Are you a Linux Journal reader or use software such as Tor and Tails Linux? If so, you’ve probably been flagged as an “extremist” by the NSA. Leaked documents related to the XKeyscore program reveal that the agency is targeting anyone who is interested in online privacy, specifically those who use the aforementioned software and visit the Linux user community website.
For those not in the know, Wikipedia defines XKeyscore as a “former secret computer system first used by the United States National Security Agency for searching and analyzing global Internet data, which it collects on a daily basis.” The program has been shared with other spy agencies including the
- Australia’s Signals Directorate,
- Canada’s Communications Security Establishment,
- New Zealand’s Government Communications Security Bureau
- Britain’s Government Communications Headquarters and
- German Bundesnachrichtendienst.
The program was exposed when famous whistleblower Edward Snowden leaked significant NSA secrets and data onto the internet last year.
Its source code (which is basically a rule file), which has been obtained and analyzed by members of the Tor project and security specialists for German broadcasters NDR and WDR, identifies two German Tor Directory Authority servers as being under surveillance by the NSA. The code also cites a number of specific IP addresses of the Tor Directory Authority.
“Months of investigation by the German public television broadcasters NDR and WDR (ARD), drawing on exclusive access to top secret NSA source code, interviews with former NSA employees, and the review of secret documents of the German government reveal that not only is the server in Nuremberg under observation by the NSA, but so is virtually anyone who has taken an interest in several well-known privacy software systems,” said the ARD report.
Countries like Canada, the UK, New Zealand, Australia, and the US, also known as the “Five Eyes”, however, are exempt from surveillance. The Five Eyes are an “intelligence alliance comprising Australia, Canada, New Zealand, the United Kingdom and the United States. These countries are bound by the multilateral UKUSA Agreement, a treaty for joint cooperation in signals intelligence.”
The program marks and tracks the IP addresses of those who search for a set of defined keywords. Said keywords include:
It also refers to the Tails Linux distribution as “a ComSec mechanism advocated by extremists on extremist forums”.
Aside from the Linux Journal, other monitored websites include privacy.li, FreeProxies.org, HotSpotShield, MegaProxy, FreeNet, Centurian, and an anonymous email service called MixMinion.
While there is no word about how the source code was obtained, security experts aren’t sure whether it was leaked by Snowden. “I don’t believe the TAO catalog came from the Snowden documents. I think there’s a second leaker out there”, said security specialist Bruce Schneier.
Meanwhile, reacting to the new revelations, the NSA released an official statement saying, “In carrying out its mission, NSA collects only what it is authorized by law to collect for valid foreign intelligence purposes”. The statement also said that tools like XKeyscore “have stringent oversight and compliance mechanisms built in at several levels”.