US’ NSA spying on BJP

United States National Security Agency (NSA) is spying on India’s ruling Bharatiya Janata Party (BJP), a report said on Tuesday. According to a report published in news agency ANI, WikiLeaks claimed that apart from BJP, NSA is also spying on Pakistan Peoples Party (PPP). “Hundreds of NSA cyber weapons variants publicly released including code showing hacking of Pakistan mobile system,” WikiLeaks had said.

— source zeenews.india.com

Hackers release files indicating NSA monitored global bank transfers

Hackers released documents and files on Friday that cybersecurity experts said indicated the U.S. National Security Agency had accessed the SWIFT interbank messaging system, allowing it to monitor money flows among some Middle Eastern and Latin American banks. The documents and files were released by a group calling themselves The Shadow Brokers. Some of the records bear NSA seals. Also published were many NSA programs for attacking various versions of the Windows operating system, at least some of which still work, researchers said.

— source reuters.com

Oh Thats one of the reason Modi puppet is pushing for digital money in india.

Top-Secret Snowden Document Reveals What the NSA Knew About Previous Russian Hacking

To date, the only public evidence that the Russian government was responsible for hacks of the DNC and key Democratic figures has been circumstantial and far short of conclusive, courtesy of private research firms with a financial stake in such claims. Multiple federal agencies now claim certainty about the Kremlin connection, but they have yet to make public the basis for their beliefs.

Now, a never-before-published top-secret document provided by whistleblower Edward Snowden suggests the NSA has a way of collecting evidence of Russian hacks, because the agency tracked a similar hack before in the case of a prominent Russian journalist, who was also a U.S. citizen.

In 2006, longtime Kremlin critic Anna Politkovskaya was gunned down in her apartment, the victim of an apparent contract killing. Although five individuals, including the gunman, were convicted for the crime, whoever ordered the murder remains unknown. Information about Politkovskaya’s journalism career, murder, and the investigation of that crime was compiled by the NSA in the form of an internal wiki entry. Most of the wiki’s information is biographical, public, and unclassified, save for a brief passage marked top secret:

Russian Federal Intelligence Services (probably FSB) are known to have targeted the webmail account of the murdered Russian journalist Anna Politkovskaya. On 5 December 2005, RFIS initiated an attack against the account annapolitkovskaia@US Provider1, deploying malicious software which is not available in the public domain. It is not known whether this attack is in any way associated with the death of the journalist.

Although the NSA document does not specify the account, Anna Politkovskaya was known to use the email address annapolitkovskaia@yahoo.com.

In response to a query from The Intercept about the hacking of Politkovskaya’s account, Yahoo replied in a statement: “We can only disclose information about a specific user account pursuant to our terms of service, privacy policy and law enforcement guidelines.”

The year after her email was hacked, Politkovskaya was murdered, a crime that was widely suspected, though never proven, to be a Kremlin reprisal for her reporting on Chechnya and criticism of Vladimir Putin.

This hack sounds more or less like a very rough sketch of what private firms like CrowdStrike allege the FSB perpetrated against the DNC this year, and presumably what entities like the Federal Bureau of Investigation, the Central Intelligence Agency, and the Office of the Director of National Intelligence have, behind closed doors, told President Obama took place.

What’s particularly interesting here is the provenance of NSA’s claims: The section is classified TS/SI, meaning Top Secret Signals Intelligence, the interception of signals (broadly construed) as they pass from one point to another, including anything from tapped phone calls to monitored internet traffic. That is to say, the NSA knew Russia hacked Politkovskaya because the NSA was spying. Thanks to the Snowden revelations, we know there are many powerful, overlapping government spy programs that could allow the NSA to observe communications as they unfold.

Unfortunately, in the case of this wiki there’s no indication of exactly what sort of SIGINT was collected with regard to Politkovskaya, or how it incriminated Russian intelligence — all we have is the allusion to the evidence, not the evidence. The NSA declined to comment.

But that this evidence existed at all is important, and more so today than ever. Simply, the public evidence that the Russian government hacked the Democrats isn’t convincing. Too much of what’s been passed off to the public as proof of Kremlin involvement is based on vague clues and educated guesses of what took place. Signals intelligence could bridge the empirical gap.

Adm. Mike Rogers, the current NSA chief, has already publicly claimed that Russia was behind the attack. “This was a conscious effort by a nation state to attempt to achieve a specific effect,” Rogers said in November, without specifically mentioning Russia.

NSA whistleblowers have so far given the best idea of what the NSA’s signals intelligence on Russia, today or in 2005, could look like. Earlier this year, Snowden tweeted that if the Russian government was indeed behind the hacking of the Democrats, the NSA most likely has the goods, noting that XKEYSCORE, a sort of global SIGINT search engine, “makes following exfiltrated data easy. I did this personally against Chinese ops.” Snowden went so far as to say that nailing down this sort of SIGINT hacker attribution “is the only case in which mass surveillance has actually proven effective.”

The ex-U.S. intelligence personnel who comprise the group Veteran Intelligence Professionals for Sanity, including fellow high-profile NSA whistleblower William Binney, echoed Snowden’s assessment earlier this month:

The bottom line is that the NSA would know where and how any “hacked” emails from the DNC, HRC or any other servers were routed through the network. This process can sometimes require a closer look into the routing to sort out intermediate clients, but in the end sender and recipient can be traced across the network.

Signal interception can take many different forms, and again, there’s no way to know exactly what the NSA had intercepted surrounding Anna Politkovskaya. But we know intelligence is being gathered on a fine enough level to pin the breach of a single inbox on the Russian government. If the NSA could use signals intelligence to track a specific hack of an American email account in 2005, it’s not too much to assume that, 10 years later, the agency possesses the same or better capability. And signals intelligence is the type of evidence that the American people are owed from the federal government today, as we contemplate a possible confrontation with Russia for interfering in our most important of democratic processes.

— source theintercept.com By Sam Biddle

NSA Revelations From 262 Spy Documents

By the first half of 2004, the National Security Agency was drowning in information. It had amassed 85 billion phone and online records and cut the ribbon on a new hacking center in Hawaii — but it was woefully short on linguists who could make sense of captured communications and lacked enough network analysts to effectively monitor all the systems it had hacked.

The signals intelligence collected by the agency was being used for critically important decisions even as NSA struggled to understand it. Some bombs in Iraq were being targeted based entirely on signals intelligence, a senior NSA official told staff at the time — with decisions being made in a matter of “minutes” with “less and less review.”

Information overload is just one of several themes running through 262 articles from the NSA’s internal news site, SIDtoday, which The Intercept is now releasing after careful review. The documents also detailed an incident in which the Reagan administration appears to have leaked classified intelligence to the press for political purposes, described in an accompanying article by reporter Jon Schwarz.

SIDtoday articles published today also describe how the NSA trained FBI agents, enabled U.S. intervention in Latin America, and, with the help of a gifted analyst at the Defense Intelligence Agency, learned the value of simply reading information that was already public. One document even suggests that NSA personnel routinely got dangerously chatty at restaurants near headquarters. These stories and more are described in the highlights reel below. The NSA declined to comment.
Dropping Bombs in Iraq “With Less and Less Review”

A top NSA official disclosed in a January 2004 SIDtoday column that U.S. forces were “dropping bombs” based entirely on signals intelligence, the type of intelligence collected by the agency. He then implied that the American officers involved risked prosecution for war crimes.

Charles Berlin, chief of staff in the Signals Intelligence Directorate, recounted an anecdote about a former commander of his who, in one session in the winter of 1995-96, personally reviewed more than 100 possible airstrike targets in the Balkans. The commander’s motivation, Berlin said, was to protect his underlings from being prosecuted for war crimes, and his actions “really brought home the concepts of responsibility and accountability.”

