Nearly forty U.S. government large-scale surveillance projects disclosed by the media over the years
Since 2001, other oversight agencies, such as the positions of the Department of Homeland Security and the Director of National Intelligence, have exponentially upgraded large-scale surveillance. A series of media reports in 2013 revealed the latest plans and technologies adopted by the US intelligence community.
1. History of large-scale surveillance in the United States
The practice of large-scale surveillance in the United States can be traced back to the wartime surveillance of World War I and the censorship of international communications from or through the United States.
After World War I and World War II, the surveillance continued through programs such as Black Chamber and Project SHAMROCK. The formation and development of institutionalized supervision by federal law enforcement and intelligence agencies (such as the FBI, the CIA, and the National Security Agency) have also effectively curbed political dissent, as evidenced by COINTELPRO for projects targeting various organizations and individuals.
In the era of the Civil Rights Movement, many people who received surveillance orders were first called integrationists and then considered subversive. Other targeted individuals and groups include Native American activists, African American and Chicano liberation activists, and anti-war protesters.
The formation of the international UKUSA supervision agreement in 1946 evolved from the five English-speaking countries (also known as the Five Eyes) in 1955 to the ECHELON cooperation and focused on intercepting electronic communications, and domestic surveillance capabilities were greatly increased.
Following the September 11, 2001 attack, the US domestic and international large-scale surveillance capabilities have risen sharply. Large-scale surveillance relies on the annual presidential executive order to declare a continuous national emergency, first signed by George W. Bush on September 14, 2001, and then continued by US President Barack Obama every year, and several times thereafter National security activities include the PRISM surveillance program under the US Patriot Act and the FISA Amendment Act.
Critics and political dissidents currently describe these behaviors, and the resulting influence of the Fusion Central Database Network as a veritable American police state has simply institutionalized the assassination of dissidents and dissidents since the 1950s. Leader’s illegal COINTELPRO tactics.
Since 2001, other oversight agencies, such as the positions of the Department of Homeland Security and the Director of National Intelligence, have exponentially upgraded large-scale surveillance. A series of media reports in 2013 revealed the latest plans and technologies adopted by the US intelligence community. Advances in computer and information technology have allowed the creation of huge national databases through the DHS-managed Convergence Center, the Central Intelligence Agency’s Terrorist Threat Integration Center (TTIC) program, and the FBI’s data to facilitate large-scale surveillance in the United States.
2. U.S. government large-scale surveillance project
1. Boundless Informant :
A system deployed by the National Security Agency to analyze global electronic information.
The global heat map from the NSA data visualization tool BOUNDLESSINFORMANT shows that during a 30-day period, 97 billion Internet data records (DNI) and 124 billion telephone data records (DNR) were collected.
In a letter to NSA director General Keith Alexander in October last year, senator Wyden and his Democratic colleague on the Senate intelligence committee, Mark Udall, noted that “the intelligence community has stated repeatedly that it is not possible to provide even a rough estimate of how many American communications have been collected under the Fisa Amendments Act, and has even declined to estimate the scale of this collection.”
A highly classified National Security Agency plan to maintain its ability to eavesdrop on encrypted communications by influencing and weakening encryption standards, obtaining master encryption keys, and through agreements, by forcing access to data before or after encrypted data, or laws, or Exploit (hacker) through a computer network.
A slide released by the Guardian, depicting the high-level architecture of the National Security Agency’s “development of common Internet encryption technology [crack]”
3. Carnivore (Carnivore, later renamed: DCS1000):
A system implemented by the FBI in October 1997 to monitor e-mail and electronic communications. It uses a customizable packet sniffer that can monitor all Internet traffic of the target user. By 2005, it had been replaced by the improved commercial software NarusInsight.
4. Comprehensive National Cyber Security Initiative (CNCI):
It was established in January 2008 by President George W. Bush through National Security Presidential Directive 54/Homeland Security Presidential Directive 23 (NSPD-54/HSPD-23). The plan outlines the goals of U.S. cybersecurity and spans multiple agencies. Including the Office of Management and Budget of the Department of Homeland Security and the National Security Agency.
The current goals of the initiative include: establishing the front line of defense against network intrusions; defending the United States from various threats through counterintelligence; strengthening the future cybersecurity environment through education, coordination, and research.
