Sunday, 28 June 2015

Wikileaks published some of the most secret NSA reports so far

Wikileaks published some of the most secret NSA reports so far

(Updated: June 27, 2015)

Last Tuesday, June 23, the website Wikileaks (in cooperation with Libération andMediapart) published a number of NSA-documents showing that between 2006 and 2012, NSA had been able to eavesdrop on the phone calls of three French presidents.

This is the first time we see actual finished intelligence reports that prove such eavesdropping, and being classified as TOP SECRET//COMINT-GAMMA they are much more sensitive than most of the documents from the Snowden-archive.

Also it seems that these new Wikileaks-documents are not from Snowden, but from another source, which could be the same as the one that leaked a database record about NSA's eavesdropping on German chancellor Merkel.

Wikileaks announced that more revelations will follow this Monday.



NSA intelligence report about an intercepted conversation between French president
François Hollande and prime minister Jean-Marc Ayrault, May 22, 2012.
(Watermarked by Wikileaks - Click to enlarge)


Intelligence reports

The reports are from various editions of the "Global SIGINT Highlights - Executive Edition" briefings. Only one report is published in its original form with the header and a disclaimer, the other ones are just transcripts, probably because they are taken out of pages with reports about other countries. For Wikileaks it is very unusual to disclose documents in such a selective way.

The newsletter contains or is based upon so-called Serialized Reports, which are "the primary means by which NSA provides foreign intelligence information to intelligence users", most of whom are outside the SIGINT community. Such a report can be in electrical, hard-copy, video, or digital form. So far, Wikileaks published the following reports:

2006:
Conversation between president Jacques Chirac and foreign minister Philippe Douste-Blazy.
- Method: Unconventional
- Serial number: G/OO/6411-06, 271650Z
- Classification: Top Secret/Comint-Gamma

2008:
Positions of president Nicolas Sarkozy.
- Method: Unidentified
- Serial number: G/OO/503290-08, 291640Z
- Classification: Top Secret/Comint-Gamma

2010, March 24:
Conversation between the French ambassador in Washington Pierre Vimont and Sarkozy's diplomatic advisor Jean-David Levitte.
- Method: Unconventional
- Serial number: Z-3/OO/507179-10, 231635Z
- Classification: Top Secret/Comint

2011, June 11:
Conversation between president Nicolas Sarkozy and foreign minister Alain Juppé.
- Method: Unconventional
- Serial number: Z-G/OO/513370-11, 091416Z
- Classification: Top Secret/Comint-Gamma

2012, May 22:
Conversation between president François Hollande and prime minister Jean-Marc Ayrault.
- Method: Foreign satellite and Unconventional
- Serial numbers: Z-G/OO/503643-12, 211549Z and Z-G/OO/503541-12, 161711Z
- Classification: Top Secret/Comint-Gamma
 
Methods

This listing shows that in most cases, NSA's source of the intercepted communications is "Unconventional". It's not clear what that means, but phone calls between the president and his ministers will in most cases be handled by a local switch and therefore don't go through the intercontinental submarine fiber-optic cables, where they could pass NSA's conventional filter systems for telephone and internet traffic.

For intercepting this kind of foreign government phone calls, NSA would have to have access to the public telephone exchange(s) of Paris or the private branch exchanges (PBX) of the presidential palace and/or important government departments.

This would indeed require unconventional methods, like those conducted by the joint NSA-CIA units of the Special Collection Service (SCS) who operate from US embassies, or NSA's hacking division TAO.
Update:
According to a book by James Bamford, NSA had an Office of Unconventional Programs in the late 1990s, which in another book was presented as NSA's own equivalent of the SCS units. It is not known whether this office still exists or has evolved into another division.
A 2010 presentation (.pdf) says that RAMPART-A is "NSA's unconventional special access program". This is about cable tapping in cooperation with foreign partner agencies, but seems not the means to get access to local government phone calls.

In one case, the source is "Foreign Satellite" (or FORNSAT), which is the traditional interception of the downlinks of communication satellites. This method was probably used because president Hollande visited his American counterpart in Washington a few days earlier.

