Van nieuwsblog.burojansen.nl

FRONTLINE investigates American-born terrorist David Coleman Headley, who helped plan the deadly 2008 siege on Mumbai. In collaboration with ProPublica, the film — an updated and expanded version of A Perfect Terrorist — reveals how secret electronic surveillance missed catching the Mumbai plotters, and how Headley planned another Charlie Hebdo-like assault against a Danish newspaper.

APRIL 21, 2015 // 01:23:48
REUTERS/Arko Datta
Find this story at 21 April 2015

Copyright http://www.pbs.org/

Van nieuwsblog.burojansen.nl

In 2008 Mumbai Attacks, Piles of Spy Data, but an Uncompleted Puzzle

In the fall of 2008, a 30-year-old computer expert named Zarrar Shah roamed from outposts in the northern mountains of Pakistan to safe houses near the Arabian Sea, plotting mayhem in Mumbai, India’s commercial gem.

Mr. Shah, the technology chief of Lashkar-e-Taiba, the Pakistani terror group, and fellow conspirators used Google Earth to show militants the routes to their targets in the city. He set up an Internet phone system to disguise his location by routing his calls through New Jersey. Shortly before an assault that would kill 166 people, including six Americans, Mr. Shah searched online for a Jewish hostel and two luxury hotels, all sites of the eventual carnage.

But he did not know that by September, the British were spying on many of his online activities, tracking his Internet searches and messages, according to former American and Indian officials and classified documents disclosed by Edward J. Snowden, the former National Security Agency contractor.

They were not the only spies watching. Mr. Shah drew similar scrutiny from an Indian intelligence agency, according to a former official who was briefed on the operation. The United States was unaware of the two agencies’ efforts, American officials say, but had picked up signs of a plot through other electronic and human sources, and warned Indian security officials several times in the months before the attack.

What happened next may rank among the most devastating near-misses in the history of spycraft. The intelligence agencies of the three nations did not pull together all the strands gathered by their high-tech surveillance and other tools, which might have allowed them to disrupt a terror strike so scarring that it is often called India’s 9/11.

“No one put together the whole picture,” said Shivshankar Menon, who was India’s foreign minister at the time of the attacks and later became the national security adviser. “Not the Americans, not the Brits, not the Indians.”

Mr. Menon, now retired, recalled that “only once the shooting started did everyone share” what they had, largely in meetings between British and Indian officials, and then “the picture instantly came into focus.”

The British had access to a trove of data from Mr. Shah’s communications, but contend that the information was not specific enough to detect the threat. The Indians did not home in on the plot even with the alerts from the United States.

Clues slipped by the Americans as well. David Coleman Headley, a Pakistani-American who scouted targets in Mumbai, exchanged incriminating emails with plotters that went unnoticed until shortly before his arrest in Chicago in late 2009. United States counterterrorism agencies did not pursue reports from his unhappy wife, who told American officials long before the killings began that he was a Pakistani terrorist conducting mysterious missions in Mumbai.

That hidden history of the Mumbai attacks reveals the vulnerability as well as the strengths of computer surveillance and intercepts as a counterterrorism weapon, an investigation by The New York Times, ProPublica and FRONTLINE has found.

Although electronic eavesdropping often yields valuable data, even tantalizing clues can be missed if the technology is not closely monitored, the intelligence gleaned from it is not linked with other information, or analysis does not sift incriminating activity from the ocean of digital data.

This account has been pieced together from classified documents, court files and dozens of interviews with current and former Indian, British and American officials. While telephone intercepts of the assault team’s phone calls and other intelligence work during the three-day siege have been reported, the extensive espionage that took place before the attacks has not previously been disclosed. Some details of the operations were withheld at the request of the intelligence agencies, citing national security concerns.

“We didn’t see it coming,” a former senior United States intelligence official said. “We were focused on many other things — Al Qaeda, the Taliban, Pakistan’s nuclear weapons, the Iranians. It’s not that things were missed — they were never put together.”

After the assault began, the countries quickly disclosed their intelligence to one another. They monitored a Lashkar control room in Pakistan where the terror chiefs directed their men, hunkered down in the Taj and Oberoi hotels and the Jewish hostel, according to current and former American, British and Indian officials.

That cooperation among the spy agencies helped analysts retrospectively piece together “a complete operations plan for the attacks,” a top-secret N.S.A. document said.

The Indian government did not respond to several requests for official comment, but a former Indian intelligence official acknowledged that Indian spies had tracked Mr. Shah’s laptop communications. It is unclear what data the Indians gleaned from their monitoring.

Asked if Government Communications Headquarters, or GCHQ, Britain’s eavesdropping agency, should have had strong suspicions of a looming attack, a government official responded in a statement: “We do not comment on intelligence matters. But if we had had critical information about an imminent act of terrorism in a situation like this we would have shared it with the Indian government. So the central allegation of this story is completely untrue.”

The attacks still resonate in India, and are a continuing source of tension with Pakistan. Last week, a Pakistani court granted bail to a militant commander, Zaki-ur-Rehman Lakhvi, accused of being an orchestrator of the attacks. He has not been freed, pending an appeal. India protested his release, arguing it was part of a Pakistani effort to avoid prosecution of terror suspects.

The story of the Mumbai killings has urgent implications for the West’s duel with the Islamic State and other groups. Like Lashkar, the Islamic State’s stealthy communications and slick propaganda make it one of the world’s most technologically sophisticated terror organizations. Al Qaeda, which recently announced the creation of an affiliate in India, uses similar tools.

Although the United States computer arsenal plays a vital role against targets ranging from North Korea’s suspected assault on Sony to Russian cyberthieves and Chinese military hacking units, counterterrorism requires a complex mix of human and technical resources. Some former counterterrorism officials warn against promoting billion-dollar surveillance programs with the narrow argument that they stop attacks.

That monitoring collects valuable information, but large amounts of it are “never meaningfully reviewed or analyzed,” said Charles (Sam) Faddis, a retired C.I.A. counterterrorism chief. “I cannot remember a single instance in my career when we ever stopped a plot based purely on signals intelligence.”

The targeting of Mr. Shah’s communications also failed to detect Mr. Headley’s role in the Mumbai attacks, and National Security Agency officials did not see for months that he was pursuing a new attack in Denmark.

“There are small successes in all of this that don’t make up for all the deaths,” said Tricia Bacon, a former State Department intelligence analyst, referring to intelligence and broader efforts to counter Lashkar. “It’s a massive failure and some small successes.”

Lashkar’s Computer Chief
Zarrar Shah was a digitally savvy operative, a man with a bushy beard, a pronounced limp, strong ties to Pakistani intelligence and an intense hatred for India, according to Western and Indian officials and court files. The spy agencies of Britain, the United States and India considered him the technology and communications chief for Lashkar, a group dedicated to attacking India. His fascination with jihad established him as something of a pioneer for a generation of Islamic extremists who use the Internet as a weapon.

According to Indian court records and interviews with intelligence officials, Mr. Shah was in his late 20s when he became the “emir,” or chief, of the Lashkar media unit. Because of his role, Mr. Shah, together with another young Lashkar chief named Sajid Mir, became an intelligence target for the British, Indians and Americans.

Lashkar-e-Taiba, which translates as “the Army of the Pure,” grew rapidly in the 1990s thanks to a powerful patron: the Inter-Services Intelligence Directorate (ISI), the Pakistani spy agency that the C.I.A. has worked with uneasily for years. Lashkar conducted a proxy war for Pakistan in return for arms, funds, intelligence, and training in combat tactics and communications technology. Initially, Lashkar’s focus was India and Kashmir, the mountainous region claimed by both India and Pakistan.

But Lashkar became increasingly interested in the West. A Qaeda figure involved in the Sept. 11, 2001, attacks on the World Trade Center was arrested in a Lashkar safe house in 2002. Investigators dismantled a Lashkar network as it plotted a bombing in Australia in 2003 while recruiting, buying equipment and raising funds in North America and Europe. In 2007, a French court convicted in absentia the ringleader, Mr. Mir. He remained at large in Pakistan under ISI protection, investigators say.

Lashkar’s alliance with the ISI came under strain as some of the militants pushed for a Qaeda-style war on the West. As a result, some ISI officers and terror chiefs decided that a spectacular strike was needed to restore Lashkar’s cohesion and burnish its image, according to interviews and court files. The plan called for a commando-style assault in India that could also hit Americans, Britons and Jews there.

The target was the centerpiece of Indian prosperity: Mumbai.

Hatching a Plot
Lashkar’s chiefs developed a plot that would dwarf previous operations.

The lead conspirators were alleged to be Mr. Mir and Mr. Lakhvi, according to interviews and Indian court files, with Mr. Shah acting as a technical wingman, running the communications and setting up the hardware.

In early 2008, Indian and Western counterterrorism agencies began to pick up chatter about a potential attack on Mumbai. Indian spy agencies and police forces gathered periodic leads from their own sources about a Lashkar threat to the city. Starting in the spring, C.I.A. warnings singled out the iconic Taj Mahal Palace Hotel and other sites frequented by Westerners, according to American and Indian officials. Those warnings came from electronic and human sources, not from tracking Mr. Shah, other officials said.

“The U.S. intelligence community — on multiple occasions between June and November 2008 — warned the Indian government about Lashkar threats in Mumbai,” said Brian Hale, a spokesman for the director of the Office of National Intelligence. “The information identified several potential targets in the city, but we did not have specific information about the timing or the method of attack.”

United States spy agencies also alerted their British counterparts, according to a senior American intelligence official. It is unclear if the warnings led to the targeting of Mr. Shah’s communications, but by the fall of 2008, the British had found a way to monitor Lashkar’s digital networks.

So had the Indians. But until the attacks, one Indian official said, there was no communication between the two countries on the matter.

Western spy agencies routinely share significant or “actionable” intelligence involving threats with allies, but sometimes do not pass on less important information. Even friendly agencies are typically reluctant to disclose their sources of intelligence. Britain and India, while cooperative, were not nearly as close as the United States and Britain. And India is not included in the tightest intelligence-sharing circles of international, eavesdropping agencies that the two countries anchor.

Intelligence officials say that terror plots are often discernible only in hindsight, when a pattern suddenly emerges from what had been just bits of information. Whatever the reason, no one fully grasped the developing Mumbai conspiracy. “They either weren’t looking or didn’t understand what it all meant,” said one former American official who had access to the intelligence and would speak only on the condition of anonymity. “There was a lot more noise than signal. There usually is.”

Leaving a Trail
Not long after the British gained access to his communications, Mr. Shah contacted a New Jersey company posing online as an Indian reseller of telephone services named Kharak Singh, purporting to be based in Mumbai. His Indian persona started haggling over the price of a voice-over-Internet phone service — also known as VoIP — that had been chosen because it would make calls between Pakistan and the terrorists in Mumbai appear as if they were originating in Austria and New Jersey.

“its not first time in my life i am perchasing in this VOIP business,” Mr. Shah wrote in shaky English, to an official with the New Jersey-based company when he thought the asking price was too high, the GCHQ documents show. “i am using these services from 2 years.”

Mr. Shah had begun researching the VoIP systems, online security, and ways to hide his communications as early as mid-September, according to the documents. As he made his plan, he searched on his laptop for weak communication security in Europe, spent time on a site designed to conceal browsing history, and searched Google News for “indian american naval exercises” — presumably so the seagoing attackers would not blunder into an overwhelming force.

Ajmal Kasab, the only terrorist who would survive the Mumbai attacks, watched Mr. Shah display some of his technical prowess. In mid-September, Mr. Shah and fellow plotters used Google Earth and other material to show Mr. Kasab and nine other young Pakistani terrorists their targets in Mumbai, according to court testimony.

The session, which took place in a huge “media room” in a remote camp on the border with Kashmir, was part of an effort to chart the terrorists’ route across the Arabian Sea, to a water landing on the edge of Mumbai, then through the chaotic streets. Videos, maps and reconnaissance reports had been supplied to Mr. Mir by Mr. Headley, the Pakistani-American who scouted targets.

“The gunmen were shown all this data from the reconnaissance,” said Deven Bharti, a top Mumbai police official who investigated the attacks, adding that the terrorists were trained to use Google Earth and global positioning equipment on their own. “Kasab was trained to locate everything in Mumbai before he went.”

If Mr. Shah made any attempt to hide his malevolent intentions, he did not have much success at it. Although his frenetic computer activity was often sprawling, he repeatedly displayed some key interests: small-scale warfare, secret communications, tourist and military locations in India, extremist ideology and Mumbai.

He searched for Sun Tzu’s “Art of War,” previous terror strikes in India and weather forecasts in the Arabian Sea, typed “4 star hotel in delhi” and “taj hotel,” and visited mapsofindia.com to pore over sites in and around Mumbai, the documents show.

Still, the sheer scale of his ambition might have served as a smokescreen for his focus on the city. For example, he also showed interest in Kashmir, the Indian Punjab, New Delhi, Afghanistan and the United States Army in Germany and Canada.

He constantly flipped back and forth among Internet porn and entertainment sites while he was carrying out his work. He appeared to be fascinated with the actor Robert De Niro, called up at least one article on the singer Taylor Swift, and looked at funny cat videos. He visited unexplainable.net, a conspiracy theory website, and conducted a search on “barak obama family + muslim.”

In late September and again in October, Lashkar botched attempts to send the attackers to Mumbai by sea. During that period, at least two of the C.I.A. warnings were delivered, according to American and Indian officials. An alert in mid-September mentioned the Taj hotel among a half-dozen potential targets, causing the facility to temporarily beef up security. Another on Nov. 18 reported the location of a Pakistani vessel linked to a Lashkar threat against the southern coastal area of Mumbai, where the attack would occur.

Eventually Mr. Shah did set up the VoIP service through the New Jersey company, ensuring that many of his calls to the terrorists would bear the area code 201, concealing their actual origin. But in November, the company’s owner wrote to the fictitious Indian reseller, Mr. Singh, complaining that no voice traffic was running on the digital telephone network. Mr. Shah’s reply was ominous, according to Indian law enforcement officials, who obtained evidence from the company’s communications records with F.B.I. assistance after the attack.

