consistent with Germany’s laws to collect metadata, but rarely bothered since—remarkably—all analysis was done by hand before 2013, even though metadata by its very nature lends itself to large-scale automated processing. This explains the eagerness of the BfV to obtain the NSA’s XKeyscore software after German agents had seen its powerful metadata analysis capabilities in demonstrations.

It may also explain the massive expansion of the BfV that the leaked document published by Netzpolitik had revealed earlier this year. As Die Zeit notes, the classified budget plans “included the information that the BfV intended to create 75 new positions for the ‘mass data analysis of Internet content.’ Seventy-five new positions is a significant amount for any government agency.”


Heads begin to roll, but the investigation has not yet been dropped.
The BfV may have been keen to deploy XKeyscore widely, but it wasn’t so keen to inform the German authorities about the deal with the NSA. Peter Schaar, who was data protection commissioner at the time, told Die Zeit: “I knew nothing about such an exchange deal [of German metadata for US software].” He says that he only discovered that the BfV was using XKeyscore when he asked the surveillance service explicitly after reading about the program in Snowden’s 2013 revelations. The same is true for another key oversight body: “The Parliamentary Control Panel learned that the BfV had received XKeyscore software and had begun using it. But even this very general briefing was only made after the panel had explicitly asked following the Snowden revelations,” according to Die Zeit.

This post originated on Ars Technica UK
by Glyn Moody (UK) – Aug 27, 2015 5:32pm CEST

Find this story at 27 August 2015

© 2015 Condé Nast

New WikiLeaks Revelations: NSA Targeted Phones of All of German Chancellor Angela Merkel’s Top Aides

BERLIN — WikiLeaks on Wednesday published a new list of German phone numbers it claims showed the U.S. National Security Agency targeted phones belonging to Chancellor Angela Merkel’s close aides and chancellery offices for surveillance.

Wednesday’s publication came a week after WikiLeaks released a list of numbers it said showed the NSA targeted officials at various other German ministries and elsewhere. That rekindled concerns over U.S. surveillance in Germany after reports two years ago that Merkel’s own cellphone was targeted.

Merkel’s chief of staff last week asked the U.S. ambassador to a meeting and told him that German law must be followed.

There was no immediate comment from the German government on the latest publication.

The list includes a cellphone number attributed to Ronald Pofalla, Merkel’s chief of staff from 2009-13; a landline number that appears to belong to the leader of Merkel’s parliamentary caucus; various other connections at Merkel’s office; and a cellphone number for the chancellor that WikiLeaks says was used until 2013.

It was unclear when exactly the partially redacted list of 56 German phone numbers dates from and it wasn’t immediately possible to confirm the accuracy of that and other documents released by WikiLeaks.

Those documents, WikiLeaks said, are NSA reports based on interceptions — including one from 2009 that details Merkel’s views on the international financial crisis and another from 2011 summarizing advisers’ views on plans for the eurozone’s rescue fund.

According to the secret-spilling site, the list of phone numbers was updated for more than a decade after 2002 and a “close study” of it shows it evolved from an earlier target list dating back into the 1990s.

July 8, 2015
Associated Press

Find this story at 8 July 2015

Copyright http://www.matthewaid.com/

BEHIND THE CURTAIN A Look at the Inner Workings of NSA’s XKEYSCORE (II)

The sheer quantity of communications that XKEYSCORE processes, filters and queries is stunning. Around the world, when a person gets online to do anything — write an email, post to a social network, browse the web or play a video game — there’s a decent chance that the Internet traffic her device sends and receives is getting collected and processed by one of XKEYSCORE’s hundreds of servers scattered across the globe.

In order to make sense of such a massive and steady flow of information, analysts working for the National Security Agency, as well as partner spy agencies, have written thousands of snippets of code to detect different types of traffic and extract useful information from each type, according to documents dating up to 2013. For example, the system automatically detects if a given piece of traffic is an email. If it is, the system tags if it’s from Yahoo or Gmail, if it contains an airline itinerary, if it’s encrypted with PGP, or if the sender’s language is set to Arabic, along with myriad other details.

This global Internet surveillance network is powered by a somewhat clunky piece of software running on clusters of Linux servers. Analysts access XKEYSCORE’s web interface to search its wealth of private information, similar to how ordinary people can search Google for public information.

Based on documents provided by NSA whistleblower Edward Snowden, The Intercept is shedding light on the inner workings of XKEYSCORE, one of the most extensive programs of mass surveillance in human history.

How XKEYSCORE works under the hood

It is tempting to assume that expensive, proprietary operating systems and software must power XKEYSCORE, but it actually relies on an entirely open source stack. In fact, according to an analysis of an XKEYSCORE manual for new systems administrators from the end of 2012, the system may have design deficiencies that could leave it vulnerable to attack by an intelligence agency insider.

XKEYSCORE is a piece of Linux software that is typically deployed on Red Hat servers. It uses the Apache web server and stores collected data in MySQL databases. File systems in a cluster are handled by the NFS distributed file system and the autofs service, and scheduled tasks are handled by the cron scheduling service. Systems administrators who maintain XKEYSCORE servers use SSH to connect to them, and they use tools such as rsync and vim, as well as a comprehensive command-line tool, to manage the software.

John Adams, former security lead and senior operations engineer for Twitter, says that one of the most interesting things about XKEYSCORE’s architecture is “that they were able to achieve so much success with such a poorly designed system. Data ingest, day-to-day operations, and searching is all poorly designed. There are many open source offerings that would function far better than this design with very little work. Their operations team must be extremely unhappy.”

Analysts connect to XKEYSCORE over HTTPS using standard web browsers such as Firefox. Internet Explorer is not supported. Analysts can log into the system with either a user ID and password or by using public key authentication.

As of 2009, XKEYSCORE servers were located at more than 100 field sites all over the world. Each field site consists of a cluster of servers; the exact number differs depending on how much information is being collected at that site. Sites with relatively low traffic can get by with fewer servers, but sites that spy on larger amounts of traffic require more servers to filter and parse it all. XKEYSCORE has been engineered to scale in both processing power and storage by adding more servers to a cluster. According to a 2009 document, some field sites receive over 20 terrabytes of data per day. This is the equivalent of 5.7 million songs, or over 13 thousand full-length films.

This map from a 2009 top-secret presentation does not show all of XKEYSCORE’s field sites.
When data is collected at an XKEYSCORE field site, it is processed locally and ultimately stored in MySQL databases at that site. XKEYSCORE supports a federated query system, which means that an analyst can conduct a single query from the central XKEYSCORE website, and it will communicate over the Internet to all of the field sites, running the query everywhere at once.

There might be security issues with the XKEYSCORE system itself as well. As hard as software developers may try, it’s nearly impossible to write bug-free source code. To compensate for this, developers often rely on multiple layers of security; if attackers can get through one layer, they may still be thwarted by other layers. XKEYSCORE appears to do a bad job of this.

When systems administrators log into XKEYSCORE servers to configure them, they appear to use a shared account, under the name “oper.” Adams notes, “That means that changes made by an administrator cannot be logged.” If one administrator does something malicious on an XKEYSCORE server using the “oper” user, it’s possible that the digital trail of what was done wouldn’t lead back to the administrator, since multiple operators use the account.

There appears to be another way an ill-intentioned systems administrator may be able to cover their tracks. Analysts wishing to query XKEYSCORE sign in via a web browser, and their searches are logged. This creates an audit trail, on which the system relies to assure that users aren’t doing overly broad searches that would pull up U.S. citizens’ web traffic. Systems administrators, however, are able to run MySQL queries. The documents indicate that administrators have the ability to directly query the MySQL databases, where the collected data is stored, apparently bypassing the audit trail.

AppIDs, fingerprints and microplugins

Collecting massive amounts of raw data is not very useful unless it is collated and organized in a way that can be searched. To deal with this problem, XKEYSCORE extracts and tags metadata and content from the raw data so that analysts can easily search it.

This is done by using dictionaries of rules called appIDs, fingerprints and microplugins that are written in a custom programming language called GENESIS. Each of these can be identified by a unique name that resembles a directory tree, such as “mail/webmail/gmail,” “chat/yahoo,” or “botnet/blackenergybot/command/flood.”

One document detailing XKEYSCORE appIDs and fingerprints lists several revealing examples. Windows Update requests appear to fall under the “update_service/windows” appID, and normal web requests fall under the “http/get” appID. XKEYSCORE can automatically detect Airblue travel itineraries with the “travel/airblue” fingerprint, and iPhone web browser traffic with the “browser/cellphone/iphone” fingerprint.

PGP-encrypted messages are detected with the “encryption/pgp/message” fingerprint, and messages encrypted with Mojahedeen Secrets 2 (a type of encryption popular among supporters of al Qaeda) are detected with the “encryption/mojaheden2” fingerprint.

When new traffic flows into an XKEYSCORE cluster, the system tests the intercepted data against each of these rules and stores whether the traffic matches the pattern. A slideshow presentation from 2010 says that XKEYSCORE contains almost 10,000 appIDs and fingerprints.

AppIDs are used to identify the protocol of traffic being intercepted, while fingerprints detect a specific type of content. Each intercepted stream of traffic gets assigned up to one appID and any number of fingerprints. You can think of appIDs as categories and fingerprints as tags.

If multiple appIDs match a single stream of traffic, the appID with the lowest “level” is selected (appIDs with lower levels are more specific than appIDs with higher levels). For example, when XKEYSCORE is assessing a file attachment from Yahoo mail, all of the appIDs in the following slide will apply, however only “mail/webmail/yahoo/attachment” will be associated with this stream of traffic.

To tie it all together, when an Arabic speaker logs into a Yahoo email address, XKEYSCORE will store “mail/yahoo/login” as the associated appID. This stream of traffic will match the “mail/arabic” fingerprint (denoting language settings), as well as the “mail/yahoo/ymbm” fingerprint (which detects Yahoo browser cookies).

Sometimes the GENESIS programming language, which largely relies on Boolean logic, regular expressions and a set of simple functions, isn’t powerful enough to do the complex pattern-matching required to detect certain types of traffic. In these cases, as one slide puts it, “Power users can drop in to C++ to express themselves.” AppIDs or fingerprints that are written in C++ are called microplugins.

Here’s an example of a microplugin fingerprint for “botnet/conficker_p2p_udp_data,” which is tricky botnet traffic that can’t be identified without complicated logic. A botnet is a collection of hacked computers, sometimes millions of them, that are controlled from a single point.

Here’s another microplugin that uses C++ to inspect intercepted Facebook chat messages and pull out details like the associated email address and body of the chat message.

One document from 2009 describes in detail four generations of appIDs and fingerprints, which begin with only the ability to scan intercepted traffic for keywords, and end with the ability to write complex microplugins that can be deployed to field sites around the world in hours.

If XKEYSCORE development has continued at a similar pace over the last six years, it’s likely considerably more powerful today.

Illustration for The Intercept by Blue Delliquanti

Documents published with this article:

Advanced HTTP Activity Analysis
Analyzing Mobile Cellular DNI in XKS
ASFD Readme
Category Throttling
CNE Analysis in XKS
Comms Readme
Email Address vs User Activity
Free File Uploaders
Finding and Querying Document Metadata
Full Log vs HTTP
Guide to Using Contexts in XKS Fingerprints
HTTP Activity in XKS
HTTP Activity vs User Activity
Intro to Context Sensitive Scanning With XKS Fingerprints
Intro to XKS AppIDs and Fingerprints
OSINT Fusion Project
Phone Number Extractor
RWC Updater Readme
Selection Forwarding Readme
Stats Config Readme
Tracking Targets on Online Social Networks
Unofficial XKS User Guide
User Agents
Using XKS to Enable TAO
UTT Config Readme
VOIP Readme
Web Forum Exploitation Using XKS
Writing XKS Fingerprints
XKS Application IDs
XKS Application IDs Brief
XKS as a SIGDEV Tool
XKS, Cipher Detection, and You!
XKS for Counter CNE
XKS Intro
XKS Logos Embedded in Docs
XKS Search Forms
XKS System Administration
XKS Targets Visiting Specific Websites
XKS Tech Extractor 2009
XKS Tech Extractor 2010
XKS Workflows 2009
XKS Workflows 2011
UN Secretary General XKS

Micah Lee, Glenn Greenwald, Morgan Marquis-Boire
July 2 2015, 4:42 p.m.
Second in a series.

