REUTERS

An analysis of secret documents leaked by Edward Snowden demonstrates that the NSA is more active in Germany than anywhere else in Europe -- and that data collected here may have helped kill suspected terrorists.

Just before Christmas 2005, an unexpected event disrupted the work of American spies in the south-central German city of Wiesbaden. During the installation of a fiber-optic cable near the Rhine River, local workers encountered a suspicious metal object, possibly an undetonated World War II explosive. It was certainly possible: Adolf Hitler's military had once maintained a tank repair yard in the Wiesbaden neighborhood of Mainz-Kastel.
The Americans -- who maintained what was officially known as a "Storage Station" on Ludwig Wolker Street -- prepared an evacuation plan. And on Jan. 24, 2006, analysts with the National Security Agency (NSA) cleared out their offices, cutting off the intelligence agency's access to important European data streams for an entire day, a painfully long time. The all-clear only came that night: The potential ordinance turned out to be nothing more than a pile of junk.
Residents in Mainz-Kastel knew nothing of the incident.
Of course, everybody living there knows of the 20-hectare (49-acre) US army compound. A beige wall topped with barbed wire protects the site from the outside world; a sign outside warns, "Beware, Firearms in Use!"
Americans in uniform have been part of the cityscape in Wiesbaden for decades, and local businesses have learned to cater to their customers from abroad. Used-car dealerships post their prices in dollars and many Americans are regulars at the local brewery. "It is a peaceful coexistence," says Christa Gabriel, head of the Mainz-Kastel district council.
But until now, almost nobody in Wiesbaden knew that Building 4009 of the "Storage Station" houses one of the NSA's most important European data collection centers. Its official name is the European Technical Center (ETC), and, as documents from the archive of whistleblower Edward Snowden show, it has been expanded in recent years. From an American perspective, the program to improve the center -- which was known by the strange code name "GODLIKELESION" -- was badly needed. In early 2010, for example, the NSA branch office lost power 150 times within the space just a few months -- a serious handicap for a service that strives to monitor all of the world's data traffic.
NSA Sites in Germany