“Dear Sir,” Mr. Shah replied, “i will send trafic by the end of this month.”

By Nov. 24, Mr. Shah had moved to the Karachi suburbs, where he set up an electronic “control room” with the help of an Indian militant named Abu Jundal, according to his later confession to the Indian authorities. It was from this room that Mr. Mir, Mr. Shah and others would issue minute-by-minute instructions to the assault team once the attacks began. On Nov. 25, Abu Jundal tested the VoIP software on four laptops spread out on four small tables facing a pair of televisions as the plotters, including Mr. Mir, Mr. Shah and Mr. Lakhvi, waited for the killings to begin.

In a plan to pin the blame on Indians, Mr. Shah typed a statement of responsibility for the attack from the Hyderabad Deccan Mujahadeen — a fake Indian organization. Early on Nov. 26, Mr. Shah showed more of his hand: he emailed a draft of the phony claim to an underling with orders to send it to the news media later, according to American and Indian counterterrorism officials.

Before the attacks started that evening, the documents show, Mr. Shah pulled up Google images of the Oberoi Hotel and conducted Wikimapia searches for the Taj and the Chabad House, the Jewish hostel run by an American rabbi from Brooklyn who would die in the strike along with his pregnant wife. Mr. Shah opened the hostel’s website. He began Googling news coverage of Mumbai just before the attacks began.

An intercept shows what Mr. Shah was reading, on the news website NDTV, as the killings proceeded.

“Mumbai, the city which never sleeps, was brought to its knees on Wednesday night as it came under an unprecedented multiple terror attack,” the article said. “Even as heavily armed police stormed into Taj Hotel, just opposite the Gateway of India where suspected terrorists were still holed up, blood-soaked guests could be seen carried out into the waiting ambulances.”

A Trove of Data
In the United States, Nov. 26 was the Wednesday before Thanksgiving.

A long presidential election fight was over, and many officials in Washington had already drifted away for their long weekend. Anish Goel, director for South Asia at the National Security Council in the White House, left around 6 a.m. for the eight-hour drive to his parents’ house in Ohio. By the time he arrived, his BlackBerry was filled with emails about the attacks.

The Pakistani terrorists had come ashore in an inflatable speedboat in a fishermen’s slum in south Mumbai about 9 p.m. local time. They fanned out in pairs and struck five targets with bombs and AK-47s: the Taj, the Oberoi Hotel, the Leopold Cafe, Chabad House, and the city’s largest train station.

The killing was indiscriminate, merciless, and seemingly unstoppable over three horrific days. In raw, contemporaneous notes by analysts, the eavesdroppers seem to be making a hasty effort to understand the clues from the days and weeks before.

“Analysis of Zarrar Shah’s viewing habits” and other data “yielded several locations in Mumbai well before the attacks occurred and showed operations planning for initial entry points into the Taj Hotel,” the N.S.A. document said.

That viewing history also revealed a longer list of what might have been future targets. M.K. Narayanan, India’s national security adviser at the time, appeared to be concerned with that data from Mr. Shah in discussions with American officials shortly after the attacks, according to the WikiLeaks archive of American diplomatic cables.

A top secret GCHQ document described the capture of information on targets that Mr. Shah had identified using Google Earth.

The analysts seemed impressed by the intelligence haul — “unprecedented real-time active access in place!” — one GCHQ document noted. Another agency document said the work to piece the data together was “briefed at highest levels nationally and internationally, including the US National Security Adviser.”

As early reports of many casualties came in, Mr. Goel said the focus in Washington shifted to a question already preoccupying the White House: “Is this going to lead to a war between Pakistan and India?” American officials who conducted periodic simulations of how a nuclear conflict could be triggered often began with a terror attack like this one.

On Nov. 30, Mr. Goel was back at his office, reading a stack of intelligence reports that had accumulated on his desk and reviewing classified electronic messages on a secure terminal.

Amid the crisis, Mr. Goel, now a senior South Asia Fellow at the New America Foundation, paid little attention to the sources of the intelligence and said that he still knew little about specific operations. But two things stood out, he said: The main conspirators in Pakistan had already been identified. And the quality and rapid pacing of the intelligence reports made it clear that electronic espionage was primarily responsible for the information.

“During the attacks, it was extraordinarily helpful,” Mr. Goel said of the surveillance.

But until then, the United States did not know of the British and Indian spying on Mr. Shah’s communications. “While I cannot comment on the authenticity of any alleged classified documents, N.S.A. had no knowledge of any access to a lead plotter’s computer before the attacks in Mumbai in November 2008,” said Mr. Hale, the spokesman for the Office of the director of National Intelligence.

As N.S.A. and GCHQ analysts worked around the clock after the attacks, the flow of intelligence enabled Washington, London and New Delhi to exert pressure on Pakistan to round up suspects and crack down on Lashkar, despite its alliance with the ISI, according to officials involved.

In the stacks of intelligence reports, one name did not appear, Mr. Goel clearly recalls: David Coleman Headley. None of the intelligence streams from the United States, Britain or India had yet identified him as a conspirator.

The Missing American
Mr. Headley’s many-sided life — three wives, drug-smuggling convictions and a past as an informant for the United States Drug Enforcement Administration — would eventually collapse. But for now, he was a free man, watching the slaughter on television in Lahore, Pakistan, according to his later court testimony. At the time, he was with Faiza Outalha, his Moroccan wife, having reconciled with her after moving his Pakistani wife and four children to Chicago.

Mr. Headley’s unguarded emails reflected euphoria about Lashkar’s success. An exchange with his wife in Chicago continued a long string of incriminating electronic communications by Mr. Headley written in a transparent code, according to investigators and case files.

“I watched the movie the whole day,” she wrote, congratulating him on his “graduation.”

About a week later, Mr. Headley hinted at his inside information in an email to fellow alumni of a Pakistani military school. Writing about the young terrorists who carried out the mayhem in Mumbai, he said: “Yes they were only 10 kids, guaranteed. I hear 2 were married with a daughter each under 3 years old.” His subsequent emails contained several dozen news media photos of the Mumbai siege.

Almost immediately, Mr. Headley began pursuing a new plot with Lashkar against a Danish newspaper that had published cartoons of the Prophet Muhammad. He went to Denmark in January and cased the newspaper, meeting and exchanging emails with its advertising staff, according to his later testimony and court records. He sent messages to his fellow conspirators and emailed himself a reconnaissance checklist of sorts, with terms like “Counter-Surveillance,” “Security (Armed?)” and “King’s Square” — the site of the newspaper.

Those emails capped a series of missed signals involving Mr. Headley. The F.B.I. conducted at least four inquiries into allegations about his extremist activity between 2001 and 2008. Ms. Outalha had visited the United States Embassy in Islamabad three times between December 2007 and April 2008, according to interviews and court documents, claiming that he was a terrorist carrying out missions in India.

Mr. Headley also exchanged highly suspicious emails with his Lashkar and ISI handlers before and after the Mumbai attacks, according to court records and American counterterrorism officials. The N.S.A. collected some of his emails, but did not realize he was involved in terrorist plotting until he became the target of an F.B.I. investigation, officials said.

That inquiry began in July 2009 when a British tip landed on the desk of a rookie F.B.I. counterterrorism agent in Chicago. Someone named “David” at a Chicago pay phone had called two suspects under surveillance in Britain, planning to visit.

He had contacted the Britons for help with the plot, according to testimony. Customs and Border Protection used his flight itinerary to identify him while en route, and after further investigation, the F.B.I. arrested him at Chicago O’Hare Airport that October, as he was preparing to fly to Pakistan. For his role in the Mumbai attacks, he pleaded guilty to 12 counts and was sentenced to 35 years in prison.

After disclosures last year of widespread N.S.A. surveillance, American officials claimed that bulk collection of electronic communications led to Mr. Headley’s eventual arrest. But a government oversight panel rejected claims giving credit to the N.S.A.’s program to collect Americans’ domestic phone call records. Case files and interviews with law enforcement officials show that the N.S.A. played only a support role in the F.B.I. investigation that finally identified Mr. Headley as a terrorist and disrupted the Danish plot.

The sole surviving attacker of the Mumbai attack, Mr. Kasab, was executed in India after a trial. Although Pakistan denies any role in the attacks, it has failed to charge an ISI officer and Mr. Mir, who were indicted by American prosecutors. Though Mr. Shah and other Lashkar chiefs had been arrested, their trial remains stalled six years after the attack.

Mr. Menon, the former Indian foreign minister, said that a lesson that emerged from the tragedy in Mumbai was that “computer traffic only tells you so much. It’s only a thin slice.” The key is the analysis, he said, and “we didn’t have it.”

James Glanz, of The New York Times, reported from India, New York and Washington; Sebastian Rotella, of ProPublica, reported from Chicago, India, New York and Washington; and David E. Sanger, of The New York Times, reported from Washington. Andrew W. Lehren, of The New York Times, contributed reporting from New York, and Declan Walsh, of The New York Times, from London. Jeff Larson, of ProPublica, and Tom Jennings and Anna Belle Peevey, of FRONTLINE, contributed reporting from New York.

Related Film: A Perfect Terrorist
FRONTLINE and ProPublica teamed up in 2011 to investigate the mysterious circumstances behind David Coleman Headley’s rise from heroin dealer and U.S. government informant to master plotter of the 2008 attack on Mumbai. Also explore our interactive look at Headley’s web of betrayal.

DECEMBER 21, 2014 / by JAMES GLANZ • SEBASTIAN ROTELLA • DAVID E. SANGER The New York Times

Find this story at 21 December 2014
Copyright http://www.pbs.org/

Van nieuwsblog.burojansen.nl

Five years on, this is what we now know. A valued CIA proxy, who infiltrated the Lashkar-e-Toiba (LeT), a banned Pakistani Islamist outfit, planned the Mumbai attacks in which 166 people were killed, and more than 300 injured. David Headley, an American citizen, conceived, scoped and ran supplies for the terrorist ‘swarm’ operation, so called because several independent units simultaneously hit their enemy in multiple locations, coming out of nowhere, multiplying fear and panic.
Headley selected Mumbai, India’s commercial capital, as the theatre of operations while acting as a ‘prized counter-terrorism asset’ for the United States, according to senior officers in the Joint Terrorism Task Force, who described his covert career as running for eleven years. When the LeT’s ten-man suicide squad sailed from a creek in Pakistan’s southern port city of Karachi, at dawn on 22 November 2008, they navigated towards a landing spot in Mumbai, marked on a GPS provided by the Washington DCborn maverick. Reaching the world’s fourth largest metropolis four nights later, LeT’s team fanned out, following routes plotted by Headley over an intense two-year period of surveillance . Shortly before 10pm, the gunmen shot dead tourists at the Leopold Cafe, massacred more than 60 Indian commuters at the Chhatrapati Shivaji Terminus (CST) railway station, and then laid siege to a Jewish centre and two five-star hotels, including the luxurious Taj Mahal Palace, Mumbai’s most famous landmark. Ten men would keep the mega-city burning for more than three days.
This month sees the fifth anniversary of the Mumbai attacks, and the most complete survey to date of former and serving intelligence agents, diplomats, police, and survivors from 12 countries, reveals that the CIA repeatedly tipped off their counterparts in India to an imminent attack, using intelligence derived from their prize asset Headley. What they did not reveal was that their source, a public school educated Pakistani-American dilettante and entrepreneur, was allowed to remain in place even as the attack was realized. His continuing proximity to the terrorist outfit would eventually lead to a showdown between Washington and New Delhi.
Researching ‘The Siege’, we learned that Indian intelligence agents accused their US counterparts of protecting Headley and leaving him in the field, despite the imminent threat to Mumbai. Irate Indian officials claimed that Headley’s Mumbai plot was allowed to run on by his US controllers, as to spool it in would have jeopardized his involvement in another critical US operation . Having infiltrated the LeT, Headley also won access to al-Qaida, making him the only US citizen in the field who might be able to reach Osama bin Laden. Three years before America’s most wanted terrorist was finally run to ground in Abbottabad, this was an opportunity that some in the US intelligence community were not willing to give up.
Phone and email intercepts seen by us confirm how Headley had become trusted by Ilyas Kashmiri, a former LeT commander and senior al-Qaida operative, who led an al-Qaida military affiliate, known as Brigade 313. Based in the Federally Administered Tribal Areas (FATA) of Pakistan, Ilyas Kashmiri was, at one point, considered as a potential successor to Osama bin Laden until his death in June 2011.
In 2009, several months after the Mumbai atrocity, agents from the Research and Analysis Wing (R&AW), India’s foreign intelligence agency, confronted the CIA with these claims, according to accounts seen by us. India is said to have accused the US of pursuing ‘a narrow self-interest’ and having some responsibility in the deaths in Mumbai.
However, the CIA stood firm, one senior agent claiming that ‘Indian incompetence’ was to blame for the attack. In 2006, the US had warned India that the LeT was forming a suicide squad to attack India from the sea. More than 25 increasingly detailed bulletins followed that named Mumbai as the prime objective, and identified several targets, including the Taj hotel. Additional bulletins suggested that a team of highly trained gunmen using AK47s and RDX, military-grade explosives, would seek to prolong the attack by taking hostages and establishing a stronghold, before a final shoot-out that they hoped would be broadcast live around the world on TV.
Some of these bulletins were eventually distilled into notices that reached the police patrolling Mumbai . However, the assessments were ‘ignored or downplayed’ until July 2008 when a senior police officer, a Deputy Commissioner of Police (DCP) with responsibility for security in the district of South Mumbai where the Taj was located, took action . On 12 August 2008, DCP Vishwas Nangre Patil spent nine hours with the Taj’s security staff, writing a report to his seniors that concluded: ‘Overall, the [Taj] management has done very little to adapt the hotel to the changing security environment in the city.’ When a truck bomb devastated the Marriott Hotel in Islamabad, Pakistan, on 20 September 2008, Patil drew up an urgent list of enhanced security measures for the Taj, including snipers on the roof, blast barriers on the driveway and armed guards on all doors. Although security was tightened as a result, most of these measures were withdrawn again after DCP Patil went on leave in the second week of October 2008.
David Headley was a bizarre mix of Eastern and Western cultures and made for a near-perfect mole. His mother was Serrill Headley, a socialite and adventuress from Maryland, whose great-aunt had funded women’s rights and Albert Einstein’s research . His father was Syed Gilani, a renowned radio broadcaster and diplomat from Lahore, who had been seconded to Voice of America. When Headley was born in Washington DC in 1960, he was initially named Daood Saleem Gilani. Within a year, the family had relocated to Pakistan, where Gilani was brought up as a Muslim and schooled at an exclusive military academy. After his parents divorced and Serrill returned to the US to open a bar in Philadelphia, named, suitably, the Khyber Pass, Gilani, aged 17, rejoined her. He lived with her in a flat above the Khyber Pass — and soon immersed himself in the American way of life. Later he moved to the Upper West Side in New York, where he opened a video rental shop, Fliks.
By 1984, Gilani was a six-foot-two American boy, with a fair complexion, broad shoulders and an impressive mop of curly blond hair. Only his distinctively mismatched eyes — one blue one brown —hinted at his mixed heritage and muddled ancestry. Dressed in crumpled Armani jeans, a leather jacket slung over his shoulder, and a £10,000 Rolex Submariner poking out of his cuff, he was already looking for more lucrative opportunities than video rental. That year, he used his dual identities to smuggle half a kilogram of heroin from Pakistan’s tribal areas to New York, selling it through the video store. When German customs officers caught him four years later at Frankfurt airport en-route to Philadelphia, with two kilograms of heroin, Gilani informed on his co-conspirators to the Drug Enforcement Administration (DEA). While, his accomplices were jailed for between eight and ten years, he became a paid DEA informer, infiltrating Pakistan’s drug syndicates . Some US agents warned that Gilani was too volatile to be trusted, and in 1997, he was arrested again in New York for trafficking. He offered another deal, suggesting he infiltrate Islamist radicals who were starting to worry the CIA and FBI.
A letter put before the court reveals prosecutors conceded that while Gilani might have supplied up to fifteen kilograms of heroin worth £947,000, he had also been ‘reliable and forthcoming’ with the agency about ‘a range of issues’ . Sentenced to fifteen months in the low-security Fort Dix prison, New Jersey, while his co-conspirator received four years in a high-security jail, he was freed after only nine months. In August 1999, one year after hundreds had been killed in simultaneous Al-Qaeda bomb attacks on American embassies in Africa, he returned to Pakistan, his ticket paid for by the US government.
By 2006, Daood had joined the inner circle of Lashkar-e-Toiba, which had been proscribed by the UN five years earlier. Coming up with the plan to attack Mumbai and launch LeT onto the international stage, he changed his name to David Headley and applied for a new US passport. He would use it to travel incognito to India on seven surveillance trips, selecting targets in Mumbai which he photographed using a camera he borrowed from his mother-in-law .
Headley was chaotic and his Mumbai plan was almost undermined by his private life. By 2008, he was married to three women, none of who knew of the others’ existence, two living apart in Pakistan and one in New York. The wife in the US, however, grew suspicious after he championed the 9/11 attackers, reporting him to the authorities. Shortly before the Mumbai operation, his cousin Alex Headley, a soldier in the US Army also considered reporting him after Headley announced that he was naming his newborn son Osama and described him as ‘my little terrorist’ . His Pakistani half-brother Danyal Gilani, who worked as a press officer for the Pakistani Prime Minister Yousaf Raza Gilani, disowned him.
Latest Comment