Find this story at 2 July 2015

Copyright https://theintercept.com/

XKEYSCORE: NSA’s Google for the World’s Private Communications (I)

One of the National Security Agency’s most powerful tools of mass surveillance makes tracking someone’s Internet usage as easy as entering an email address, and provides no built-in technology to prevent abuse. Today, The Intercept is publishing 48 top-secret and other classified documents about XKEYSCORE dated up to 2013, which shed new light on the breadth, depth and functionality of this critical spy system — one of the largest releases yet of documents provided by NSA whistleblower Edward Snowden.

The NSA’s XKEYSCORE program, first revealed by The Guardian, sweeps up countless people’s Internet searches, emails, documents, usernames and passwords, and other private communications. XKEYSCORE is fed a constant flow of Internet traffic from fiber optic cables that make up the backbone of the world’s communication network, among other sources, for processing. As of 2008, the surveillance system boasted approximately 150 field sites in the United States, Mexico, Brazil, United Kingdom, Spain, Russia, Nigeria, Somalia, Pakistan, Japan, Australia, as well as many other countries, consisting of over 700 servers.

These servers store “full-take data” at the collection sites — meaning that they captured all of the traffic collected — and, as of 2009, stored content for 3 to 5 days and metadata for 30 to 45 days. NSA documents indicate that tens of billions of records are stored in its database. “It is a fully distributed processing and query system that runs on machines around the world,” an NSA briefing on XKEYSCORE says. “At field sites, XKEYSCORE can run on multiple computers that gives it the ability to scale in both processing power and storage.”

XKEYSCORE also collects and processes Internet traffic from Americans, though NSA analysts are taught to avoid querying the system in ways that might result in spying on U.S. data. Experts and privacy activists, however, have long doubted that such exclusions are effective in preventing large amounts of American data from being swept up. One document The Intercept is publishing today suggests that FISA warrants have authorized “full-take” collection of traffic from at least some U.S. web forums.

The system is not limited to collecting web traffic. The 2013 document, “VoIP Configuration and Forwarding Read Me,” details how to forward VoIP data from XKEYSCORE into NUCLEON, NSA’s repository for voice intercepts, facsimile, video and “pre-released transcription.” At the time, it supported more than 8,000 users globally and was made up of 75 servers absorbing 700,000 voice, fax, video and tag files per day.

The reach and potency of XKEYSCORE as a surveillance instrument is astonishing. The Guardian report noted that NSA itself refers to the program as its “widest reaching” system. In February of this year, The Intercept reported that NSA and GCHQ hacked into the internal network of Gemalto, the world’s largest provider of cell phone SIM cards, in order to steal millions of encryption keys used to protect the privacy of cell phone communication. XKEYSCORE played a vital role in the spies’ hacking by providing government hackers access to the email accounts of Gemalto employees.

Numerous key NSA partners, including Canada, New Zealand and the U.K., have access to the mass surveillance databases of XKEYSCORE. In March, the New Zealand Herald, in partnership with The Intercept, revealed that the New Zealand government used XKEYSCORE to spy on candidates for the position of World Trade Organization director general and also members of the Solomon Islands government.

These newly published documents demonstrate that collected communications not only include emails, chats and web-browsing traffic, but also pictures, documents, voice calls, webcam photos, web searches, advertising analytics traffic, social media traffic, botnet traffic, logged keystrokes, computer network exploitation (CNE) targeting, intercepted username and password pairs, file uploads to online services, Skype sessions and more.

Bulk collection and population surveillance

XKEYSCORE allows for incredibly broad surveillance of people based on perceived patterns of suspicious behavior. It is possible, for instance, to query the system to show the activities of people based on their location, nationality and websites visited. For instance, one slide displays the search “germansinpakistn,” showing an analyst querying XKEYSCORE for all individuals in Pakistan visiting specific German language message boards.

As sites like Twitter and Facebook become increasingly significant in the world’s day-to-day communications (a Pew study shows that 71 percent of online adults in the U.S. use Facebook), they become a critical source of surveillance data. Traffic from popular social media sites is described as “a great starting point” for tracking individuals, according to an XKEYSCORE presentation titled “Tracking Targets on Online Social Networks.”

When intelligence agencies collect massive amounts of Internet traffic all over the world, they face the challenge of making sense of that data. The vast quantities collected make it difficult to connect the stored traffic to specific individuals.

Internet companies have also encountered this problem and have solved it by tracking their users with identifiers that are unique to each individual, often in the form of browser cookies. Cookies are small pieces of data that websites store in visitors’ browsers. They are used for a variety of purposes, including authenticating users (cookies make it possible to log in to websites), storing preferences, and uniquely tracking individuals even if they’re using the same IP address as many other people. Websites also embed code used by third-party services to collect analytics or host ads, which also use cookies to track users. According to one slide, “Almost all websites have cookies enabled.”

The NSA’s ability to piggyback off of private companies’ tracking of their own users is a vital instrument that allows the agency to trace the data it collects to individual users. It makes no difference if visitors switch to public Wi-Fi networks or connect to VPNs to change their IP addresses: the tracking cookie will follow them around as long as they are using the same web browser and fail to clear their cookies.

Apps that run on tablets and smartphones also use analytics services that uniquely track users. Almost every time a user sees an advertisement (in an app or in a web browser), the ad network is tracking users in the same way. A secret GCHQ and CSE program called BADASS, which is similar to XKEYSCORE but with a much narrower scope, mines as much valuable information from leaky smartphone apps as possible, including unique tracking identifiers that app developers use to track their own users. In May of this year, CBC, in partnership with The Intercept, revealed that XKEYSCORE was used to track smartphone connections to the app marketplaces run by Samsung and Google. Surveillance agency analysts also use other types of traffic data that gets scooped into XKEYSCORE to track people, such as Windows crash reports.

In a statement to The Intercept, the NSA reiterated its position that such sweeping surveillance capabilities are needed to fight the War on Terror:

“The U.S. Government calls on its intelligence agencies to protect the United States, its citizens, and its allies from a wide array of serious threats. These threats include terrorist plots from al-Qaeda, ISIL, and others; the proliferation of weapons of mass destruction; foreign aggression against the United States and our allies; and international criminal organizations.”

Indeed, one of the specific examples of XKEYSCORE applications given in the documents is spying on Shaykh Atiyatallah, an al Qaeda senior leader and Osama bin Laden confidant. A few years before his death, Atiyatallah did what many people have often done: He googled himself. He searched his various aliases, an associate and the name of his book. As he did so, all of that information was captured by XKEYSCORE.

XKEYSCORE has, however, also been used to spy on non-terrorist targets. The April 18, 2013 issue of the internal NSA publication Special Source Operations Weekly boasts that analysts were successful in using XKEYSCORE to obtain U.N. Secretary General Ban Ki-moon’s talking points prior to a meeting with President Obama.

XKEYSCORE for hacking: easily collecting user names, passwords and much more

XKEYSCORE plays a central role in how the U.S. government and its surveillance allies hack computer networks around the world. One top-secret 2009 NSA document describes how the system is used by the NSA to gather information for the Office of Tailored Access Operations, an NSA division responsible for Computer Network Exploitation (CNE) — i.e., targeted hacking.

Particularly in 2009, the hacking tactics enabled by XKEYSCORE would have yielded significant returns as use of encryption was less widespread than today. Jonathan Brossard, a security researcher and the CEO of Toucan Systems, told The Intercept: “Anyone could be trained to do this in less than one day: they simply enter the name of the server they want to hack into XKEYSCORE, type enter, and are presented login and password pairs to connect to this machine. Done. Finito.” Previous reporting by The Intercept revealed that systems administrators are a popular target of the NSA. “Who better to target than the person that already has the ‘keys to the kingdom?’” read a 2012 post on an internal NSA discussion board.

This system enables analysts to access web mail servers with remarkable ease.

The same methods are used to steal the credentials — user names and passwords — of individual users of message boards.

Hacker forums are also monitored for people selling or using exploits and other hacking tools. While the NSA is clearly monitoring to understand the capabilities developed by its adversaries, it is also monitoring locations where such capabilities can be purchased.

Other information gained via XKEYSCORE facilitates the remote exploitation of target computers. By extracting browser fingerprint and operating system versions from Internet traffic, the system allows analysts to quickly assess the exploitability of a target. Brossard, the security researcher, said that “NSA has built an impressively complete set of automated hacking tools for their analysts to use.”

Given the breadth of information collected by XKEYSCORE, accessing and exploiting a target’s online activity is a matter of a few mouse clicks. Brossard explains: “The amount of work an analyst has to perform to actually break into remote computers over the Internet seems ridiculously reduced — we are talking minutes, if not seconds. Simple. As easy as typing a few words in Google.”

These facts bolster one of Snowden’s most controversial statements, made in his first video interview published by The Guardian on June 9, 2013. “I, sitting at my desk,” said Snowden, could “wiretap anyone, from you or your accountant, to a federal judge to even the president, if I had a personal email.”

Indeed, training documents for XKEYSCORE repeatedly highlight how user-friendly the program is: with just a few clicks, any analyst with access to it can conduct sweeping searches simply by entering a person’s email address, telephone number, name or other identifying data. There is no indication in the documents reviewed that prior approval is needed for specific searches.

In addition to login credentials and other target intelligence, XKEYSCORE collects router configuration information, which it shares with Tailored Access Operations. The office is able to exploit routers and then feed the traffic traveling through those routers into their collection infrastructure. This allows the NSA to spy on traffic from otherwise out-of-reach networks. XKEYSCORE documents reference router configurations, and a document previously published by Der Spiegel shows that “active implants” can be used to “cop[y] traffic and direc[t]” it past a passive collector.

XKEYSCORE for counterintelligence

Beyond enabling the collection, categorization, and querying of metadata and content, XKEYSCORE has also been used to monitor the surveillance and hacking actions of foreign nation states and to gather the fruits of their hacking. The Intercept previously reported that NSA and its allies spy on hackers in order to collect what they collect.

Once the hacking tools and techniques of a foreign entity (for instance, South Korea) are identified, analysts can then extract the country’s espionage targets from XKEYSCORE, and gather information that the foreign power has managed to steal.

Monitoring of foreign state hackers could allow the NSA to gather techniques and tools used by foreign actors, including knowledge of zero-day exploits—software bugs that allow attackers to hack into systems, and that not even the software vendor knows about—and implants. Additionally, by monitoring vulnerability reports sent to vendors such as Kaspersky, the agency could learn when exploits they were actively using need to be retired because they’ve been discovered by a third party.

Seizure v. searching: oversight, audit trail and the Fourth Amendment

By the nature of how it sweeps up information, XKEYSCORE gathers communications of Americans, despite the Fourth Amendment protection against “unreasonable search and seizure” — including searching data without a warrant. The NSA says it does not target U.S. citizens’ communications without a warrant, but acknowledges that it “incidentally” collects and reads some of it without one, minimizing the information that is retained or shared.

But that interpretation of the law is dubious at best.

XKEYSCORE training documents say that the “burden is on user/auditor to comply with USSID-18 or other rules,” apparently including the British Human Rights Act (HRA), which protects the rights of U.K. citizens. U.S. Signals Intelligence Directive 18 (USSID 18) is the American directive that governs “U.S. person minimization.”

Kurt Opsahl, the Electronic Frontier Foundation’s general counsel, describes USSID 18 as “an attempt by the intelligence community to comply with the Fourth Amendment. But it doesn’t come from a court, it comes from the executive.”

If, for instance, an analyst searched XKEYSCORE for all iPhone users, this query would violate USSID 18 due to the inevitable American iPhone users that would be grabbed without a warrant, as the NSA’s own training materials make clear.

Opsahl believes that analysts are not prevented by technical means from making queries that violate USSID 18. “The document discusses whether auditors will be happy or unhappy. This indicates that compliance will be achieved by after-the-fact auditing, not by preventing the search.”

Screenshots of the XKEYSCORE web-based user interface included in slides show that analysts see a prominent warning message: “This system is audited for USSID 18 and Human Rights Act compliance.” When analysts log in to the system, they see a more detailed message warning that “an audit trail has been established and will be searched” in response to HRA complaints, and as part of the USSID 18 and USSID 9 audit process.

Because the XKEYSCORE system does not appear to prevent analysts from making queries that would be in violation of these rules, Opsahl concludes that “there’s a tremendous amount of power being placed in the hands of analysts.” And while those analysts may be subject to audits, “at least in the short term they can still obtain information that they shouldn’t have.”

