Bulk collection – Digital Citizenship and Surveillance Society https://dcssproject.net UK State-Media-Citizen Relations after the Snowden Leaks Wed, 03 Jun 2020 16:15:15 +0000 en-GB hourly 1 https://wordpress.org/?v=5.3.3 MUSCULAR https://dcssproject.net/muscular/ Wed, 22 Jul 2015 11:23:57 +0000 http://sites.cardiff.ac.uk/dcssproject/?p=690 Continue reading

]]>
Purpose:
MUSCULAR , Washington Post, “Google Cloud Exploitation” slide.

MUSCULAR , Washington Post, “Google Cloud Exploitation” slide.

MUSCULAR is a joint GCHQ and NSA programme that collects data travelling between internal data centres owned by Google and Yahoo. It achieves this by accessing the cables through which the companies’ internal network traffic passes. The programme is used to collect emails, documents, pictures, search queries and other data.

The programme relies on the telecommunications provider Level 3 to offer secret access to a fibre-optic cable at a point where Google and Yahoo traffic passes (NYT01). The access point, known as DS-200B, is located somewhere in the UK (WAH01).

MUSCULAR stores data for a three to five day period, during which GCHQ and NSA decode the proprietary data formats used by each company and extract information they want to keep (WAH02).

Capabilities:

  • Bulk collection from private networks
  • Bypassing encryption used on public networks
  • Decoding proprietary data formats

Data sources:

  • DS-200B, cable location owned by Level 3
  • Digital content from two major US companies

Related programmes:

WINDSTOP – NSA umbrella programme for bulk collection in partnership with “trusted second party” countries (UK, Canada, Australia and New Zealand). The programme targets “communications into and out of Europe and the Middle East” (ELE01).

Layers of operation:

  • Physical layer Tapping of fibre-optic cables.
  • Link layer, network layer and transport layer: Reconstruction of communication sessions.
  • Application layer: Extraction of content and metadata.

Background:

MUSCULAR is one of at least four similar “trusted second party programs” which together are known as WINDSTOP within the NSA (ELE01). This programme taps into the private leased fibre-optic cables that are used to connect the companies’ data centres across the globe (WAH02). These corporate internal networks have historically been unencrypted; however, both companies are beginning to encrypt their networks as a result of the MUSCULAR leak.

Company partners (NYT01):

  • Level 3: Provider of fibre-optic cables for Google

Sources:

Electrospaces (ELE)
1) http://electrospaces.blogspot.co.uk/2014/11/incenser-or-how-nsa-and-gchq-are.html

New York Times (NYT)
1) http://www.nytimes.com/2013/10/31/technology/nsa-is-mining-google-and-yahoo-abroad.html

Washington Post (WAH)
1) http://www.washingtonpost.com/blogs/the-switch/wp/2013/11/04/how-we-know-the-nsa-had-access-to-internal-google-and-yahoo-cloud-data
2) http://www.washingtonpost.com/world/national-security/nsa-infiltrates-links-to-yahoo-google-data-centers-worldwide-snowden-documents-say/2013/10/30/e51d661e-4166-11e3-8b74-d89d714ca4dd_story.html

]]>
TEMPORA https://dcssproject.net/tempora/ Wed, 06 May 2015 09:42:23 +0000 http://sites.cardiff.ac.uk/dcssproject/?p=838 Continue reading

]]>
Submarine Cable Map

Submarine Cable Map (submarinecablemap.com)

Purpose:

TEMPORA is a GCHQ programme for physically tapping fibre-optic cablesto collect data in bulk. The programme collects content and metadata that travels over fibre-optic cables around the world, including cables entering and exiting the UK (GUA01). The programme taps at least 200 cables at various locations (GUA01).

TEMPORA stores the collected data in a buffer to enable retrospective analysis. Content is stored for three days, and metadata for 30 days (GUA01).

The TEMPORA programme incorporates bulk data from the INCENSER programme (ORG01). Data collected by TEMPORA is shared with the NSA through the WINDSTOP programme, and can be analysed using the XKEYSCORE search interface and a search language called GENESIS (ORG01, EFF01).

Capabilities:

  • Fibre-optic cable tapping
  • Temporary storage of content and metadata

Data sources:

  • Cable taps installed at the following locations (EFF01):
    • 16 x 10 gigabit/second cables at the CPC processing center
    • 7 x 10 gigabit/second cables at the OPC processing center
    • 23 x 10 gigabit/second cables at the RPC1 processing center
  • The centres above have been associated with the following locations (ESP01):
    • Benhall, Cheltenham (GCHQ headquarters)
    • Bude station (Cornwall)
    • Ayios Nikolaos station (Cyprus)

Related programmes:

POKERFACE – GCHQ programme using MVR (Massive Volume Reduction) for high-speed filtering and selection, including removal of high-volume, low-value traffic such as peer-to-peer downloads. Also searches by ‘trigger’ words, email addresses and phone numbers.

XKEYSCORE – NSA system for searching and analysing Internet data.

INCENSER – GCHQ bulk collection programme that provides access to a cable system codenamed NIGELLA, which is the intersection of two fibre-optic cables connecting the Atlantic with Europe and Asia (ORG01, ELE01).

WINDSTOP – NSA umbrella programme for bulk collection in partnership with “trusted second party” countries (UK, Canada, Australia and New Zealand). The programme targets “communications into and out of Europe and the Middle East” (ELE01).

Layers of operation:

  • Physical layer: Tapping of fibre-optic cables.
  • Link layer, network layer and transport layer: Reconstruction of communication sessions.
  • Application layer: Extraction of content and metadata.

Background:

The GCHQ cable-tapping operation has been built up over five years by attaching intercept probes to transatlantic fibre-optic cables where they land on British shores carrying data between Western Europe, Asia and North America. This was done under secret agreements with commercial companies, described in one document as “intercept partners” (GUA01).

In 2015, GCHQ was censured for conducting bulk collection activities and sharing this information with the NSA (GUA02).

Company partners (GUA03, ORG01):

  • BT (codenamed REMEDY)
  • Vodafone Cable (GERONTIC)
  • Verizon Business (DACRON)
  • Global Crossing (PINNAGE)
  • Level 3 (LITTLE)
  • Viatel (VITREOUS)
  • Interoute (STREETCAR)

Sources:

Electronic Frontier Foundation (EFF)
1) https://www.eff.org/files/2014/06/23/gchq_report_on_the_technical_abilities_of_tempora.pdf

Electrospaces (ELE)
1) http://electrospaces.blogspot.co.uk/2014/11/incenser-or-how-nsa-and-gchq-are.html

Espresso (ESP)
1) http://espresso.repubblica.it/inchieste/2013/11/04/news/the-history-of-british-intelligence-operations-in-cyprus-1.139978

Guardian (GUA)
1) http://www.theguardian.com/uk/2013/jun/21/gchq-cables-secret-world-communications-nsa
2) http://www.theguardian.com/business/2013/aug/02/telecoms-bt-vodafone-cables-gchq
3) http://www.theguardian.com/uk-news/2015/feb/06/gchq-mass-internet-surveillance-unlawful-court-nsa

Open Rights Group (ORG)
1) https://www.openrightsgroup.org/assets/files/pdfs/reports/gchq/01-Part_One_Chapter_One-Passive_Collection.pdf

]]>