On Sept. 19, 2011, the Americans celebrated the reopening of the refurbished ETC, and since then, the building has been the NSA's "primary communications hub" in Europe. From here, a Snowden document outlines, huge amounts of data are intercepted and forwarded to "NSAers, warfighters and foreign partners in Europe, Africa and the Middle East." The hub, the document notes, ensures the reliable transfer of data for "the foreseeable future."Soon the NSA will have an even more powerful and modern facility at their disposal: Just five kilometers away, in the Clay Kaserne, a US military complex located in the Erbenheim district of Wiesbaden, the "Consolidated Intelligence Center" is under construction. It will house data-monitoring specialists from Mainz-Kastel. The project in southern Hesse comes with a price tag of $124 million (€91 million). When finished, the US government will be even better equipped to satisfy its vast hunger for data.
One year after Edward Snowden made the breadth of the NSA's global data monitoring public, much remains unknown about the full scope of the intelligence service's activities in Germany. We know that the Americans monitored the mobile phone of German Chancellor Angela Merkel and we know that there are listening posts in the US Embassy in Berlin and in the Consulate General in Frankfurt.
But much remains in the dark. The German government has sent lists of questions to the US government on several occasions, and a parliamentary investigative committee has begun looking into the subject in Berlin. Furthermore, Germany's chief public prosecutor has initiated an investigation into the NSA -- albeit one currently limited to its monitoring of the chancellor's cell phone and not the broader allegation that it spied on the communications of the German public. Neither the government nor German lawmakers nor prosecutors believe they will receive answers from officials in the United States.
German Left Party politician Jan Korte recently asked just how much the German government knows about American spying activities in Germany. The answer: Nothing. The NSA's promise to send a package including all relevant documents to re-establish transparency between the two governments has been quietly forgotten by the Americans.
In response, SPIEGEL has again reviewed the Snowden documents relating to Germany and compiled a Germany File of original documents pertaining to the NSA's activities in the country that are now available for download here. SPIEGEL has reported on the contents of some of the documents over the course of the past year. The content of others is now being written about for the first time. Some passages of the documents have been redacted in order to remove sensitive information like the names of NSA employees or those of the German foreign intelligence service, the Bundesnachrichtendienst (BND). This week's reports are also based on documents and information from other sources.
An Omnipotent American Authority
The German public has a right to know exactly what the NSA is doing in Germany, and should be given the ability to draw its own conclusions about the extent of the US intelligence agency's activities in the country and the scope of its cooperation with German agencies when it comes to, for example, the monitoring of fiber-optic cables.
The German archive provides the basis for a critical discussion on the necessity and limits of secret service work as well as on the protection of privacy in the age of digital communication. The documents complement the debate over a trans-Atlantic relationship that has been severely damaged by the NSA affair.
They paint a picture of an all-powerful American intelligence agency that has developed an increasingly intimate relationship with Germany over the past 13 years while massively expanding its presence. No other country in Europe plays host to a secret NSA surveillance architecture comparable to the one in Germany. It is a web of sites defined as much by a thirst for total control as by the desire for security. In 2007, the NSA claimed to have at least a dozen active collection sites in Germany.
The documents indicate that the NSA uses its German sites to search for a potential target by analyzing a "Pattern of Life," in the words of one Snowden file. And one classified report suggests that information collected in Germany is used for the "capture or kill" of alleged terrorists.