During a symposium in January 2015 hosted at Harvard University, Edward Snowden, who spoke via video call, said that NSA analysts are “completely free from any meaningful oversight.” Speaking about the people who audit NSA systems like XKEYSCORE for USSID 18 compliance, he said, “The majority of the people who are doing the auditing are the friends of the analysts. They work in the same office. They’re not full-time auditors, they’re guys who have other duties assigned. There are a few traveling auditors who go around and look at the things that are out there, but really it’s not robust.”

In a statement to The Intercept, the NSA said:

“The National Security Agency’s foreign intelligence operations are 1) authorized by law; 2) subject to multiple layers of stringent internal and external oversight; and 3) conducted in a manner that is designed to protect privacy and civil liberties. As provided for by Presidential Policy Directive 28 (PPD-28), all persons, regardless of their nationality, have legitimate privacy interests in the handling of their personal information. NSA goes to great lengths to narrowly tailor and focus its signals intelligence operations on the collection of communications that are most likely to contain foreign intelligence or counterintelligence information.”

Coming next: A Look at the Inner Workings of XKEYSCORE

Source maps: XKS as a SIGDEV Tool, p. 15, and XKS Intro, p. 6

Documents published with this article:

Advanced HTTP Activity Analysis
Analyzing Mobile Cellular DNI in XKS
ASFD Readme
Category Throttling
CNE Analysis in XKS
Comms Readme
Email Address vs User Activity
Free File Uploaders
Finding and Querying Document Metadata
Full Log vs HTTP
Guide to Using Contexts in XKS Fingerprints
HTTP Activity in XKS
HTTP Activity vs User Activity
Intro to Context Sensitive Scanning With XKS Fingerprints
Intro to XKS AppIDs and Fingerprints
OSINT Fusion Project
Phone Number Extractor
RWC Updater Readme
Selection Forwarding Readme
Stats Config Readme
Tracking Targets on Online Social Networks
Unofficial XKS User Guide
User Agents
Using XKS to Enable TAO
UTT Config Readme
VOIP Readme
Web Forum Exploitation Using XKS
Writing XKS Fingerprints
XKS Application IDs
XKS Application IDs Brief
XKS as a SIGDEV Tool
XKS, Cipher Detection, and You!
XKS for Counter CNE
XKS Intro
XKS Logos Embedded in Docs
XKS Search Forms
XKS System Administration
XKS Targets Visiting Specific Websites
XKS Tech Extractor 2009
XKS Tech Extractor 2010
XKS Workflows 2009
XKS Workflows 2011
UN Secretary General XKS

Morgan Marquis-Boire, Glenn Greenwald, Micah Lee
July 1 2015, 4:49 p.m.
Illustrations by Blue Delliquanti and David Axe for The Intercept

Find this story at 1 July 2015

copyright https://firstlook.org/theintercept/

XKeyscore: A Dubious Deal with the NSA

Internal documents show that Germany’s domestic intelligence agency, the BfV, received the coveted software program XKeyscore from the NSA – and promised data from Germany in return.

The agents from the Federal Office for the Protection of the Constitution (BfV), Germany’s domestic intelligence agency, were deeply impressed. They wanted to be able to do that too. On Oct. 6, 2011, employees of the US intelligence agency NSA were in the Bavarian town of Bad Aibling to demonstrate all that the spy software XKeyscore could do. To make the demonstration as vivid as possible, the Americans fed data into their program that the BfV had itself collected during a warranted eavesdropping operation. An internal memo shows how enthusiastic the German intelligence agents were: Analyzing data with the help of the software, the memo reads in awkward officialese, resulted in “a high recognition of applications used, Internet applications and protocols.” And in the data, XKeyscore was able to “recognize, for example, Hotmail, Yahoo or Facebook. It was also able to identify user names and passwords.” In other words, it was highly effective.

It was far beyond the capabilities of the BfV’s own system. In response, then-BfV President Heinz Fromm made a formal request five months later to his American counterpart, NSA head Keith Alexander, for the software to be made available to the German intelligence agency. It would, he wrote, superbly complement the current capabilities for monitoring and analyzing Internet traffic.

But fully a year and a half would pass before a test version of XKeyscore could begin operating at the BfV facility in the Treptow neighborhood of Berlin. It took that long for the two agencies to negotiate an agreement that regulated the transfer of the software in detail and which defined the rights and obligations of each side.

The April 2013 document called “Terms of Reference,” which ZEIT ONLINE and DIE ZEIT has been able to review, is more than enlightening. It shows for the first time what Germany’s domestic intelligence agency promised their American counterparts in exchange for the use of the coveted software program. “The BfV will: To the maximum extent possible share all data relevant to NSA’s mission,” the paper reads. Such was the arrangement: data in exchange for software.

It was a good deal for the BfV. Being given the software was a “proof of trust,” one BfV agent exulted. Another called XKeyscore a “cool system.” Politically and legally, however, the accord is extremely delicate. Nobody outside of the BfV oversees what data is sent to the NSA in accordance with the “Terms of Reference,” a situation that remains unchanged today. Neither Germany’s data protection commissioner nor the Parliamentary Control Panel, which is responsible for oversight of the BfV, has been fully informed about the deal. “Once again, I have to learn from the press of a new BfV-NSA contract and of the impermissible transfer of data to the US secret service,” complains the Green Party parliamentarian Hans-Christian Ströbele, who is a member of the Parliamentary Control Panel. The Federal Office for the Protection of the Constitution, for its part, insists that it has adhered strictly to the law.

Interne Dokumente belegen, dass der Verfassungsschutz vom amerikanischen Geheimdienst NSA die begehrte Spionagesoftware XKeyscore bekam. Dafür versprachen die Verfassungsschützer, so viele Daten aus deutschen G-10-Überwachungsmaßnahmen an die NSA zu liefern, wie möglich.

Lesen Sie dazu:

Der Datendeal: Was Verfassungsschutz und NSA miteinander verabredeten – was Parlamentarier und Datenschützer dazu sagen

Read the english version here: A Dubious Deal with the NSA

Dokument: Die Übereinkunft zwischen Verfassungsschutz und NSA im Wortlaut

Read the english version here: XKeyscore – the document

Die Software: Der Datenknacker “Poseidon” findet jedes Passwort

The data in question is regularly part of the approved surveillance measures carried out by the BfV. In contrast, for example, to the Bundesnachrichtendienst (BND), Germany’s foreign intelligence agency, the BfV does not use a dragnet to collect huge volumes of data from the Internet. Rather, it is only allowed to monitor individual suspects in Germany — and only after a special parliamentary commission has granted approval. Because such operations necessarily imply the curtailing of rights guaranteed by Article 10 of Germany’s constitution, they are often referred to as G-10 measures. Targeted surveillance measures are primarily intended to turn up the content of specific conversations, in the form of emails, telephone exchanges or faxes. But along the way, essentially as a side effect, the BfV also collects mass quantities of so-called metadata. Whether the collection of this data is consistent with the restrictions outlined in Germany’s surveillance laws is a question that divides legal experts. Well-respected constitutional lawyers are of the opinion that intelligence agencies are not allowed to analyze metadata as they see fit. The agencies themselves, naturally, have a different view.

It is clear, after all, that metadata also enables interesting conclusions to be drawn about the behavior of those under surveillance and their contacts, just as, in the analog world, the sender and recipient written on an envelope can also be revealing, even if the letter inside isn’t read. Those who know such data can identify communication networks and establish movement and behavioral profiles of individuals. Prior to 2013, Germany’s domestic intelligence agency was only able to analyze metadata by hand — and it was rarely done as a result. But that changed once the agency received XKeyscore. The version of the software obtained by the BfV is unable to collect data on the Internet itself, but it is able to rapidly analyze the huge quantities of metadata that the agency has already automatically collected. That is why XKeyscore is beneficial to the BfV. And, thanks to the deal, that benefit is one that extends to the NSA.

In practice, it assumedly works as follows: When an Islamist who is under surveillance by the BfV regularly receives calls from Afghanistan, for example, then the telephone number is likely exactly the kind of information that is forwarded on to the NSA. That alone is not necessarily cause for concern; after all, combatting terrorism is the goal of intelligence agency cooperation. But nobody outside of the BfV knows whose data, and how much of it, is being shared with the NSA. Nobody can control the practicalities of the data exchange. And it is completely unclear where political responsibility lies.

In 2013 alone, the BfV began 58 new G-10 measures and continued 46 others from the previous year. Who was targeted? What information was passed on to the NSA? Was information pertaining to German citizens also shared? When confronted with such questions, the BfV merely responded: “The BfV is unable to publicly comment on the particulars of the cooperation or on the numbers of data collection operations.”

How important XKeyscore has become for the BfV can also be seen elsewhere. Not long ago, the website Netzpolitik.org published classified budget plans for 2013 which included the information that the BfV intended to create 75 new positions for the “mass data analysis of Internet content.” Seventy-five new positions is a significant amount for any government agency. A new division called 3C was to uncover movement profiles and contact networks and to process raw data collected during G-10 operations. The name XKeyscore does not appear in the documents published by Netzpolitik.org. But it is reasonable to suspect that the new division was established to deploy the new surveillance software.

Germany’s domestic intelligence agency is itself also aware of just how sensitive its deal with the Americans is. Back in July 2012, a BfV division warned that even the tests undertaken with XKeyscore could have “far-reaching legal implications.” To determine the extent of the software’s capabilities, the division warned, employees would have to be involved who didn’t have the appropriate security clearance to view the data used in the tests. The BfV has declined to make a statement on how, or whether, the problem was solved.

Germany’s data protection commissioner was apparently not informed. “I knew nothing about such an exchange deal,” says Peter Schaar, who was data protection commissioner at the time. “I am also hearing for the first time about a test with real data.” He says he first learned that BfV was using XKeyscore after he asked of his own accord in 2013 — in the wake of revelations about the program from whistleblower Edward Snowden.

Schaar is of the opinion that the agency was obliged to inform him. Because real data was used during the tests, Schaar says, it constituted data processing. The BfV, by contrast, is of the opinion that the use of XKeyscore has to be controlled solely by the G-10 commission. It is a question that has long been the source of contention. In testimony before the parliamentary investigative committee that is investigating NSA activities in Germany, Schaar has demanded that the G-10 law be more clearly formulated to remove the ambiguity.

The fact that the BfV recognized the problems with its NSA cooperation can be seen elsewhere in the files as well. During the negotiations over the XKeyscore deal, the BfV noted: “Certain NSA requests … cannot be met insofar as German law prevents it.” But the Americans insisted that the software finally be “used productively.” The NSA wants “working results,” the German agents noted. There is, they wrote, apparently “high internal pressure” to receive information from the Germans.

Ultimately, the BfV arrived at the conclusion that transferring information obtained with the help of XKeyscore to the NSA was consistent with German law. Insights gathered by way of G-10 operations were already being “regularly” shared with “foreign partner agencies.” That, at least, is what the BfV declared to the German Interior Ministry in January 2014. Furthermore, the agency declared, a special legal expert would approve each data transfer.

That, it seems, was enough oversight from the perspective of the BfV. The agency apparently only partially informed its parliamentarian overseers about the deal. The Parliamentary Control Panel learned that the BfV had received XKeyscore software and had begun using it. But even this very general briefing was only made after the panel had explicitly asked following the Snowden revelations. The deal between the intelligence agencies, says the Green Party parliamentarian Ströbele, “is undoubtedly an ‘occurrence of particular import,’ about which, according to German law, the German government must provide sufficient information of its own accord.” He intends to bring the issue before the Parliamentary Control Panel. The NSA investigative committee in German parliament will surely take a closer look as well.

Translated by Charles Hawley
Von Kai Biermann und Yassin Musharbash
26. August 2015, 18:11 Uhr

Find this story at 26 August 2015

copyright http://www.zeit.de/

Wikileaks: ‘Massive’ NSA spying on top German officials

Wikileaks says its latest release of documents shows the wide reach of economic espionage conducted by the NSA in Germany. Documents released by the whistleblowers suggest an intense interest in the Greek debt crisis.