“For us today this lesson is especially important,” he added. “The planning cycle for dropping a bomb has compressed from a day to minutes and the criterion for the aiming point has less and less review.”

“As many of you know, our forces in Iraq are dropping bombs on the strength of SIGINT alone. We are proud of their confidence in us, but have you ever considered the enormous risk the commanders are assuming in this regard? Are you ready to share that risk?”

Inside the NSA’s Call-Logging Machine

Among the ways the NSA identified potential terrorists was through a practice known as “information chaining,” which uses communications metadata to draw a social graph. And there’s no question the agency had lots of metadata: As of 2004, the NSA had amassed a database of more than 85 billion metadata records related to phone calls, billing, and online calls — and was adding 125 million records a day, according to a January 2004 SIDtoday article titled “The Rewards of Metadata.”

The database, known as FASCIA II, would at some unspecified point in the future begin processing 205 million records a day and storing 10 years of data, the article added. One of the world’s largest Oracle databases at the time, FASCIA II held metadata records from telephone calls, wireless calls, billing, the use of media over the internet, and high-powered cordless phones, with plans to add email metadata in the future.

The article explained that metadata is used by the agency in the process of “information chaining,” in which analysts spy on relationships between people. It further claimed that two senior al Qaeda operatives had been captured with the help of such techniques. A March 2004 SIDtoday article said a chaining tool called MAINWAY helped a counterterrorism analyst uncover six new “terrorist-related numbers.”
Short on Linguists, NSA Struggled to Understand Targets

It’s one thing to collect phone calls, email messages, and other signals intelligence. It’s quite another to make sense of it. Several SIDtoday articles from the first half of 2004 made clear that the NSA was falling far short in its attempts to process communications conducted in languages other than English.

Only half of the agency’s more than 2,300 “language missions” worldwide had qualified personnel, according to a June 2004 SIDtoday article by an NSA “senior language authority.” The author declared that “this shortcoming must be rectified.” An NSA report to an oversight council, quoted in the article, said that the lack of qualified language analysts was particularly acute in the “Global War on Terrorism.”

Exacerbating the situation was the fact that captured communications require a high level of linguistic proficiency to understand. “The cryptologic language analyst must be able to read and listen ‘between the lines’ to unformatted, unpredictable discourse,” as the article put it. Only a quarter of military cryptologic linguists, who formed the vast majority of the workforce, could work at this level, known as “level 3” proficiency, while barely half of the civilian cryptologic linguists could, according to a follow-up SIDtoday article. The military’s language training institute offered “virtually no existing curriculum” above level 2.

NSA’s plan to address the problem included reforms to the training institute and on-site instruction to bring existing linguists up to higher levels. The agency planned to invest about $80 million per year in training over five years. Other efforts included an internal online language training tool, an evaluation of redundant Arabic machine translation projects underway in various government agencies, and the formation of a language technology team within the NSA.

How the NSA Over-Hacked

Sometimes metadata isn’t enough and the NSA decides it needs to compromise targets’ computers to collect much more data. The first half of 2004 saw a ramp-up of NSA’s hacking capabilities. In March, SIDtoday reported, the agency’s elite hacking team Tailored Access Operations approved Kunia Regional Security Operations Center in Hawaii — the same facility where Edward Snowden later worked — as the first NSA field office to conduct “advanced” Computer Network Exploitation. Other facilities conduct the first stage of hacking, “target mapping,” but the Kunia facility began doing “vulnerability scanning” all the way through to “sustained SIGINT collection.”

Another March SIDtoday article said that an advanced network analysis division used to help “exploit targets of interest” had “played an instrumental part” in capturing alleged al Qaeda operative Husam al-Yemeni, had developed a “more complete understanding of the Pakistani Army Defense Network (ADN) infrastructure,” and had assisted with the hacking of “an important digital network associated” with the leader of Venezuela at the time, referred to erroneously as “Victor Chavez.”

The NSA was so successful at hacking networks that the agency was overwhelmed with information. “We simply do not have enough network analysts to effectively monitor these targeted networks,” an NSA division chief wrote in an April 2004 SIDtoday article. To solve the problem, the agency began prototyping an automated monitoring system.

“Outstanding” Bookworm Spy Doesn’t Need to Really Spy

Even as the NSA made enormous efforts to collect vast quantities of private communications, a lone SIDtoday article extolled the value of publicly available data. The piece, from May 2004, gushed about a Defense Intelligence Agency analyst who dug up leads by poring over Russian material that was “open source.” The DIA bookworm searched in newspapers, government documents, and “obscure websites” for information that aided the NSA in collecting intelligence, including names, telephone numbers, and addresses. The article, co-authored by an NSA director with responsibility for Russia, praised the analyst’s “outstanding language and research skills.” It turned out that “critical lead information” on Russian underground facilities, including a mysterious and widely discussed site at Yamantau Mountain in the Urals, was “often only available in open source literature, such as the Internet.”

How the NSA Secures — and Routinely Puts at Risk — Sensitive Information

Knowing how much intelligence value could be reaped from openly circulated information, the NSA worked to encourage discretion among members of its workforce. NSA employees practiced poor operational security on a “monthly” basis by disclosing too much information in restaurants and other public settings near the agency’s Fort Meade headquarters, an agency security manager indicated in a tutorial on operational security that ran in SIDtoday in April 2004.

The article used a hypothetical scenario to explain why operational security, or OPSEC, was important for everyone. The author, OPSEC manager for the NSA’s Signals Intelligence Directorate, wrote: “You’re at a luncheon at a local restaurant to bid farewell to Sue, a co-worker who is moving on to a new office.” Your boss makes a toast to Sue, describing her contributions against organized crime and offering various details of her work. Sue then gives a toast thanking some of the gathered individuals.

“Sound familiar?” the OPSEC manager asked. “Then you’ve witnessed (or perhaps participated in) a demonstration of poor OPSEC. … Have you ever stopped to consider what your unclassified public discussions might be giving away? Take the scenario, for instance. This is a scene that is played out monthly in the Fort Meade area.” The article went on to list the pieces of information that an adversary, who could have been listening in from a nearby table, would have learned.

OPSEC turned out to be a recurring theme for SIDtoday — OPSEC training is, after all, mandatory for all NSA personnel. A January 2004 article, written by the author of the April 2004 piece, listed some tips to help personnel to apply OPSEC to their day-to-day activities: Identify your critical information, analyze the threat, identify vulnerabilities, assess risk, and apply countermeasures.

NSA employees aren’t the only ones trained to practice good OPSEC. A March 2005 article reported that the leaders of Venezuela and Cuba practiced OPSEC successfully. President Bush considered Venezuelan President Hugo Chavez a “threat to democracy in the region and a threat to U.S. interests in particular.” But “from a SIGINT perspective, Venezuela poses a particularly difficult challenge. With Castro as his mentor, Chavez has learned the importance of communications security and has made sure that his subordinates understand this as well.”
Law & Order & the NSA

Various 2004 SIDtoday articles highlight the NSA’s behind-the-scenes work on behalf of federal law enforcement.

One detailed a two-week training course on “intelligence reporting” given by NSA staff to FBI officers working on terrorism cases. The course, which had a component dubbed “SIGINT Reporting 101,” aimed to provide “insight into the complexity and difficulty of our business” and to dispel “Hollywood myths about the NSA.”

Another SIDtoday article showed how the U.S. Coast Guard was able to interdict a boat carrying 3.2 metric tons of cocaine thanks to the NSA’s monitoring of VHF radio signals, which carried voice communications of narcotraffickers. An official Coast Guard history of the incident elides the NSA’s role. The same SIDtoday article also disclosed that the Colombian air force carried out a strike against a suspected trafficker aircraft after a tip-off from the NSA.
NSA vs. FARC

Colombian guerrillas holding American hostages evaded massive NSA surveillance, according to a February 2004 SIDtoday article.