According to Paragraph 99 of Germany's criminal code, spying is illegal on German territory, yet German officials would seem to know next to nothing about the NSA's activity in their country. For quite some time, it appears, they didn't even want to know. It wasn't until Snowden went public with his knowledge that the German government became active.
On June 11, August 26 and October 24 of last year, Berlin sent a catalogue of questions to the US government. During a visit to NSA headquarters at Fort Meade, Maryland at the beginning of November, German intelligence heads Gerhard Schindler (of the BND) and Hans-Georg Maassen (of the domestic intelligence agency, known as the Office for the Protection of the Constitution or BfV) asked the most important questions in person and, for good measure, handed over a written list. No answers have been forthcoming. This leaves the Snowden documents as the best source for describing how the NSA has turned Germany into its most important base in Europe in the wake of the terrorist attacks of Sept. 11, 2001.
The NSA's European Headquarters
On March 10, 2004, two US generals -- Richard J. Quirk III of the NSA and John Kimmons, who was the US Army's deputy chief of staff for intelligence -- finalized an agreement to establish an operations center in Germany, the European Security Center (ESC), to be located on US Army property in the town of Griesheim near Darmstadt, Germany. That center is now the NSA's most important listening station in Europe.
The NSA had already dispatched an initial team to southern Germany in early 2003. The agency stationed a half-dozen analysts at the its European headquarters in Stuttgart's Vaihingen neighborhood, where their work focused largely on North Africa. The analysts' aims, according to internal documents, included providing support to African governments in securing borders and ensuring that they didn't offer safe havens to terrorist organizations or their accomplices.
The work quickly bore fruit. It became increasingly easy to track the movements of suspicious persons in Mali, Mauritania and Algeria through the surveillance of satellite telephones. NSA workers passed information on to the US military's European Command, with some also being shared with individual governments in Africa. A US government document states that the intelligence insights have "been responsible for the capture or kill of over 40 terrorists and has helped achieve GWOT (Global War on Terror) and regional policy successes in Africa."
Is Germany an NSA Beachhead?
The documents in Snowden's archive raise the question of whether Germany has become a beachhead for America's deadly operations against suspected terrorists -- and whether the CIA and the American military use data collected in Germany in the deployment of its combat drones. When asked about this by SPIEGEL, the NSA declined to respond.
The operations of the NSA's analysts in Stuttgart were so successful that the intelligence agency quickly moved to expand its presence. In 2004, the Americans obtained approximately 1,000 square meters (10,750 square feet) of office space in Griesheim to host 59 workers who monitored communications in an effort to "optimize support to Theater operations" of the US Armed Forces. Ten years later, the center, although largely used by the military, has become the NSA's most important outpost in Europe -- with a mandate that goes far beyond providing support for the US military.
In 2011, around 240 intelligence service analysts were working at the Griesheim facility, known as the Dagger Complex. It was a "diverse mix of military service members, Department of the Army civilians, NSA civilians, and contractors," an internal document states. They were responsible for both collecting and analyzing international communication streams. One member of the NSA pointed out proudly that they were responsible for every step in the process: collection, processing, analyzing and distribution.
In May 2011, the installation was renamed the European Center for Cryptology (ECC) and the NSA integrated its Threat Operations Center, responsible for early danger identification, into the site. A total of 26 reconnaissance missions are managed from the Griesheim complex, which has since become the center of the "largest Analysis and Production activity in Europe," with satellite stations in Mons, Belgium, and in Great Britain. Internal documents indicate that the ECC is the operative intelligence arm of the NSA's European leadership in Stuttgart.