A new batch of documents released by Wikileaks on Wednesday purports to show the extent to which the spying conducted by the US National Security Agency (NSA) on German officials was economic in nature , as opposed to being focused on security issues.
As far back as the late 1990s, the phone numbers of officials in the German Ministry of Finance, including sometimes the ministers themselves, were targeted by NSA spies, according to a Wikileaks press release. The list of high priority targets for Germany are mostly telephone numbers within the finance ministry, some within the ministry of agriculture, a few within offices responsible for European policy, and advisors who assisted Merkel ahead of G7 and WTO meetings. One of the targets was within the European Central Bank itself.
NSA interest in the course of Greek bailout
Some of the espionage also dealt with the handling of the Greek debt crisis, particularly in “intercepted talk between Chancellor Merkel and her assistant, the Chancellor talks about her views on solutions to the Greek financial crisis and her disagreement with members of her own cabinet, such as Finance Minister Wolfgang Schäuble, on matters of policy.”
The NSA was also interested in Merkel’s discussions of “the positions of French leaders, and of the heads of the key institutions of the Troika: European Commission President Jose Manuel Barroso, European Central Bank President Jean-Claude Trichet and IMF Director Christine Lagarde,” with regard to the Greece’s bailout issues.
This intercept, which is dated to October 2011, is classified as highly sensitive, “two levels above top secret.” Despite this, it was still cleared for distribution among the “US-led ‘Five Eyes’ spying alliance of UK, Canada, Australia and New Zealand.”
Wikileaks also says that the NSA was given a German intercept gathered by British Intelligence (GCHQ), which “details the German government’s position ahead of negotiations on a EU bailout plan for Greece.”
“The report refers to an overview prepared by German Chancellery Director-General for EU Affairs Nikolaus Meyer-Landrut. Germany was, according to the intercept, opposed to giving a banking license to the European Financial Stability Facility (EFSF), however it would support a special IMF fund into which the BRICS nations would contribute to bolster European bailout activities.”
Julian Assange, Wikileaks’ embattled editor-in-chief, made a statement on Wednesday’s release, saying that it “further demonstrates that the United States’ economic espionage campaign extends to Germany and to key European institutions and issues such as the European Central Bank and the crisis in Greece.”
“Would France and Germany have proceeded with the BRICS bailout plan for Greece if this intelligence was not collected and passed to the United States – who must have been horrified at the geopolitical implications?” he asked.
The “Süddeutsche Zeitung” daily was given access to the leaked documents. It reports that a spokesman for the German government said Berlin is not familiar enough with the information published by Wikileaks to offer an analysis or response.


Find this story at 1 July 2015
© 2015 Deutsche Welle

Selektorenliste der NSA Welche Nummern der Kanzlerin die NSA abhörte

Anhand der Telefonnummern in dieser Selektorenliste wird deutlich, dass die Ausspähung durch die NSA beispielsweise auch die Telefone von Ronald Pofalla, Peter Altmaier und Volker Kauder umfasste.

Der amerikanische Nachrichtendienst hat die deutsche Politik weitaus systematischer ausgespäht als bisher bekannt – und das seit Jahrzehnten.

Neue Dokumente der Enthüllungsplattform Wikileaks belegen, dass auch die Regierungen der Kanzler Helmut Kohl und Gerhard Schröder von der NSA belauscht wurden.

Bund und Berlin ziehen Bilanz zu HauptstadtbautenBild vergrößern
Das Kanzleramt in Berlin steht im Mittelpunkt der neuen Wikileaks-Enthüllungen. (Foto: dpa)
Diese Erkenntnisse können aus den neuen Enthüllungen gewonnen werden:

Die neuen Wikileaks-Enthüllungen katapultieren die Diskussion in eine neue Höhe. Es geht darin um das Kanzleramt – es wurde über Jahrzehnte von der NSA ausgespäht, in Bonn und in Berlin. Die Liste umfasst 56 Anschlüsse und wurde von Wikileaks am Mittwochabend ins Netz gestellt. SZ, NDR und WDR konnten sie vorab prüfen.
Die Regierungen von Helmut Kohl, Gerhard Schröder und Angela Merkel waren alle im Visier des amerikanischen Nachrichtendienstes. Die halbe Mannschaft von Ex-Kanzler Schröder steht auf der Liste. Bodo Hombach, der für eine kurze Zeit Kanzleramtsminister war und schwierige Operationen in Nahost auszuführen hatte, ist ebenso aufgeführt wie der sicherheitspolitische Berater Michael Steiner und Schröders Mann für die Weltwirtschaftsgipfel, Klaus Gretschmann.
Etwa zwei Dutzend Nummern der Bundeskanzlerin stehen auf der Liste. Darunter ihre Handynummer, die mindestens bis Ende 2013 gültig war; ihre Büronummer; eine ihr zugeschriebene Nummer in der CDU-Bundesgeschäftsstelle und ihre Faxnummern; auch ihr enger Vertrauter Volker Kauder, Vorsitzender der CDU/CSU-Bundestagsfraktion, war Ziel der NSA.
Auch Merkels ehemaliger Kanzleramtsminister Ronald Pofalla steht auf der Liste. Es findet sich darauf seine bis heute aktive Handynummer.
Auffällig ist, dass die Abteilung 2 des Kanzleramts, die für Außen- und Sicherheitspolitik zuständig ist, oft vorkommt. Auch der Bereich Wirtschaftspolitik ist stark vertreten, ebenso Abteilung 6 – sie ist für den Bundesnachrichtendienst zuständig.
Vorige Woche hatte Wikileaks erste Unterlagen der NSA veröffentlicht, die Deutschland betreffen. Drei Bundesministerien – das Wirtschafts-, das Landwirtschafts- und das Finanzministerium – standen dabei im Mittelpunkt.
Lesen Sie mehr zu den neuen Wikileaks-Enthüllungen in der digitalen Ausgabe der Süddeutschen Zeitung.
IhreSZ Flexi-Modul Header
Ihr Forum
Wie sollte sich Merkel angesichts der jüngsten Wikileaks-Enthüllungen verhalten?
Die NSA hat Wikileaks-Dokumenten zufolge über Jahrzehnte das Bundeskanzleramt abgehört. Betroffen von den Spähangriffen waren die Regierungen von Bundeskanzlerin Merkel sowie die ihrer Vorgänger Schröder und Kohl. Das Ausmaß des Lauschangriffs ist damit deutlich größer als bislang angenommen. Ihr Forum

Helmut Kohl mit Gerhard Schröder im Bundestag, 1999
Tatort Kanzleramt
Kurzer Draht zur Macht
Die NSA hat die deutsche Politik weitaus systematischer ausgespäht als bisher bekannt – und das seit Jahrzehnten. Neue Dokumente von Wikileaks belegen, dass auch die Kanzler Helmut Kohl und Gerhard Schröder belauscht wurden.

Kohl NSA
Von Kohl bis Merkel – die NSA hörte mit
Wikileaks-Dokumente belegen: Jahrzehntelang hat der US-Geheimdienst das Kanzleramt ausgeforscht. Auch die Telefone von Ronald Pofalla, Peter Altmaier und Volker Kauder wurden angezapft.

9. Juli 2015, 06:11 Uhr

Find this story at 9 July 2015

Copyright www.sueddeutsche.de

Neue Dokumente von WikiLeaks Kanzleramt schon seit Kohl-Ära im NSA-Visier

Die NSA hat nach Informationen von WikiLeaks schon seit Jahrzehnten das Bundeskanzleramt abgehört. Das zeigen neue Dokumente, die NDR, WDR und SZ vor Veröffentlichung einsehen konnten. Betroffen waren demnach neben Kanzlerin Merkel auch ihre Vorgänger Schröder und Kohl.

Noch in der vergangenen Woche hatten der Geheimdienstkoordinator im Kanzleramt, Günter Heiß, und der ehemalige Kanzleramtschef Ronald Pofalla (CDU) bei einer Befragung im NSA-Untersuchungsausschuss abgewiegelt. Auf die Frage, ob Merkels Handy abgehört worden sei, sagte Heiß, es gebe Indizien dafür. Es könne aber auch sein, dass ein Gespräch “zufällig” abgehört worden sei, als ein “Beifang” etwa bei einem Telefonat mit dem russischen Präsidenten Putin. Pofalla sagte, er halte es bis heute für nicht bewiesen, dass das Handy der Kanzlerin abgehört worden sei. Der “Spiegel” hatte 2013 erstmals über diesen Verdacht berichtet.

Nun liegen die neuen WikiLeaks-Dokumente vor – eine Liste mit 56 Telefonnummern, darunter Merkels Handy-Nummer, die sie bis mindestens Ende 2013 genutzt hat. Die Nummern stammen offenbar aus einer Datenbank der NSA, in der Abhörziele erfasst sind. Und in dieser Liste findet sich nicht nur Merkels alte Mobilnummer, sondern auch mehr als ein Dutzend weiterer Festnetz-, Handy- und Faxanschlüsse aus ihrem direkten Umfeld – darunter die Durchwahl ihrer Büroleiterin im Kanzleramt, Beate Baumann, ihres Stellvertreters sowie weitere Nummern aus dem Kanzlerbüro.

Eine Liste mit Telefonnummern von Wikileaks galerieWikiLeaks hat eine Liste mit Telefonnummern und Namen aus dem Bundeskanzleramt veröffentlicht, die offenbar aus einer Datenbank mit Abhörzielen der NSA stammen [die letzten Ziffern wurden von der Redaktion unkenntlich gemacht].
Außerdem steht der Name des Unions-Fraktionschefs Volker Kauder, einem engen Vertrauten von Merkel, samt einer Nummer im Bundestag auf der Liste und eine Merkel zugeordnete Nummer in der CDU-Bundesgeschäftsstelle. Auch die aktuelle Handy-Nummer von Ronald Pofalla ist in der NSA-Datenbank erfasst. Er hatte es anscheinend schon geahnt. In der Sitzung des NSA-Untersuchungsausschusses wies ihn jemand darauf hin, dass seine Nummer bislang nicht aufgetaucht sei. Pofallas Antwort: “Kommt noch.”

Gezieltes Vorgehen der NSA

Die Liste zeigt, dass die NSA offenbar sehr gezielt vorgegangen ist. Außer der Kanzlerin und ihrem Büro umfasst sie vor allem Nummern und Namen von der Leitung des Bundeskanzleramts sowie von den Abteilungen 2, 4 und 6 – zuständig für Außen- und Sicherheitspolitik, Wirtschaftspolitik und die Nachrichtendienste. Selbst die Telefonzentrale des Kanzleramts inklusive der Faxnummer wurde offenbar ausspioniert. Von wann die Liste stammt, ist nicht bekannt. Viele der aufgeführten Nummern sind bis heute aktuell, andere – teils noch aus Bonner Zeiten – sind anscheinend veraltet.

Mitarbeiter von Kohl und Schröder im Visier

Wann der US-Geheimdienst den Lauschangriff auf das Zentrum der deutschen Regierung gestartet hat, ist nicht klar. Aber einiges deutet daraufhin, dass auch Mitarbeiter von Merkels Vorgängern abgehört wurden. Die ersten Ziele hat die NSA offenbar bereits vor mehr als 20 Jahren in die Datenbank aufgenommen und in den folgenden Jahren stetig erweitert. Unter anderem findet sich eine alte Bonner Nummer mit dem Eintrag “DR LUDEWIG CHIEF OF DIV 4” in der Liste. Dr. Johannes Ludewig leitete von 1991 bis 1994 die Wirtschaftsabteilung des Kanzleramts, die Abteilung 4. Danach wechselte er ins Wirtschaftsministerium. Ausgespäht wurde offenbar auch ein persönlicher Referent des damaligen CDU-Staatsministers Anton Pfeiffer, ein enger Vertrauter von Helmut Kohl.

Außerdem stehen unter anderem auf der Liste: Bodo Hombach, der 1998/99 einige Monate lang das Kanzleramt geleitet hat; Schröders sicherheitspolitischer Berater Michael Steiner; Klaus Gretschmann, ehemaliger Leiter der Abteilung für Wirtschaftspolitik, der unter anderem die Weltwirtschaftsgipfel für den Kanzler vorbereitet hat; Ernst Uhrlau, von 1998 bis 2005 im Kanzleramt für die Aufsicht über die Nachrichtendienste zuständig.