One year after three American contractors, who had been on a surveillance mission for the U.S. military, were captured by the Revolutionary Armed Forces of Colombia, a Marxist guerilla group, the U.S. “has not been able to determine with high confidence the exact location and status of the hostages,” wrote an NSA account manager for the military’s Southern Command. This despite “hundreds” of U.S. government personnel having worked to gain their release. U.S. efforts were stymied when FARC’s leadership ordered that personnel cease mentioning hostage operations directly in their communications; the best the NSA could achieve at the time of the SIDtoday article was to monitor calls between two radio operators, “Paula and Adriana,” who in turn were connected to the FARC leaders “we strongly suspect are linked to the hostages.”

The author of the SIDtoday article added that the agency continued to try and get a fix on the location of the hostages. Yet their captors eluded the Americans for another four years. The three Americans were freed by Colombian commandos in July 2008.

A March 2004 SIDtoday article noted a success against FARC, bragging that the arrest of FARC financial leader Anayibe Rojas Valderrama, known as “Sonya,” and a number of her associates a month earlier “resulted from years of monitoring. … Accurate geolocational data as to where she was and when, allowed a vetted Colombian team to capture them by surprise and without any loss of life.” Valderrama was extradited to the United States where she was tried and convicted on drug trafficking charges in 2007.

Internal NSA Criticism of Political Groups and the News Media

A national intelligence officer gave a top-secret “issue seminar” to NSA staff on the question of “where political action fades into terrorism,” according to a seminar announcement published in June 2004. The announcement suggested that the line between “legitimate political activity” and “activity that is the precursor to, or supportive of, terrorism” is fuzzy. The course used the Vienna-based organization Anti-Imperialist Camp as a case study, describing it as “ostensibly a political organization” but noting that “its many ties to terrorist organizations — and its attempts to collaborate with Muslim extremists — raise questions about where political action fades into terrorism.” No further details were given to substantiate the alleged ties; the group’s website remains online. A spokesperson for the group, Wilhelm Langthaler, told The Intercept that the group was targeted for such accusations for political reasons, including its opposition to the war in Iraq and “our public support for the resistance against occupation which we have compared with the antifascist resistance against German occupation.”

Another seminar announcement said the news media helped stymie U.S. intelligence collection. “A day hasn’t gone by that our adversaries haven’t picked up a newspaper or gone on the Internet to learn something new about how the US intelligence gathering system operates and what its capabilities or limitations are,” the course overview explained. “And in response, a day hasn’t gone by that our adversaries haven’t modified their operations and activities to avoid being detected and collected against by the US intelligence gathering system.”
NSA’s Role in the Failed Iran Hostage Rescue Attempt

In an anecdote about signals intelligence during the 1980 Iranian hostage rescue mission, a SIGINT staffer recalled the night of April 24 of that year, when he was told he was monitoring the ongoing “Operation Ricebowl.” In a May 2004 SIDtoday article, the staffer wrote: “We knew the parameters of the Iranian Air Defense system because it was U.S. equipment and installed by U.S. contractors while the Shah of Iran was still in power. We knew exactly where the gaps in coverage were and we exploited it during the rescue attempt.” The author went on to describe his shock the next morning when he saw on TV news at home that the mission had ended with a disastrous helicopter crash.

— source theintercept.com By Micah Lee, Margot Williams

Titanpointe – The NSA’s Spy Hub in New York, Hidden in Plain Sight

They called it Project X. It was an unusually audacious, highly sensitive assignment: to build a massive skyscraper, capable of withstanding an atomic blast, in the middle of New York City. It would have no windows, 29 floors with three basement levels, and enough food to last 1,500 people two weeks in the event of a catastrophe.

But the building’s primary purpose would not be to protect humans from toxic radiation amid nuclear war. Rather, the fortified skyscraper would safeguard powerful computers, cables, and switchboards. It would house one of the most important telecommunications hubs in the United States — the world’s largest center for processing long-distance phone calls, operated by the New York Telephone Company, a subsidiary of AT&T.

The building was designed by the architectural firm John Carl Warnecke & Associates, whose grand vision was to create a communication nerve center like a “20th century fortress, with spears and arrows replaced by protons and neutrons laying quiet siege to an army of machines within.”

Construction began in 1969, and by 1974, the skyscraper was completed. Today, it can be found in the heart of lower Manhattan at 33 Thomas Street, a vast gray tower of concrete and granite that soars 550 feet into the New York skyline. The brutalist structure, still used by AT&T and, according to the New York Department of Finance, owned by the company, is like no other in the vicinity. Unlike the many neighboring residential and office buildings, it is impossible to get a glimpse inside 33 Thomas Street. True to the designers’ original plans, there are no windows and the building is not illuminated. At night it becomes a giant shadow, blending into the darkness, its large square vents emitting a distinct, dull hum that is frequently drowned out by the sound of passing traffic and wailing sirens.

For many New Yorkers, 33 Thomas Street — known as the “Long Lines Building” — has been a source of mystery for years. It has been labeled one of the city’s weirdest and most iconic skyscrapers, but little information has ever been published about its purpose.

It is not uncommon to keep the public in the dark about a site containing vital telecommunications equipment. But 33 Thomas Street is different: An investigation by The Intercept indicates that the skyscraper is more than a mere nerve center for long-distance phone calls. It also appears to be one of the most important National Security Agency surveillance sites on U.S. soil — a covert monitoring hub that is used to tap into phone calls, faxes, and internet data.

Documents obtained by The Intercept from the NSA whistleblower Edward Snowden do not explicitly name 33 Thomas Street as a surveillance facility. However — taken together with architectural plans, public records, and interviews with former AT&T employees conducted for this article — they provide compelling evidence that 33 Thomas Street has served as an NSA surveillance site, code-named TITANPOINTE.

Inside 33 Thomas Street there is a major international “gateway switch,” according to a former AT&T engineer, which routes phone calls between the United States and countries across the world. A series of top-secret NSA memos suggest that the agency has tapped into these calls from a secure facility within the AT&T building. The Manhattan skyscraper appears to be a core location used for a controversial NSA surveillance program that has targeted the communications of the United Nations, the International Monetary Fund, the World Bank, and at least 38 countries, including close U.S. allies such as Germany, Japan, and France.

It has long been known that AT&T has cooperated with the NSA on surveillance, but few details have emerged about the role of specific facilities in carrying out the top-secret programs. The Snowden documents provide new information about how NSA equipment has been integrated as part of AT&T’s network in New York City, revealing in unprecedented detail the methods and technology the agency uses to vacuum up communications from the company’s systems.

“This is yet more proof that our communications service providers have become, whether willingly or unwillingly, an arm of the surveillance state,” said Elizabeth Goitein, co-director of the liberty and national security program at the Brennan Center for Justice. “The NSA is presumably operating under authorities that enable it to target foreigners, but the fact that it is so deeply embedded in our domestic communications infrastructure should tip people off that the effects of this kind of surveillance cannot be neatly limited to non-Americans.”

The NSA declined to comment for this story.

The code name TITANPOINTE features dozens of times in the NSA documents, often in classified reports about surveillance operations. The agency uses code names to conceal information it deems especially sensitive — for instance, the names of companies it cooperates with or specific locations where electronic spying is carried out. Such details are usually considered “exceptionally controlled information,” a category beyond top secret and thus outside the scope of most of the documents that Snowden was able to obtain.

Secret NSA travel guides, dated April 2011 and February 2013, however, reveal information about TITANPOINTE that helps establish its connection to 33 Thomas Street. The 2011 guide, written to assist NSA employees visiting various facilities, discloses that TITANPOINTE is in New York City. The 2013 guide states that a “partner” called LITHIUM, which is NSA’s code name for AT&T, supervises visits to the site.