Alan, you make me laugh. U.S.A is headed right down the toilet, and you know it! India knows quite well how to deal with… Read More
You iz in da toilet
SEE ALL COMMENTSADD COMMENT
Eventually, Headley’s mother informed on him to the FBI. Her son was only ever interested in himself, she warned, arguing that his selfishness was born out of his lack of a sense of self. None of the complainants heard anything back, with Serrill Headley, who died ten months before Mumbai, confiding in a friend that her son ‘must have worked for the US government’ .
Five years on, with American officials continuing to remain silent over Headley (and the conflict of interest that enabled him to run amok in the field), and with New Delhi still prevented from accessing him, the full truth about Washington’s culpability in 26/11 remains muddied. In India, where no postmortem of any depth has been carried out into Mumbai, the scale of the intelligence failings — the inability of IB and RAW to develop the leads passed them by the CIA and others — will also never be fully exposed.

Adrian Levy & Cathy Scott Clark | Nov 24, 2013, 05.15 AM IST

Find this story at 24 November 2013

Copyright http://timesofindia.indiatimes.com/

Van nieuwsblog.burojansen.nl

It has been called the most spectacular terror attack since 9/11. On the night of Nov. 26, 2008, 10 men armed with guns and grenades launched an assault on Mumbai with a military precision that left 166 dead. India quickly learned the attackers belonged to Lashkar-e-Taiba, a Pakistani militant group associated with Pakistan’s secretive intelligence agency, the ISI. But what wasn’t known then was that a Lashkar/ISI operative had been casing the city for two years, developing a blueprint for terror. His name was David Coleman Headley, and he’d been chosen for the job because he had the perfect cover: he was an American citizen. FRONTLINE and ProPublica reporter Sebastian Rotella team up to investigate the mysterious circumstances behind Headley’s rise from heroin dealer and U.S. government informant to master plotter of the 2008 attack on Mumbai.

NOVEMBER 22, 2011 // 53:40

Find this story at 22 November 2011
Copyright http://www.pbs.org/

Van nieuwsblog.burojansen.nl

FRONTLINE investigates American-born terrorist David Coleman Headley, who helped plan the deadly 2008 siege on Mumbai. In collaboration with ProPublica, the film — an updated and expanded version of A Perfect Terrorist — reveals how secret electronic surveillance missed catching the Mumbai plotters, and how Headley planned another Charlie Hebdo-like assault against a Danish newspaper.

APRIL 21, 2015 // 01:23:48

Find this story at 21 April 2015

Copyright http://www.pbs.org/

Van nieuwsblog.burojansen.nl

US Department of State Spokesperson John Kirby refused to comment during Thursday’s daily press briefing on a German magazine’s claim that the US’s National Security Agency (NSA) had spied on Hakan Fidan, the chief of the Turkish National Intelligence Organization (MİT), in order to collect information on a high level security meeting about the possible Turkish intervention in Syria to protect a Turkish enclave there last year.
When asked about a report by the Germany-based Focus magazine asserting the NSA tapped Fidan’s phone and therefore collected the audio from the meeting, Kirby said: “We’re not going to comment publicly on every specific alleged intelligence or disclosure activity. I just — I would refer you to the National Security Agency for anything more.”
Kirby was also asked to comment on this week’s meeting in Ankara between Turkish officials and a US delegation led by US Special Presidential Envoy for the Global Coalition to Counter the Islamic State in Iraq and the Levant (ISIL) Gen. John Allen. In response to the question, Kirby said the US delegation and the Turks held a series of constructive meetings, in which the parties discussed their mutual efforts in the coalition against ISIL. He added, “I’m not going to detail all the various things that were discussed, but I think you can understand that — I mean, again, it was a pretty wide-ranging sets of discussions about all the different challenges we’re facing against ISIL.”
Kirby did not confirm or deny allegations that the Turkish government had agreed during the talks to allow its military air base in İncirlik, Adana, to be used by US drones to strike ISIL targets in Syria. “I’m in no position to confirm any kind of decision in that regard,” said the spokesman on the claim.
With regards to the differences between Turkey and the US on Kurdish fighters in northern Syria, Kirby stated that the US understands Turkish concerns, adding “It’s not something that we ignore. What our focus [is] on inside Syria is against ISIL. That’s the focus of the coalition effort. And I’d like to remind everybody that Turkey is a part of that coalition, not just a NATO ally but a part of that coalition, and they’re contributing to the effort.”
Kirby also pointed out Turkey’s “significant refugee problem” from Syria. Gen. Allen and US Department of Defense Under Secretary of Defense for Policy Christine Wormuth, along with a large delegation from the Pentagon, have been in Ankara this past week meeting with their Turkish counterparts, including Turkish Foreign Ministry Undersecretary Feridun Sinirlioğlu. The Turkish and US delegations had an eight-hour-long meeting on Tuesday and continued their discussions on Wednesday and Thursday.
The Turkish daily Cumhuriyet reported on Thursday that Ankara agreed to let US armed drones that are deployed at İncirlik Air Base be used against ISIL. Speaking to the A Haber TV channel in late June, Turkey’s Foreign Minister Mevlüt Çavuşoğlu talked about the presence of armed US drones at İncirlik, adding that the drones were being used for gathering intelligence and that it was natural that they were armed, given the threats in the region.
According to Cumhuriyet, Turkey and the US are close to a deal on using the base, but Ankara wants the US to support the Syrian opposition, especially around Aleppo, as a precondition to its assistance.

July 10, 2015, Friday/ 12:17:03/ TODAYSZAMAN.COM / ISTANBUL

Find this story at 10 July 2015

© Feza Gazetecilik A.Ş. 2007

Van nieuwsblog.burojansen.nl

JUST OUTSIDE THE MAIN DOWNTOWN part of Athens lies Kolonos, an old Athenian neighborhood near the archaeological park of Akadimia Platonos, where Plato used to teach. Along the maze of narrow streets, flower-filled balconies hang above open-air markets, and locals gather for hours at lazy sidewalk cafes, sipping demitasse cups of espresso and downing shots of Ouzo in quick gulps.

It was a neighborhood Costas Tsalikidis knew well. He lived at No. 18 Euclid Street, a loft apartment just down the hall from his parents. Slim and dark-haired, with a strong chin and a sly smile, he was born in Athens 38 years earlier to a middle-class family in the construction business. Talented in math and physics from an early age, he earned a degree in electrical engineering from the National Technical University of Athens, considered the most prestigious college in Greece, where he specialized in telecommunications, and later obtained his master’s in computer science in England. Putting his skills to good use, for the last 11 years he had worked for Vodafone-Panafon, also known as Vodafone Greece, the country’s largest cell phone company, and was promoted in 2001 to network-planning manager at the company’s headquarters in the trendy Halandri section of Athens.

On March 9, 2005, Costas’ brother, Panagiotis, dropped by the apartment. He thought he’d have a coffee before a business meeting scheduled for that morning. But as he entered the building, he found his mother, Georgia, running up and down the corridor yelling for help.

“Cut him down!” she was saying. “Cut him down!”

Panagiotis had no idea what she was talking about until he went inside his brother’s apartment and saw Costas hanging from a rope tied to pipes above the lintel of his bathroom door, an old wooden chair nearby. He and his mother cut the rope and laid Costas down on the bed.

Costas Tsalikidis Photo: Courtesy of the Tsalikidis familyThe day before his death, Costas’ boss at Vodafone had ordered that a newly discovered code — a powerful and sophisticated bug — be deactivated and removed from its systems. The wiretap, placed by persons unknown, targeted more than 100 top officials, including then Prime Minister Kostas Karamanlis and his wife, Natassa; the mayor of Athens; members of the Ministerial Cabinet; as well as journalists, capturing not only the country’s highest secrets, but also its most intimate conversations. The question was, who did it?
For a year, the eavesdropping case remained secret, but when the affair finally became public, it was regarded as Greece’s Watergate. One newspaper called it “a scandal of monumental proportions.” And at its center was the dark underside of the 2004 Summer Olympic Games in Athens. While the athletes were competing for medals as millions watched, far in the shadows spies had hacked into the country’s major telecom systems to listen and record.

A decade later, Costas’ death is caught up in an investigation into what now appears to have been a U.S. covert operation in Greece. Last February, Greek authorities took the extraordinary step of issuing an international arrest warrant for a CIA official the Greeks believe was a key figure in the operation while based in Athens. Unnoticed by the U.S. press, the warrant was a nearly unprecedented action by an allied country. The intelligence official, identified as William George Basil, was accused of espionage and eavesdropping. But by then he had already left the country, and the U.S. government, as it has done for the past 10 years, continues to stonewall Greek authorities on the agency’s involvement.

The Greek charges only touch the surface, however, and Basil may be less a key figure than simply a spy guilty of poor tradecraft. An investigation by The Intercept has uncovered not only the role of the CIA, but also that of the NSA, as well as how and why the operation was carried out. The investigation began while I was producing a documentary for PBS NOVA on cyberwarfare, scheduled to air on October 14, for which some of the interviews were conducted. In addition, I have had exclusive access to highly classified and previously unreported NSA documents released by Edward Snowden.

The Intercept, along with the Greek newspaper Kathimerini, interviewed over two dozen people familiar with the wiretapping case, ranging from U.S. intelligence officials and Greek government officials to those involved in the investigation and its aftermath. Many of those interviewed agreed to talk on condition that their names not be used, fearing criminal prosecution for speaking on intelligence matters or professional retribution. While some questions remain, the evidence points to a massive illegal eavesdropping program that may have led to Costas’ tragic death.

“COSTAS WAS ENGAGED,” his brother, Panagiotis, told me last year. “He was planning to get married.” Like Costas, who was three years younger, Panagiotis spoke fluent English, the product of frequent trips to the U.S., both on business and vacation.

After a dinner of lamb and hummus at a restaurant not far from the apartment where Costas died, Panagiotis spoke emotionally about his brother. “He had met the woman of his life and they were planning to get married really soon. And for that reason, they were looking to get a house and they had already started buying things that they could use in their new household. Costas was happy and optimistic and things had been working out really good for him.”