Part 2: Targets in Africa, Targets in Europe

Much of what happens in Griesheim is classic intelligence work and threat identification, but a presentation dating from 2012 suggests that European data streams are also monitored on a broad scale. One internal document states there are targets in Africa as well as targets in Europe. The reason being that "most terrorists stop thru Europe." For reconnaissance, the document mentions, the ECC relies on its own intelligence gathering as well as data and assistance from Britain's Government Communications Headquarters (GCHQ) intelligence service.

The latter is likely a reference to the Tempora program, located in the British town of Bude, which collects all Internet data passing through several major fiber-optic cables. GCHQ, working together with the NSA, saves the data that travels through these major European network connections for at least three days. The ECC claims to have access to at least part of the GCHQ data.
NSA staff in Griesheim use the most modern equipment available for the analysis of the data streams, using programs like XKeyscore, which allows for the deep penetration of Internet traffic. Xkeyscore's sheer power even awakened the interest of Germany's BND foreign intelligence service as well as that of the Federal Office for the Protection of the Constitution, which is responsible for monitoring extremists and possible terrorists within Germany.
An internal NSA report suggests that XKeyscore was being used at Griesheim not only to collect metadata -- e.g. the who, what, where, with whom and at what time -- but also the content of actual communications. "Raw content" is saved for a period of between "3 days to a couple of weeks," an ECC slide states. The metadata are stored for more than 90 days. The document states that XKeyscore also makes "complex analytics like 'Pattern of Life'" possible.
The NSA said in a statement that XKeyscore is an element of its foreign intelligence gathering activities, but it was using the program lawfully and that it allows the agency to help "defend the nation and protect US and allied troops abroad." The statement said it engages in "extensive, close consultations" with the German government. In a statement provided to SPIEGEL, NSA officials pointed to a policy directive Barack Obama issued in January in which the US president affirmed that all persons, regardless of nationality, have legitimate privacy interests, and that privacy and civil liberties "shall be integral considerations in the planning of US signals intelligence activities."
The statement reveals the significant gap between Germany's understanding of what surveillance means and that of the Americans. In overseas operations, the NSA does not consider searching through emails to be surveillance as long as they are only stored temporarily. It is only considered to be a deeper encroachment on privacy when this data is transferred to the agency's databases and saved for a longer period of time. The US doesn't see it as a contradiction when Obama ensures that people won't be spied upon, even as the NSA continues monitoring email traffic. The NSA did not respond to SPIEGEL's more detailed questions about the agency's outposts in Germany.
'The Endangered Habitat of the NSA Spies'
The bustling activity inside the Dagger Complex listening station at Griesheim stands in stark contrast to its outward appearance. Only a few buildings can be recognized above ground, secured by two fences and a gate made of steel girders and topped by barbed wire.
Activist Daniel Bangart would love to see what is on the other side of that fence. He's rattled the fence a number of times over the past year, but so far no one has let him in. Instead, he's often been visited by police.
When Bangert first began inviting people to take a "walk" at Griesheim to "explore together the endangered habitat of the NSA spies," he intended it as a kind of subversive satirical act. But with each new revelation from the Snowden archive, the 29-year-old has taken the issue more seriously. These days, the heating engineer -- who often wears a T-shirt emblazoned with "Team Edward" -- and a small group of campaigners regularly attempt to provoke employees at the Dagger Complex. He has developed his own method of counter-espionage: He writes down the license plate numbers of suspected spies from Wiesbaden and Stuttgart.
At one point, the anti-surveillance activist even tried to initiate a dialogue with a few of the Americans. At a street fair in Griesheim, he convinced one to join him for a beer, but the man only answered Bangert's questions with queries of his own. Bangert says another American told him: "What is your problem? We are watching you!"
Spying as They Please
It's possible Bangert has also attracted the attention of another NSA site, located in the US Consulate General in Frankfurt, not far from Griesheim. The "Special Collection Service" (SCS) is a listening station that German public prosecutors have taken a particular interest in since announcing earlier this month that it was launching an investigation into the spying on Angela Merkel's mobile phone. The trail leads from the Chancellery in Berlin via the US Embassy next to the Brandenburg Gate and continues all the way to Laurel, Maryland, north of Washington DC.
That's where the SCS is headquartered. The service is operated together by the NSA and the CIA and has agents spread out across the globe. They are the eyes and ears of the US and, as one internal document notes, establish a "Home field advantage in adversary's space."