The 33 Thomas Street building is located almost next door to the FBI’s New York field office — about a block away — at Federal Plaza. The 2011 NSA travel guide instructs employees traveling to TITANPOINTE to head to the FBI’s New York field office. It adds that trips to the site should be coordinated with AT&T (referenced as “LITHIUM”) and the FBI, including an FBI “site watch officer.”

When traveling to TITANPOINTE, NSA employees are told to hire a “cover vehicle” through the FBI, especially if they are transporting equipment to the site. In order to keep their true identities secret while visiting, agency employees are instructed not to wear any clothing displaying NSA badges or insignia.

Upon arrival at TITANPOINTE, the 2011 travel guide says, agency employees should ring the buzzer, sign in, and wait for a person to come and meet them. The Intercept visited 33 Thomas Street and found a buzzer outside its entrance and a sign-in sheet on a desk in the building’s lobby, which is manned by a guard 24 hours a day. There are also parking bays in front of the skyscraper designated “AWM,” a traffic code for federal agencies.

A 1994 New York Times article reported that 33 Thomas Street was part of AT&T’s “giant Worldwide Intelligent Network, which is responsible for directing an average of 175 million phone calls a day.” Thomas Saunders, a former AT&T engineer, told The Intercept that inside the building there were at least three “4ESS switches” used to route calls across phone networks. “Of the first two, one handled domestic long-distance traffic and the other was an international gateway,” said Saunders, who retired from his role at the company in 2004. The NSA’s documents describe TITANPOINTE as containing “foreign gateway switches” and they state that it has a “RIMROCK access.” RIMROCK is an NSA code name for 4ESS switches.

The NSA’s documents also reveal that one of TITANPOINTE’s functions is to conduct surveillance as part of a program called SKIDROWE, which focuses on intercepting satellite communications. That is a particularly striking detail, because on the roof of 33 Thomas Street there are a number of satellite dishes. Federal Communications Commission records confirm that 33 Thomas Street is the only location in New York City where AT&T has an FCC license for satellite earth stations.

The man behind the design of 33 Thomas Street, John Carl Warnecke, was one of the most prominent architects in the U.S. between the 1960s and 1980s.

Warnecke’s high-profile projects included producing designs for the U.S. Naval Academy in Maryland, the Hart Senate Office Building in Washington, D.C., and the Hawaii State Capitol. In 1962, President John F. Kennedy’s administration commissioned Warnecke to preserve and restructure buildings at Lafayette Square, across from the White House. And following Kennedy’s assassination, Warnecke was asked to design the president’s eternal flame and gravesite at Arlington National Cemetery. He also helped construct a new embassy complex in Washington for the Soviet Union, in which the Soviets claimed they found eavesdropping equipment embedded in the walls.

But it was not only governments that trusted Warnecke — who died in 2010, aged 91 — with major construction projects. He cultivated a close relationship with telecommunications companies, too, possibly helped by family ties to the industry. Warnecke’s father-in-law had been a director at Pacific Bell, a California-based AT&T subsidiary. In the 1960s, Warnecke was asked to design a telephone exchange building for Pacific Bell in Oakland. He would subsequently receive a series of other major commissions from AT&T: Aside from the 33 Thomas Street building, he also designed a telephone exchange in Williamsburg, Brooklyn, and an AT&T facility in Bedminster, New Jersey.

Some of Warnecke’s original architectural drawings for 33 Thomas Street are labeled “Project X.” It was alternatively referred to as the Broadway Building. His plans describe the structure as “a skyscraper to be inhabited by machines” and say that it was “designed to house long lines telephone equipment and to protect it and its operating personnel in the event of atomic attack.” (At the time the building was commissioned and built, amid the Cold War, there were genuine fears in the U.S. about the prospect of a Soviet nuclear assault.)

It is not clear how many people work at 33 Thomas Street today, but Warnecke’s original plans stated that it would provide food, water, and recreation for 1,500 people. It would also store 250,000 gallons of fuel to power generators, which would enable it to become a “self-contained city” for two weeks in the event of an emergency power failure. The blueprints for the building show that it was to include three subterranean levels, including a cable vault, where telecommunications cables likely entered and exited the building from under Manhattan’s bustling streets.

After it was built, the unusual style of 33 Thomas Street attracted a lot of attention. Its dark, somewhat dystopian appearance contrasted dramatically with other buildings in lower Manhattan. Yet it proved popular, particularly among architecture buffs.

In a 1982 piece in the New York Times, architecture critic Paul Goldberger praised 33 Thomas Street as “one of the neighborhood’s few pieces of good modern architecture,” adding that it “blends into its surroundings more gracefully than does any other skyscraper in this area.”

“Other telephone company buildings from that era, designed solely for equipment, all look like horrible boxes,” Goldberger told The Intercept. “This one has an allure of its own to it. … There’s something about that shape. You see it and you don’t see it at the same time.”

In 1975, just a year after Warnecke’s 33 Thomas Street building was completed, the NSA became embroiled in one of the biggest scandals in the U.S. intelligence community’s history. Following revelations about domestic surveillance operations targeting anti-Vietnam War activists, a congressional select committee began investigating the alleged abuses.

The inquiry, led by Democratic Sen. Frank Church, published its findings in April 1976. It concluded that U.S. intelligence agencies had “invaded individual privacy and violated the rights of lawful assembly and political expression.” Surveillance programs operated by the NSA through this period, it was later revealed, had targeted “domestic terrorist and foreign radical” suspects, including a host of eminent Americans, such as the civil rights leaders Martin Luther King and Whitney Young, the boxer Muhammad Ali, Washington Post columnist Art Buchwald, and New York Times journalist Tom Wicker.

The Church Committee recommended that new and tighter controls be placed on intelligence gathering. And in 1978, Congress approved the Foreign Intelligence Surveillance Act, requiring the executive branch to request warrants for spying operations from a newly formed court.

Through this tumultuous time for American spies, the NSA established a new surveillance program under the code name BLARNEY, which was first exposed in a Snowden-leaked slide published in 2013. According to a previously unpublished document provided to The Intercept by Snowden, BLARNEY was established in the early 1970s and, in mid-2013, remained one of the agency’s most significant initiatives.

BLARNEY leverages “commercial partnerships” in order to “gain access and exploit foreign intelligence obtained from global networks,” the document states. It carries out “full take” surveillance — a term that refers to the bulk collection of both content and metadata — under six different categories: counterproliferation, counterterrorism, diplomatic, economic, military, and political.

As of July 2010, the NSA had obtained at least 40 court orders for spying under the BLARNEY program, allowing the agency to monitor communications related to multiple countries, companies, and international organizations. Among the approved targets were the International Monetary Fund, the World Bank, the Bank of Japan, the European Union, the United Nations, and at least 38 different countries, including U.S. allies such as Italy, Japan, Brazil, France, Germany, Greece, Mexico, and Cyprus.

The program was the NSA’s leading source of data collection under the Foreign Intelligence Surveillance Act, an April 2013 document disclosed, and information gleaned from the communications it intercepted was a top contributor to the president’s daily briefing.

Notably, TITANPOINTE has played a central role in BLARNEY’s operations. NSA documents dated between 2012 and 2013 list the TITANPOINTE surveillance facility among three of BLARNEY’s “core sites” and describe it as “BLARNEY’S site in NYC.” Equipment hosted at TITANPOINTE has been used to monitor international long-distance phone calls, faxes, voice calls routed over the internet (known as Voice-Over-IP), video conferencing, and other internet traffic.