The main actions of CNCI are: to establish or strengthen shared situational awareness within the federal government and with other government agencies and the private sector; create or enhance the ability to respond quickly to prevent intrusions; enhance anti-espionage capabilities; improve the security of critical information technology supply chains; Expand network education; coordinate and redirect research and development work; and formulate deterrence strategies.
DCSNet is the point-and-click monitoring system of the Federal Bureau of Investigation (FBI), which can conduct instant eavesdropping on almost all telecommunications equipment in the United States. It allows access to mobile, landline and SMS communications anywhere in the United States through a point-and-click interface. It runs on a fiber optic backbone network separated from the Internet. It is designed to improve agent productivity through workflow modeling, and it only takes a few clicks to intercept routing for translation or analysis. DCSNet real-time intelligence data interception can record, review and playback the intercepted data in real time.
Fairview is a secret project under which the National Security Agency cooperates with American telecommunications company AT&T to collect telephone, Internet, and email data from foreign citizens at major cable landing stations and exchange stations in the United States. The FAIRVIEW project started in 1985.
FAIRVIEW: A map broadcast on Brazilian TV in 2013
7. Financial Crimes Enforcement Network (Financial Crimes Enforcement Network):
A bureau of the US Treasury Department responsible for collecting and analyzing financial transactions to combat financial crimes.
Organizational structure of the financial crime law enforcement network
ICREACH is a top-secret search engine related to secret surveillance created by the National Security Agency (NSA) after the 9/11 attacks. The monitoring front-end GUI shared with 23 government agencies (including CIA, DEA and FBI) is used to search for illegally collected personal records.
9. Magic Lantern:
Magic Lantern is a keystroke recording software developed by the Federal Bureau of Investigation (FBI). Magic Lantern can be installed remotely via email attachments or by exploiting common operating system vulnerabilities.
10. Main Core:
Main Core is the code name of the US government database, which stores the personal and financial database information of millions of US citizens. This information is considered to be threat data to national security, mainly from the National Security Agency, the FBI, the Central Intelligence Agency and other governments source.
11. DHS media monitoring services:
The Media Monitoring Service is a database of the US Department of Homeland Security designed to track 290,000 global news sources and media influencers to monitor public opinion. Beginning in January 2010, NOC has launched a media monitoring capability (MMC) pilot program using mission-related events and social media monitoring related to international events.
The U.S. National Security Agency’s overseas eavesdropping of Google and Yahoo’s unencrypted internal network projects. MUSCULAR (DS-200B), located in the United Kingdom, is the name of a surveillance program jointly operated by the British Government Communications Headquarters (GCHQ) and the National Security Agency (NSA). GCHQ is the main operator of the plan.
Regarding the internal NSA SSO update of the MUSCULAR operation, the issue of Yahoo mailbox transmission is mentioned, and data capture needs to be restricted.
MYSTIC is a global voice blocking program used by the National Security Agency.
The MYSTIC report collects data from the Philippines (VENATOR), Mexico (EVENINGEASEL), Kenya (DUSKPALLET), Bahamas (BASECOAT), and initially unnamed countries from January to April 2012.
14. Nationwide Suspicious Activity Reporting Initiative:
The National Suspicious Activity Reporting (SAR) Program (NSI) is a program of the US government to collect and share reports of suspicious activity by Americans. The Nationwide SAR Initiative (NSI) builds on what law enforcement agencies and other agencies have been doing for years-collecting information about behaviors and incidents related to criminal activities-but without customary restrictions on the collection of personal data. There is no reasonable doubt or possible cause. The program establishes a standardized procedure to share SAR among agencies to help detect and prevent terrorist-related criminal activities. According to this government initiative, law enforcement officials, public safety personnel, critical infrastructure owners or the public can submit suspicious activity reports (SAR).
15. NSA ANT catalog:
A 50-page document list technology that lists available technologies to help the National Security Agency (NSA) Specific Intrusion Operations Office (TAO) implement network monitoring through advanced network technology (ANT). Most of the equipment is already in use and is available to members of the United States and the Five Eyes Alliance.
