“XKeyscore” Global Privacy Communication Monitoring Project-Google in the hands of the National Security Agency — Shahrukh A. Siddiqui

XKeyscore is one of the most powerful large-scale monitoring tools in the hands of the U.S. National Security Agency. The agents of the U.S. National Security Agency only need to enter the email address of the monitored object to monitor their network operations in real time without any security protection. Technology can stop this surveillance behavior.

The Intercept website published forty-eight top secret documents related to the XKeyscore project and other related documents. The creation of these documents can be traced back to 2013. The exposure of these confidential documents revealed the depth, breadth, and specific functions of this large-scale surveillance system. It is understood that the most critical confidential document is provided by the leaker Edward Snowden of the US National Security Agency, and the “XKeyscore” project was first exposed by Snowden.

It is worth noting that XKeyscore can also collect and process network communication data from the United States. Although the security analysts of the US National Security Agency have been told to avoid querying the network information of US citizens from the system, because this may develop into espionage against US citizens. However, security experts and privacy activists are skeptical about this statement. They believe that this is just an unsuspecting rhetoric provided by the U.S. National Security Agency. In fact, this cannot prevent U.S. citizen data from being monitored. Obtained by the system. In a document published today on The Intercept website, we can see that the surveillance system has obtained the FISA (Foreign Intelligence Surveillance Act) license. This means that the law has authorized the system to collect user network data from certain online forums in the United States.

The ability of the monitoring system goes far beyond collecting network communication data. Among the leaked documents is a document titled “VoIP Settings and Forwarding”, which describes in detail how to forward VoIP data from XKeyscore to NUCLEON (Global Telephone Content Database)-used by the National Security Agency to store its intercepted voice , Fax and video content library. According to the data recorded in the file, the system was composed of 75 servers all over the world at that time, and it could collect more than 700,000 pieces of voice, fax and video data every day.

Conduct large-scale surveillance of the people and collect a lot of information

Many important partners of the US National Security Agency can access the XKeyscore system’s large-scale surveillance database, including Canada, New Zealand, and the United Kingdom. In March of this year, the New Zealand Herald (in partnership with The Intercept website) reported that the New Zealand government not only used the XKeyscore system to monitor candidates for the post of Director General of the World Trade Organization, but also conducted large-scale operations on government officials in the Solomon Islands. Espionage.

In today’s world, the daily communication between people has become more and more important, and the status of social networking sites like Twitter and Facebook is constantly deepening. A study shows that 71% of adult Internet users in the United States will use Facebook, which makes these popular social media an important source of surveillance data. According to an XKeyscore document titled “Using Online Social Networks to Track Targets”, social media sites are a very suitable entry point for tracking individual users.

Now, the intelligence agencies of various countries will collect valuable data from the network communication traffic around the world, and in this process, they are also facing a huge challenge-that is, how to extract valuable information from these data. Because the amount of data collected by the monitoring system is often very large, it is even more difficult to associate the stored data with some specific users.

Now, major Internet companies have also encountered this problem, but their solution is to set a separate logo for each user through the browser’s Cookies, and track their users based on these logos. Cookies are a part of very small data, and websites usually store this part of data in the browser used by the visitor. The use of cookies is very extensive, it can verify the user’s identity (with the help of cookies, the user can directly log in to the website), and save the user’s preferences. More importantly, even if there are multiple users operating simultaneously under the same IP address, Cookies can still help the website identify and track these different users. Nowadays, many websites also embed codes of third-party services to collect and analyze user behaviors or load online advertisements. According to a study, almost all websites currently have cookies enabled.

For the National Security Agency, the ability of private companies to track their users’ online behavior is a very important and effective tool. In this way, the US National Security Agency can directly use user data collected by private companies to track individual users. It is worth noting that whether the visitor is using a public Wi-Fi network or using a VPN service to change their IP address, as long as they are using the same browser and their cookie information is not cleared, the tracking cookie will Follow them all the time.