At the time, Panagiotis couldn’t understand what had happened; Costas was in good health and, at least until recently, seemed to love his job at Vodafone. “I thought there was no reason for him to commit suicide,” he said, although he acknowledged Costas had been under more pressure than usual. “In the last year of his life, he was working very hard because Greece had undertaken the Olympic Games of 2004,” he said. “And that meant a lot of hours at work and a lot of planning to beef up the networks.”

Given the enormous numbers of journalists and tourists who were planning to attend the events, all wanting to communicate, Costas’ workload increased enormously in the months before the games were to begin. Eventually, the technical infrastructure created by the Athens Olympics Organizing Committee for staff and media involved more than 11,000 computers, 23,000 fixed-line telephone devices, and 9,000 mobile phones. But the Olympics ended more than six months before Costas’ death, so there had to be another reason.

At work, things suddenly began to change. Costas told his brother that he wanted to quit. “He tendered his resignation to the company, but it wasn’t accepted,” Panagiotis told me. “He wanted to get out.” And he sent a text to his fiancée, a piano teacher named Sara Galanopoulou, saying he had to leave his job, adding cryptically that it was a “matter of life and death.”

As Costas Tsalikidis and his colleagues at Vodafone worked overtime in the months leading up to the games, thousands of miles away another group was also getting ready for the Summer Olympics in Greece: members of the U.S. National Security Agency. But rather than communicating, they were far more interested in listening. According to previously undisclosed documents from the Snowden archive, NSA has a long history of tapping into Olympic Games, both overseas and within the U.S. “NSA has had an active role in the Olympics since 1984 Los Angeles games,” according to a classified document from 2003, “and has seen its involvement increase with the recent games in Atlanta, Sydney, and Salt Lake City. During the 2002 Winter Olympics in Salt Lake City, the focus was on counterterrorism, and NSA acted largely in support of the FBI in a fusion cell known as the Olympics Intelligence Center (OIC). … NSA’s support to the 2004 Olympics in Athens will be much more complicated.”

In 2004, for the first time since the 9/11 attacks of 2001, the Summer Olympic Games would be held outside the U.S., and thus the difficulties would be far greater. “Several factors will make the Athens Olympics vastly different,” the document continued, “not the least of which is the fact these Olympics will not be held at a domestic location. Also different is that the security organization that NSA will support is the EYP, or Greek National Intelligence Service. NSA will gather information and tip off the EYP of possible terrorist or criminal actions. Without a doubt, the communication between NSA and EYP will take some coordination, and for that reason preparations are already underway.”

According to a former senior U.S. intelligence official involved with the operation, there was close cooperation between NSA and the Greek government. “The Greeks identified terrorist nets, so NSA put these devices in there and they told the Greeks, OK, when it’s done we’ll turn it off,” said the source. “They put them in the Athens communications system, with the knowledge and approval of the Greek government. This was to help with security during the Olympics.”

The Olympic Games ran smoothly — there were no serious terrorist threats and Greece had its best medal tally in more than a century. On August 29, 16 days after the games began, closing ceremonies were held at the Athens Olympic Stadium. As 70,000 people watched, Greek performers displayed traditional dances, a symbolic lantern was lit with the Olympic Flame, and Dr. Jacques Rogge, president of the International Olympics Committee, gave a short speech and then officially closed the games.

Two weeks later, the Paralympics ended, and at that point, keeping their promise to the Greek government, the NSA employees should have quietly disconnected their hardware and deleted their software from the local telecommunications systems, packed up their bugging equipment, and boarded a plane for Fort Meade. The problem was, they didn’t. Instead, they secretly kept the spying operation active, but instead of terrorists, they targeted top Greek officials. According to the former U.S. intelligence official involved with the operation, the NSA began conducting the operation secretly, without the approval or authorization of the CIA chief of station in Athens, the U.S. ambassador, or the Greek government.

“We had a huge problem right after the Greek Olympics,” the source said. “They [NSA] said when the Olympics is over, we’ll turn it off and take it away. And after the Olympics they turned it off but they didn’t take it away and they turned it back on and the Greeks discovered it. They triangulated some signals, anonymous signals, and it all pointed back to the embassy.”

At that point, the source said, someone from the Greek government called Richard Eric Pound, the CIA chief of station at the embassy in Athens and the person officially responsible for all intelligence operations in the country. Pound had arrived in May 2004, replacing Michael F. Walker, the agency’s former deputy director of the paramilitary Special Activities Division, as chief of station in Athens. Describing himself as “a small town boy from Indiana who set off to see the world,” Pound had joined the agency in 1976. Hefty and mustachioed, he was a veteran of the agency’s backwater posts in Africa.

Pound, according to the source, knew nothing about the operation having been turned back on, so he called his boss at CIA headquarters to ask about it. “He says, ‘What in God’s name is this all about?’” said the source (Pound declined to speak to The Intercept). Pound’s boss then immediately called his NSA counterpart. “Oh, yeah, we were going to tell you about that,” the NSA official told Pound’s CIA boss, according to the source. “They didn’t take it out and they turned it back on.”

National Security Agency Deputy Director John Chris Inglis testifies before the House Select Intelligence Committee on the NSA’s PRISM program, which tracks web traffic and US citizens’ phone records, during a hearing on Capitol Hill in Washington, DC, June 18, 2013. AFP PHOTO / Saul LOEB (Photo credit should read SAUL LOEB/AFP/Getty Images) National Security Agency Deputy Director John Chris Inglis in Washington, D.C., June 18, 2013. Photo: Saul Loeb/AFP/Getty ImagesNot informing the chief of station and the ambassador was an enormous breach of protocol. The chain of events surprised another source, a long-time veteran of the CIA’s National Clandestine Service, who was once a colleague of Basil in Athens. “I can’t think of another time in my experience when that ever happened, that’s how unusual it is,” the source said. “I’m astounded by that.”
In 2006, Chris Inglis became the NSA’s deputy director, the agency’s No. 2 official, who was thus in a position to discover what had happened. In an interview, I questioned him about the scandal and the illegal bugging operation. “Was the NSA involved?” I asked. Inglis offered no denial. “I couldn’t say whether NSA was involved in that or any other activity that might have been alleged to be conducted by an intelligence service, let alone NSA.”

Inglis did confirm, however, that NSA operations in foreign countries would normally have the approval of the CIA chief of station. “The chief of station,” he said, “would speak on intelligence matters for the nation, or essentially be expected to adjudicate matters on behalf of the nation.” He added, “So if NSA was expected to conduct an intelligence operation physically in some particular place of the world, I would expect that the chief of mission — the ambassador — and that the chief of station — the intelligence rep — would have some influence on that, some kind of ability to understand what it was and to ensure that it was done in the proper way.”

I also put the question to Gen. Michael Hayden, the NSA director at the time. “Do you remember the incident that came up involving Greece?” I asked. “Not anything we’re going to talk about here,” he said. “Did that come to your attention?” I pressed. “Not something I can talk about,” he replied.

At the time of the Greek bugging operation, Hayden was also secretly running the NSA’s illegal warrantless eavesdropping and metadata dragnet surveillance programs, the largest domestic spying operations in U.S. history.

FILE – In this Dec. 6, 2002 an aerial file photo of the US embassy in Athens, Greece. Theodoros Pangalos a former foreign minister of Greece said on Tuesday, Oct. 29, 2013 the U.S. is not the only country eavesdropping on foreign diplomats: his country’s secret services did that to U.S. ambassadors in Athens and Ankara in the 1990s. (AP Photo/Thanassis Stavrakis, File) An aerial file photo of the U.S. Embassy in Athens, Greece, Dec. 6, 2002. Photo: Thanassis Stavrakis/AP
Stonewalled by the U.S., over the past decade Greek investigators were nevertheless able to follow a digital trail right to the front door of the U.S. Embassy in Athens, and then to William George Basil, a mysterious embassy official with a Greek background.

Although very little is publicly known about Basil, interviews with his relatives and childhood friends in Greece, as well as fellow embassy employees and intelligence officials in Athens and the U.S., shed light on his background.

Basil was born on December 10, 1950, in Baltimore, where many of his relatives had settled after emigrating from Greece. Much of his extended family came from the small Greek island of Karpathos in the Aegean Sea, a port of call for the Argonauts traveling between Libya and Crete, and mentioned in Homer’s Iliad. There, his ancestors worked as stonemasons and as farmhands in mountainside wheat fields.

His father, George, had emigrated to the U.S. where Basil and his sister, Maria, spent their early years. But when Basil was 9, his now-divorced father became engaged to a woman from Karpathos and they all traveled to the island for the wedding. An old snapshot shows a young Basil in a suit jacket sitting uneasily on the back of a donkey. After a few months, the family returned to the U.S., then in the 1960s, when Basil was in his early teens, moved back to Karpathos for good.

Today, childhood friends there still remember Basil as “Billy,” an Americanized youth who liked to spend time on the beach. His cousin Nikos Kritikos often played sports with him. “He played rugby when he was young,” Nikos said. “He was amazingly smart. … We grew up in the same house; his stepmother, Marigoula, raised us.” And Basil’s uncle Manolis Kritikos, a local schoolteacher, remembered him as “a happy kid who smiled.” “He was always restless as a young man, he searched things,” he said. “Most of all he liked the history of this place, the folklore. … And he loved Greece and [the Karpathos village of] Olympos more than anything.”

Basil 9 years old attending his father’s wedding on Karpathos Basil, 9 years old, attending his father’s wedding on Karpathos. After graduating from high school at the American Community Schools in Athens in 1968, Basil joined the Army for five years and was posted to Alaska. Then, according to Basil’s former CIA colleague, he took a job as a Baltimore County deputy sheriff and later joined the CIA’s Office of Security as a polygraph expert. But, after nearly two decades, said the colleague, he grew bored with strapping recruits and potential agents to lie detector machines and sought a position in the agency’s Directorate of Operations. Largely based on his Greek heritage and fluency in the language, he was accepted and quickly disappeared behind the agency’s heavy black curtain, emerging undercover as a Foreign Service Officer with the State Department.
With a black diplomatic passport in his pocket, he was soon on his way to Athens, a city he knew well; he had owned an apartment in the city for many years, which he rented out. Soon after arriving, he moved into an apartment near the beach in Glyfada, one of the most exclusive areas of the city, home to ship owners and wealthy business executives. A long-time biker, he would often cruise around the city on his motorcycle.

At the U.S. Embassy in Athens, he was officially a second secretary in the regional affairs section, later promoted to first secretary. In reality, he joined the CIA station as a terrorism expert. The station, located on the embassy’s top floor (with the forgery section in the basement), was one of the largest in Europe, because it often served smaller Middle East stations with logistical help and temporary personnel. Protected by a bulletproof vest under his shirt, a 9 mm pistol strapped to his belt, and a small M38 handgun on his ankle, Basil, who had a reputation as an Olympic-level shooter, drove around the city in an armored car looking for informants to recruit and liaising with the Greek police organization. According to a confidential report by Greek prosecutor Yiannis Diotis, obtained by The Intercept, Basil played a role in a March 2003 operation — just prior to the U.S. invasion of Iraq — that involved an informant recruited by the embassy’s CIA station. The operation, code-named “Net,” led to the discovery, by a joint U.S.-Greek team, of a small cache of guns and explosives in the basement of the Iraq Embassy in Athens.

While most CIA assignments to Athens were two years, Basil kept extending his tour, giving him an opportunity to spend time on Karpathos, visiting friends and relatives and playing backgammon. “He never withheld where he was working or what he was doing,” recalled his cousin Nikos. “A lot of times we would call each other and he would tell me, ‘I am in the Middle East.’ His job was to report on the sentiment of those countries’ society. … From what he said he had a lot of friends in high places. I understood that he was acquainted with Ministers of Interior and Ministers of Public Order in Greece.”

One person who knew Basil in passing was John Brady Kiesling, a now-retired career Foreign Service Officer who had worked as the embassy’s political officer from July 2000 to March 2003. I spoke to him in his apartment in the historic Plaka section of Athens, a labyrinth of winding streets and colorful shops in the shadow of the Acropolis. After leaving his post at the embassy, he decided to remain in Greece, where he has followed the bugging case closely. When I brought up the possibility of the NSA conducting a covert operation out of the embassy, without the knowledge of either the ambassador or the CIA chief of station, he looked surprised. “I would say that a rogue agency was performing it if it was performed without the prior clearance with the ambassador, as the president’s representative in Greece,” he said. “It definitely is something that is hanging as a sort of swinging sword blade over the U.S.-Greek relationship.”

But according to Basil’s former CIA colleague in Athens, there are occasions when an ambassador is not informed by the agency because of the sensitivity of the operation. However, there was never a time when a chief of station was kept in the dark. “There were times we didn’t inform the ambassador — it was just too sensitive — and we would have to get a waiver signed,” the source said.

william-george-basil Visa from U.S. passport of William George Basil. A half-dozen miles southwest of Athens is the city of Piraeus. The largest passenger port in Europe and the third largest in the world, it services about 20 million passengers a year. Piraeus is to ships what Chicago’s O’Hare Airport is to planes. There are long rows of ferries, endless quays, hydrofoils and mega-yachts, tankers and cruise ships. It was here, not far from the pier for ferries to Karpathos that the planning ended and the operation began. According to the Greek prosecutor’s report, on June 8, 2004, someone entered the Mobile Telecommunication Center at 31 Akti Miaouli Street, and in the name of a “Markos Petrou,” purchased the first four of what would eventually be 14 prepaid cell phones.
They would become the “shadow” phones. As normal calls from Vodafone went to and from legitimate parties, a parallel stream of digitized voice and data — an exact copy — was directed to the NSA’s shadow phones. The data would then be automatically transferred miles away to NSA receivers and computers for monitoring, analysis, and storage.