In yet one other case, the method is "Unidentified", and although Wikileaks says it's about an "intercepted communication", the actual report only reflects the positions of president Sarkozy, without mentioning a conversation counterpart.



Google Earth view of the US embassy in Paris, where a joint NSA-CIA unit
of the SCS is stationed. The building in the center has a rooftop
structure that is probably used for spying purposes.
(Click to enlarge)


Classification

Looking at the classification level shows that they are TOP SECRET//COMINT-GAMMA when the president is involved in the conversation. A communication from 2010 between the French ambassador in Washington and the president's diplomatic advisor was "only" classified as TOP SECRET//COMINT.

Three of the reports have the dissemination marking NOFORN, meaning they may not be released to foreigners. The other two may be released to officials with a need-to-know from agencies of the Five Eyes community.

Four of the reports also have the marking ORCON, meaning the originator controls dissemination of a document, for example by imposing that it has to be viewed in a secured area, or by not allowing copies to be made.


The GAMMA compartment

Probably most remarkable about these reports is that they are from the GAMMA compartment, which protects highly sensitive communication intercepts. It was already used in the late 1960s for intercepted phone calls from Soviet leaders.

The overwhelming majority of the Snowden-documents is classified TOP SECRET//COMINT, with COMINT being the control system for signals intelligence which covers almost anything the NSA does. All those powerpoint presentations, wiki pages and daily business reports are therefore not the agency's biggest secrets.

It is not clear whether Snowden had access to the GAMMA compartment. So far, no such documents have been published, except for five internal NSA Wiki pages, for which the highest possible classification was TOP SECRET//SI-GAMMA/TALENT KEYHOLE/etc., but without GAMMA information being seen in them.

Only a few documents that have been published have a more special classification: we have seen a document from the STELLARWIND and the UMBRA control system, as well as from the ECI RAGTIME, but it is possible that Snowden found these as part of his task to move documents that were not in the right place, given their classification level.

Serial number

Besides the source and the topic, there's also a serial number and a timestamp below each report. The time is presented according to the standard military notation. 161711Z for example stands for day 16, 17 hours and 11 minutes ZULU (= Greenwich Mean) Time, which should usually have been followed by the month and the year.

The serial number is in the format for NSA's serialized reports, for example Z-G/OO/503643-12. According to the 2010 NSA SIGINT Reporter's Style and Usage Manual (.pdf), such a serial number consists of a code for the classification level, the Producer Designator Digraph (PDDG), a one-up annual number, and the last two digits of the year in which the report was issued. For the classification level, the following codes are known:
2 = Secret
3 = Top Secret
S = ?
E = ?
I = ?
Z-G = Comint-Gamma
Z-3 = Comint- ?

The Producer Designator Digraph (PDDG) consists of a combination of two letters and/or numbers and designates a particular "collector", but it's not clear what exactly that means. The serial numbers mentioned in the reports about France all have OO as PDDG. That one is not associated with a specific interception facility, and therefore it might be a dummy used to actually hide the source in reports for people outside the agency.




Tasking database records

Besides the NSA intelligence reports, Wikileaks also published an database extractwhich includes the (landline and/or mobile) phone numbers of significant French political and economic targets, including the office of the President.

Because this list is about phone numbers, it seems most likely from a database codenamed OCTAVE, which was used for tasking telephony targets. It was reportedly replaced by the Unified Targeting Tool (UTT) in 2011.



Entries from an NSA tasking database with French government targets
(Source: Wikileaks - Click to enlarge)


TOPI: Stands for Target Office of Primary Interest, which is the NSA unit in the Analysis & Production division where the interceptions are analysed. In the list we see the following TOPIs, all part of the so-called Product Line for International Security Issues (S2C):
S2C13: Europe, Strategic Partnerships & Energy SIGDEV *
S2C32: European States Branch
S2C51: (unknown)

Selector: Shows the particular identifier to select the communications that have to be collected, in this case a phone number.

Subscriber_ID: A description of the subscriber of the selector phone number.