Applications running on tablets and smartphones also use some analysis services to collect users’ online behavior. Basically, every time a user sees an advertisement in an application or browser, it means that the advertising network is tracking the user’s Internet data. A secret project called “BADASS” by GCHQ and CSE is actually very similar to the XKeyscore project, but the scope of the former is not as large as the latter. The “BADASS” project can steal as much valid data as possible from vulnerable smartphones, including application developers and users to track users’ specific identities. In May of this year, the Canadian Broadcasting Corporation CBC (a partnership with The Intercept website) reported that XKeyscore can use Samsung and Google’s application market to track smartphones. Not only that, the analysis experts of monitoring agencies can also use other types of data in the XKeyscore system to track target users, such as the program crash logs of the Windows operating system.

The National Security Agency reiterated their position in a statement provided to The Intercept website. They believe that in order to win the war against terrorism, this comprehensive large-scale monitoring capability is necessary.

The statement reads as follows: “The U.S. government needs its own intelligence agencies to protect U.S. homeland security, U.S. citizens, and U.S. allies. We must protect them from various serious security threats. These security threats include al Qaeda. The terrorist activities of ISIL, ISIL, and other terrorist organizations; the proliferation of weapons of mass destruction; the aggression against the United States and its allies; and the threat of international criminal organizations.”

However, XKeyscore will also be used to monitor targets other than terrorists. It was written in the U.S. National Security Agency’s internal operations briefing (April 18, 2013) that with the help of XKeyscore , security analysis experts successfully obtained the key points of the talks between UN Secretary-General Ban Ki-moon and U.S. President Barack Obama. All happened before Ban Ki-moon and President Obama officially met.

XKeyscore also plays an important role in the field of hacker attacks. It can easily obtain the target’s username, password, and other information. XKeyscore also plays a vital role in the plan of the US government and its allies to invade the global computer network.

In a top-secret document of the US National Security Agency leaked in 2009, it was recorded that based on the encryption technology currently used, the attack strategy deployed by XKeyscore will be able to obtain a large amount of valuable data. Jonathan Brossard, a security research expert and CEO of Toucan Systems, said in an interview with The Intercept website: “Anyone can learn how to use this system in less than a day, because they only need to target the server. Enter your domain name into the XKeyscore system, and then press the “Enter” key, and the system will display the login username and password of the target host. The attack is completed in an instant.” The Intercept previously reported that the system administrator is from the United States. One of the favorite targets of the National Security Agency. In an internal discussion section of the U.S. National Security Agency in 2012, someone once described it like this: “If you want to choose an attack target, who would be more suitable than someone who already has the “door-opening key” in his hand?”

Hacker forums are also one of the targets they need to monitor. Many hackers will sell or use a variety of hacking tools in the forum, and the US National Security Agency needs to understand the technical level of these hackers and know how to obtain these technologies.

It is worth noting that the system can also allow security analysts to easily access the Web mail server. It can also help agents steal the user’s login credentials, such as user name and password.

Other information obtained by the XKeyscore system will also help agents to carry out remote attacks on the target computer. By extracting browser fingerprints and operating system version information from network traffic, XKeyscore will help security analysts quickly analyze targets in the shortest possible time. Brossard is a security research expert, he believes: “The National Security Agency has developed a complete set of automated attack tools for their analysis experts to use.”

Given that the range of information that the XKeyscore system can collect is so large, accessing and tracking a certain target user’s online activities is just a matter of clicking a few mouse clicks. Brossard explained: “Before that, if a security analyst wanted to analyze a remote computer, he would not only need to invade the device through the network, but also perform a lot of other preparations. But now with XKeyscore Help, their workload will be greatly reduced. The whole process will become very simple, it only takes a few minutes or even a few seconds to complete, as simple as typing a few words in Google.”

