Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Privacy

US Intel Program XKeyscore Monitors Internet: Leak

WASHINGTON, District of Columbia  – A secret surveillance system known as XKeyscore allows US intelligence to monitor “nearly everything a typical user does on the Internet,” according to leaked documents published Wednesday.

WASHINGTON, District of Columbia  – A secret surveillance system known as XKeyscore allows US intelligence to monitor “nearly everything a typical user does on the Internet,” according to leaked documents published Wednesday.

Citing classified documents provided by fugitive intelligence contractor Edward Snowden, British daily the Guardian said the program was the most wide-reaching operated by the National Security Agency (NSA).

The paper said the existence of XKeyscore proves the truth of Snowden’s earlier claim, denied by some US officials, that before he left the NSA he could “wiretap anyone, from you or your accountant, to a federal judge or even the president, if I had a personal email.”

The White House insisted, however, that access to such tools is only available to those who are assigned to use them and that multiple “checks and balances” are in place to prevent abuse.

“As we’ve explained and the intelligence community has explained, allegations of widespread, unchecked analyst access to NSA… data are false,” White House spokesman Jay Carney said.

The NSA late Wednesday in a statement also refuted as false “the implication” that its information collection is “arbitrary and unconstrained.”

On its website, the Guardian published a batch of slides from what appears to be an internal US intelligence training briefing laying out the capabilities of the XKeyscore program.

The paper had blacked out four of the 32 slides because “they reveal details of specific NSA operations,” but the remainder of the document lays out the operation of the program in detail.

Advertisement. Scroll to continue reading.

The slides are marked “Top Secret” and restricted to authorized personnel from the United States, Britain, Canada, Australia and New Zealand. They were produced in 2007 and not due to be declassified until 2032.

According to the slides, XKeyscore allows US spies to monitor in real time the emails, web browsing, Internet searches, social media use and virtually all online activity of a target.

The system’s computer infrastructure is based on a “massive distributed Linux cluster” and has 500 servers distributed around the world.

A map included in the briefing suggests that these servers are located on every continent, on the territory of US allies and of rivals like Russia, China and Venezuela.

Where XKeyscore appears to differ from other US surveillance programs that have already been revealed is that it can index and make searchable virtually any online activity.

“No other system performs this on raw unselected bulk traffic,” the document boasts.

XKeyscore does not require an intelligence analyst to have a “strong selector” such as an email address to find a target — agents can work back from a general search to find an individual.

The examples it gives are if someone is using an unusual language for his area, such as German in Pakistan, or using Google Maps to scout targets for attack.

The document boasts that XKeyscore has allowed US agents to capture “over 300 terrorists” but pages that apparently relate to specific operations have been redacted by the Guardian.

The slides also say that XKeyscore is being updated to make it more powerful and faster and to broaden the range of data it can search to include, for example, the EXIF data embedded in digital photographs.

The Guardian interviewed Snowden in June, when he was in Hong Kong after fleeing his job at the NSA in Hawaii carrying a trove of top secret files.

The paper did not say why it had not published details of XKeyscore in June, when it revealed the existence of a less capable US surveillance system known as Prism.

But the leak coincided with a hearing of the US Senate judiciary committee at which top intelligence officials are to be grilled by lawmakers concerned that spy agencies have exceeded the law.

The NSA in its statement acknowledged the existence of XKeyscore for the sake of clarification and said it “is used as part of NSA’s lawful foreign signals intelligence collection system.”

“Public release of this classified material about NSA collection systems, without context, does nothing more than jeopardize sources and methods, and further confuse a very important issue for the country,” it added.

It is illegal in the United States for intelligence agencies to monitor US citizens without a court order, but Snowden’s leaks have shown that Americans are regularly caught up in monitoring sweeps.

The revelations have also embarrassed Washington abroad, where some have been shocked by the extent of US Internet surveillance.

Written By

AFP 2023

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Artificial Intelligence

Two of humanity’s greatest drivers, greed and curiosity, will push AI development forward. Our only hope is that we can control it.

Cybercrime

Daniel Kelley was just 18 years old when he was arrested and charged on thirty counts – most infamously for the 2015 hack of...

Cybercrime

No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...

Ransomware

The Hive ransomware website has been seized as part of an operation that involved law enforcement in 10 countries.

Privacy

Many in the United States see TikTok, the highly popular video-sharing app owned by Beijing-based ByteDance, as a threat to national security.The following is...

Privacy

Employees of Chinese tech giant ByteDance improperly accessed data from social media platform TikTok to track journalists in a bid to identify the source...