In one case that may have involved 33 Thomas Street, NSA engineers with the BLARNEY program worked to eavesdrop on data from a connection serving the United Nations mission in New York. This spying resulted in “collection against the email address of the U.N. General leading the monitoring mission in Syria,” an April 2012 memo said.

Mogens Lykketoft, former president of the U.N.’s general assembly, criticized the surveillance. “Such spying activities are totally unacceptable breaches of trust in international cooperation,” he told The Intercept.

At the TITANPOINTE site, the NSA equipment is stored inside a secure room, known as a “Sensitive Compartmented Information Facility.” Top-secret diagrams dated April 2012 show that within the secure space there is “NSA controlled” equipment linked to the routers of its “access partner,” referring to AT&T. Intercepted internet data was collected from the “backbone,” then processed at TITANPOINTE, before being passed to NSA for storage. Phone calls that were intercepted were collected from TITANPOINTE’s “foreign gateway switches” before being routed through the partner’s “call processor.” They were then forwarded to NSA’s headquarters in Maryland through an interface shared with the partner.

Much of the surveillance carried out at TITANPOINTE seems to involve monitoring calls and other communications as they are being sent across AT&T’s international phone and data cables. But the site has other capabilities at its disposal. The NSA’s documents indicate that it is also equipped with powerful satellite antenna — likely the ones located on the roof of 33 Thomas Street — which monitor information transmitted through the air.

The SKIDROWE spying program focuses on covertly vacuuming up internet data — known as “digital network intelligence” — as it is passing between foreign satellites. The harvested data is then made accessible through XKEYSCORE, a Google-like mass surveillance system that the NSA’s employees use to search through huge quantities of information about people’s emails, chats, Skype calls, passwords, and internet browsing histories.

Fletcher Cook, an AT&T spokesperson, told The Intercept that the company does not “allow any government agency to connect directly to or otherwise control our network to obtain our customers’ information. Rather, we simply respond to government requests for information pursuant to court orders or other mandatory process and, in rare cases, on a legal and voluntary basis when a person’s life is in danger and time is of the essence, like in a kidnapping situation.”

Cook added that NSA representatives “do not have access to any secure room or space within our owned portion of the 33 Thomas Street building.” When pressed on whether any room within 33 Thomas Street contains equipment used for the purposes of NSA surveillance, an AT&T spokesperson pointed to a 1983 deed and declaration filed with New York City indicating that Verizon’s predecessor company maintained ownership of three floors and a basement floor in the building. The New York City Department of Finance said the predecessor company has an easement for the space and pays utility taxes, but insisted that AT&T owns the whole building. The AT&T spokesperson declined to comment further.

The NSA’s documents do not state that it can “connect directly to” or “otherwise control” AT&T’s networks, but they do make clear that the agency has placed its own equipment inside TITANPOINTE to tap into phone calls and internet data. It may be the case that the secure room where the equipment is installed is overseen by AT&T’s own engineers or technicians who have a security clearance. One NSA document dated from March 2013 suggests such a relationship, noting that the “corporate sites” the agency collects data from “are often controlled by the partner, who filters the communications before sending to NSA.”

As in 1983, AT&T may not be completely alone at 33 Thomas Street. Earlier this year, a technician working at the building — who did not want to be named because he was not authorized to speak to the media — told The Intercept that a handful of Verizon employees were still based inside. However, the NSA’s documents do not suggest that Verizon is implicated in the surveillance at the TITANPOINTE facility, and instead only point to AT&T’s involvement. Verizon declined to comment for this story.

AT&T is far from the only company that has a relationship with the NSA. The agency has established what it calls “strategic partnerships” with more than 80 corporations. But some companies are more cooperative than others.

Historically, AT&T has always maintained close ties with the government. A good example of this came in June 1976, when a congressional subcommittee served AT&T with a subpoena demanding that it hand over information about its alleged role in unlawful FBI wiretapping of phone calls. President Gerald Ford personally intervened to block the subpoena, stating that AT&T “was and is an agent of the United States acting under contract with the Executive Branch.” Ford said the company was in a “unique position” with respect to telephone and other communication lines in the U.S., and therefore it had been “necessary for the Executive Branch to rely on its services to assist in acquiring certain information necessary to the national defense and foreign policy.” The details sought by the committee could not be shared, Ford asserted, because they could expose “extremely sensitive foreign intelligence and counterintelligence information.”

In more recent decades, as the New York Times and ProPublica reported last year, AT&T has allowed the NSA to access billions of emails, exhibiting what the agency called its “extreme willingness to help.” These revelations were foreshadowed in 2006 by allegations made by Mark Klein, a former AT&T technician. Klein stated that the company had maintained a “secure room” in one of its San Francisco offices, which was fitted with communications monitoring equipment apparently used by the NSA to tap into phone and internet traffic. Klein’s claims formed the basis of a lawsuit brought by the Electronic Frontier Foundation on behalf of AT&T customers (Jewel v. NSA), which remains ongoing today.

Coincidentally, between 1981 and 1990, Klein also worked for AT&T at 33 Thomas Street. “I wasn’t aware of any NSA presence when I was there, but I had a creepy feeling about the building, because I knew about AT&T’s close collaboration with the Pentagon, going way back,” he told The Intercept. When presented with the details linking 33 Thomas Street to NSA’s TITANPOINTE, Klein added: “I’m not surprised. It’s obviously a major installation. … If you’re interested in doing surveillance, it’s a good place to do it.”

According to the Snowden documents, AT&T has installed surveillance equipment in at least 59 U.S. sites. And on any given day, NSA employees may be working at the company’s facilities. Classified memos dated from April 2013 describe one- to four-day deployments of NSA technical staff to TITANPOINTE and other buildings. Most AT&T personnel at these locations, however, are unlikely to have knowledge of the agency’s presence. NSA staff are encouraged to wear clothes that make them “blend in to the environment.” Even the car hire company the agency uses for its trips to AT&T facilities is kept in the dark. “Some personnel are aware of the FBI link,” states the agency’s travel guidance, “but [they] have no knowledge of NSA’s involvement.”

This article is the product of a joint reporting project between The Intercept and Field of Vision. “Project X,” a Field of Vision documentary directed by Henrik Moltke and Laura Poitras, will screen at IFC Center starting November 18.

— source theintercept.com By Ryan Gallagher, Henrik Moltke

How the NSA Used the Iraq War to Build its Surveillance Apparatus

Newly released internal NSA missives from the early days of the Iraq war show how quickly the agency’s priorities shifted from providing wartime intelligence to coalition troops to being a “pervasive” part of the “intelligence-driven” global war on terror.

The documents, which have surfaced for the first time, outline how the NSA asked its employees for “unprecedented degrees of cooperation” to set up the global surveillance infrastructure revealed by Edward Snowden with the stated aim of combating terrorism worldwide.

The documents, called WARgrams, were newsletter-style messages sent in 2003 and 2004 by then-NSA Director Michael Hayden to what seems to be a large contingent of NSA employees. (Motherboard has reached out to the NSA to learn more about who, exactly, received the WARgrams.)

The first WARgram pitched Operation Iraqi Freedom as “an intense attack of relatively short duration intended to overwhelm the Iraqi ability to respond.” It was sent sometime in the days or weeks leading up to the March 20, 2003 start of the war. Hayden wrote WARgrams were “designed to keep us all ‘in the loop’ with the latest developments during the campaign.”

At least 68 WARgrams followed that first one. The documents were released last month in response to a 2008 Freedom of Information Act Request and were published online Tuesday on Government Attic, a repository of FOIA-ed federal documents. Prior to the release of these documents, WARgrams had never been publicly acknowledged by the NSA. WARgrams are referenced in one document released in Edward Snowden’s stash of files, but are not included in any of those dumps.