Information_Need: The collection requirement derived from the National SIGINT Requirements List (NSRL), which is a daily updated compendium of the tasks given to the various Signals Intelligence collection units around the world. These needs have a code number, consisting of the year in which the need was established, followed by a number that refers to a specific topic:
165: France: Political Affairs
204: France: Economic Developments
388: Germany: Political Affairs (see Merkel-entry below)
1136: European Union: Political Affairs
2777: Multi-country: International Finance developments

TOPI_Add_Date: According to Wikileaks this is the date of tagging of the entry with the responsible TOPI.

Priority: The priority of the particular Information Need, likely derived from the National Intelligence Priority Framework (NIPF, a reconstruction of which can be found here). This is a huge list containing all countries and topics the US government wants to be informed about, and which prioritizes these topics with a number from 1 (highest) to 5 (lowest). As we can see in the Wikileaks-list, for France, only the president and the directorate for global public property of the ministry of foreign affairs have priority 2, the rest is medium level 3.

IN_Explainer: Description of the Information_Need



A second source

The database entries published by Wikileaks are very similar to the database record that revealed NSA's intention of eavesdropping on German chancellor Merkel back in October 2013. This record contains the number of Merkel's non-secure cell phone and several other entries just like we saw in the Wikileaks list, but it also has some additional information:



Printed version of a transcription of an NSA database
record about German chancellor Merkel


Because for Merkel only this record was available, and no finished intelligence reports like those about the French presidents, there is no hard proof that NSA succesfully intercepted her communications.

What many people don't realize, is that this database record about Merkel wasn't from the Snowden-documents. Der Spiegel received it from another source that was never identified, which was confirmed by Glenn Greenwald and Bruce Schneier (this seems to exclude the option that someone with access to the Snowden-documents leaked this on his own).

Because the tasking records about France are very similar, and most likely from the same database as the one about chancellor Merkel, it's very well possible that they are from the same source. Because keeping an eye on foreign governments is a legitimate task, this source is not a whistleblower. He or she could be a cryptoanarchist, or maybe even an agent of a foreign intelligence agency.

During his work for the NSA, Edward Snowden was not involved with European targets. He was based in Japan, and later in Hawaii, where they are responsible for the Pacific region. His last job was supporting the regional NSA/CSS Threat Operation Center (NTOC), which counters cyber threats.

This is reflected by the intercepted content that Snowden apparently did had (legal) access to, according to a report by The Washington Post from July 5, 2014. These intercepts came "from a repository hosted at the NSA’s Kunia regional facility in Hawaii, which was shared by a group of analysts who specialize in Southeast Asian threats and targets".



Some perspective

French prime minister Manuel Valls strongly condemned these spying activities, but that was of course just for show. France's own foreign intelligence service DGSE is well-known for its aggressive industrial espionage against American and German companies, and for example also targeted former US president George W. Bush and foreign secretary Madeleine Albright.

On the other hand, the French government was well aware of the risks, as in 2010 itordered over 14.000 secure mobile phones, to be used by the president, ministers and high officials of the armed forces and the various ministries that deal with classified defence information.

This highly secure TEOREM cell phone is manufactured by Thales, and the price of a single device is said to be around 1.500,- euros. Because the TEOREM is rather old-fashioned and the security features don't improve usability, it was apparently not used as often as it should be...



The TEOREM secure mobile phone made by Thales
(Source: Thales leaflet - Click to enlarge)


White House response

A spokesman of the US National Security Council (NSC) told the website Ars Technica that "we do not conduct any foreign intelligence surveillance activities unless there is a specific and validated national security purpose. This applies to ordinary citizens and world leaders alike". Later he added: "We are not targeting and will not target the communications of President Hollande."

Just as in the case of German chancellor Merkel, the past tense misses, which means the US government doesn't deny that the French president had been eavesdropped on in the past. But it seems that at least for the near future, both leaders will not be targeted by NSA anymore.



Links and sources
- ArsTechnica.com: WikiLeaks publishes top secret NSA briefs showing US spied on France
- Zeit.de: Was die Frankreich-Dokumente preisgeben
- LeMonde.fr: Trois présidents français espionnés par les Etats-Unis
- Tagesschau.de: NSA spähte Frankreichs Staatsspitze aus

No comments:

Post a Comment