NSA hörte Kanzleramt offenbar jahrzehntelang ab
tagesthemen 22:15 Uhr, 08.07.2015, S. Buchen/J. Goetz/C. Deker, NDR
Icon facebook Icon Twitter Icon Google+ Icon Briefumschlag
Download der Videodatei
Weitere “streng geheime” Abhörprotokolle veröffentlicht

WikiLeaks hat außer der Telefonliste erneut einige als “streng geheim” eingestufte Abhörprotokolle der NSA veröffentlicht, darunter abgefangene Gespräche von Kanzlerin Merkel unter anderem mit Scheich Muhammad bin Zayid Al Nahyan aus den Vereinigten Arabischen Emiraten aus dem Jahr 2009 über die Situation im Iran. Laut einem weiteren Protokoll – ebenfalls von 2009 – hat sie intern kurz vor dem damals geplanten G20-Gipfel in London Vorschläge der US-Notenbank zur Lösung der Finanzkrise kritisiert. Es ging um “toxische Anlagen”, die in “bad banks” ausgelagert werden sollten. Merkel habe sich skeptisch dazu geäußert, dass Banken sich komplett ihrer Verantwortung entziehen.

Mitte Juni hat Generalbundesanwalt Harald Range ein Ermittlungsverfahren wegen des mutmaßlichen Ausspähens von Merkels Handy eingestellt. Die Vorwürfe seien nicht gerichtsfest nachzuweisen. Beweisdokumente habe die Behörde nicht beschaffen können. Kurz darauf – Anfang Juli – hat Wikileaks erste Abhörprotokolle und eine Liste mit Abhörzielen veröffentlicht, die auf einen umfassenden Lauschangriff der NSA auf die deutsche Regierung hindeuteten.

Bundesregierung prüft Veröffentlichungen

Als Reaktion auf die erste Enthüllung bat die Bundesregierung den US-Botschafter in Deutschland, John B. Emerson, zu einem Gespräch ins Kanzleramt. Die Bundesanwaltschaft prüft nun mögliche neue Ermittlungen wegen der NSA-Aktivitäten. Und in Regierungskreisen hieß es, man wundere sich in dieser Sache über gar nichts mehr. Beschwerden in Washington seien aber offenbar sinnlos. Die Bundesregierung erklärte nun auf Anfrage von NDR, WDR und SZ, die Veröffentlichung aus der vergangenen Woche werde von den zuständigen Stellen geprüft und bewertet, dies dauere an. “Insbesondere da ein Nachweis der Authentizität der veröffentlichten Dokumente fehlt, ist eine abschließende Bewertung derzeit nicht möglich.”

Zu den in den aktuellen Dokumenten aufgeführten Mobilfunknummern will die Bundesregierung nicht öffentlich Stellung nehmen. Eine Sprecher betonte jedoch, dass weiterhin gelte, was der Chef des Bundeskanzleramts, Peter Altmaier, in der vergangenen Woche gegenüber dem US-Botschaft deutlich gemacht habe: “Die Einhaltung deutschen Rechts ist unabdingbar und festgestellte Verstöße werden mit allen Mitteln des Rechtsstaats verfolgt werden. Darüber hinaus wird die für die Sicherheit unserer Bürger unverzichtbare Zusammenarbeit der deutschen und amerikanischen Nachrichtendienste durch derartige wiederholte Vorgänge belastet. Bereits seit dem vergangenen Jahr hat die Bundesregierung ihre Spionageabwehr verstärkt und fühlt sich darin durch die neuesten Veröffentlichungen bestätigt.”

Die US-Regierung hat sich bislang weder offiziell noch inoffiziell zur aktuellen Abhörpraxis in Deutschland geäußert. Nur Kanzlerin Merkel hat nach den ersten Berichten über das Abhören ihres Handys eine Art No-Spy-Garantie von US-Präsident Obama bekommen. Dabei ging es allerdings tatsächlich nur um sie persönlich, stellte der frühere NSA- und CIA-Direktor Michael Hayden in einem “Spiegel”-Interview klar. “Das war kein Versprechen, das für irgendjemand anderes an der Spitze der Bundesregierung gilt.”

Die investigativen Ressorts von NDR, WDR und “Süddeutscher Zeitung” kooperieren unter Leitung von Georg Mascolo themen- und projektbezogen. Die Rechercheergebnisse, auch zu komplexen internationalen Themen, werden für Fernsehen, Hörfunk, Online und Print aufbereitet.

Stand: 09.07.2015 09:40 Uhr
Von John Goetz, Janina Findeisen und Christian Baars (NDR)

Find this story at 9 July 2015

© ARD-aktuell / tagesschau.de

WikiLeaks: Steinmeier target of systematic NSA spying

WikiLeaks has published evidence that the NSA systematically spied on German Foreign Minister Frank-Walter Steinmeier, as well as other officials. The alleged spying reportedly predates the September 11, 2001 attacks.

German Foreign Minister Frank-Walter Steinmeier was reportedly the target of systematic spying by the US National Security Agency (NSA), according to information released Monday by transparency organization WikiLeaks.
WikiLeaks documented an intercepted conversation or phone call held by Steinmeier on November 29, 2005 shortly after he had completed his first official visit to the United States as foreign minister.
It is unclear with whom Steinmeier was speaking at the time, but the subject of the call was the US Central Intelligence Agency’s (CIA) controversial renditions program. It was alleged that the US had used the airspace and airport facilities of cooperating European countries to illegally abduct European citizens and residents in order to interrogate them at secret “black site” prisons.
Steinmeier denied knowledge of the alleged rendition flights in 2005 and according to the intercept, “seemed relieved that he had not received any definitive response from the US secretary of state regarding press reports of CIA flights through Germany to secret prisons in Eastern Europe allegedly used for interrogating terrorism subjects.”
Human rights groups have accused the United States of having used the so-called “extraordinary renditions” in order to interrogate suspected terrorists using methods not allowed in the US itself, including torture.
NSA Symbolbild
WikiLeaks has revealed what appears to be a years-long effort to spy on the German Foreign Ministry
‘Tacit complicity of European governments’
The US has acknowledged that the CIA operated a secret detention program outside its borders, but denied the use of torture. In 2008, Steinmeier again denied Germany had in any way supported the rendition flights at a parliamentary hearing, calling such accusations “utter nonsense.”
“Today’s publication indicates that the NSA has been used to help the CIA kidnap and torture with impunity. For years the CIA was systematically abducting and torturing people, with the tacit complicity of European governments,” WikiLeaks founder Julian Assange said in a statement.
The new documents paint a picture of an apparent years-long NSA effort to spy on the German Foreign Ministry, dating back to before the September 11, 2001 terrorist attacks. The documents reveal a list of 20 phone numbers the NSA targeted for monitoring, two of which were assigned to Steinmeier as well one number potentially assigned to Joschka Fischer, Germany’s vice chancellor and foreign minister from 1998 to 2005.
The German Foreign Ministry has not commented on the latest revelations, which come shortly after WikiLeaks revealed the NSA had allegedly spied on top German politicians for decades .
German Green Party parliamentarian Hans-Christian Ströbele demanded an explanation from the government and secret service in light of the latest revelations.
“They must say what they will do now to resolve the spying and avert damage,” Ströbele said after Monday’s revelations. He also questioned whether Steinmeier in 2006 “actually failed to answer questions regarding US rendition flights over Germany.”
bw/cmk (AFP, dpa)


Find this story at 20 July 2015

© 2015 Deutsche Welle

An Attack on Press Freedom SPIEGEL Targeted by US Intelligence

Revelations from WikiLeaks published this week show how boundlessly and comprehensively American intelligence services spied on the German government. It has now emerged that the US also conducted surveillance against SPIEGEL.

Walks during working hours aren’t the kind of pastime one would normally expect from a leading official in the German Chancellery. Especially not from the head of Department Six, the official inside Angela Merkel’s office responsible for coordinating Germany’s intelligence services.

But in the summer of 2011, Günter Heiss found himself stretching his legs for professional reasons. The CIA’s station chief in Berlin had requested a private conversation with Heiss. And he didn’t want to meet in an office or follow standard protocol. Instead, he opted for the kind of clandestine meeting you might see in a spy film.

Officially, the CIA man was accredited as a counsellor with the US Embassy, located next to Berlin’s historic Brandenburg Gate. Married to a European, he had already been stationed in Germany once before and knew how to communicate with German officials. At times he could be demanding and overbearing, but he could also be polite and courteous. During this summer walk he also had something tangible to offer Heiss.

The CIA staffer revealed that a high-ranking Chancellery official allegedly maintained close contacts with the media and was sharing official information with reporters with SPIEGEL.

The American provided the name of the staffer: Hans Josef Vorbeck, Heiss’ deputy in Department Six. The information must have made it clear to Heiss that the US was spying on the German government as well as the press that reports on it.

The central Berlin stroll remained a secret for almost four years. The Chancellery quietly transferred Vorbeck, who had until then been responsible for counterterrorism, to another, less important department responsible dealing with the history of the BND federal intelligence agency. Other than that, though, it did nothing.

Making a Farce of Rule of Law

Officials in the Chancellery weren’t interested in how the CIA had obtained its alleged information. They didn’t care to find out how, and to which degree, they were being spied on by the United States. Nor were they interested in learning about the degree to which SPIEGEL was being snooped on by the Americans. Chancellery officials didn’t contact any of the people in question. They didn’t contact members of the Bundestag federal parliament sitting on the Parliamentary Control Panel, the group responsible for oversight of the intelligence services. They didn’t inform members of the Office for the Protection of the Constitution, the agency responsible for counterintelligence in Germany, either. And they didn’t contact a single public prosecutor. Angela Merkel’s office, it turns out, simply made a farce of the rule of law.

As a target of the surveillance, SPIEGEL has requested more information from the Chancellery. At the same time, the magazine filed a complaint on Friday with the Federal Public Prosecutor due to suspicion of intelligence agency activity.

Because now, in the course of the proceedings of the parliamentary investigative committee probing the NSA’s activities in Germany in the wake of revelations leaked by whistleblower Edward Snowden, details about the event that took place in the summer of 2011 are gradually leaking to the public. At the beginning of May, the mass-circulation tabloid Bild am Sonntag reported on a Chancellery official who had been sidelined “in the wake of evidence of alleged betrayal of secrets through US secret services.”

Research conducted by SPIEGEL has determined the existence of CIA and NSA files filled with a large number of memos pertaining to the work of the German newsmagazine. And three different government sources in Berlin and Washington have independently confirmed that the CIA station chief in Berlin was referring specifically to Vorbeck’s contacts with SPIEGEL.

An Operation Justified by Security Interests?

Obama administration sources with knowledge of the operation said that it was justified by American security interests. The sources said US intelligence services had determined the existence of intensive contacts between SPIEGEL reporters and the German government and decided to intervene because those communications were viewed as damaging to the United States’ interests. The fact that the CIA and NSA were prepared to reveal an ongoing surveillance operation to the Chancellery underlines the importance they attached to the leaks, say sources in Washington. The NSA, the sources say, were aware that the German government would know from then on that the US was spying in Berlin.

As more details emerge, it is becoming increasingly clear that representatives of the German government at best looked away as the Americans violated the law, and at worst supported them.

Just last Thursday, Günter Heiss and his former supervisor, Merkel’s former Chief of Staff Ronald Pofalla, were questioned by the parliamentary investigative committee and attempted to explain the egregious activity. Heiss confirmed that tips had been given, but claimed they hadn’t been “concrete enough” for measures to be taken. When asked if he had been familiar with the issue, Pofalla answered, “Of course.” He said that anything else he provided had to be “in context,” at which point a representative of the Chancellery chimed in and pointed out that could only take place in a meeting behind closed doors.

In that sense, the meeting of the investigative committee once again shed light on the extent to which the balance of power has shifted between the government and the Fourth Estate. Journalists, who scrutinize and criticize those who govern, are an elementary part of the “checks and balances” — an American invention — aimed at ensuring both transparency and accountability. When it comes to intelligence issues, however, it appears this system has been out of balance for some time.

Government Lies

When SPIEGEL first reported in Summer 2013 about the extent of NSA’s spying on Germany, German politicians first expressed shock and then a certain amount of indignation before quickly sliding back into their persona as a loyal ally. After only a short time and a complete lack of willingness on the part of the Americans to explain their actions, Pofalla declared that the “allegations are off the table.”

But a number of reports published in recent months prove that, whether out of fear, outrage or an alleged lack of knowledge, it was all untrue. Everything the government said was a lie. As far back as 2013, the German government was in a position to suspect, if not to know outright, the obscene extent to which the United States was spying on an ally. If there hadn’t already been sufficient evidence of the depth of the Americans’ interest in what was happening in Berlin, Wednesday’s revelations by WikiLeaks, in cooperation with Süddeutsche Zeitung, filled in the gaps.