Not long after, according to the Snowden documents I reviewed, the NSA contingent began arriving at US-966G, the surveillance agency’s code for the Athens embassy. The planning had already been underway. “Although the first race, dive, and somersault are still a year away,” noted a Signals Intelligence Directorate document, “SID Today,” dated August 15, 2003, “in truth, NSA has been gearing up for the 2004 Olympics for quite some time, in anticipation of playing a larger role than ever before at the international games.” The document then noted that NSA would be sending “the largest contingent of personnel in support of the games in our history. A team of 10 NSA analysts will arrive in Greece anywhere from 30-45 days before the Olympics and stay until the flame is extinguished. … The scope of the Olympics is tremendous, and so will be the support of SID [Signals Intelligence Directorate] and NSA.”

Then, in a note of unintended irony, the writer added, “The world will be watching and so will NSA!”

A key part of the operation would be obtaining secret access to the Greek telecom network. And it is here that Costas Tsalikidis may have entered the picture. As a senior engineer in charge of network planning, working for the country’s largest cellular service provider, he would have been one of those in a position to become the team’s inside person. But he was also far from the only one. “Of course, it could have even been me,” said another Vodafone technician interviewed.

The operation could have been accomplished a number of ways. At the beginning, the installation of the bugging software, while illegal according to Greek law, had been secretly authorized by the Greek government. Thus, an inside person would have been operating outside the law in providing assistance to U.S. intelligence, but with the patriotic objective of helping protect Greece from terrorists. Also, the person may never have been told that the software was supposed to be removed following the conclusion of the games. In any case, it is unlikely that the person would have known who the targets were since they were just lists of phone numbers.

In fact, recruiting a foreign telecom employee as an “inside person” for a major bugging operation was standard operating procedure for both the NSA and the CIA, according to the senior intelligence official involved with the Athens operation. “What the NSA really doesn’t like to admit, about 70 percent of NSA’s exploitation is human enabled,” the former official said. “For example, at a foreign Ministry of Post and Telecommunications, if NSA determines it needs to get access to that system, NSA and/or the CIA in coordination would come up with a mechanism that would allow them to replicate the existing switch to be swapped out. The CIA would then go and seek out the person who had access to that switch — like a Nortel switch or a router — go in there, and then it would be the CIA that would effect the operation. And then the take from it would be exploited by the NSA.”

And according to a highly classified NSA document provided by Snowden and previously published by The Intercept, covertly recruiting employees in foreign telecom companies has long been one of the NSA’s deepest secrets. A program code-named “Sentry Owl,” for example, deals with “foreign commercial platform[s]” and “human asset[s] cooperating with the NSA/CSS [Central Security Service].” The document warns that information related to Sentry Owl must be classified at an unusually high level, known as ECI, or Exceptionally Controlled Information, well above top secret.

“Human intelligence guys can provide sometimes the needed physical access without which you just can’t do the signals intelligence activity,” Gen. Hayden, the NSA head at the time of the Athens bugging, who later ran the CIA, told me.

Basil’s ties to Greece made him very good at developing local agents. “He was the best recruiter the station had, the best,” said the former CIA associate in Athens. “[Basil] may have been in charge of recruiting the guy on the inside. He may have made the initial recruitment.”

With an agent in place inside the network, the next step would be to implant spyware capable of secretly transmitting the conversations of the NSA’s targets to the shadow phones where they could be resent to NSA computers. Developing such complex malware is the job of the NSA’s Tailored Access Operations (TAO) organization. And, according to the previously undisclosed Snowden documents, members of the group “performed CNE [Computer Network Exploitation] operations against Greek communications providers” as part of the preparations for the Olympics. In lay terms, this means they developed malware to secretly extract communications data. Also involved were members of the Special Source Operations (SSO) group, the specialists who work covertly with telecom companies, such as AT&T — or in this case Vodafone — to get secret access to their networks.

The key to the operation was hijacking a particular piece of software, the “lawful intercept” program. Installed in most modern telecom systems, it gave a telecom company the technical capability to respond to a legal warrant from the local government to monitor a suspect’s communications. Vodafone’s central switching equipment was made by Ericsson, the large Swedish company, and on January 31, 2002, Ericsson delivered to Vodafone an upgrade containing the lawful intercept program, a piece of software known as the Remote Control Equipment Subsystem (RES). According to a report by Greece’s Authority for Communication Security and Privacy (ADAE), Costas was the Vodafone employee who accepted delivery of the upgrade.

Normally, when a lawful warrant is submitted to a company such as Vodafone Greece, the information, including the target phone numbers, would first be logged into a program called the Interception Management System (IMS). This creates a permanent record of the request that can later be audited. The information is then sent to the RES, which initiates the actual monitoring by secretly creating a duplicate communications stream for the targeted number. That duplicate stream is then transmitted, along with the metadata — date, time, and number calling or being called — to the law enforcement agency.

But despite having the capability to initiate wiretaps with the RES program, at the time of the Olympics Greece did not have laws in place to permit them. As a result, Vodafone never paid the additional fee to Ericsson for the IMS program and the digital key to activate the system. Far behind the NSA, the Greek government had only simple wiretap technology. “All they had was some primitive suitcase methods that would allow very limited surveillance of very specific targets,” said Kiesling, the former U.S. Embassy official. “From an American point of view, that was terrifyingly primitive.”

Thus, according to Greek sources, prior to the Olympics U.S. officials began asking the Greek government for permission to secretly activate the lawful intercept program, which led to the government agreeing to the U.S. bugging operation. Ironically, the presidential decree permitting widespread eavesdropping was finally enacted on March 10, 2005, the day after Costas’ death.

For NSA, the missing IMS program was the technical opening its operatives needed. In essence, they created malware that would secretly turn on the RES program and begin tapping. But without the IMS program there would be no audit trail, no indication or evidence that eavesdropping was going on as the target numbers were being tapped and transmitted to the shadow phones by the RES. “It was a very complex system, because it was invisible to detection,” Vodafone Greece CEO George Koronias told investigators. “It functioned independently of whether the lawful interception system was activated, and bypassed the security alarm.”

Exploiting the weaknesses associated with lawful intercept programs was a common trick for NSA. According to a previously unreleased top-secret PowerPoint presentation from 2012, titled “Exploiting Foreign Lawful Intercept Roundtable,” the agency’s “countries of interest” for this work included, at that time, Mexico, Indonesia, Egypt, and others. The presentation also notes that NSA had about 60 “Fingerprints” — ways to identify data — from telecom companies and industry groups that develop lawful intercept systems, including Ericsson, as well as Motorola, Nokia, and Siemens.

There are also a variety of “Access Methods” used to penetrate other countries’ lawful intercept programs. These include using the highly secret Special Collection Service. Known internally as “F-6,” it is described in another Snowden document as “a joint NSA-CIA organization whose mission is to covertly collect SIGINT [Signals Intelligence] from official U.S. establishments abroad, such as embassies and consulates.” The organization’s job, according to the PowerPoint, is to intercept microwaves, the thousands of communications-packed signals that crisscross a city. The PowerPoint also suggested using the Special Source Operations unit, the people who work out secret arrangements with the local telecom companies. And with the Tailored Access Operations unit, techniques could be developed to hack into the country’s telecom systems. For the Athens Olympics operation, it would be a full house.

With the malware installed, the NSA was set to go, with more than a dozen shadow phones purchased and a contingent of employees from at least 11 different NSA organizations poised to begin eavesdropping during “24-hour watches.” According to the ADAE report, the tappers first activated the malware at Vodafone’s communications centers on August 4, 2004, and five days later they began inserting the target phone numbers. Then on September 28, following the conclusion of the Paralympic Games, some of the malware was removed. But less than a week later, long after the Olympic Torch had been extinguished, new malware was implanted.

“And then,” said Kiesling, looking both troubled and perplexed, “the mystery becomes why it continued after the Olympics, and that’s a mystery that still has not been solved.” It was a question I asked a former senior NSA official with long involvement in worldwide eavesdropping operations. “They never [remove it],” the official said with a laugh. “Once you have access, you have access. You have the opportunity to put implants in, that’s an opportunity.”

“FEVER,” COSTAS WROTE. Several of the antennas used for the bugging operation were heating up, and to Costas, it was as if they had a fever. After the Olympic Games concluded, Costas started having problems at work. In the weeks following Costas’ death, his brother discovered one of his notebooks, dating from October and November 2004, after the Olympics, and it described a number of incidents. “In his notes he said that at certain points in time certain antennas seemed to get overworked and they were trying to figure out why that was happening,” said Panagiotis. “Now it turned out that those antennas were the same antennas that were connected with the system of the wiretapping.” In another entry, which Panagiotis submitted to the prosecutor, Costas wrote about a month before he died: “Something is not right at the company.”

Then, at 7:56 p.m. on January 24, 2005, someone installed a routine update in the NSA’s bugging software at Vodafone’s facility in the Paiania section of the city. It would turn out to be anything but routine. Within seconds, errors appeared, which caused hundreds of text messages from customers to go undelivered, and people began complaining. At the same time, an automatic failure report was sent to Vodafone management. It was as if a burglar alarm had gone off during a robbery. As normally happens, Vodafone sent the voluminous logs and data dumps to Ericsson for analysis, while those involved quietly waited — and worried. The once cheerful and upbeat Costas turned glum and angry. “We have heard that Costas was in meetings inside the company, in meetings that were very loud and a lot of people were arguing,” said Panagiotis. “He tendered his resignation to the company, but it wasn’t accepted. … He wanted to get out.”

On March 4, after weeks of investigation, Ericsson notified Vodafone that it had discovered a sophisticated piece of malware, containing a hefty 6,500 lines of code — evidence of a large bugging operation. The company also turned up the target phone numbers of the prime minister and his wife, the mayor of Athens, members of the Ministerial Cabinet, and scores of high officials, as well as the numbers for the shadow phones and the metadata describing when the calls were made.

Three days later, Vodafone technicians isolated the malware. Then on March 8, before law enforcement had an opportunity to get involved, Koronias, the Vodafone Greece CEO, ordered the software deactivated and removed, thus hampering any future investigation. Apparently alerted, those involved in the bugging operation immediately turned off their shadow phones. “Vodafone’s decision to deactivate the software meant our hands were tied,” Yiannis Korandis, the chief of the EYP, the Greek National Intelligence Service, told investigators.

The next morning Panagiotis discovered his brother’s body hanging from a white rope tied to a pipe above the bathroom doorway. To this day, he is convinced that Costas was murdered to keep him quiet and prevent him from quitting and going public with the details. “He probably wanted answers there and then and I think that led to his demise,” he said. The bugging, Panagiotis suspects, may have been the reason Costas sent the text to his fiancée about leaving his job being a “matter of life and death.”

Athens, GREECE: Vodafone Greece Chief Executive Officer George Koronias holds documents 06 April 2006 before the start of a parliamentary committee hearing investigating the case of a phone-tapping scandal, which targeted Prime Minister Costas Karamanlis and top officials during and after the 2004 Athens Olympics games. AFP PHOTO / Louisa Gouliamaki (Photo credit should read LOUISA GOULIAMAKI/AFP/Getty Images) Vodafone Greece CEO George Koronias holds documents in April 2006 before the start of a parliamentary committee hearing investigating the phone-tapping scandal. Photo: Louisa Gouliamaki /AFP/Getty ImagesWithin hours of Costas’ death, Ericsson prepared a formal “Incident Case Description,” outlining technical details about the malware and how it worked. It contained the warning: “This document is to be treated as highly confidential and … all necessary steps to protect this information must be taken, including the mandatory use of Entrust encryption within Ericsson.” After seven pages of technical detail, the report concluded that someone had loaded unauthorized “corrections,” i.e. malware implants, “designed to introduce RES functionality in such a way that it is not visible to any observer. Neither Ericsson nor Vodafone have any knowledge of the corrections. Nor is it known who supplied the correction, who loaded them or how long they have been loaded in the network.” In other words, someone had introduced malware to secretly activate the lawful intercept’s tapping function while at the same time hiding the fact that it had been turned on. On March 10, the report was turned over to Vodafone Greece CEO Koronias.
The Tsalikidis family’s former lawyer, Themistoklis Sofos, believes that Costas discovered the spy software by chance and then reported it. “Some people were afraid that he would talk so they killed him in a professional manner,” he told a Greek newspaper. Although the official coroner’s report said he took his own life, no suicide note was ever found, and the initial forensic report was inconclusive.

Nevertheless, Supreme Court prosecutor Dimitris Linos said that Costas’ death was clearly tied to the eavesdropping operation. “If there had not been the phone tapping, there would not have been a suicide,” he said in June 2006. In his report, prosecutor Yiannis Diotis also said that Costas had knowledge of the illegal phone-tapping software. And Giorgos Constantinopoulos, a former colleague in charge of communications security for Vodafone, reportedly told prosecutors that he was sure Costas was in a position to know about the spy software, and that his death was likely connected to that discovery.

THROUGHOUT THIS PAST SUMMER in Athens as the debt crisis mounted, crowds of pro-government demonstrators filled Syntagma Square shouting angry chants against European creditors. A few blocks away on Panepistimiou Street, an anarchy symbol was spray-painted on the walls of the headquarters of the Bank of Greece. And behind the Doric columns and yellow neo-classical façade of the Parliament Building, nervous politicians huddled and debated what to do next.

But a mile and a half away, in a heavily guarded compound near Pedion tou Areos, one of the largest parks in Athens, prosecutors were finally bringing to a close a decade of investigations. And on June 26 the finger of guilt was pointed directly at America’s Central Intelligence Agency. Now it is up to the Justices’ Council to decide how to proceed, and it may prove very embarrassing for the United States.

From the very start, according to a former senior Greek official involved in the investigation, there was no doubt within the highest levels of government that the U.S. was behind the bugging. On Friday, March 25, 2005, two weeks after Panagiotis cut the rope from his brother’s neck, Greeks celebrated Independence Day, followed by a weekend of festivities. But in Maximos Mansion, the Greek White House, the talk was far from jubilant. As Greek Navy helicopters flew low over the Acropolis during a military parade, members of the Greek inner circle were meeting with Prime Minister Costas Karamanlis about the bugging scandal that had targeted him and his wife.