16. Room 641A:
Room 641A is a telecommunication interception facility operated by AT&T for the US National Security Agency, which began operations in 2003. The SBC Communications Building at 611 Folsom Street in San Francisco has access to all Internet traffic passing through the building, so it “can monitor and analyze Internet content on a large scale, including overseas and purely domestic traffic.”
17. Sentry Eagle:
Sentry Eagle is a national initiative to protect the plan, is the National Security Agency (NSA) Central Security Agency (CSS) and the United States Strategic Command Joint Cyber Warfare Command-(JFCC-NW) zoning plan. The plan is designed to protect the US cyberspace, including through the computer network attack (CNA) plan to synchronize and attack the opponent’s cyberspace. These combinations are called Core Computer Network Operations (CNO) of NSA/CSS and JFCC-NW.
CNO functions include Sentry Eagle, Computer Network Utilization (CNE), Information Assurance, Computer Network Defense (CND), Cyber Warfare and Computer Network Attack (CNA).
Sentry Eagle includes six subroutines:
- Sentry Hawk (involving computer network use or espionage)
- Sentry Falcon (Computer Network Defense)
- Sentry Osprey (cooperating with the Central Intelligence Agency and other intelligence agencies)
- Sentry Raven (breaking the encryption system)
- Sentry Condor (computer network operations and attacks)
- Sentry Owl (in cooperation with private companies)
18. Special Collection Service (SCS):
Special Collection Service is a black budget program responsible for “close surveillance, burglary, wiretapping, breaking and entry”. It uses hidden hearing device technology to damage foreign embassies, communication centers, computer facilities, fiber optic networks and government facilities.
Location of CIA/NSA Special Collection Service (SCS) wiretapping sites in 2004
As of August 13, 2010, CIA/NSA Special Collection Service (SCS) tapped the location and status of the site
19. TAO tailored access operations (Tailored Access Operations):
The NSA’s intelligence collection unit can collect approximately 2 petabytes of data per hour.
TAO has software templates that allow it to break into commonly used hardware, including “routers, switches, and firewalls from multiple product vendors.” TAO’s headquarters is called the Remote Operations Center (ROC) and is located at the NSA headquarters in Fort Meade, Maryland. In the remote operation center, 600 employees collect information from all over the world. include:
- Data Network Technology Division: Development of automatic spyware
- Telecommunications Network Technology Branch: Improve network and computer hacking methods
- Mission Infrastructure Technologies branch: operating the software provided above
Access technology operations department: including personnel seconded by the CIA and the FBI. They perform so-called “off-net operations”, which means they arrange for CIA agents to secretly install eavesdropping equipment on overseas computer and telecommunications systems. So that TAO hackers can access them remotely from Fort Meade.
The QUANTUMSQUIRREL image from the NSA demo, explaining the spoofing ability of QUANTUMSQUIRREL IP hosts
NSA’s QUANTUMTHEORY overview slide, which contains various codenames for specific attack types and integration with other NSA systems
20. Terrorist Finance Tracking Program:
A joint initiative organized by the Central Intelligence Agency and the Ministry of Finance to access the SWIFT (Global Interbank Financial Telecommunications Association) transaction database as part of the Bush Administration’s “Global War on Terrorism”. According to the US government, after the existence of the terrorist financing tracking program was leaked to the media, its efforts to combat terrorist activities were compromised.
21. Turbulence (NSA):
Turbulence is an information technology project of the US National Security Agency (NSA), which began around 2005. It was developed in a small, inexpensive “test” part, rather than a grand plan like its failed predecessor Trailblazer project. It also includes offensive cyber warfare capabilities, such as injecting malware into remote computers.
A system used by the National Security Agency to search and analyze Internet data about foreigners.
The plan has been shared with other spy agencies, including the Australian Signals Agency, the Canadian Communications Security Agency, the New Zealand Government Communications Security Agency, the British Government Communications Headquarters, the Japanese Defense Intelligence Headquarters and Bundesnachrichtendienst in Germany.
Show a world map containing the location of XKeyscore servers from the 2008 NSA presentation on XKeyscore
The content of XKeyscore shows the query hierarchy.
Differences between various NSA database systems
23. Aladdin program:
Designed to extract useful information from a large number of videos uploaded to the Internet.