SPIEGEL’s reporting has long been a thorn in the side of the US administration. In addition to its reporting on a number of other scandals, the magazine exposed the kidnapping of Murat Kurnaz, a man of Turkish origin raised in Bremen, Germany, and his rendition to Guantanamo. It exposed the story of Mohammed Haydar Zammar, who was taken to Syria, where he was tortured. The reports triggered the launch of a parliamentary investigative committee in Berlin to look also into the CIA’s practices.

When SPIEGEL reported extensively on the events surrounding the arrest of three Islamist terrorists in the so-called “Sauerland cell” in Germany, as well as the roles played by the CIA and the NSA in foiling the group, the US government complained several times about the magazine. In December 2007, US intelligence coordinator Mike McConnell personally raised the issue during a visit to Berlin. And when SPIEGEL reported during the summer of 2009, under the headline “Codename Domino,” that a group of al-Qaida supporters was believed to be heading for Europe, officials at the CIA seethed. The sourcing included a number of security agencies and even a piece of information supplied by the Americans. At the time, the station chief for Germany’s BND intelligence service stationed in Washington was summoned to CIA headquarters in Langley, Virginia.

The situation escalated in August 2010 after SPIEGEL, together with WikiLeaks, the Guardian and the New York Times, began exposing classified US Army reports from Afghanistan. That was followed three months later with the publication of the Iraq war logs based on US Army reports. And in November of that year, WikiLeaks, SPIEGEL and several international media reported how the US government thinks internally about the rest of the world on the basis of classified State Department cables. Pentagon officials at the time declared that WikiLeaks had “blood on its hands.” The Justice Department opened an investigation and seized data from Twitter accounts, e-mail exchanges and personal data from activists connected with the whistleblowing platform. The government then set up a Task Force with the involvement of the CIA and NSA.

Not even six months later, the CIA station chief requested to go on the walk in which he informed the intelligence coordinator about Vorbeck and harshly criticized SPIEGEL.

Digital Snooping

Not long later, a small circle inside the Chancellery began discussing how the CIA may have got ahold of the information. Essentially, two possibilities were conceivable: either through an informant or through surveillance of communications. But how likely is it that the CIA had managed to recruit a source in the Chancellery or on the editorial staff of SPIEGEL?

The more likely answer, members of the circle concluded, was that the information must have been the product of “SigInt,” signals intelligence — in other words, wiretapped communications. It seems fitting that during the summer of 2013, just prior to the scandal surrounding Edward Snowden and the documents he exposed pertaining to NSA spying, German government employees warned several SPIEGEL journalists that the Americans were eavesdropping on them.

At the end of June 2011, Heiss then flew to Washington. During a visit to CIA headquarters in Langley, the issue of the alleged contact with SPIEGEL was raised again. Chancellery staff noted the suspicion in a classified internal memo that explicitly names SPIEGEL.

One of the great ironies of the story is that contact with the media was one of Vorbeck’s job responsibilities. He often took part in background discussions with journalists and even represented the Chancellery at public events. “I had contact with journalists and made no secret about it,” Vorbeck told SPIEGEL. “I even received them in my office in the Chancellery. That was a known fact.” He has since hired a lawyer.

It remains unclear just who US intelligence originally had in its scopes. The question is also unlikely to be answered by the parliamentary investigative committee, because the US appears to have withheld this information from the Chancellery. Theoretically, at least, there are three possibilities: The Chancellery — at least in the person of Hans Josef Vorbeck. SPIEGEL journalists. Or blanket surveillance of Berlin’s entire government quarter. The NSA is capable of any of the three options. And it is important to note that each of these acts would represent a violation of German law.

Weak Arguments

So far, the Chancellery has barricaded itself behind the argument that the origin of the information had been too vague and abstract to act on. In addition, the tip had been given in confidentiality, meaning that neither Vorbeck nor SPIEGEL could be informed. But both are weak arguments, given that the CIA station chief’s allegations were directed precisely at SPIEGEL and Vorbeck and that the intelligence coordinator’s deputy would ultimately be sidelined as a result.

And even if you follow the logic that the tip wasn’t concrete enough, there is still one committee to whom the case should have been presented under German law: the Bundestag’s Parliamentary Control Panel, whose proceedings are classified and which is responsible for oversight of Germany’s intelligence services. The nine members of parliament on the panel are required to be informed about all intelligence events of “considerable importance.”

Members of parliament on the panel did indeed express considerable interest in the Vorbeck case. They learned in fall 2011 of his transfer, and wanted to know why “a reliable coordinator in the fight against terrorism would be shifted to a post like that, one who had delivered excellent work on the issue,” as then chairman of the panel, Social Demoratic Party politician Thomas Oppermann, criticized at the time.

But no word was mentioned about the reasons behind the transfer during a Nov. 9, 2011 meeting of the panel. Not a single word about the walk taken by the CIA chief of station. Not a word about the business trip to Washington taken by Günter Heiss afterward. And not a word about Vorbeck’s alleged contacts with SPIEGEL. Instead, the parliamentarians were told a myth — that the move had been made necessary by cutbacks. And also because he was needed to work on an historical appraisal of Germany’s foreign intelligence agency, the BND.

Deceiving Parliament

Officials in the Chancellery had decided to deceive parliament about the issue. And for a long time, it looked as though they would get away with it.

The appropriate way of dealing with the CIA’s incrimination would have been to transfer the case to the justice system. Public prosecutors would have been forced to follow up with two investigations: One to find out whether the CIA’s allegations against Vorbeck had been true — both to determine whether government secrets had been breached and out of the obligation to assist a longtime civil servant. It also would have had to probe suspicions that a foreign intelligence agency conducted espionage in the heart of the German capital.

That could, and should, have been the case. Instead, the Chancellery decided to go down the path of deception, scheming with an ally, all the while interpreting words like friendship and partnership in a highly arbitrary and scrupulous way.

Günter Heiss, who received the tip from the CIA station chief, is an experienced civil servant. In his earlier years, Heiss studied music. He would go on as a music instructor to teach a young Ursula von der Leyen (who is Germany’s defense minister today) how to play the piano. But then Heiss, a tall, slightly lanky man, switched professions and instead pursued a career in intelligence that would lead him to the top post in the Lower Saxony state branch of the Office for the Protection of the Constitution. Even back then, the Christian Democrat was already covering up the camera on his laptop screen with tape. At the very least “they” shouldn’t be able to see him, he said at the time, elaborating that the “they” he was referring to should not be interpreted as being the US intelligence services, but rather the other spies – “the Chinese” and, “in any case, the Russians.” For conservatives like Heiss, America, after all, is friendly territory.

‘Spying Among Friends Not Acceptable’

If there was suspicion in the summer of 2011 that the NSA was spying on a staff member at the Chancellery, it should have set off alarm bells within the German security apparatus. Both the Office for the Protection of the Constitution, which is responsible for counter-intelligence, and the Federal Office for Information Security should have been informed so that they could intervene. There also should have been discussions between the government ministers and the chancellor in order to raise government awareness about the issue. And, going by the maxim the chancellor would formulate two years later, Merkel should have had a word with the Americans along the lines of “Spying among friends is not acceptable.”

And against the media.

If it is true that a foreign intelligence agency spied on journalists as they conducted their reporting in Germany and then informed the Chancellery about it, then these actions would place a huge question mark over the notion of a free press in this country. Germany’s highest court ruled in 2007 that press freedom is a “constituent part of a free and democratic order.” The court held that reporting can no longer be considered free if it entails a risk that journalists will be spied on during their reporting and that the federal government will be informed of the people they speak to.

“Freedom of the press also offers protection from the intrusion of the state in the confidentiality of the editorial process as well as the relationship of confidentiality between the media and its informants,” the court wrote in its ruling. Freedom of the press also provides special protection to the “the secrecy of sources of information and the relationship of confidentiality between the press, including broadcasters, and the source.”

Criminalizing Journalism

But Karlsruhe isn’t Washington. And freedom of the press is not a value that gives American intelligence agencies pause. On the contrary, the Obama administration has gained a reputation for adamantly pursuing uncomfortable journalistic sources. It hasn’t even shied away from targeting American media giants.

In spring 2013, it became known that the US Department of Justice mandated the monitoring of 100 telephone numbers belonging to the news agency Associated Press. Based on the connections that had been tapped, AP was able to determine that the government likely was interested in determining the identity of an important informant. The source had revealed to AP reporters details of a CIA operation pertaining to an alleged plot to blow up a commercial jet.

The head of AP wasn’t the only one who found the mass surveillance of his employees to be an “unconstitutional act.” Even Republican Senators like John Boehner sharply criticized the government, pointing to press freedoms guaranteed by the Bill of Rights. “The First Amendment is first for a reason,” he said.

But the Justice Department is unimpressed by such formulations. New York Times reporter James Risen, a two-time Pulitzer Prize winner, was threatened with imprisonment for contempt of court in an effort to get him to turn over his sources — which he categorically refused to do for seven years. Ultimately, public pressure became too intense, leading Obama’s long-time Attorney General Eric Holder to announce last October that Risen would not be forced to testify.

The Justice Department was even more aggressive in its pursuit of James Rosen, the Washington bureau chief for TV broadcaster Fox. In May 2013, it was revealed that his telephone was bugged, his emails were read and his visits to the State Department were monitored. To obtain the necessary warrants, the Justice Department had labeled Rosen a “criminal co-conspirator.”

The strategy of criminalizing journalism has become something of a bad habit under Obama’s leadership, with his government pursuing non-traditional media, such as the whistleblower platform WikiLeaks, with particular aggression.

Bradley Manning, who supplied WikiLeaks with perhaps its most important data dump, was placed in solitary confinement and tormented with torture-like methods, as the United Nations noted critically. Manning is currently undergoing a gender transition and now calls herself Chelsea. In 2013, a military court sentenced Manning, who, among other things, publicized war crimes committed by the US in Iraq, to 35 years in prison.

In addition, a criminal investigation has been underway for at least the last five years into the platform’s operators, first and foremost its founder Julian Assange. For the past several years, a grand jury in Alexandria, Virginia has been working to determine if charges should be brought against the organization.

Clandestine Proceedings

The proceedings are hidden from the public, but the grand jury’s existence became apparent once it began to subpoena witnesses with connections to WikiLeaks and when the Justice Department sought to confiscate data belonging to people who worked with Assange. The US government, for example, demanded that Twitter hand over data pertaining to several people, including the Icelandic parliamentarian Brigitta Jonsdottir, who had worked with WikiLeaks on the production of a video. The short documentary is an exemplary piece of investigative journalism, showing how a group of civilians, including employees of the news agency Reuters, were shot and killed in Baghdad by an American Apache helicopter.

Computer security expert Jacob Appelbaum, who occasionally freelances for SPIEGEL, was also affected at the time. Furthermore, just last week he received material from Google showing that the company too had been forced by the US government to hand over information about him – for the time period from November 2009 until today. The order would seem to indicate that investigators were particularly interested in Appelbaum’s role in the publication of diplomatic dispatches by WikiLeaks.

Director of National Intelligence James Clapper has referred to journalists who worked with material provided by Edward Snowden has his “accomplices.” In the US, there are efforts underway to pass a law pertaining to so-called “media leaks.” Australia already passed one last year. Pursuant to the law, anyone who reveals details about secret service operations may be punished, including journalists.

Worries over ‘Grave Loss of Trust’

The German government isn’t too far from such positions either. That has become clear with its handling of the strictly classified list of “selectors,” which is held in the Chancellery. The list includes search terms that Germany’s foreign intelligence agency, the BND, used when monitoring telecommunications data on behalf of the NSA. The parliamentary investigative committee looking into NSA activity in Germany has thus far been denied access to the list. The Chancellery is concerned that allowing the committee to review the list could result in uncomfortable information making its way into the public.

That’s something Berlin would like to prevent. Despite an unending series of indignities visited upon Germany by US intelligence agencies, the German government continues to believe that it has a “special” relationship with its partners in America — and is apparently afraid of nothing so much as losing this partnership.

That, at least, seems to be the message of a five-page secret letter sent by Chancellery Chief of Staff Peter Altmaier, of Merkel’s Christian Democrats, to various parliamentary bodies charged with oversight. In the June 17 missive, Altmaier warns of a “grave loss of trust” should German lawmakers be given access to the list of NSA spying targets. Opposition parliamentarians have interpreted the letter as a “declaration of servility” to the US.