A few days before, Foreign Minister Petros Molyviatis was in Washington engaged in high-level meetings with top officials. Secretary of State Condoleezza Rice spoke of the “excellent state of relations between Greece and the United States,” and President George W. Bush issued a proclamation declaring “our special ties of friendship, history, and shared values with Greece.” He noted, “Our two Nations are founded on shared ideals of liberty.” But based on the investigation up to that point, close aides, including Foreign Minister Molyviatis, were convinced that U.S. intelligence was behind the operation. Although at least one member of the group wanted to bury the whole matter rather than cause a rupture in relations with the U.S., Karamanlis disagreed, according to the source. “No way,” Karamanlis said. “If they find this on us 10 years from now, things will prove really difficult.”

The decision was made to have the police and the EYP intelligence service launch an investigation. Although far from exhaustive, with many questions left unanswered, Minister of Public Order George Voulgarakis and several other officials finally held a televised press conference in February 2006. Scribbling with a blue marker on a white board, they noted that the 14 shadow cell phones were using four mobile phone antennas with a radius of about 2 kilometers in central Athens.

Within that area was the U.S. Embassy on Vassilissis Sofias Avenue, which turned out to be a matter of great embarrassment for both the U.S. and Greek governments. “The U.S. has been fingered in the media as the culprit,” U.S. Ambassador Charles P. Ries noted in a classified memo to Washington, released by WikiLeaks. Ries suspected Voulgarakis of the leak. Calling him “a less reliable ally,” Ries said Voulgarakis “has allowed rumors to circulate that the U.S. is behind [the] major eavesdropping case in Greece.” Nevertheless, both sides wanted to pretend all was normal. Thus, Foreign Minister Molyviatis suggested to Ries that they move a previously scheduled meeting between them from the ambassador’s residence to the very public Grande Bretagne Hotel in central Athens. There, Ries noted in his memo, “All could see that the U.S.-Greece relationship was unimpaired.”

It was an odd lunch. Molyviatis was sitting across from the man whose embassy, he believed, had been listening in on his cell phone for months. And Ries, out of the loop because it was a rogue NSA/CIA operation, still may not have known of his embassy’s involvement. “Addressing the eavesdropping case,” Ries said in his memo, “Molyviatis gave his opinion that the whole hullabaloo [the press conference] had been unnecessary. It would have been sufficient to hand the matter to the judicial authorities for investigation and, if appropriate, prosecution, he said. But now, both he and the Prime Minister were keen to show that the current hysteria did not detract from excellent U.S.-Greece relations.”

For some, however, the cozy relations only seemed to increase the anger. In May, a Greek terrorist organization, “Revolutionary Struggle,” attempted to assassinate Voulgarakis with a remote-controlled bomb. Pointing to the wiretapping scandal and weakening Greek sovereignty as a key reason for the attack, the group said it opposed state-sponsored “terrorism of mass surveillance.” At the U.S. Embassy, the deputy chief of mission sent a classified cable to Washington, released by WikiLeaks, with a warning. “This group is to be taken seriously,” he said. “While there is no mention thus far of targeting foreign ‘capitalist-imperialists,’ it would not be a leap of faith for RS to focus its attention on the U.S. presence in Greece.” Ten months later, the group fired a rocket at the embassy.

Around the time the eavesdropping was discovered, Basil left the country, apparently with a quick reassignment by CIA to Sudan. Then, according to Greek documents obtained by The Intercept, on August 4, as things quieted down, he obtained a visa at the Greek Embassy in Khartoum and returned 10 days later to Athens and his cover job as first secretary for regional affairs. The diplomatic position gave him immunity from arrest.

The investigation was the first of what would be five major probes stretching over a decade in which more than 500 witnesses would be questioned, including agents of the EYP. Evidence built up slowly as investigators picked apart the telltale computer logs, traced the cell phone signals, and dissected layers and layers of software. Over the years, piece after piece, the puzzle began to come together.

In his testimony, Ericsson’s managing director for Greece, Bill Zikou, laid out the “how,” describing the method by which the bugging was accomplished. “What happened in this incident,” he said, “is that a complex, sophisticated, non-Ericsson intruder piece of software was planted into the Vodafone Greece network,” which by activating the RES function “thus made illegal interceptions possible.”

william-basil200 William George Basil. Date unknown. Photo: FacebookThen investigators turned to the “who.” At the conclusion of its operation, the NSA was hoping that it could disappear into the night without leaving a trace. “Unlike the athletes, when the Olympics are over, the NSA team is hoping you won’t even know they were there,” said one of the classified documents. It bore the ironic title, “Another Successful Olympics Story.” But as a result of sloppy intelligence tradecraft by the American spies, each step pointed the investigators closer and closer to the U.S.
One person who spent a great deal of time buying shadow phones was William Basil. “We used to call him the telephone man,” said the former CIA colleague in Athens. “All we do is we buy burner phones. Just drive in any direction you want and go to a random phone store and just buy a phone, make a call, and throw the phone away.”

But Basil wasn’t the only one buying shadow phones. According to the prosecutor’s confidential report, issued June 26, 2015 and obtained by The Intercept, investigators traced four of the shadow cell phones to the shop in Piraeus. There, the prosecutor showed pictures of Basil and his wife, Irene, to the store’s manager. “She is known” to the store, the manager said. The prosecutor then noted in his report that Irene was “acting as designated by him [Basil] and on his behalf.” And according to registered deeds, the family of Irene Basil has long owned a home in Piraeus just a few miles from the shop.

Things got even sloppier. After purchasing the four shadow phones, meant to be untraceable, the SIM card from one of them was removed and placed in a cell phone registered to the U.S. Embassy. It was a direct link between the covert operation and the U.S. government. Investigators then traced more than 40 calls to and from the U.S. Embassy involving the phone. The numbers listed in the ADAE report include the embassy’s main number, the emergency after-hours number, the Marine guard, and the FBI office. There was even a call to a women’s clothing store in Athens, Rouge Paris.

Then, on the same shadow phone using another SIM card, investigators found calls to Maryland. Based on the phone numbers, The Intercept was able to determine that those calls were made to Ellicott City, where Basil and his wife used to own property, and to neighboring Cantonsville, both bedroom communities for NSA. The implications greatly worried the investigators. “We were scared,” one told a parliamentary committee. “This is something that the Foreign and Justice Ministries should investigate.”

Finally, after years of slow, ineffective, and politically hindered investigations that produced more fog than clarity, the determined work of the ADAE and a few others began paying off. The evidence pointed at the U.S. Embassy, and with a bit of luck and thanks to the American spies’ mistakes, prosecutors came up with a name, William Basil, and the international arrest warrant was issued last February.

But by then, he was long gone. After Athens, Basil was promoted to deputy chief of station in Islamabad, Pakistan, then sent back to a desk job at headquarters, that of director of human resources at the agency’s Counterterrorism Center. Now retired and no longer protected by diplomatic immunity, he may never see Greece again, the country where his wife currently lives in her family’s home in Piraeus. In 2012, according to a petition he signed protesting a planned marine park on Karpathos, he wrote, “I own property in Karpathos and plan to retire there next year.”

Today the two-story house near the beach in Diafani sits empty; construction materials are stacked on the porch, its exterior unpainted. Nearby, friends and relatives can’t believe that Billy from Karpathos could have secretly wiretapped their top officials, or spied on their government. “There’s no way he did what they say he did,” said Basil’s cousin Nikos. “Because of his love [for] Greece, they would know that if that thing [the wiretapping] needed to be done, they would most certainly ask somebody else to do it. No way he did it. It is well known that he was first and foremost a Greek patriot.”

Months before the arrest warrant was issued, Basil had been in touch by phone with a prominent criminal lawyer in Athens, Ilias G. Anagnostopoulos, according to a Greek source, who asked not to be named because of the confidential nature of the information. When asked by the attorney if he would be willing to testify if it came to that, Basil, according to the source, replied: “If there are questions, of course I can answer them.” The attorney met with the prosecutor, but after leaks to the press, Basil told Anagnostopoulos to drop the matter for the time being. Complicating matters, the prosecutor has filed the eavesdropping case alongside a much larger, but unconnected, conspiratorial case involving an assassination attempt on former Prime Minister Karamanlis, a key target of the wiretapping operation.

CIA Chief of Station Eric Pound left Athens in 2007, returning to headquarters to become chief of the External Operations and Cover Division, the organization responsible for creating front companies overseas for clandestine officers masquerading as business executives or other occupations. After he retired in September 2009, Pound mentioned to a college audience that the CIA has an obsession to learn the truth. He added, “But obsession does not always lead to success.”

Costas Tsalikides March 9, 2005 Costas Tsalikidis, March 9, 2005.
Panagiotis and other family members also want the truth. In 2011, Costas’ family asked two coroners to reexamine the medical records. One was Dr. Steven Karch, a forensic pathologist and former medical examiner in San Francisco, and the other was Dr. Theodoros Vougiouklakis, an associate professor of forensic medicine in Greece. Karch called the original autopsy “farcical.” Based on pictures of the body, the coroners concluded that the marks to Costas’ neck couldn’t have come from simply jumping off the chair. “Something was done to him prior,” Karch told The Intercept.
The family agrees with this conclusion. “I believe there are people who know what happened, what exactly and who exactly did it and they will give us those facts,” said Panagiotis. “I believe that as time goes by the reasons for protecting the perpetrators will fade and mouths will open.” Last March, on the 10th anniversary of Costas’ death, his mother spoke to a local Greek reporter for the first time. “I want to know what happened to my child and nobody that investigated until now, 10 years [later], gave me the slightest response,” she said. “As long as I live I will live with this suffering. I want to punish those who are guilty for what happened, and those who know [but] do not speak.”

There appears little chance that her questions will be answered, however. It is extremely unlikely the Obama administration will ever allow Basil, or any other intelligence official, to be extradited. Nor is it likely that Basil will return to Greece voluntarily with an arrest warrant waiting for him. Around 2009 he appeared in a Facebook picture, seemingly in disguise, sporting a long white beard and moustache. “Dude, Santa’s job isn’t available for what … another seven months,” a friend joked on Facebook. Though he has not responded to requests for an interview, pictures online show him in Greece in 2013 attending his daughter’s wedding, without the beard, in the Glyfada section of Athens. Multiple attempts to reach Basil by phone, and through family members, were unsuccessful. Both the CIA and NSA declined to comment on any issue surrounding the Athens wiretapping, including Basil’s indictment.

As for the NSA, a classified review of the Greek Olympics asked the now ironic question, “After this year’s gold medal performance, what comes next?” Next will certainly be the Olympics scheduled for Rio de Janeiro, Brazil, next summer. According to a previously published top-secret NSA slide, the agency has already planted malware throughout the country’s telecommunications system. And, if history is any guide, in the weeks leading up to the start of the games, teams from the SCS, SSO, TAO, and other organizations will arrive once again to begin 24/7 eavesdropping. And as in Greece, they may just happen to leave some of their monitoring equipment behind.

Sitting in his apartment overlooking Athens’ Plaka, John Brady Kiesling could make little sense of it all. “I don’t see a shred of evidence that this wiretapping did the U.S. government any good,” he said. “I think it’s just important to underscore that intelligence gathering is never free. It always comes at a human and political cost to someone. In this case it was paid by an innocent Vodafone technician.”

Aggelos Petropoulos of the Athens-based newspaper Kathimerini contributed reporting from Greece, and Ryan Gallagher, senior reporter at The Intercept, contributed research and reporting from the Snowden Archive.

Documents published with this story:

Another Successful Olympics Story
Exploiting Foreign Lawful Intercept Roundtable
Gold Medal Support for Olympic Games
NSA Team Selected for Olympics Support
SID Trains for Athens Olympics

James Bamford
Sep. 29 2015, 4:01 a.m.

Find this story at 29 September 2015
Copyright https://theintercept.com/

Van nieuwsblog.burojansen.nl

The German intelligence service has spied on European and American embassies in ways that may have been beyond its mandate, German media ARD and Spiegel Online reported on Wednesday (14 October).
The Bundesnachtrichtendienst (BND) reportedly targeted French and US institutions and eavesdropped on them to acquire information about countries like Afghanistan.

The news follows reports in April that the BND spied on France and the European Commission on behalf of the US’ National Security Agency (NSA). But according to the new reports, BND also spied on allies on its own initiative.
For its spying programme, the BND used thousands of search queries, so-called selectors, including phone numbers and IP addresses, possibly queries the service chose itself.

“The question is … whether the used queries were covered by the BND’s mandate”, MP Clemens Binninger of chancellor Angela Merkel’s centre-right CDU party told ARD.

Binninger is head of the Bundestag’s supervisory body that oversees the intelligence service.

The German media sourced their news at a secret meeting of the overseeing body on Wednesday evening.

The revelations are remarkable considering the criticism that followed revelations by Edward Snowden in 2013 that the NSA had spied on EU leaders, including Merkel.

“Spying among friends – that is just not done”, Merkel said following the scandal.

The BND programme stopped around the same time as the Snowden revelations revealed the NSA practices, in the autumn of 2013.

German MPs are planning to interview staff next week at the BND headquarters in Pullach and review the list of search queries to determine if there has been any illegal practice.

By PETER TEFFER
BRUSSELS, 15. OCT, 09:11

Find this story at 15 October 2015

Copyright https://euobserver.com/

Van nieuwsblog.burojansen.nl

Prosecutors have charged a German spy with treason, breach of official secrecy and taking bribes for allegedly providing secret documents to both the CIA and Russia’s intelligence agency. Prosecutors say Thursday Aug. 20, 2015, the 32-year-old man,handled mail and classified documents for Germany’s foreign intelligence agency BND. ( Stephan Jansen/dpa via AP)
BERLIN (AP) — A German spy who allegedly acted as a double agent for the United States and Russia has been charged with treason, breach of official secrecy and taking bribes, Germany’s federal prosecutors’ office said Thursday.