Many of the documents are misdated as having come from 1998, but the events detailed in them correspond with and explicitly mention various events in the Iraq War, such as the April 2003 toppling of a statue of Saddam Hussein in Firdos Square, Baghdad. “Watching a statue of Saddam being destroyed and its head rolling down the street brings with it a certain sense of accomplishment,” Hayden wrote.

WARgrams 7, 8, and 9 describe the role of NSA agents embedded with American soldiers and are keen to show the NSA’s ability to serve as the eyes and ears of coalition troops. Hayden discusses using intelligence as a “force multiplier” on the battlefield. These wartime, on-the-ground operations continued for several dozen WARgrams, which span from early 2003 to fall of that year. Other early WARgrams discuss the role NSA encryption was playing in safely communicating messages on the battlefield, mental health programs available for overworked NSA agents, and the portrayal of the war in the US media.

“We approached the war with Iraq as a corporate activity—with [US intelligence] linked in planning and executing. The results are stunning,” Hayden wrote in WARgram 24.

WARgram 27 included this dispatch from an embedded NSA agent:

“Daily life is Spartan. The hours are long. We’re hot. We’re dirty. Some of us smell pretty bad. There is no water for showers today. Chicken is being served for chow—again. I’ve asked team members if they’d rather be doing what they are doing or working another job in a nicer place. All agreed they’d rather be here.”

The NSA set up something called the “Iraq Battle Bridge,” the details of which are largely redacted and which has never been publicly discussed by any NSA leaders. In unredacted portions of the WARgrams, Hayden describes it as a plan to make parts of the NSA’s 24/7 surveillance operations center—called the National Security Operations Center—available to those involved in fighting the war. Announced in WARgram 6, Hayden said it was a plan to “exercise command and control over the global cryptologic system for Operation IRAQI FREEDOM.”

But as the war moved on, he decided to “transition” Iraq Battle Bridge into “Phase IV,” which Hayden called the “post-hostility period.”

“The lessons we learned from the Iraq Battle Bridge will help shape and inform our response to the next crisis,” he wrote in WARgram 37, published sometime in April 2003. By WARgram 58, which was released in early 2004, Hayden began to demand “unprecedented cooperation” and “innovation” from NSA agents in what was expected to be “pervasive” surveillance exercises around the world.

In that missive, Hayden’s emphasis changed from one of battlefield support to one of increasing surveillance both abroad and in the United States. “Because the Operations Against al Qa’ida Senior Leadership [sic] will be an intelligence-driven operation, we will become a pervasive and integral part of the fight,” he wrote.

“The successful conclusion of this planned offensive will make our country safer by severely degrading al Qa’ida’s ability to reconstitute/and conduct future operations,” he added. “I expect unprecedented degrees of cooperation and innovation in all we do to support this critical effort.”

In WARgram 61, titled “Confronting the Current Threat to the Homeland,” he noted that NSA surveillance was absolutely necessary to prevent an imminent al-Qaeda attack planned for before the 2004 presidential election for which “preparations … are almost complete.”

“While U.S. and Allied facilities and citizens around the world remain tempting targets for a great number of terrorist groups and movements, the current threat to the Homeland is indeed real, and the clock is ticking,” he wrote. “Our response is not an exercise about the future security of the nation, it’s about doing all we can right now to protect our homes and loved ones from another round of massive attacks. We must not fail.”

We know from Snowden’s documents, of course, that the NSA’s “innovation” in surveillance techniques extended far beyond suspected terrorists. These WARgrams show the early expansion of the US’s surveillance apparatus, which was enabled by the 2001 passage of the PATRIOT Act. Section 215 of that law allowed the bulk collection of American communications.

Being an intelligence agency, the NSA was of course involved in surveillance prior to 2004. Documents leaked by Snowden show that NSA surveillance was integral in the initial decision to invade Iraq. Similarly, WARgrams was just one of many internal newsletters, emails, and memos that were distributed widely and spoke in frank terms of the NSA’s wartime goings-on. For example, SIDToday, a classified newsletter leaked by Snowden once noted that “SIGINT support to the US Mission to the United Nations has enabled and continues to enable the diplomatic campaign against Iraq.”

At times, the WARgrams released by the NSA related the relatively mundane slog of war. At others, it telegraphs the fact that the main role of the agency was slowly shifting to the one revealed by Snowden.

— source motherboard.vice.com By Jason Koebler

Inside Menwith Hill

The narrow roads are quiet and winding, surrounded by rolling green fields and few visible signs of life beyond the occasional herd of sheep. But on the horizon, massive white golf ball-like domes protrude from the earth, protected behind a perimeter fence that is topped with piercing razor wire. Here, in the heart of the tranquil English countryside, is the National Security Agency’s largest overseas spying base.

Once known only by the code name Field Station 8613, the secret base — now called Menwith Hill Station — is located about nine miles west of the small town of Harrogate in North Yorkshire. Originally used to monitor Soviet communications through the Cold War, its focus has since dramatically shifted, and today it is a vital part of the NSA’s sprawling global surveillance network.

For years, journalists and researchers have speculated about what really goes on inside Menwith Hill, while human rights groups and some politicians have campaigned for more transparency about its activities. Yet the British government has steadfastly refused to comment, citing a longstanding policy not to discuss matters related to national security.

Now, however, top-secret documents obtained by The Intercept offer an unprecedented glimpse behind Menwith Hill’s razor wire fence. The files reveal for the first time how the NSA has used the British base to aid “a significant number of capture-kill operations” across the Middle East and North Africa, fueled by powerful eavesdropping technology that can harvest data from more than 300 million emails and phone calls a day.

Over the past decade, the documents show, the NSA has pioneered groundbreaking new spying programs at Menwith Hill to pinpoint the locations of suspected terrorists accessing the internet in remote parts of the world. The programs — with names such as GHOSTHUNTER and GHOSTWOLF — have provided support for conventional British and American military operations in Iraq and Afghanistan. But they have also aided covert missions in countries where the U.S. has not declared war. NSA employees at Menwith Hill have collaborated on a project to help “eliminate” terrorism targets in Yemen, for example, where the U.S. has waged a controversial drone bombing campaign that has resulted in dozens of civilian deaths.

The disclosures about Menwith Hill raise new questions about the extent of British complicity in U.S. drone strikes and other so-called targeted killing missions, which may in some cases have violated international laws or constituted war crimes. Successive U.K. governments have publicly stated that all activities at the base are carried out with the “full knowledge and consent” of British officials.

The revelations are “yet another example of the unacceptable level of secrecy that surrounds U.K. involvement in the U.S. ‘targeted killing’ program,” Kat Craig, legal director of London-based human rights group Reprieve, told The Intercept.

“It is now imperative that the prime minister comes clean about U.K. involvement in targeted killing,” Craig said, “to ensure that British personnel and resources are not implicated in illegal and immoral activities.”

The British government’s Ministry of Defence, which handles media inquires related to Menwith Hill, declined to comment for this story.

The NSA referred a request for comment to the Director of National Intelligence’s office.

Richard Kolko, a spokesperson for the DNI, said in a statement: “The men and women serving the intelligence community safeguard U.S. national security by collecting information, conducting analysis, and providing intelligence for informed decision making under a strict set of laws, policies and guidelines. This mission protects our nation and others around the world.”

The equipment at Menwith Hill covers roughly one square mile, which is patrolled 24 hours a day by armed British military police and monitored by cameras perched on posts that peer down on almost every section of the 10-foot perimeter fence.

Most visible from the outside are a cluster of about 30 of the giant white domes. But the site also houses a self-contained community, accessible only to those with security clearance. Among operations buildings in which analysts listen in on monitored conversations, there is a bowling alley, a small pool hall, a bar, a fast food restaurant, and a general store.