The SCS is like a two-parent household, says Ron Moultrie, formerly the service's vice president. "We must be mindful of both 'parents'." Every two years, leadership is swapped between the NSA and the CIA. The SCS, says Moultrie, is "truly a hybrid." It is divided into four departments, including the "Mission Support Office" and the "Field Operations Office," which is made up of a Special Operations unit and a center for signal development. In Laurel, according to internal documents, the NSA has established a relay station for communications intercepted overseas and a site for training.
Employees are stationed in US embassies and consulates in crisis regions, but are also active in countries that are considered neutral, like Austria. The agents are protected by diplomatic accreditation, even though their job isn't covered by the international agreements guaranteeing diplomatic immunity: They spy pretty much as they please. For many years, SCS agents claimed to be working for the ominous-sounding "Defense Communications Support Group." Sometimes, they said they worked for something called the "Defense Information Systems Agency."
Spying Stations, from Athens the Zagreb
According to an internal document from 2011, information related to the SCS and the sites it maintains was to be kept classified for at least 75 years. It argued that if the agency's activities were ever revealed, it would hamper the "effectiveness of intelligence methods currently in use" and result in "serious harm" to relations between the US and foreign governments.
In 1979, there were just over 40 such SCS branch offices. During the chilliest days of the Cold War, the number reached a high point of 88 only to drop significantly after the fall of the Berlin Wall and the collapse of communism in Eastern Europe. But following the Sept. 11, 2001 terror attacks, the government established additional sites, bringing the number of SCS spy stations around the world up to a total of around 80 today. The documents indicate that the SCS maintains two sites in Germany: in the US Consulate General in Frankfurt and the US Embassy in Berlin, just a few hundred meters away from the Chancellery.
The German agencies responsible for defending against and pursuing espionage -- the Office for the Protection of the Constitution and the office of the chief federal prosecutor -- are particularly interested in the technology deployed by the SCS. The database entry relating to Merkel's cell phone, which SPIEGEL first reported on in October 2013, shows that the SCS was responsible for its surveillance.
According to an internal presentation about the work done by the SCS, equipment includes an antenna rotator known as "Einstein," a database for analysis of microwaves called "Interquake" and a program called "Sciatica" that allows for the collection of signals transmitted in gigahertz frequencies. A program called "Birdwatcher," which intercepts encrypted signals and prepares them for analysis, can be remotely controlled from the SCS headquarters in Maryland. The tool allows the NSA to identify protected "Virtual Private Networks" or VPNs that might be of interest. VPNs are used by many companies and embassies for internal communication.
200 American Intelligence Workers in Germany
Following the revelations that Merkel's mobile phone had been monitored, Hans-Georg Maassen of the domestic intelligence agency BfV, turned to US Ambassador to Germany John Emerson to learn more about the technology and the people behind it. Maassen also wanted to know what private contractors the NSA was working with in Germany. When Emerson said during a visit to the Chancellery that he assumed the questions had been straightened out, Maassen countered, in writing, that they remained pertinent.
Maassen says he received a "satisfactory" answer from Emerson about intelligence employees. But that could be because the US government has officially accredited a number of the intelligence workers it has stationed in Germany. SPIEGEL research indicates more than 200 Americans are registered as diplomats in Germany. There are also employees with private firms who are contracted by the NSA but are not officially accredited.
The list of questions the German government sent to the US Embassy makes it clear that German intelligence badly needs help. "Are there Special Collection Services in Germany?" reads one question. "Do you conduct surveillance in Germany?" And: "Is this reconnaissance targeted against German interests? " There are many questions, but no answers.
Ultimately, Maassen will have to explain to the parliamentary investigative committee what he has learned about US spying in Germany and how he intends to fulfill his legally mandated task of preventing espionage. The explanation provided by the BfV thus far -- that it is uncertain whether the chancellor was spied on from the US Embassy in Berlin or remotely from the headquarters in Maryland, making it unclear whether German anti-espionage officials should get involved -- is certainly an odd one. Germany's domestic intelligence agency is responsible for every act of espionage targeting the country, no matter where it originates. Cyber-attacks from China are also viewed by the BfV as espionage, even if they are launched from Shanghai.
The order to monitor the chancellor was issued by the department S2C32, the NSA unit responsible for Europe. In 2009, Merkel was included in a list of 122 heads of state and government being spied on by the NSA. The NSA collects all citations relating to a specific person, including the different ways of referring to them, in a database called "Nymrod."
The NSA introduced Nymrod in January 2008 and the entries refer to a kind of register of "intelligence reports from NSA, CIA, and DoD (Department of Defense) databases." In Merkel's case, there are more than 300 reports from the year 2009 in which the chancellor is mentioned. The content of these reports is not included in the documents, but according to a Nymrod description from 2008, the database is a collection of "SIGINT-Targets." SIGINT stands for signals intelligence.