The 32-year-old, identified only as Markus R. due to privacy rules, is accused of offering his services to the CIA in early 2008 while working for Germany’s foreign intelligence agency BND. Documents he gave the U.S. spy agency would have revealed details of the BND’s work and personnel abroad, officials said.

“In doing so the accused caused serious danger to Germany’s external security,” prosecutors said in a statement. “In return the accused received sums amounting to at least 95,000 euros ($104,900) from the CIA.”

Shortly before his arrest in July 2014, Markus R. also offered to work for Russian intelligence and provided them with three documents, again harming Germany’s national security, prosecutors said.

The discovery that the CIA had allegedly been spying on its German counterpart caused anger in Berlin, adding to diplomatic tension between Germany and the United States over reports about U.S. surveillance of Chancellor Angela Merkel’s cellphone.

Following the arrest, the German government demanded the removal of the CIA station chief in Berlin.

Prosecutors said Markus R. would have had access to sensitive documents because his job involved handling mail and classified documents for the BND’s foreign operations department.

German weekly Der Spiegel reported that the 218 documents Markus R. allegedly passed to the CIA included a list of all BND agents abroad, a summary of an eavesdropped phone call between former U.S. Secretary of State Hillary Rodham Clinton and former U.N. Secretary-General Kofi Annan, as well as a draft counter-espionage strategy. A spokeswoman for the federal prosecutors’ office declined to comment on the report.

If convicted, Markus R. could face between one and 15 years in prison.

Associated Press By FRANK JORDANS
August 20, 2015 11:07 AM

Find this story at 20 August 2015
Copyright http://news.yahoo.com/

Van nieuwsblog.burojansen.nl

For months, the German government sought to create the impression it was still waiting for an answer from the US on whether it could share NSA target lists for spying with a parliamentary investigation. The response came months ago.

The order from Washington was unambiguous. The United States Embassy in Berlin didn’t want to waste any time and moved to deliver the diplomatic cable without delay. It was May 10, 2015, a Sunday — and even diplomats aren’t crazy about working weekends. On this day, though, they had no other choice. James Melville, the embassy’s second-in-command, hand delivered the mail from the White House to Angela Merkel’s Chancellery at 9 p.m.

The letter that Melville handed over to Merkel’s staff contained the long-awaited answer to how the German federal government could proceed with highly classified lists of NSA spying targets. The so-called “selector” lists had become notorious in Germany and the subject of considerable grief for Merkel because her foreign intelligence agency, the BND, may have helped the NSA to spy on German firms as a result of them. The selector lists, which were fed into the BND’s monitoring systems on behalf of the NSA, are reported to have included both German and European targets that were spied on by the Americans.

The letter put the German government in a very delicate position. The expectation had been that the US government would flat out refuse to allow officials in Berlin to present the lists to members of the federal parliament, which is currently investigating NSA spying in Germany, including the eavesdropping of Merkel’s own mobile phone. But that wasn’t the case. Instead, the Americans delivered a more differentiated letter, making it all the more interesting.

Canned Answers

Nevertheless, the German government remained silent about the letter’s existence. It disposed of all queries by saying that talks with the US on how to deal with the lists were still ongoing. The government kept giving the same reply whenever journalists from SPIEGEL or other media asked if it had received an answer from the Americans.

On May 11, for example, one day after Chancellery officials received the letter, Merkel’s spokesman Steffen Seibert responded to a query by saying: “The heads of the Parliamentary Control Panel (responsible for parliamentary oversight of Germany’s intelligence agencies) and the NSA investigative committee are all being informed about all relevant things in the context of this consultation process.” Is it not relevant when the US government provides its first official response to the Germans’ request to present the lists to parliament?

Two days later, on May 13, Seibert was asked explicitly by a reporter whether there had been any new developments on the NSA issue. “I have nothing new to report,” the government spokesman answered. At the very least, his reply was a deliberate deception of the public by the government. The letter, after all, didn’t come from just anyone — it came from US President Barack Obama’s White House chief of staff, Denis McDonough. A letter from such a high-ranking official is most certainly a new development. When questioned by SPIEGEL on the matter, the German government responded that “it would not publicly comment on confidential communications with foreign parties.”

Several sources familiar with the contents of the letter claim that in it, Obama’s people express their great respect for the parliamentary oversight of intelligence services and also accept that the committee will learn more about the NSA target list. At the same time, the letter also includes the decisive requirement: that the German government had to make sure no information contained in the target lists went public.

Keeping the Public in the Dark

The demand created a dilemma for the government. It meant, on the one Hand, that Merkel’s Chancellery could no longer hide behind the Americans as an excuse to withhold the information from parliament. On the other hand, the Chancellery didn’t want to take the risk of sharing the lists with members of the Bundestag because doing so, they worried, would create the risk that someone might then leak them to the media.

Merkel and her people instead deliberately kept German citizens and members of parliament in the dark about the Americans’ position. Almost two weeks after receipt of the letter from Washington, Merkel’s chief of staff, Chancellery Minister Peter Altmaier, informed the heads of the NSA investigative committee in a highly confidential meeting of an answer by the Americans, but he implied it had been vague, and there was no mention of any willingness on the part of the US government to allow the German parliament to clarify the issue. Instead, Altmaier argued that Washington had listed a number of legal concerns. He said it was unlikely further discussions would lead to any green light.

When the German weekly Die Zeit reported 10 days ago that the Americans had given their okay for the release of the lists, Altmaier responded: “We could have spared ourselves a difficult debate if permission to pass (the lists) on had actually been given by the US.” Altmaier clearly attempted to skirt the question of whether the US had made any statements on the issue.

Officials in the Chancellery are now doing their best to portray the McDonough letter as a kind of kick-off in German-American consultations on how to deal with the selector lists. After receiving the letter, Chancellery Minister Altmaier had a number of exchanges with his US counterpart by phone and email. In addition, Klaus-Dieter Fritsche, the Chancellery’s intelligence coordinator, also spoke several times with the Americans.

Berlin’s approach to the negotiations says quite a bit about the outcome one should expect. Officially, the German government is asking for permission to release the selector lists without the application of any restrictions by the US government. It had to have been clear to everyone involved that a demand like that would be unrealistic, but in this instance, the government didn’t want to risk making any mistakes. Within the Chancellery, officials then agreed that any time they were approached with questions, they would always answer that the consultations were still in progress — even if a decision had already been made.

Pushback from the Opposition

“The Federal Chancellery is doing exactly the opposite of what Merkel promised,” criticizes Konstantin von Notz, the Green Party’s representative on the NSA investigative committee. “Instead of clearing things up, things are being concealed behind the scenes, also using improper means.”

As the course of the NSA scandal showed, Merkel and her people already have practice when it comes to cover-up attempts. During her election campaign in 2013, Merkel created the impression for months that there was a chance Germany might be able to reach a no-spy agreement with the US. Throughout, the White House signaled behind the scenes that it would never agree to one, but the German government told the public nothing about these discussions.

Now, a special ombudsman is supposed to steer the government out of the difficult situation in which it finds itself. It’s an idea that originated with Altmaier. Rather than providing the selector lists to the NSA investigative committee in parliament, they will instead be viewed by Kurt Graulich, a former justice with the Federal Administrative Court. Altmaier’s hope is that this path will prevent details from being leaked to the press.

The opposition parties in parliament are against the idea. And why shouldn’t they be? In recent years, the Chancellery has done everything in its power to downplay spying by US intelligence services on Germany. Altmaier’s predecessor, Ronald Pofalla, even went so far in August 2013 as to say that the NSA scandal had been “cleared up.” The revelation, arguably the biggest, that Merkel’s own mobile phone had been tapped by the NSA followed two months later. Now the Green and Left parties want to prevent the government from choosing its own inspector. They are considering a legal challenge at the Federal Constitutional Court to stop Merkel’s government.

08/21/2015 07:44 PM
By Matthias Gebauer, René Pfister and Holger Stark

Find this story at 21 August 2015

© SPIEGEL ONLINE 2015

Van nieuwsblog.burojansen.nl

BERLIN — In the summer of 2011, American intelligence agencies spied on a senior German official who they concluded had been the likely source of classified information being leaked to the news media.

The Obama administration authorized the top American spy in Germany to reveal to the German government the identity of the official, according to German officials and news media reports. The decision was made despite the risk of exposing that the United States was monitoring senior national security aides to Chancellor Angela Merkel.

The tip-off appears to have led to a senior German intelligence official being barred from access to sensitive material. But it also raises suspicions that Ms. Merkel’s government had strong indications of the extent of American surveillance at least two years before the disclosures by Edward J. Snowden, which included the number of a cellphone used by the chancellor.

The decision by the United States to risk disclosing a surveillance operation against a close ally indicates the high level of concern over the perceived security breach. It is unclear, however, what that information might have been or if it involved intelligence provided to Germany by the United States.

The German newsmagazine Der Spiegel reported Friday that it believed the American effort to expose the German intelligence official arose from conversations by its own journalists. It filed a complaint with the federal prosecutor in Germany over espionage activity and a violation of Germany’s data protection laws. The prosecutor’s office declined to comment, other than to confirm that the filing had been received.

In Washington, a spokesman for the National Security Council, Ned Price, declined on Friday to comment on the reported surveillance other than to indicate that the government does not spy on foreign journalists. “The United States is not spying on ordinary people who don’t threaten our national security,” Mr. Price said.

The disclosure is the latest intelligence revelation to shake the alliance, even though it is unclear that the National Security Agency actively listened to Ms. Merkel’s calls. Among other actions that widened the rift, the Germans last summer expelled the then-C.I.A. chief. And this week material uncovered by the antisecrecy group WikiLeaks suggested that the Americans had been spying on their German allies back to the 1990s.

The first hints emerged in the German media this year. The Bild am Sonntag newspaper reported that Hans Josef Vorbeck, a deputy director of the chancellery’s intelligence division, had been “put out in the cold” in 2011 after the then-C.I.A. station chief in Berlin gave information to Mr. Vorbeck’s boss, Günter Heiss. Der Spiegel said Mr. Heiss was specifically told of contacts with its journalists.

Mr. Heiss, a quiet but powerful figure in German intelligence activities, was questioned for nearly six hours at an open hearing of a German parliamentary committee on Thursday. Mr. Heiss was particularly reticent when asked about Mr. Vorbeck. He repeatedly declined to answer questions about him, challenging the mandate of the committee to pose such queries, and arguing that he was not allowed to discuss a third party in public.

Konstantin von Notz, a lawmaker for the opposition Green Party, which has been vocal in its criticism of Ms. Merkel and the German handling of alleged American espionage, accused Mr. Heiss of hiding behind a “cascade” of excuses.

Eventually, Hans-Christian Ströbele, a longtime lawmaker for the Greens, asked Mr. Heiss whether he ever had a “concrete suspicion” that Mr. Vorbeck was leaking classified information. Mr. Heiss said there was no “concrete suspicion” that would have led to “concrete action.” He indicated the matter had been discussed in the chancellery, but declined to give specifics.

But when asked whether Mr. Vorbeck had been the target of spying, Mr. Heiss declared: “No. That much I can say.”

In a report in the edition it published on Saturday, Der Spiegel said Mr. Heiss had learned of the suspicions against Mr. Vorbeck in the summer of 2011, when invited by the C.I.A. station chief to take a walk.

Appearing before the committee last month, Guido Müller, a senior intelligence official, at first said he could not recall Mr. Vorbeck’s transfer to a lower-level job. Mr. Müller then said he could remember it only if testifying behind closed doors.

When he appeared before the committee, two days shy of his 64th birthday, Mr. Vorbeck himself was cagey. When Mr. von Notz raised the Bild am Sonntag reports and asked for more detail, the demoted intelligence officer replied that he “did not know much more than what has been in the papers,” according to a transcript on a live-blog at netzpolitik.org, a website that tracks intelligence matters.

André Hahn, a lawmaker for the opposition Left party, asked Mr. Vorbeck whether he had a good relationship with Mr. Heiss — “at first,” Mr. Vorbeck answered — and whether he had ever been charged with betraying secrets. “Not then and not now,” Mr. Vorbeck replied, according to the netzpolitik blog.

Mr. Vorbeck is suing the government for material damages he said he suffered as a result of being transferred to a senior archival post concerning the history of German intelligence. His lawyer declined to return a call seeking comment or access to his client.

The dimensions of German anger over American espionage have been evidenced in public opinion polls and in protests against a possible trans-Atlantic trade pact. German officials have talked about creating an internal Internet so that communications among Germans do not have to pass outside the country.

What makes these disclosures different is that they suggest that German publications have been either direct or indirect targets of American surveillance. “Spiegel suspects spying by U.S. secret services,” the online edition of the respected weekly Die Zeit reported Friday.

The latest disclosures by WikiLeaks — a summary of an October 2011 conversation Ms. Merkel had with an adviser about the debt crisis in Greece, a document from her senior adviser on European affairs, plus a list of 69 telephone numbers of important ministries and senior officials that appeared to date back to the 1990s — had already prompted Ms. Merkel’s chief of staff on Thursday to invite the United States ambassador, John B. Emerson, to explain.

A government statement following that meeting did not confirm the material, but made plain that violations of German laws would be prosecuted. The government defended its heightened counterintelligence operations, hinting at the depth of anger with the United States.

Steffen Seibert, the German government spokesman, referred inquiries on Friday to another government spokesman who said he could not be identified by name. He reiterated that the government did not comment on personnel moves, and that it reported on intelligence services only to the relevant supervisory committee in Parliament.

The spokesman added in an email that Mr. Heiss had testified on Thursday that there was no reason to take disciplinary or other action regarding Mr. Vorbeck.

Alison Smale and Melissa Eddy reported from Berlin, David E. Sanger from Vienna and Eric Schmitt from Washington.

By ALISON SMALE, MELISSA EDDY, DAVID E. SANGER and ERIC SCHMITTJULY 3, 2015

Find this story at 3 July 2015

© 2015 The New York Times Company

Van nieuwsblog.burojansen.nl

Spies keen to use XKeyscore, less keen to tell German government or citizens.