24. Babel program
Through flexible and powerful voice recognition technology, it provides effective voice search capabilities, effectively analyzes and processes a large number of recorded speeches in the real world.
25. Knowledge Discovery and Dissemination (KDD) program
The development of advanced analysis algorithms allows intelligence agencies to create virtual fusion centers, whereby analysts can effectively make inferences across multiple databases and generate actionable intelligence.
26. Socio-cultural Content in Language (SCIL) Program (Socio-cultural Content in Language (SCIL) Program)
Reveal the social behavior and characteristics of group members through novel algorithms, techniques and techniques, combined with social and cultural norms and language analysis (ie, in discussion forums, online comment sections, social media, etc.).
27. Reynard Program
It is because the characteristics of the “real world” are already reflected in the beginning of the “virtual world”. The plan aims to identify behavioral indicators in the online virtual world and “massively multiplayer online games” related to users’ real-world characteristics. The attributes of concern include gender, age, economic status, education level, occupation, ideology or “world view”, and physical location.
28. “Blarney” plan
According to a report in the Washington Post, in this project, the NSA collected metadata on computers and devices that send and receive e-mail or browse the Internet through the backbone network. These metadata include versions of a large number of computer operating systems, browsers and Java around the world. US intelligence agencies can use this data to attack computers and mobile phones and spy on user information.
The activities of the program involve data mining of large databases of US citizen communications, including e-mail communications, telephone conversations, financial transactions and Internet activities.
30. “Marina” plan
In 2013, an article in the “Washington Post” involved the four surveillance program codes of the National Security Agency, which inherited the original Bush-era STELLARWIND program. Two of the four collection programs are used for telephone and Internet respectively, processing trillions of “metadata” records, which are used for storage and analysis in the MAINWAY and MARINA systems respectively. Metadata includes highly disclosed information about the time, location, equipment, and participants in electronic communications, but does not include its content.
31. Prism Project (PRISM):
The secret national security electronic surveillance program operated by the National Security Agency (NSA) can collect Internet communications from various Internet companies in the United States for customers of participating companies outside or within the United States.
PRISM Introduction PPT
The slide shows most of the world’s communications flow through the United States
Details of information collected by PRISM
The start date of the PRISM collection
PRISM mission process
PRISM aggregate data stream
PRISM case number
REPRISMFISA web application
Slide shows some PRISM goals
32. The main road plan (MAINWAY):
MAINWAY is a database maintained by the US National Security Agency (NSA), which contains metadata about hundreds of billions of calls made through the four major US telephone operators: AT&T, SBC, BellSouth (all three are now called AT&T), and Verizon . According to Pulitzer Prize-winning journalist James Risen, MAINWAY is the most important of the four components that make up the ThinThread project.
33. “NUCLEON” project
One of the aforementioned telephone communication collection plans.
It was the first malware to detect spies in industrial systems, and it was used to attack Iran’s nuclear facilities. (Stopped)
35. Information Awareness Office:
An office designed to bring together several DARPA projects, focusing on the application of surveillance and information technology to track and monitor terrorists and other threats to the national security of the United States. (Stopped)
36. Multi-state anti-terrorism information exchange (MATRIX):
A data mining system originally developed for Florida law enforcement. (Stopped)
37. Terrorism surveillance plan:
Replaced by PRISM. (Stopped)
The National Security Agency (NSA) program involves eavesdropping and complex analysis of the resulting data. (Stopped)
39. Pioneer Project:
The National Security Agency (NSA) program aims to develop the function of analyzing data on communication networks (including mobile phone networks and the Internet). (Stopped)
1. The US Intelligence Community (IC):
A cooperative alliance of 16 government agencies that also work together to gather intelligence and conduct espionage activities.
2. Utah Data Center:
The USD 1.5 billion data storage center of the Smart Community aims to store extremely large amounts of data at the scale of yottabytes.