Altmaier refers in the letter to a declaration issued by the BND on April 30. It notes that the spying targets passed on by the NSA since 2005 include “European political personalities, agencies in EU member states, especially ministries and EU institutions, and representations of certain companies.” On the basis of this declaration, Altmaier writes, “the investigative committee can undertake its own analysis, even without knowing the individual selectors.”

Committee members have their doubts. They suspect that the BND already knew at the end of April what WikiLeaks has now released — with its revelations that the German Economics Ministry, Finance Ministry and Agriculture Ministry were all under the gaze of the NSA, among other targets. That would mean that the formulation in the BND declaration of April 30 was intentionally misleading. The Left Party and the Greens now intend to gain direct access to the selector list by way of a complaint to Germany’s Constitutional Court.

The government in Berlin would like to prevent exactly that. The fact that the US and German intelligence agencies shared selectors is “not a matter of course. Rather, it is a procedure that requires, and indicates, a special degree of trust,” Almaier writes. Should the government simply hand over the lists, Washington would see that as a “profound violation of confidentiality requirements.” One could expect, he writes, that the “US side would significantly restrict its cooperation on security issues, because it would no longer see its German partners as sufficiently trustworthy.”

Altmaier’s letter neglects to mention the myriad NSA violations committed against German interests, German citizens and German media.

07/03/2015 06:05 PM

Find this story at 3 July 2015


Neue Spionageaffäre erschüttert BND

Der US-Geheimdienst NSA hat offenbar über Jahre hinweg mit Wissen des Bundesnachrichtendienstes Ziele in Westeuropa und Deutschland ausgespäht. Die Erkenntnisse darüber behielt der BND nach SPIEGEL-Informationen lange für sich.

Im Mittelpunkt des neuerlichen Skandals steht die gemeinsame Spionagetätigkeit von Bundesnachrichtendienst (BND) und US-Auslandsgeheimdienst NSA. Für die technische Aufklärung lieferte der US-Dienst seit mehr als zehn Jahren sogenannte Selektoren – also etwa IP-Adressen oder Handynummern – an die deutschen Partner. Diese wurden in die BND-Systeme zur Überwachung verschiedener Weltregionen eingespeist.

Mindestens seit dem Jahr 2008 fiel BND-Mitarbeitern mehrfach auf, dass einige dieser Selektoren dem Aufgabenprofil des deutschen Auslandsgeheimdienstes zuwiderlaufen – und auch nicht von dem “Memorandum of Agreement” abgedeckt sind, das die Deutschen und die Amerikaner zur gemeinsamen Bekämpfung des globalen Terrorismus 2002 ausgehandelt hatten. Stattdessen suchte die NSA gezielt nach Informationen etwa über den Rüstungskonzern EADS, Eurocopter oder französische Behörden. Der BND nahm das offenbar jedoch nicht zum Anlass, die Selektorenliste systematisch zu überprüfen.

Erst nach Enthüllung des NSA-Skandals im Sommer 2013 befasste sich eine BND-Abteilung gezielt mit den NSA-Suchbegriffen. Im Oktober 2013 lag das Ergebnis vor: Demnach verstießen rund 2000 der Selektoren eindeutig gegen westeuropäische und deutsche Interessen. Die Rede ist intern auch von Politikern, die demnach gezielt und unrechtmäßig ausspioniert wurden. Aber auch diesen Fund meldete der BND nicht an seine Aufsichtsbehörde, das Bundeskanzleramt. Stattdessen bat der zuständige Unterabteilungsleiter die NSA, derartige Verstöße künftig zu unterlassen.

BND-Chef von Ausschusssitzung ausgeschlossen

Das wahre Ausmaß des Skandals wurde nun erst aufgrund eines Beweisantrags bekannt, den Linke und Grüne für den NSA-Untersuchungsausschuss gestellt hatten. Die für den Ausschuss zuständige Projektgruppe des BND prüfte die NSA-Selektoren daraufhin erneut – mit dem Ergebnis, dass bis zu 40.000 davon gegen westeuropäische und deutsche Interessen gerichtet sind. Erst im März wurde das Bundeskanzleramt darüber unterrichtet. Weitere Überprüfungen wurden inzwischen angeordnet.

Am Mittwochabend unterrichtete Kanzleramtsminister Peter Altmaier (CDU) persönlich die Mitglieder des Parlamentarischen Kontrollgremiums und des NSA-Ausschusses über den Spionageskandal. BND-Präsident Gerhard Schindler wurde von der Sitzung explizit ausgeschlossen. Auch Spitzenpolitiker von SPD und CDU wurden bereits informiert.

Von Maik Baumgärtner, Hubert Gude, Marcel Rosenbach und Jörg Schindler
Donnerstag, 23.04.2015 – 16:23 Uhr

Find this story at 24 April 2015


Airbus va porter plainte pour soupçons d’espionnage en Allemagne (2015)

Airbus Group a annoncé jeudi son intention de porter plainte en Allemagne après les informations selon lesquelles le BND, le service fédéral de renseignement extérieur allemand, a aidé ses homologues américains à espionner plusieurs entreprises européennes.

“Nous avons demandé des informations supplémentaires au gouvernement”, a déclaré un porte-parole d’Airbus en Allemagne. “Nous allons porter plainte contre X en raison de soupçons d’espionnage industriel.”

L’hebdomadaire Der Spiegel a rapporté la semaine dernière que des responsables du BND avaient indirectement aidé la National Security Agency (NSA) américaine à espionner plusieurs cibles en Europe pendant plus de 10 ans.

Le ministre de l’Intérieur allemand, Thomas de Maizière, un proche allié de la chancelière Angela Merkel, a nié mercredi avoir menti au Parlement à propos de la collaboration entre les services de renseignement allemands et américains.

Il est depuis plusieurs jours sous le feu des critiques de l’opposition dans ce dossier en raison de son rôle lorsqu’il était directeur de la chancellerie fédérale entre 2005 et 2009.

En 2013, après la publication d’informations selon lesquelles les Etats-Unis avaient placé le téléphone portable de la chancelière sur écoute, Angela Merkel avait déclaré que “s’espionner entre amis n’est absolument pas acceptable”.

Le quotidien Handelsblatt avait le premier fait état de la plainte d’Airbus jeudi.

Selon la presse allemande, le BND a également aidé les services de renseignement américains à espionner les services de la présidence française, le ministère français des Affaires étrangères et la Commission européenne.

En France, plusieurs responsables politiques ont réclamé jeudi des excuses de l’Allemagne et une enquête dans ce dossier.

De son côté, le président de l’exécutif européen, Jean-Claude Juncker, a déclaré lors d’une conférence de presse ignorer si des agents allemands étaient en activité à Bruxelles mais il a rappelé avoir proposé dans le passé que la Commission crée ses propres services secrets “car les agents sont partout”.

Lui-même ex-Premier ministre d’un gouvernement luxembourgeois contraint à la démission par un scandale d’espionnage et de corruption en 2013, Jean-Claude Juncker a ajouté que son expérience personnelle lui avait appris que les services secrets étaient très difficiles à contrôler.

La semaine dernière, le gouvernement allemand avait reconnu des failles au sein de ses services de renseignement et dit avoir demandé au BND de les combler.

(Victoria Bryan, avec Adrian Croft à Bruxelles, Marc Angrand pour le service français)
Source : Reuters 30/04/15 à 18:48
Mis à jour le 30/04/15 à 20:30

Find this story at 30 April 2015

© 2015 Reuters

Reaktion auf Spionageaffäre: Rausschmiss erster Klasse ­(2014)

Die Bundesregierung reagiert auf die US­Spionage: Der oberste CIA­Vertreter in Berlin soll
das Land verlassen. Ein solcher Affront war bisher nur gegen Agenten von Paria­Staaten wie
Iran oder Nordkorea denkbar.
Berlin ­ Die Bundesregierung reagiert auf die neuen Spionagefälle und die Vorwürfe gegen die
USA mit einem diplomatischen Affront. Als Reaktion auf die Enthüllungen forderte Berlin den
Repräsentanten der amerikanischen Geheimdienste in Berlin auf, das Land zu verlassen.
Umgehend wurde die Botschaft unterrichtet, der Geheimdienstmann musste sich die
unfreundliche Bitte im Innenministerium von Verfassungsschutz­Chef Hans­Georg Maaßen
Ein paar Stunden später dann war in Berlin von einer formellen Ausweisung des CIA­Vertreters
die Rede, der als “station chief” die Aktivitäten des US­Geheimdienstes in Deutschland leitet.
Wenig später korrigierte die Regierung, man habe nur die Ausreise empfohlen. Das ist zwar nicht
gleichzusetzen mit einer Ausweisung, faktisch aber bleibt es ein Rausschmiss erster Klasse.
Die öffentliche Geste der indirekten Ausweisung ist diplomatisch gesehen ein Erdbeben. Eine
solche Maßnahme war bisher höchstens gegen Paria­Staaten wie Nordkorea oder Iran denkbar
gewesen. Zwar bat Deutschland in den 90er Jahren schon einmal einen US­Agenten um seine
Ausreise, er hatte versucht, eine Quelle im Wirtschaftsministerium anzuwerben. Damals aber
geschah der Rausschmiss eher diskret.
Der deutschen Entscheidung gingen am Donnerstagmorgen Krisentelefonate zwischen
Innenminister Thomas de Maizière, Außenminister Frank­Walter Steinmeier und Kanzleramtschef
Peter Altmaiervoraus. Dabei zeigten sich alle Minister enttäuscht über die wenig einlenkenden
Reaktionen der USA und waren sich einig: Deutschland könne die Angelegenheit nicht auf sich
beruhen lassen.
In den Gesprächen beriet man zunächst die bisherigen Signale aus Washington. CIA­Chef John
Brennan und der US­Botschafter John Emerson hatten Kontakt zur deutschen Regierung gesucht.
Berlin fehlten allerdings konkrete Angebote, die Vorwürfe schnell aufzuklären. Von einer
Entschuldigung war schon gar nicht die Rede.
Im Parlamentarischen Kontrollgremium berichtete Klaus­Dieter Fritsche, Merkels Beauftragter für
die Nachrichtendienste, am Donnerstag ernüchtert über das Telefonat mit CIA­Chef Brennan.
Dieser, so Fritsche, habe nichts außer Floskeln über die transatlantische Verbundenheit und
seinen Ärger über die schlechte Presselage beizutragen gehabt.
Offiziell hatte sich die Regierung in der Spionage­Affäre bisher zurückgehalten. Man warte erst die
juristische Aufklärung und mögliche Erklärungen der USA ab. Offenbar aber war der Ärger bis
Donnerstag aber so gewachsen, dass die Phase der Zurückhaltung nun beendet wurde.
Innenminister Thomas de Maizière wollte nach den Beratungen keinen Kommentar abgeben.
Zwar spielte er wie zuvor Wolfgang Schäuble den möglichen Schaden herunter ­ er nannte die
von den USA gewonnenen Informationen “lächerlich”.
Gleichsam unterstrich er, dass der politische Schaden allein durch die Verdachtsmomente gegen
die USA “unverhältnismäßig und schwerwiegend” sei. Deswegen sei ein wirksamer Schutz gegen
Angriffe auf unsere Kommunikation ebenso wie eine effektive Spionageabwehr “unverzichtbar für
unsere wehrhafte Demokratie”. Man sei dabei, beides zu stärken und auszuweiten.
Bundeskanzlerin Angela Merkel machte ihrem Ärger auf die für sie typische Weise Luft. “Mit
gesundem Menschenverstand betrachtet ist das Ausspähen von Freunden und Verbündeten ein
Vergeuden von Kraft”, so die Kanzlerin blumig und doch deutlich. Die Geheimdienste sollten nicht
alles tun, was machbar ist, sondern sich bei ihrer Arbeit “auf das Wesentliche” konzentrieren.
Bisher noch keinen Haftbefehl vorgelegt
10/16/2015 Druckversion ­ Reaktion auf Spionageaffäre: Rausschmiss erster Klasse ­ SPIEGEL ONLINE ­ Politik
http://www.spiegel.de/politik/deutschland/spionage­bundesregierung­fordert­cia­vertreter­zur­ausreise­auf­a­980342­druck.html 2/3
Erst am Mittwoch war ein neuer Spionageverdacht bekannt geworden, in diesem Fall verdächtigt
die Bundesanwaltschaft einen Länderreferenten aus der Abteilung Politik des Wehrressorts,
Informationen an einen US­Geheimdienst weitergegeben zu haben. Der Militärische
Abschirmdienst (MAD) hatte den jungen Referenten, der seit gut einem Jahr in einer
Unterabteilung für die Sicherheitspolitik tätig war, wegen des Verdachts schon seit 2010
beobachtet, am Mittwoch dann rückten Ermittler vom Generalbundesanwalt im Ministerium an.
Ob der Verdacht stichhaltig war, ist schwer zu bewerten. Zwar verdächtigte man den heutigen
Referenten wegen seines engen Kontakts zu einem vermeintlichen US­Geheimdienstler, den er
vor Jahren während eines Jobs im Kosovo kennengelernt hatte. Bisher aber fehlen Beweise, dass
dieser den Deutschen tatsächlich abschöpfte. Er selbst bestreitet eine Agententätigkeit. In seiner
Vernehmung habe der Mitarbeiter aus dem Wehrressort die Beziehung zu dem Amerikaner
vielmehr als reine Männerfreundschaft bezeichnet. So berichtete es der Vertreter des
Generalbundesanwalts im Kontrollgremium.
Verdächtig erschien den Ermittlern nicht zuletzt eine Überweisung von 2.000 Euro, die der USAmerikaner
vor einiger Zeit auf das Konto des Deutschen veranlasste. Auch hierfür habe der
Ministeriumsmitarbeiter eine Erklärung gehabt: Das Geld, so soll er ausgesagt haben, sei im
Rahmen einer Hochzeitsfeier geflossen und auch teilweise zurückgezahlt worden.
Auch der Generalbundesanwalt sprach nach der Durchsuchung und der Vernehmung nur von
einem Anfangsverdacht und beantragte noch nicht mal einen Haftbefehl. Trotzdem sorgte allein
die Nachricht nur wenige Tage nach dem Bekanntwerden eines ähnlichen Falls beim
Bundesnachrichtendienst (BND) für einen Schock.