Most of the world’s international phone calls, internet traffic, emails, and other communications are sent over a network of undersea cables that connect countries like giant arteries. At spy outposts across the world, the NSA and its partners tap into these cables to monitor the data flowing through them. But Menwith Hill is focused on a different kind of surveillance: eavesdropping on communications as they are being transmitted through the air.

According to top-secret documents obtained by The Intercept from NSA whistleblower Edward Snowden, Menwith Hill has two main spying capabilities. The first is called FORNSAT, which uses powerful antennae contained within the golf ball-like domes to eavesdrop on communications as they are being beamed between foreign satellites. The second is called OVERHEAD, which uses U.S. government satellites orbiting above targeted countries to locate and monitor wireless communications on the ground below — such as cellphone calls and even WiFi traffic.

In the late 1980s, international communication networks were revolutionized by new fiber-optic undersea cables. The technology was cheaper than satellites and could transmit data across the world much faster than ever before, at almost the speed of light. For this reason, according to the NSA’s documents, in the mid-1990s the U.S. intelligence community was convinced that satellite communications would soon become obsolete, to be fully replaced by fiber-optic cable networks.

But the prediction proved to be wrong. And millions of phone calls are still beamed between satellites today, alongside troves of internet data, which the NSA has readily exploited at Menwith Hill.

“The commercial satellite communication business is alive and well and bursting at the seams with increasingly sophisticated bulk DNI (Digital Network Intelligence) traffic that is largely unencrypted,” the NSA reported in a 2006 document. “This data source alone provides more data for Menwith Hill analysts to sift through than our entire enterprise had to deal with in the not-so-distant past.”

As of 2009, Menwith Hill’s foreign satellite surveillance mission, code-named MOONPENNY, was monitoring 163 different satellite data links. The intercepted communications were funneled into a variety of different repositories storing phone calls, text messages, emails, internet browsing histories, and other data.

It is not clear precisely how many communications Menwith Hill is capable of tapping into at any one time, but the NSA’s documents indicate the number is extremely large. In a single 12-hour period in May 2011, for instance, its surveillance systems logged more than 335 million metadata records, which reveal information such as the sender and recipient of an email, or the phone numbers someone called and at what time.

To keep information about Menwith Hill’s surveillance role secret, the U.S. and U.K. governments have actively misled the public for years through a “cover story” portraying the base as a facility used to provide “rapid radio relay and conduct communications research.” A classified U.S. document, dated from 2005, cautioned spy agency employees against revealing the truth. “It is important to know the established cover story for MHS [Menwith Hill Station] and to protect the fact that MHS is an intelligence collection facility,” the document stated. “Any reference to satellites being operated or any connection to intelligence gathering is strictly prohibited.”

The outpost was built in the 1950s as part of a deal made by the British and American governments to house U.S. personnel and surveillance equipment. In its early days, Menwith Hill’s technology was much more primitive. According to Kenneth Bird, who worked at the base in the 1960s during the Cold War, it was focused then on monitoring telephone communications in Eastern Europe. Intercepted conversations were recorded on Ampex tape recorders, Bird noted in his published 1997 account, with some calls transcribed by analysts in real-time using typewriters.

The modern Menwith Hill is a very different place. Now, not only are its spying systems capable of vacuuming up far more communications, but they also have a far broader geographic reach. In addition, the targets of the surveillance have drastically changed, as have the purposes for which the eavesdropping is carried out.

The documents obtained by The Intercept reveal that spy satellites operated at Menwith Hill today can target communications in China and Latin America, and also provide “continuous coverage of the majority of the Eurasian landmass,” where they intercept “tactical military, scientific, political, and economic communications signals.” But perhaps the most significant role the base has played in recent years has been in the Middle East and North Africa.

Especially in remote parts of the world where there are no fiber-optic cable links, it is common for internet connections and phone calls to be routed over satellite. Consequently, Menwith Hill became a vital asset in the U.S. government’s counterterrorism campaign after the 9/11 attacks. Since then, the base has been used extensively to tap into communications in otherwise hard-to-reach areas where Islamic extremist groups such as al Qaeda and al Shabaab have been known to operate — for example, in the Afghanistan-Pakistan border region, Somalia, and Yemen.

Crucially, however, Menwith Hill has been used for more than just gathering intelligence on people and governments across countries in the Middle East and North Africa. Surveillance tools such as the GHOSTHUNTER system were developed to directly aid military operations, pinpointing the locations of targeted people or groups so that they could then be captured or killed.

The NSA’s documents describe GHOSTHUNTER as a means “to locate targets when they log onto the internet.” It was first developed in 2006 as “the only capability of its kind” and it enabled “a significant number of capture-kill operations” against alleged terrorists. Only a few specific examples are given, but those cases give a remarkable insight into the extraordinary power of the technology.

In 2007, for instance, analysts at Menwith Hill used GHOSTHUNTER to help track down a suspected al Qaeda “facilitator” in Lebanon who was described as “highly actionable,” meaning he had been deemed a legitimate target to kill or capture. The location of the target — who was known by several names, including Abu Sumayah — was traced to within a few hundred meters based on intercepts of his communications. Then a spy satellite took an aerial photograph of the neighborhood in Sidon, south Lebanon, in which he was believed to be living, mapping out the surrounding streets and houses. A top-secret document detailing the surveillance indicates that the information was to be passed to a secretive special operations unit known as Task Force 11-9, which would have been equipped to conduct a covert raid to kill or capture Sumayah. The outcome of the operation, however, is unclear, as it is not revealed in the document.

In another case in 2007, GHOSTHUNTER was used to identify an alleged al Qaeda “weapons procurer” in Iraq named Abu Sayf. The NSA’s surveillance systems spotted Sayf logging into Yahoo email or messenger accounts at an internet cafe near a mosque in Anah, a town on the Euphrates River that is about 200 miles northwest of Baghdad. Analysts at Menwith Hill used GHOSTHUNTER to track down his location and spy satellites operated from the British base captured aerial images. This information was passed to U.S. military commanders based in Fallujah to be included as part of a “targeting plan.”

A few days later, a special operations unit named Task Force-16 stormed two properties, where they detained Sayf, his father, two brothers, and five associates.

By 2008, the apparent popularity of GHOSTHUNTER within the intelligence community meant that it was rolled out at other surveillance bases where NSA has a presence, including in Ayios Nikolaos, Cyprus, and Misawa, Japan. The expansion of the capability to the other bases meant that it now had “near-global coverage.” But Menwith Hill remained its most important surveillance site. “[Menwith Hill] still supplies about 99% of the FORNSAT data used in GHOSTHUNTER geolocations,” noted a January 2008 document about the program.

A 2009 document added that GHOSTHUNTER’s focus was at that time “on geolocation of internet cafés in the Middle East/North Africa region in support of U.S. military operations” and said that it had to date “successfully geolocated over 5,000 VSAT terminals in Iraq, Afghanistan, Syria, Lebanon, and Iran.” VSAT, or Very Small Aperture Terminal, is a satellite system commonly used by internet cafés and foreign governments in the Middle East to send and receive communications and data. GHOSTHUNTER could also home in on VSATs in Pakistan, Somalia, Algeria, the Philippines, Mali, Kenya, and Sudan, the documents indicate.

Menwith Hill’s unique ability to track down satellite devices across the world at times placed it on the front line of conflicts thousands of miles away. In Afghanistan, for instance, analysts at the base used the VSAT surveillance to help track down suspected members of the Taliban, which led to “approximately 30 enemy killed” during one series of attacks that were mentioned in a top-secret July 2011 report. In early 2012, Menwith Hill’s analysts were again called upon to track down a VSAT: this time, to assist British special forces in Afghanistan’s Helmand Province. The terminal was swiftly located, and within an hour an MQ-9 Reaper drone was dispatched to the area, presumably to launch an airstrike.