3. NSA global data collection procedures and data tools
- Echelon, steeple, SHAMROCK, PROMIS (before 1978)
- Upstream collection, flattery, FAIRVIEW, main core, ThinThread, Genoa (since 1978)
- Barrier-A (since 1990)
- OAKSTAR, STORMBREW, Trailblazers, Unrest, Genoa II, Comprehensive Information Awareness, Presidential Supervision Plan, Terrorism Surveillance Plan (since 2001)
- PRISM, Dropmire, Special Class, Bullrun, Mystery, MonsterMind (since 2007)
- PINWALE, dock, Mingwei, TRAFFICTHIEF, DISHFIRE, XKeyscore ICREACH, BOUNDLESSINFORMANT
- MUSCULAR, TEMPORA
- 1. Australia-Australian Defence Signals Agency,
- 2. Canada-Canadian Communications Security Agency,
- 3. New Zealand-New Zealand Government Communications Security Agency,
- 4. United Kingdom-United Kingdom Government Communications Headquarters,
- 5. The United States-The National Security Agency has the largest budget and the most advanced technical capabilities in the “Five Eyes”.
5. Other government agencies that extensively cooperate with “Five Eyes”
1. Denmark-As part of the secret agreement signed with the United States, the Danish political agency Efterretningstjeneste (PET) is a domestic intelligence agency that regularly exchanges data with the National Security Agency.
2. Germany-Germany’s Bundesnachrichtendienst (Federal Intelligence Agency) systematically transfers metadata from German intelligence sources to the National Security Agency. In December 2012 alone, Germany provided 500 million metadata records for the National Security Agency. The National Security Agency authorized Bundesnachrichtendienst to visit X-Keyscore in exchange for Mira4 and Veras. In early 2013, Hans-Georg Mason, the president of the German domestic security agency BFV, visited the headquarters of the National Security Agency many times. According to the classified documents of the German government, Maaßen agreed to transfer all data collected by BfV through XKeyscore to the NSA. In addition, BfV has been working closely with eight other US government agencies, including the Central Intelligence Agency.
3. Israel-Israel’s SIGINT national unit regularly receives raw intelligence data (including data on American citizens) from the National Security Agency.
4. The Netherlands-Algemene Inlichtingen en Veiligheidsdienst (General Intelligence and Security Agency) in the Netherlands has been receiving and storing user information collected by US intelligence agencies (such as PRISM).
5. Singapore-Singapore’s Ministry of Defense and its security and intelligence agencies have been secretly intercepting most of the fiber optic cables passing through the Asian continent. The information collected by the Singapore government will be transferred to the Australian government as part of the intelligence sharing agreement. This allows the “five eyes” to “maintain the constraints of communications in the Eastern Hemisphere.”
6. Sweden-The Swedish National Defense Radio (code-named Sardines) has been cooperating extensively with the National Security Agency and awarded the “Five Eyes” channel for the Baltic underwater cable.
7. Switzerland-The Swiss Federal Intelligence Service (FSI) regularly exchanges information with the National Security Agency under a secret agreement. In addition, the NSA has granted Swiss monitoring facilities visits to Leuk (Valais, canton) and Kirchlindach (Canton Berne).
Snowden’s leaked top-secret documents show that “Five Eyes” has obtained most of the Internet and telephone communications throughout Europe, the United States and other parts of the world.
In addition to the “Five Eyes”, most other Western countries also participate in the NSA surveillance system and share information with each other. However, being a partner of the National Security Agency does not automatically exempt the country from becoming a target of the National Security Agency. According to internal NSA documents leaked by Snowden, “we (NSA) can and often target the signals of most third-party foreign partners.”
Picture: SEA-ME-WE 3, which spans Africa from Japan to northern Germany-the Eurasian supercontinent, is one of the most important submarine cables to visit through the “Five Eyes”. Singapore is a former British colony (blue dot) in the Asia-Pacific region and plays a vital role in intercepting Internet and telecommunications traffic from Australia/Japan to Europe, and vice versa. The intelligence sharing agreement between Singapore and Australia allows other “Five Eyes” to obtain the right to use SEA-ME-WE 3.
Picture: TAT-14 is a telecommunications cable connecting Europe and the United States. It is considered one of the few assets of “critical infrastructure and critical resources” outside the United States. In 2013, it was revealed that British officials “put pressure on a small number of telecommunications and Internet companies.”
Disclaimer: This article comes from the toolbox of Dingba Intelligence Analyst, and the copyright belongs to the author. The content of the article only represents the author's independent point of view and does not represent the position of the internal security reference. The purpose of reprinting is to convey more information. If there is any infringement, please contact email@example.com.