10. Juli 2014, 16:36 Uhr
Von Matthias Gebauer und Veit Medick

Find this story at 10 July 2014


Spy vs. Spy: Espionage and the U.S.-Israel Rift

If more evidence was needed to show that the relationship between Benjamin Netanyahu and Barack Obama has morphed from tragedy to farce, it came late Monday with the revelation that Israel had spied on the nuclear talks between the United States and Iran.

“The White House discovered the operation,” according to the blockbuster account by Adam Entous in The Wall Street Journal, “when U.S. intelligence agencies spying on Israel intercepted communications among Israeli officials that carried details the U.S. believed could have come only from access to the confidential talks, officials briefed on the matter said.”

Talk about spy vs. spy, the old Mad magazine trope featuring two pointy-nosed, masked cartoon creatures. The National Security Agency, eavesdropping on Israeli officials (as usual, according to the revelations of Edward Snowden), overheard them discussing intelligence their own spies had gathered by spying on U.S. officials talking about the Iran negotiations.

Try Newsweek: subscription offers

This was a whole new level of gamesmanship between the two bickering allies.

“It’s one thing for the U.S. and Israel to spy on each other. It is another thing for Israel to steal secrets and play them back to U.S. legislators to undermine U.S. diplomacy,” an unnamed “senior U.S. official” told the Journal.

Officials in Jerusalem issued emphatic denials, as they did last year when Newsweek reported on Israeli espionage against the U.S., saying that “Israel does not spy on the United States, period, exclamation mark,’’ as Yuval Steinitz, minister for intelligence and strategic affairs, told Israel Radio on Tuesday.

Of course, Israel does spy on the U.S., and vice versa. In the age of cyberwar, electronic spying runs on autopilot, with state-of-the-art Pac-Mans zooming around the Internet gobbling up anything with the right keyword. Anybody with an antenna (or a keyboard) spies on whoever is seen as the remotest threat, including friends. Or as the Journal put it, “While U.S. officials may not be direct targets…Israeli intelligence agencies sweep up communications between U.S. officials and parties targeted by the Israelis, including Iran.”

And how did the Israelis intercept conversations between officials in Tehran and Washington? In another comedic dimension to this latest spy flap, it turns out that “U.S. intelligence agencies helped the Israelis build a system to listen in on high-level Iranian communications,” the Journal reported.

In part, it’s an old story. Israel’s clandestine operations to steal U.S. scientific, technical, industrial and financial secrets are so commonplace here that officials in the Pentagon and FBI periodically verge into open revolt.

Last year, U.S. intelligence officials trooped up to Capitol Hill to tell U.S. lawmakers considering visa waivers for Israelis that Jerusalem’s spying here had “crossed red lines.” One congressional staffer who attended the behind-closed-doors briefings called the information “very sobering…alarming…even terrifying.” Another staffer called it “damaging.”

“We used to call the Israelis on the carpet once a year to tell them to cut it out, when a particular stunt was just too outrageous ” says a former top FBI counterintelligence official. “They’d make all the right noises and then go right back at it through another door.” But since Israel is such an important strategic ally of the U.S., it was a sin that could not be named. The standing order has always been to just suck it up.

Until this week. The accusations by the unnamed Obama administration officials marked a new frontier in calling out the Israelis—or at least Netanyahu’s right-wing administration.

Netanyahu had crossed some sort of red line again when, according to the Journal, his man in Washington began quietly sharing Israeli intelligence about the U.S. negotiating position with members of Congress, hoping to shore up support for its rejection of any deal with the Iranians short of a total nuclear capitulation on their part. But what seems to have pushed Obama officials over the edge was that Ambassador Ron Dermer, a former Republican operative who holds dual U.S.-Israeli citizenship, was wildly exaggerating what the U.S. position was, according to the Journal, making it sound like the White House had given away the store to the Iranians in a desperate effort to ink a deal.

Republican Representative Devin Nunes of California, chairman of the House Intelligence Committee, indicated he had indeed gotten a different view on Iran from sources outside the administration.

“As good as our intelligence community is, a lot of times we don’t even know what the Iranians are up to,” he told CNN. “So we were shocked at the disclosures that have come forward of the size and scope of the Iranian program even in the most recent years.”

One former U.S. intelligence operative with long, firsthand familiarity with Israeli operations called the revelation “appalling but not surprising,” especially under Netanyahu, whose governing coalition depends on the support of far-right Orthodox and ultra-Orthodox parties with a stake in the West Bank settlements.

“The fact that there is such manipulation of our institutions by a so-called ally must be exposed, and the ‘useful idiots’ in [the U.S.] government who toe the Likud line will someday be looked back upon as men and women who sacrificed the U.S. national interest for a foreign ideology—Likud right-wing Zionism,” the operative said, on condition of anonymity due to the sensitivity of the matter.

“We know publicly that the administration is seething,” he added, “but I can assure you that behind closed doors the gloves are coming off. Bibi is in the administration’s crosshairs. If this is what is being allowed to leak publicly, you can bet that, behind the scenes, folks both in the White House and the foreign policy-intel community [are prepared to] act on that anger.”

This is not the end of it, he predicted. The American Israel Public Affairs Committee (AIPAC), which critics say has morphed from a powerful “pro-Israel” lobby to a powerful pro-Likud lobby over the years, will be Obama officials’ next target.

“I’m betting there are going to be some willing leakers now about stories such as AIPAC’s operations against Congress,” the former operative said.

Bob Corker of Tennessee, the Republican chairman of the Senate Foreign Relations Committee, has no doubt that Obama administration officials made a calculated decision to call out Netanyahu, who has long been at odds with the White House on the Middle East peace process, Israeli settlements in the occupied West Bank and the Iranian nuclear talks.

“I think y’all all understand what’s happening here,” he told reporters. “I mean, you understand who’s pushing this out.”

But if Senator Tim Kaine, a Virginia Democrat, is any barometer, the Israelis have little to worry about.

“I just don’t look at that as spying,” Kaine said of the Journal’s allegations. “Their deep existential interest in such a deal, that they would try to figure out anything that they could, that they would have an opinion on it…I don’t find any of that that controversial.”

Jeff Stein writes SpyTalk from Washington, D.C. He can be reached more or less confidentially via spytalker@hushmail.com.

BY JEFF STEIN 3/25/15 AT 12:23 PM

Find this story at 25 March 2015



Israeli Prime Minister Benjamin Netanyahu yesterday vehemently denied a Wall Street Journal report, leaked by the Obama White House, that Israel spied on U.S. negotiations with Iran and then fed the intelligence to Congressional Republicans. His office’s denial was categorical and absolute, extending beyond this specific story to U.S.-targeted spying generally, claiming: “The state of Israel does not conduct espionage against the United States or Israel’s other allies.”

Israel’s claim is not only incredible on its face. It is also squarely contradicted by top-secret NSA documents, which state that Israel targets the U.S. government for invasive electronic surveillance, and does so more aggressively and threateningly than almost any other country in the world. Indeed, so concerted and aggressive are Israeli efforts against the U.S. that some key U.S. government documents — including the top secret 2013 intelligence budget — list Israel among the U.S.’s most threatening cyber-adversaries and as a “hostile” foreign intelligence service.

One top-secret 2008 document features an interview with the NSA’s Global Capabilities Manager for Countering Foreign Intelligence, entitled “Which Foreign Intelligence Service Is the Biggest Threat to the US?” He repeatedly names Israel as one of the key threats.

While noting that Russia and China do the most effective spying on U.S., he says that “Israel also targets us.” He explains that “A NIE [National Intelligence Estimate] ranked [Israel] as the third most aggressive intelligence service against the US.” While praising the surveillance relationship with Israel as highly valuable, he added: “One of NSA’s biggest threats is actually from friendly intelligence services, like Israel.” Specifically, the Israelis “target us to learn our positions on Middle East problems.”

Other NSA documents voice the grievance that Israel gets far more out of the intelligence-sharing relationship than the U.S. does. One top-secret 2007 document, entitled “History of the US – Israel SIGINT Relationship, post 1992,” describes the cooperation that takes place as highly productive and valuable, and, indeed, top-secret documents previously reported by The Intercept and the Guardian leave no doubt about the very active intelligence-sharing relationship that takes place between the two countries. Yet that same document complains that the relationship even after 9/11 was almost entirely one-sided in favor of serving Israeli rather than U.S. interests:

The U.S. perception of Israel as a threat as much as an ally is also evidenced by the so-called “black budget” of 2013, previously referenced by The Washington Post, which lists Israel in multiple places as a key intelligence “target” and even a “hostile foreign intelligence service” among several other countries typically thought of as the U.S.’s most entrenched adversaries:

The same budget document reveals that the CIA regards Israel — along with Russia, China, Iran, Pakistan and Cuba — as a “priority threat country,” one against which it “conduct[s] offensive [counter-intelligence] operations in collaboration with DoD”:

One particular source of concern for U.S. intelligence are the means used by Israel to “influence anti-regime elements in Iran,” including its use of “propaganda and other active measures”:

What is most striking about all of this is the massive gap between (a) how American national security officials talk privately about the Israelis and (b) how they have talked for decades about the Israelis for public consumption — at least until the recent change in public rhetoric from Obama officials about Israel, which merely brings publicly expressed American views more in line with how U.S. government officials have long privately regarded their “ally.” The NSA refused to comment for this article.

Previously reported stories on Israeli spying, by themselves, leave no doubt how false Netanyahu’s statement is. A Der Spiegel article from last fall revealed that “Israeli intelligence eavesdropped on US Secretary of State John Kerry during Middle East peace negotiations.” A Le Monde article described how NSA documents strongly suggest that a massive computer hack of the French presidential palace in 2012 was likely carried about by the Israelis. A 2014 article from Newsweek’s Jeff Stein revealed that when it comes to surveillance, “the Jewish state’s primary target” is “America’s industrial and technical secrets” and that “Israel’s espionage activities in America are unrivaled and unseemly.”

All of these stories, along with these new documents, leave no doubt that, at least as the NSA and other parts of the U.S. National Security State see it, Netanyahu’s denials are entirely false: The Israelis engage in active and aggressive espionage against the U.S., even as the U.S. feeds the Israelis billions of dollars every year in U.S. taxpayer funds and protects every Israeli action at the U.N. Because of the U.S. perception of Israel as a “threat” and even a “hostile” foreign intelligence service — facts they discuss only privately, never publicly — the U.S. targets Israel for all sorts of espionage as well.

Glenn Greenwald, Andrew Fishman
Mar. 25 2015, 8:06 p.m.

Find this story at 25 March 2015

Copyright https://firstlook.org/theintercept/