Part 3: Collection Sites in Germany

Is it possible that the German government really knew nothing about all of these NSA activities within Germany? Are they really -- as they claimed in August 2013 in response to a query from the center-left Social Democratic Party (SPD) -- "unaware of the surveillance stations used by the NSA in Germany"?
That is difficult to believe, especially given that the NSA has been active in Germany for decades and has cooperated closely with the country's foreign intelligence agency, the BND, which is overseen by the Chancellery. A top-secret NSA paper from January 2013 notes: "NSA established a relationship with its SIGINT counterpart in Germany, the BND-TA, in 1962, which includes extensive analytical, operational, and technical exchanges."
When the cooperation with its junior partner from West Germany began, the NSA was just 10 years old and maintained stations in Augsburg and West Berlin in addition to its European headquarters in Stuttgart-Vaihingen.
American intelligence agencies, like those of the three other World War II victors, immediately began to monitor Germans within their zones of occupation, as confirmed by internal guidelines relating to the evaluation of reports stemming from the years 1946 to 1967.
In 1955, the British and French reduced their surveillance of Germans and focused on operations further to the east. The Americans, however, did not and continued to monitor telephone and other transmissions both within Germany and between the country and others in Western Europe. By the mid 1950s, US spies may have been listening in on some 5 million telephone conversations per year in Germany.
The easternmost NSA surveillance post in Europe during the Cold War was the Field Station Berlin, located on Teufelsberg (Devil's Mountain) in West Berlin. The hill is made from the rubble left over from World War II -- and the agents operating from its top were apparently extremely competent. They won the coveted Travis Trophy, awarded by the NSA each year to the best surveillance post worldwide, four times.
'A Perpetual State of Domination'
Josef Foschepoth, a German historian, refers to German-American relations as "a perpetual state of domination." He speaks of a "common law developed over the course of 60 years" allowing for uncontrolled US surveillance in Germany. Just how comprehensive this surveillance was -- and remains -- can be seen from the so-called SIGAD lists, which are part of the Snowden archive. SIGAD stands for "Signal Intelligence Activity Designator" and refers to intelligence sources that intercept radio or telephone signals. Every US monitoring facility carries a code name made up of letters and numbers.
Documents indicate that the Americans often opened new SIGAD facilities and closed old ones over the decades, with a total of around 150 prior to the fall of the Wall. The technology used for such surveillance operations has advanced tremendously since then, with modern fiber-optic cables largely supplanting satellite communications. Data has become digital, making the capture of large quantities of it far easier.
The Snowden documents include a 2007 list that goes all the way back to 1917 and includes the names of many former and still active US military installations as well as other US facilities that are indicated as sites of data collection. It notes that a number of the codes listed are no longer in operation, and a deactivation date is included for at least a dozen. In other instances, the document states that the closing date is either unknown or that the SIGADs in question are still in operation. These latter codes include sites in Frankfurt, Berlin, Bad Aibling and Stuttgart -- all places still known to have an active NSA presence.
Because Americans tended to monitor their targets themselves, Germany's BND long had little to offer, creating a largely one-sided relationship in which the Germans played the subservient role. Only at the beginning of the last decade did the nature of the cooperation begin to change, partially as a result of the BND's successful effort to massively upgrade its technical abilities, as an internal NSA document notes approvingly. But the pecking order in the relationship has remained constant.
The former East Germany appears to have been better informed about the NSA's spying activities than Berlin currently claims to be. The NSA's work was known to the Hauptverwaltung Aufklärung (HVA), East Germany's foreign intelligence agency, a unit of the Ministry for State Security, the secret police more commonly known as the "Stasi." One internal Stasi document noted of the NSA: "This secret intelligence service of the USA saves all radio signals, conversations, etc., around the globe from friends and foes."
At the beginning of 1990, right after the Berlin Wall fell, HVA officers delivered around 40 binders with copies of NSA documents -- obtained by two spies -- to the Stasi's central archive. The HVA officers wanted to preserve the highly controversial material for historians and others who might be interested in it.
Not Enough for the USA
After US diplomats were informed by the German Federal Prosecutor of the documents' existence, Washington began applying pressure on the German government to hand over the NSA files. Finally, in July 1992, employees of the German agency responsible for executing the Stasi archive handed "two sealed containers with US documents" over to the German Federal Border Guard, which in turn delivered them to the Interior Ministry. Once in possession of them, the Americans used the files as evidence in the trial against a former NSA employee who had spied for East Germany.
Apparently the first haul of documents wasn't enough for the NSA. In 2008, during Merkel's first term in office, several NSA employees visited the Stasi archives to view all the remaining documents -- from the Stasi's Main Department III, which was responsible for signals intelligence -- containing information about US facilities.
The German Interior Ministry classified and blocked access to most of the material and they are no longer viewable by journalists or researchers. By the time Edward Snowden began publishing the NSA documents last year, only two files pertaining to the NSA remained available for viewing, and both were filled with harmless material. It is unlikely the remaining historical documents will be much help to the federal prosecutors now investigating the NSA.
But one person who could potentially contribute to clarifying the NSA's role in Germany was in Munich this week. General Keith Alexander, who recently left his position as NSA chief, spoke at a conference organized by Deutsche Telekom on Monday night. When officials at the Federal Prosecutor's Office were asked days before his keynote speech whether they would try to question Alexander as a witness, they, responded by saying, "We do not conduct criminal investigative proceedings publicly."
It seems Germany's chief federal investigator may ultimately follow the dictum given by Foschepoth: "The German government is more concerned about keeping the Americans happy than it is about our constitution."
By Sven Becker, Hubert Gude, Judith Horchert, Andy Müller-Maguhn, Laura Poitras, Ole Reißmann, Marcel Rosenbach, Jörg Schindler, Fidelius Schmid, Michael Sontheimer and Holger Stark