But the lethal use of the surveillance data does not appear to have been restricted to conventional war zones such as Afghanistan or Iraq. The NSA developed similar methods at Menwith Hill to track down terror suspects in Yemen, where the U.S. has waged a covert drone war against militants associated with al Qaeda in the Northern Peninsula.

In early 2010, the agency revealed in an internal report that it had launched a new technique at the British base to identify many targets “at almost 40 different geolocated internet cafés” in Yemen’s Shabwah province and in the country’s capital, Sanaa. The technique, the document revealed, was linked to a broader classified initiative called GHOSTWOLF, described as a project to “capture or eliminate key nodes in terrorist networks” by focusing primarily on “providing actionable geolocation intelligence derived from [surveillance] to customers and their operational components.”

The description of GHOSTWOLF ties Menwith Hill to lethal operations in Yemen, providing the first documentary evidence that directly implicates the U.K. in covert actions in the country.

Menwith Hill’s previously undisclosed role aiding the so-called targeted killing of terror suspects highlights the extent of the British government’s apparent complicity in controversial U.S. attacks — and raises questions about the legality of the secret operations carried out from the base.

There are some 2,200 personnel at Menwith Hill, the majority of whom are Americans. Alongside NSA employees within the complex, the U.S. National Reconnaissance Office also has a major presence at the site, running its own “ground station” from which it controls a number of spy satellites.

But the British government has publicly asserted as recently as 2014 that operations at the base “have always been, and continue to be” carried out with its “knowledge and consent.” Moreover, roughly 600 of the personnel at the facility are from U.K. agencies, including employees of the NSA’s British counterpart Government Communications Headquarters, or GCHQ.

For several years, British human rights campaigners and lawmakers have been pressuring the government to provide information about whether it has had any role aiding U.S. targeted killing operations, yet they have been met with silence. In particular, there has been an attempt to establish whether the U.K. has aided U.S. drone bombings outside of declared war zones — in countries including Yemen, Pakistan, and Somalia — which have resulted in the deaths of hundreds of civilians and are in some cases considered by United Nations officials to possibly constitute war crimes and violations of international law.

Though the Snowden documents analyzed by The Intercept state that Menwith Hill has aided “a significant number” of “capture-kill” operations, they do not reveal specific details about all of the incidents that resulted in fatalities. What is clear, however, is that the base has targeted countries such as Yemen, Pakistan, and Somalia as part of location-tracking programs like GHOSTHUNTER and GHOSTWOLF — which were created to help pinpoint individuals so they could be captured or killed — suggesting it has played a part in drone strikes in these countries.

Craig, the legal director at Reprieve, reviewed the Menwith Hill documents — and said that they indicated British complicity in covert U.S. drone attacks. “For years, Reprieve and others have sought clarification from the British government about the role of U.K. bases in the U.S. covert drone program, which has killed large numbers of civilians in countries where we are not at war,” she told The Intercept. “We were palmed off with platitudes and reassured that any U.S. activities on or involving British bases were fully compliant with domestic and international legal provisions. It now appears that this was far from the truth.”

Jemima Stratford QC, a leading British human rights lawyer, told The Intercept that there were “serious questions to be asked and serious arguments to be made” about the legality of the lethal operations aided from Menwith Hill. The operations, Stratford said, could have violated the European Convention on Human Rights, an international treaty that the U.K. still remains bound to despite its recent vote to leave the European Union. Article 2 of the Convention protects the “right to life” and states that “no one shall be deprived of his life intentionally” except when it is ordered by a court as a punishment for a crime.

Stratford has previously warned that if British officials have facilitated covert U.S. drone strikes outside of declared war zones, they could even be implicated in murder. In 2014, she advised members of the U.K. Parliament that because the U.S. is not at war with countries such as Yemen or Pakistan, in the context of English and international law, the individuals who are targeted by drones in these countries are not “combatants” and their killers are not entitled to “combatant immunity.”

“If the U.K. government knows that it is transferring data that may be used for drone strikes against non-combatants … that transfer is probably unlawful,” Stratford told the members of Parliament. “An individual involved in passing that information is likely to be an accessory to murder.”

GCHQ refused to answer questions for this story, citing a “long standing policy that we do not comment on intelligence matters.” A spokesperson for the agency issued a generic statement asserting that “all of GCHQ’s work is carried out in accordance with a strict legal and policy framework, which ensures that our activities are authorised, necessary and proportionate, and that there is rigorous oversight.” The spokesperson insisted that “U.K.’s interception regime is entirely compatible with the European Convention on Human Rights.”

In February 2014, the U.S. Department of Defense announced after a review that it was planning to reduce personnel at Menwith Hill by 2016, with about 500 service members and civilians set to be removed from the site. A U.S. Air Force spokesperson told the military newspaper Stars and Stripes that the decision was based on technological advances, which he declined to discuss, though he mentioned improvements in “server capacity to the hardware that we’re using; we’re doing more with less.”

The documents provided by Snowden shine light on some of the specific technological changes. Most notably, they show that there has been significant investment in introducing new and more sophisticated mass surveillance systems at Menwith Hill in recent years. A crucial moment came in 2008, when then-NSA Director Keith Alexander introduced a radical shift in policy. Visiting Menwith Hill in June that year, Alexander set a challenge for employees at the base. “Why can’t we collect all the signals, all the time?” he said, according to NSA documents. “Sounds like a good summer homework project for Menwith.”

As a result, a new “collection posture” was introduced at the base, the aim being to “collect it all, process it all, exploit it all.” In other words, it would vacuum up as many communications within its reach as technologically possible.

Between 2009 and 2012, Menwith Hill spent more than $40 million on a massive new 95,000-square-foot operations building — nearly twice the size of an average American football field. A large chunk of this space — 10,000 square feet — was set aside for a data center that boasted the ability to store huge troves of intercepted communications. During the renovations, the NSA shipped in new computer systems and laid 182 miles of cables, enough to stretch from New York City to the outskirts of Boston. The agency also had a 200-seat-capacity auditorium constructed to host classified operations meetings and other events.

Some of the extensive expansion work was visible from the road outside the secure complex, which triggered protests from a local activist group called the Campaign for the Accountability of American Bases. Since the early 1990s, the group has closely monitored activities at Menwith Hill. And for the last 16 years, its members have held a small demonstration every Tuesday outside the base’s main entrance, greeting NSA employees with flags and colorful homemade banners bearing slogans critical of U.S. foreign policy and drone strikes.

Fabian Hamilton, a member of Parliament based in the nearby city of Leeds, has become a supporter of the campaign’s work, occasionally attending events organized by the group and advocating for more transparency at Menwith Hill. Hamilton, who represents the Labour Party, has doggedly attempted to find out basic information about the base, asking the government at least 40 parliamentary questions since 2010 about its activities. He has sought clarification on a variety of issues, such as how many U.S. personnel are stationed at the site, whether it is involved in conducting drone strikes, and whether members of a British parliamentary oversight committee have been given full access to review its operations. But his efforts have been repeatedly stonewalled, with British government officials refusing to provide any details on the grounds of national security.

Hamilton told The Intercept that he found the secrecy shrouding Menwith Hill to be “offensive.” The revelations about the role it has played in U.S. killing and capture operations, he said, showed there needed to be a full review of its operations. “Any nation-state that uses military means to attack any target, whether it is a terrorist, whether it is legitimate or not, has to be accountable to its electorate for what it does,” Hamilton said. “That’s the basis of our Parliament, it’s the basis of our whole democratic system. How can we say that Menwith can carry out operations of which there is absolutely no accountability to the public? I don’t buy this idea that you say the word ‘security’ and nobody can know anything. We need to know what is being done in our name.”

— source theintercept.com By Ryan Gallagher