03:13 GMT25 November 2020
Listen Live
    Get short URL

    NSA documents leaked by Edward Snowden to the Guardian in 2013 described a covert program called XKEYSCORE (XKS) and showed how the US government can see almost everything one does on the internet; the new portion of the classified files published by The Intercept now reveals how easily it can be done: “as easy as typing a few words in Google.”

    XKEYSCORE was one of the first covert programs that the Guardian wrote about when Snowden began leaking NSA documents two years ago, in 2013.

    Now, a new set of training manual reveals the breadth of this program and how easily an analyst can break into remote computers – within a “few mouse clicks”.

    Using only a target’s email address, telephone number, name or other identifying data, an analyst has the ability to conduct sweeping searches of his or her personal data.

    “Given the breadth of information collected by XKEYSCORE, accessing and exploiting a target’s online activity is a matter of a few mouse clicks. The amount of work an analyst has to perform to actually break into remote computers over the Internet seems ridiculously reduced — we are talking minutes, if not seconds. Simple. As easy as typing a few words in Google,” Jonathan Brossard, a security researcher and the CEO of Toucan Systems, told The Intercept, a magazine which serves as a platform to report on the documents released by Edward Snowden.

    “Anyone could be trained to do this in less than one day: they simply enter the name of the server they want to hack into XKEYSCORE, type enter, and are presented login and password pairs to connect to this machine. Done. Finito,” Brossard added.

    The training manual released by The Intercept also reveals the scope of surveillance:

    The XKEYSCORE database is "fed a constant flow of Internet traffic from fiber optic cables that make up the back of the world’s communication network, among other sources, for processing," the new report states. Its servers collect all of this data for up to five days, and store the metadata of this traffic for 30 to 45 days.

    The system however is not limited to collecting web traffic.

    “These newly published documents demonstrate that collected communications not only include emails, chats and web-browsing traffic, but also pictures, documents, voice calls, webcam photos, web searches, advertising analytics traffic, social media traffic, botnet traffic, logged keystrokes, computer network exploitation (CNE) targeting, intercepted username and password pairs, file uploads to online services, Skype sessions and more.”

    “XKEYSCORE allows for incredibly broad surveillance of people based on perceived patterns of suspicious behavior. It is possible, for instance, to query the system to show the activities of people based on their location, nationality and websites visited,” the magazine says.

    Top secret
    Top secret

    Traffic from popular social media sites is described as “a great starting point” for tracking individuals, according to an XKEYSCORE presentation titled “Tracking Targets on Online Social Networks.”

    This system also enables analysts to access web mail servers with “remarkable ease.”

    The same methods are used to steal the credentials — user names and passwords — of individual users of message boards.

    Hacker forums are also monitored for people selling or using exploits and other hacking tools.

    Top secret
    Top secret

    The only obstacle is, when intelligence agencies collect massive amounts of Internet traffic all over the world, they face the challenge of making sense of that data. The vast quantities collected make it difficult to connect the stored traffic to specific individuals.

    The NSA makes use of browser cookies, which the Internet companies use to track their users.

    “Cookies are small pieces of data that websites store in visitors’ browsers. They are used for a variety of purposes, including authenticating users (cookies make it possible to log in to websites), storing preferences, and uniquely tracking individuals even if they’re using the same IP address as many other people.”

    NSA made it a vital instrument that allows the agency to trace the data it collects to individual users. It makes no difference if visitors switch to public Wi-Fi networks or connect to VPNs to change their IP addresses: the tracking cookie will follow them around as long as they are using the same web browser and fail to clear their cookies.

     Top secret
    Top secret

    “XKEYSCORE gives you access to the full cookie string, so if you’re adventurous enough you can do your own protocol exploration,” the manual says.

    “Remember: Cookies are there for a reason!”

    Apps that run on tablets and smartphones also use analytics services that uniquely track users. Almost every time a user sees an advertisement (in an app or in a web browser), the ad network is tracking users in the same way.


    WikiLeaks: NSA Spied on Ally Germany Amid EU-Greece Crisis
    US Spy Court Dismisses Constitution in Approving NSA Bulk Data Collection
    US Spy Court Snubs Congress in Allowing NSA to Resume Bulk Data Collection
    Surveillance Court: NSA May Resume Illegal Bulk Data Collection
    US Court Allows NSA to Resume Call Records Collection
    manual, training, computer program, intelligence, surveillance, XKEYSCORE, The Intercept, National Security Agency (NSA), Edward Snowden
    Community standardsDiscussion