smartphone and nsa

Posted: 19 Jan 2015 01:31 PM PST

iSpy: How the NSA Accesses Smartphone Data

By Marcel Rosenbach, Laura Poitras and Holger Stark

The US intelligence agency NSA has been taking advantage of the smartphone boom. It has developed the ability to hack into iPhones, android devices and even the BlackBerry, previously believed to be particularly secure.

Michael Hayden has an interesting story to tell about the iPhone. He and his wife were in an Apple store in Virginia, Hayden, the former head of the United States National Security Agency (NSA), said at a conference in Washington recently. A salesman approached and raved about the iPhone, saying that there were already "400,000 apps" for the device. Hayden, amused, turned to his wife and quietly asked: "This kid doesn't know who I am, does he? Four-hundred-thousand apps means 400,000 possibilities for attacks."
Hayden was apparently exaggerating only slightly. According to internal NSA documents from the Edward Snowden archive that SPIEGEL has been granted access to, the US intelligence service doesn't just bug embassies and access data from undersea cables to gain information. The NSA is also extremely interested in that new form of communication which has experienced such breathtaking success in recent years: smartphones.
In Germany, more than 50 percent of all mobile phone users now possess a smartphone; in the UK, the share is two-thirds. About 130 million people in the US have such a device. The mini-computers have become personal communication centers, digital assistants and life coaches, and they often know more about their users than most users suspect.
For an agency like the NSA, the data storage units are a goldmine, combining in a single device almost all the information that would interest an intelligence agency: social contacts, details about the user's behavior and location, interests (through search terms, for example), photos and sometimes credit card numbers and passwords.
New Channels
Smartphones, in short, are a wonderful technical innovation, but also a terrific opportunity to spy on people, opening doors that even such a powerful organization as the NSA couldn't look behind until now.
From the standpoint of the computer experts at NSA headquarters in Fort Meade, Maryland, the colossal success of smartphones posed an enormous challenge at first. They opened so many new channels, that it seemed as if the NSA agents wouldn't be able to see the forest for the trees.
According to an internal NSA report from 2010 titled, "Exploring Current Trends, Targets and Techniques," the spread of smartphones was happening "extremely rapidly" -- developments that "certainly complicate traditional target analysis."
The NSA tackled the issue at the same speed with which the devices changed user behavior. According to the documents, it set up task forces for the leading smartphone manufacturers and operating systems. Specialized teams began intensively studying Apple's iPhone and its iOS operating system, as well as Google's Android mobile operating system. Another team worked on ways to attack BlackBerry, which had been seen as an impregnable fortress until then.
The material contains no indications of large-scale spying on smartphone users, and yet the documents leave no doubt that if the intelligence service defines a smartphone as a target, it will find a way to gain access to its information.
Still, it is awkward enough that the NSA is targeting devices made by US companies such as Apple and Google. The BlackBerry case is no less sensitive, since the company is based in Canada, one of the partner countries in the NSA's "Five Eyes" alliance. The members of this select group have agreed not to engage in any spying activities against one another.
Exploiting 'Nomophobia'
In this case, at any rate, the no-spy policy doesn't seem to apply. In the documents relating to smartphones that SPIEGEL was able to view, there are no indications that the companies cooperated with the NSA voluntarily.
When contacted, BlackBerry officials said that it is not the company's job to comment on alleged surveillance by governments. "Our public statements and principles have long underscored that there is no 'back door' pipeline to our platform," the company said in a statement. Google issued a statement claiming: "We have no knowledge of working groups like these and do not provide any government with access to our systems." The NSA did not respond to questions from SPIEGEL by the time the magazine went to print.
In exploiting the smartphone, the intelligence agency takes advantage of the carefree approach many users take to the device. According to one NSA presentation, smartphone users demonstrate "nomophobia," or "no mobile phobia." The only thing many users worry about is losing reception. A detailed NSA presentation titled, "Does your target have a smartphone?" shows how extensive the surveillance methods against users of Apple's popular iPhone already are.
In three consecutive transparencies, the authors of the presentation draw a comparison with "1984," George Orwell's classic novel about a surveillance state, revealing the agency's current view of smartphones and their users. "Who knew in 1984 that this would be Big Brother …" the authors ask, in reference to a photo of Apple co-founder Steve Jobs. And commenting on photos of enthusiastic Apple customers and iPhone users, the NSA writes: "… and the zombies would be paying customers?"
In fact, given the targets it defines, the NSA can select a broad spectrum of user data from Apple's most lucrative product, at least if one is to believe the agency's account.
The results the intelligence agency documents on the basis of several examples are impressive. They include an image of the son of a former defense secretary with his arm around a young woman, a photo he took with his iPhone. A series of images depicts young men and women in crisis zones, including an armed man in the mountains of Afghanistan, an Afghan with friends and a suspect in Thailand.
No Access Necessary
All the images were apparently taken with smartphones. A photo taken in January 2012 is especially risqué: It shows a former senior government official of a foreign country who, according to the NSA, is relaxing on his couch in front of a TV set and taking pictures of himself -- with his iPhone. To protect the person's privacy, SPIEGEL has chosen not to reveal his name or any other details.
