Documents obtained by former NSA contractor Edward Snowden show that NSA analysts monitored content on The Pirate Bay and used the agency’s surveillance systems to track where it came from. The documents also show that the NSA’s British partners at the GCHQ used XKeyscore data as part of a surveillance program on sites that included WikiLeaks. That was part of a broader psychological profiling and targeting program to collect intelligence, influence individuals online, and disrupt groups like Anonymous that were considered threats. The new documents show that the GCHQ conducted “broad real-time monitoring of social media activities, processing data on activities like watching YouTube videos and Facebook Likes to profile, categorize, and target individuals for psychological operations.” The NSA documents in the latest disclosure refer to monitoring for content that could be considered “malicious foreign activity.” But it’s clear that the NSA also used its XKeyscore surveillance to dig through traffic to the torrent-sharing site, and it could very well have profiled foreign users of sites like WikiLeaks and monitored their access to that and other websites.
However, the documents—one an internal NSA “frequently asked questions” Wiki page and the other a set of GCHQ slides on psychological operations—do not provide a picture of how much information about people accessing WikiLeaks was shared between the GCHQ and the NSA. And while the documents point to NSA monitoring of Pirate Bay, there’s no suggestion of how the information gathered was used or if it was used at all. A third, unpublished document shows that the Obama administration apparently encouraged foreign governments in 2010 (including the UK) to pursue charges against WikiLeaks for the publication of diplomatic “wires” provided by Chelsea Manning, formerly known as Bradley Manning.
The GCHQ slide deck, published in 2012, highlights two tools used to conduct social networking, Web monitoring, and profiling. The first, called “Squeaky Dolphin,” pulls online activities within Web traffic caught by the agency’s monitoring systems. The monitoring systems are called “Airwolf” in the slides, which may be a UK codeword for the GCHQ’s equivalent of XKeyscore. That data includes webmail, blogs visited, YouTube views, Facebook “likes” clicked on websites themselves, and other data culled from individual users’ captured activity.
It runs those activities, captured in real-time, through IBM’s InfoSphere Streams processing software to create analytical feeds. Those feeds are then piped into a Splunk database and surfaced through a “dashboard” view that allows analysts to find trends in sentiment. As an example, the slides showed activity related to cricket matches in London and the surge in Facebook likes for Conservative member of Parliament Liam Fox. It can also be used to spot trends in traffic that might indicate upcoming events such as protests or other civil unrest.
While Squeaky Dolphin tends to look at things with a wider view, “AnticrisisGirl” is a bit more targeted. It can be used to passively monitor specific websites—including traffic to WikiLeaks, as the slides demonstrate. The tool can be tuned to a specific set of Internet user signatures or keywords, and it provides analytics of their behavior in real time, capturing search terms or direct Web addresses used to get to the sites in question.
SOURCE – arstechnica.com