And these facts also confirmed Snowden’s most controversial statement before. On June 9, 2013, the Guardian published a Snowden interview video. He once described in the video: “I only need to sit in front of my desk and I can eavesdrop on anyone. Whether it is you or your company’s accountant, whether it is a federal judge or a national president, as long as I get them I can monitor them.”

In fact, the training documents of the XKeyscore program have repeatedly emphasized that the operating interface of the system is very friendly: security analysis experts only need to click a few mouse clicks and enter the target user’s email address, phone number, name, or other Identification information, you can search for various information about the user. Moreover, in all the leaked documents, there is no mention of whether agents need to obtain prior approval before conducting a specific search.

XKeyscore can be used for counterintelligence covert operations

In addition to the login credentials and some other intelligence information, XKeyscore can also collect the configuration information of the target network router, and communicate with the TAO department (ie “Office of Tailored Access Operations”, which is the National Security Agency A top-secret department established) to share these data. The system can use loopholes in routers to forward all network communication data flowing through these routers to XKeyscore’s infrastructure. This mechanism can also help the US National Security Agency monitor certain unreachable data.

In addition to being able to collect, classify and query metadata and content, XKeyscore can also be used to monitor surveillance and attack activities in other countries, and obtain information from attacks in other countries. The Intercept previously reported that the National Security Agency and its allies will monitor certain hackers and collect data obtained by these hackers.

After the system has identified the attack tools and techniques of foreign hackers (such as South Korea), the analysis experts can extract the country’s attack targets from XKeyscore and collect valuable information from the country’s espionage activities.

Supervision, review, and the Fourth Amendment

By monitoring the activities of foreign hackers, the US National Security Agency can collect attack techniques and tools used by foreign hackers, including some of the latest 0-day vulnerabilities and software vulnerabilities. Because after obtaining this information, they can invade the target system and plant malicious programs, but the software supplier has no knowledge of this. In addition, by monitoring the vulnerability reports sent to vendors (such as Kaspersky Lab), the NSA can learn the methods of exploiting these vulnerabilities in the first place, and know which attack methods are about to become obsolete.

Due to the information collection mechanism of the system, XKeyscore also collects online data from US citizens. This also means that such behavior has violated the relevant provisions of the Fourth Amendment of the United States on “illegal search and seizure”, including illegal collection of data without obtaining a search warrant. But the National Security Agency said that they will not manipulate the communications data of American citizens without a search warrant. But they also admitted that they did not deliberately collect online data from US citizens, so they will minimize the amount of data stored or shared by the system.

But in the face of the express provisions of the law, such an explanation seems a little pale.

XKeyscore’s training document states: “For users/inspectors who use this system, the trouble is to comply with the relevant provisions of USSID-18 and other laws.” It also includes the British Human Rights Act (HRA). In addition, the bill can protect some basic legal rights of British citizens.

For example, if a security analyst is using XKeyscore to search all iPhone users, this search behavior will violate USSID 18 regulations. But even without obtaining a search warrant, the data security of US iPhone users cannot be guaranteed.

In January 2015, Harvard University held a technical seminar. At that time, Edward Snowden spoke at the conference via video call. He said at the time: “The analysts of the National Security Agency will not be subjected to any form of Supervision. The people who conduct security reviews and rights supervision are basically friends of these analysts. They work together in the same office. And these people in charge of auditing are not full-time auditors, and they often have many other jobs. It needs to be completed.”

The NSA stated in a statement issued by it: “The actions of the NSA meet the following conditions-

(1) Obtained legal authorization;

(2) Obey strict internal and external control;

(3) The mode of action aims to protect the privacy and freedom of citizens. According to the relevant provisions of the President’s Policy Directive PPD-28: All people, regardless of their nationality, have the legitimate rights and interests to handle their own private information, that is, citizens’ right to privacy is sacred and inviolable. The National Security Agency will focus its attention and work on signal intelligence activities, and try to obtain more foreign intelligence information or counterintelligence; secret operations information. “

Originally published at https://shahrukhathar.info on August 24, 2020.