The access to such material varies, but much of it passes through an NSA department responsible for customized surveillance operations against high-interest targets. One of the US agents' tools is the use of backup files established by smartphones. According to one NSA document, these files contain the kind of information that is of particular interest to analysts, such as lists of contacts, call logs and drafts of text messages. To sort out such data, the analysts don't even require access to the iPhone itself, the document indicates. The department merely needs to infiltrate the target's computer, with which the smartphone is synchronized, in advance. Under the heading "iPhone capability," the NSA specialists list the kinds of data they can analyze in these cases. The document notes that there are small NSA programs, known as "scripts," that can perform surveillance on 38 different features of the iPhone 3 and 4 operating systems. They include the mapping feature, voicemail and photos, as well as the Google Earth, Facebook and Yahoo Messenger applications.
The NSA analysts are especially enthusiastic about the geolocation data stored in smartphones and many of their apps, data that enables them to determine a user's whereabouts at a given time.
According to one presentation, it was even possible to track a person's whereabouts over extended periods of time, until Apple eliminated this "error" with version 4.3.3 of its mobile operating system and restricted the memory to seven days.
Still, the "location services" used by many iPhone apps, ranging from the camera to maps to Facebook, are useful to the NSA. In the US intelligence documents, the analysts note that the "convenience" for users ensures that most readily consent when applications ask them whether they can use their current location.
Cracking the Blackberry
The NSA and its partner agency, Britain's GCHQ, focused with similar intensity on another electronic toy: the BlackBerry.
This is particularly interesting given that the Canadian company's product is marketed to a specific target group: companies that buy the devices for their employees. In fact, the device, with its small keypad, is seen as more of a manager's tool than something suspected terrorists would use to discuss potential attacks.
The NSA also shares this assessment, noting that Nokia devices were long favored in extremist forums, with Apple following in third place and BlackBerry ranking a distant ninth.
According to several documents, the NSA spent years trying to crack BlackBerry communications, which enjoy a high degree of protection, and maintains a special "BlackBerry Working Group" specifically for this purpose. But the industry's rapid development cycles keep the specialists assigned to the group on their toes, as a GCHQ document marked "UK Secret" indicates.
According to the document, problems with the processing of BlackBerry data were suddenly encountered in May and June 2009, problems the agents attributed to a data compression method newly introduced by the manufacturer.
In July and August, the GCHQ team assigned to the case discovered that BlackBerry had previously acquired a smaller company. At the same time, the intelligence agency had begun studying the new BlackBerry code. In March 2010, the problem was finally solved, according to the internal account. "Champagne!" the analysts remarked, patting themselves on the back.
Security Concerns
The internal documents indicate that this was not the only success against Blackberry, a company that markets its devices as being surveillance-proof -- and one that has recently lost substantial market share due to strategic mistakes, as the NSA also notes with interest. According to one of the internal documents, in a section marked "Trends," the share of US government employees who used BlackBerry devices fell from 77 to less than 50 percent between August 2009 and May 2012.
The NSA concludes that ordinary consumer devices are increasingly replacing the only certified government smartphone, leading the analysts to voice their concerns about security. They apparently assume that they are the only agents worldwide capable of secretly tapping into BlackBerrys.
As far back as 2009, the NSA specialists noted that they could "see and read" text messages sent from BlackBerrys, and could also "collect and process BIS mails." BIS stands for BlackBerry Internet Service, which operates outside corporate networks, and which, in contrast to the data passing through internal BlackBerry services (BES), only compresses but does not encrypt data.
But even this highest level of security would seem not to be immune to NSA access, at least according to a presentation titled, "Your target is using a BlackBerry? Now what?" The presentation notes that the acquisition of encrypted BES communications requires a "sustained" operation by the NSA's Tailored Access Operation department in order to "fully prosecute your target." An email from a Mexican government agency, which appears in the presentation under the title "BES collection," reveals that this is applied successfully in practice.
Relying on BlackBerry
In June 2012, the documents show that the NSA was able to expand its arsenal against BlackBerry. Now they were also listing voice telephony among their "current capabilities," namely the two conventional mobile wireless standards in Europe and the United States, "GSM" and "CDMA."
But the internal group of experts, who had come together for a "BlackBerry round table" discussion, was still not satisfied. According to the documents, the question of which "additional enrichments would you like to see" with regards to BlackBerry was also discussed.
Even if everything in the materials viewed by SPIEGEL suggests the targeted use of these NSA surveillance options, the companies involved are not likely to be impressed.
BlackBerry is faltering and is currently open to takeover bids. Security remains one of its top selling points with its most recent models, such as the Q10. If it now becomes apparent that the NSA is capable of spying on both Apple and BlackBerry devices in a targeted manner, it could have far-reaching consequences.
Those consequences extend to the German government. Not long ago, the government in Berlin awarded a major contract for secure mobile communications within federal agencies. The winner was BlackBerry.

Translated from the German by Christopher Sultan

Wingsuit: FarCry 4 Funny Moments - c4 Fun, Majestic Wingsuit, Forest Fire and More!

Posted: 19 Jan 2015 01:31 PM PST