In order to obtain a copy of the NSA’s main XKeyscore software, whose existence was first revealed by Edward Snowden in 2013, Germany’s domestic intelligence agency agreed to hand over metadata of German citizens it spies on. According to documents seen by the German newspaper Die Zeit, after 18 months of negotiations, the US and Germany signed an agreement in April 2013 that would allow the Federal Office for the Protection of the Constitution (Bundesamtes für Verfassungsschutz—BfV) to obtain a copy of the NSA’s most important program and to adopt it for the analysis of data gathered in Germany.

This was a lower level of access compared to the non-US “Five Eyes” nations—the UK, Australia, Canada, and New Zealand—which had direct access to the main XKeyscore system. In return for the software, the BfV would “to the maximum extent possible share all data relevant to NSA’s mission.” Interestingly, there is no indication in the Die Zeit story that the latest leak comes from Snowden, which suggests that someone else has made the BfV’s “internal documents” available.

Unlike Germany’s foreign intelligence service, the Bundesnachrichtendienst (BND), the domestic-oriented BfV does not employ bulk surveillance of the kind also deployed on a vast scale by the NSA and GCHQ. Instead, it is only allowed to monitor individual suspects in Germany and, even to do that, must obtain the approval of a special parliamentary commission. Because of this targeted approach, BfV surveillance is mainly intended to gather the content of specific conversations, whether in the form of e-mails, telephone exchanges, or even faxes, if anyone still uses them. Inevitably, though, metadata is also gathered, but as Die Zeit explains, “whether the collection of this [meta]data is consistent with the restrictions outlined in Germany’s surveillance laws is a question that divides legal experts.”

The BfV had no problems convincing itself that it was consistent with Germany’s laws to collect metadata, but rarely bothered since—remarkably—all analysis was done by hand before 2013, even though metadata by its very nature lends itself to large-scale automated processing. This explains the eagerness of the BfV to obtain the NSA’s XKeyscore software after German agents had seen its powerful metadata analysis capabilities in demonstrations.

It may also explain the massive expansion of the BfV that the leaked document published by Netzpolitik had revealed earlier this year. As Die Zeit notes, the classified budget plans “included the information that the BfV intended to create 75 new positions for the ‘mass data analysis of Internet content.’ Seventy-five new positions is a significant amount for any government agency.”

FURTHER READING

GERMANY’S TOP PROSECUTOR FIRED OVER NETZPOLITIK “TREASON” PROBE
Heads begin to roll, but the investigation has not yet been dropped.
The BfV may have been keen to deploy XKeyscore widely, but it wasn’t so keen to inform the German authorities about the deal with the NSA. Peter Schaar, who was data protection commissioner at the time, told Die Zeit: “I knew nothing about such an exchange deal [of German metadata for US software].” He says that he only discovered that the BfV was using XKeyscore when he asked the surveillance service explicitly after reading about the program in Snowden’s 2013 revelations. The same is true for another key oversight body: “The Parliamentary Control Panel learned that the BfV had received XKeyscore software and had begun using it. But even this very general briefing was only made after the panel had explicitly asked following the Snowden revelations,” according to Die Zeit.

This post originated on Ars Technica UK
by Glyn Moody (UK) – Aug 27, 2015 5:32pm CEST

Find this story at 27 August 2015

© 2015 Condé Nast

Van nieuwsblog.burojansen.nl

BERLIN — WikiLeaks on Wednesday published a new list of German phone numbers it claims showed the U.S. National Security Agency targeted phones belonging to Chancellor Angela Merkel’s close aides and chancellery offices for surveillance.

Wednesday’s publication came a week after WikiLeaks released a list of numbers it said showed the NSA targeted officials at various other German ministries and elsewhere. That rekindled concerns over U.S. surveillance in Germany after reports two years ago that Merkel’s own cellphone was targeted.

Merkel’s chief of staff last week asked the U.S. ambassador to a meeting and told him that German law must be followed.

There was no immediate comment from the German government on the latest publication.

The list includes a cellphone number attributed to Ronald Pofalla, Merkel’s chief of staff from 2009-13; a landline number that appears to belong to the leader of Merkel’s parliamentary caucus; various other connections at Merkel’s office; and a cellphone number for the chancellor that WikiLeaks says was used until 2013.

It was unclear when exactly the partially redacted list of 56 German phone numbers dates from and it wasn’t immediately possible to confirm the accuracy of that and other documents released by WikiLeaks.

Those documents, WikiLeaks said, are NSA reports based on interceptions — including one from 2009 that details Merkel’s views on the international financial crisis and another from 2011 summarizing advisers’ views on plans for the eurozone’s rescue fund.

According to the secret-spilling site, the list of phone numbers was updated for more than a decade after 2002 and a “close study” of it shows it evolved from an earlier target list dating back into the 1990s.

July 8, 2015
Associated Press

Find this story at 8 July 2015

Copyright http://www.matthewaid.com/

Van nieuwsblog.burojansen.nl

The sheer quantity of communications that XKEYSCORE processes, filters and queries is stunning. Around the world, when a person gets online to do anything — write an email, post to a social network, browse the web or play a video game — there’s a decent chance that the Internet traffic her device sends and receives is getting collected and processed by one of XKEYSCORE’s hundreds of servers scattered across the globe.

In order to make sense of such a massive and steady flow of information, analysts working for the National Security Agency, as well as partner spy agencies, have written thousands of snippets of code to detect different types of traffic and extract useful information from each type, according to documents dating up to 2013. For example, the system automatically detects if a given piece of traffic is an email. If it is, the system tags if it’s from Yahoo or Gmail, if it contains an airline itinerary, if it’s encrypted with PGP, or if the sender’s language is set to Arabic, along with myriad other details.

This global Internet surveillance network is powered by a somewhat clunky piece of software running on clusters of Linux servers. Analysts access XKEYSCORE’s web interface to search its wealth of private information, similar to how ordinary people can search Google for public information.

Based on documents provided by NSA whistleblower Edward Snowden, The Intercept is shedding light on the inner workings of XKEYSCORE, one of the most extensive programs of mass surveillance in human history.

How XKEYSCORE works under the hood

It is tempting to assume that expensive, proprietary operating systems and software must power XKEYSCORE, but it actually relies on an entirely open source stack. In fact, according to an analysis of an XKEYSCORE manual for new systems administrators from the end of 2012, the system may have design deficiencies that could leave it vulnerable to attack by an intelligence agency insider.

XKEYSCORE is a piece of Linux software that is typically deployed on Red Hat servers. It uses the Apache web server and stores collected data in MySQL databases. File systems in a cluster are handled by the NFS distributed file system and the autofs service, and scheduled tasks are handled by the cron scheduling service. Systems administrators who maintain XKEYSCORE servers use SSH to connect to them, and they use tools such as rsync and vim, as well as a comprehensive command-line tool, to manage the software.

John Adams, former security lead and senior operations engineer for Twitter, says that one of the most interesting things about XKEYSCORE’s architecture is “that they were able to achieve so much success with such a poorly designed system. Data ingest, day-to-day operations, and searching is all poorly designed. There are many open source offerings that would function far better than this design with very little work. Their operations team must be extremely unhappy.”

Analysts connect to XKEYSCORE over HTTPS using standard web browsers such as Firefox. Internet Explorer is not supported. Analysts can log into the system with either a user ID and password or by using public key authentication.

As of 2009, XKEYSCORE servers were located at more than 100 field sites all over the world. Each field site consists of a cluster of servers; the exact number differs depending on how much information is being collected at that site. Sites with relatively low traffic can get by with fewer servers, but sites that spy on larger amounts of traffic require more servers to filter and parse it all. XKEYSCORE has been engineered to scale in both processing power and storage by adding more servers to a cluster. According to a 2009 document, some field sites receive over 20 terrabytes of data per day. This is the equivalent of 5.7 million songs, or over 13 thousand full-length films.

This map from a 2009 top-secret presentation does not show all of XKEYSCORE’s field sites.
When data is collected at an XKEYSCORE field site, it is processed locally and ultimately stored in MySQL databases at that site. XKEYSCORE supports a federated query system, which means that an analyst can conduct a single query from the central XKEYSCORE website, and it will communicate over the Internet to all of the field sites, running the query everywhere at once.

There might be security issues with the XKEYSCORE system itself as well. As hard as software developers may try, it’s nearly impossible to write bug-free source code. To compensate for this, developers often rely on multiple layers of security; if attackers can get through one layer, they may still be thwarted by other layers. XKEYSCORE appears to do a bad job of this.

When systems administrators log into XKEYSCORE servers to configure them, they appear to use a shared account, under the name “oper.” Adams notes, “That means that changes made by an administrator cannot be logged.” If one administrator does something malicious on an XKEYSCORE server using the “oper” user, it’s possible that the digital trail of what was done wouldn’t lead back to the administrator, since multiple operators use the account.

There appears to be another way an ill-intentioned systems administrator may be able to cover their tracks. Analysts wishing to query XKEYSCORE sign in via a web browser, and their searches are logged. This creates an audit trail, on which the system relies to assure that users aren’t doing overly broad searches that would pull up U.S. citizens’ web traffic. Systems administrators, however, are able to run MySQL queries. The documents indicate that administrators have the ability to directly query the MySQL databases, where the collected data is stored, apparently bypassing the audit trail.

AppIDs, fingerprints and microplugins

Collecting massive amounts of raw data is not very useful unless it is collated and organized in a way that can be searched. To deal with this problem, XKEYSCORE extracts and tags metadata and content from the raw data so that analysts can easily search it.

This is done by using dictionaries of rules called appIDs, fingerprints and microplugins that are written in a custom programming language called GENESIS. Each of these can be identified by a unique name that resembles a directory tree, such as “mail/webmail/gmail,” “chat/yahoo,” or “botnet/blackenergybot/command/flood.”

One document detailing XKEYSCORE appIDs and fingerprints lists several revealing examples. Windows Update requests appear to fall under the “update_service/windows” appID, and normal web requests fall under the “http/get” appID. XKEYSCORE can automatically detect Airblue travel itineraries with the “travel/airblue” fingerprint, and iPhone web browser traffic with the “browser/cellphone/iphone” fingerprint.

PGP-encrypted messages are detected with the “encryption/pgp/message” fingerprint, and messages encrypted with Mojahedeen Secrets 2 (a type of encryption popular among supporters of al Qaeda) are detected with the “encryption/mojaheden2” fingerprint.

When new traffic flows into an XKEYSCORE cluster, the system tests the intercepted data against each of these rules and stores whether the traffic matches the pattern. A slideshow presentation from 2010 says that XKEYSCORE contains almost 10,000 appIDs and fingerprints.

AppIDs are used to identify the protocol of traffic being intercepted, while fingerprints detect a specific type of content. Each intercepted stream of traffic gets assigned up to one appID and any number of fingerprints. You can think of appIDs as categories and fingerprints as tags.

If multiple appIDs match a single stream of traffic, the appID with the lowest “level” is selected (appIDs with lower levels are more specific than appIDs with higher levels). For example, when XKEYSCORE is assessing a file attachment from Yahoo mail, all of the appIDs in the following slide will apply, however only “mail/webmail/yahoo/attachment” will be associated with this stream of traffic.

To tie it all together, when an Arabic speaker logs into a Yahoo email address, XKEYSCORE will store “mail/yahoo/login” as the associated appID. This stream of traffic will match the “mail/arabic” fingerprint (denoting language settings), as well as the “mail/yahoo/ymbm” fingerprint (which detects Yahoo browser cookies).

Sometimes the GENESIS programming language, which largely relies on Boolean logic, regular expressions and a set of simple functions, isn’t powerful enough to do the complex pattern-matching required to detect certain types of traffic. In these cases, as one slide puts it, “Power users can drop in to C++ to express themselves.” AppIDs or fingerprints that are written in C++ are called microplugins.

Here’s an example of a microplugin fingerprint for “botnet/conficker_p2p_udp_data,” which is tricky botnet traffic that can’t be identified without complicated logic. A botnet is a collection of hacked computers, sometimes millions of them, that are controlled from a single point.

Here’s another microplugin that uses C++ to inspect intercepted Facebook chat messages and pull out details like the associated email address and body of the chat message.

One document from 2009 describes in detail four generations of appIDs and fingerprints, which begin with only the ability to scan intercepted traffic for keywords, and end with the ability to write complex microplugins that can be deployed to field sites around the world in hours.

If XKEYSCORE development has continued at a similar pace over the last six years, it’s likely considerably more powerful today.

—

Illustration for The Intercept by Blue Delliquanti

Documents published with this article:

Advanced HTTP Activity Analysis
Analyzing Mobile Cellular DNI in XKS
ASFD Readme
CADENCE Readme
Category Throttling
CNE Analysis in XKS
Comms Readme
DEEPDIVE Readme
DNI101
Email Address vs User Activity
Free File Uploaders
Finding and Querying Document Metadata
Full Log vs HTTP
Guide to Using Contexts in XKS Fingerprints
HTTP Activity in XKS
HTTP Activity vs User Activity
Intro to Context Sensitive Scanning With XKS Fingerprints
Intro to XKS AppIDs and Fingerprints
OSINT Fusion Project
Phone Number Extractor
RWC Updater Readme
Selection Forwarding Readme
Stats Config Readme
Tracking Targets on Online Social Networks
TRAFFICTHIEF Readme
Unofficial XKS User Guide
User Agents
Using XKS to Enable TAO
UTT Config Readme
VOIP in XKS
VOIP Readme
Web Forum Exploitation Using XKS
Writing XKS Fingerprints
XKS Application IDs
XKS Application IDs Brief
XKS as a SIGDEV Tool
XKS, Cipher Detection, and You!
XKS for Counter CNE
XKS Intro
XKS Logos Embedded in Docs
XKS Search Forms
XKS System Administration
XKS Targets Visiting Specific Websites
XKS Tech Extractor 2009
XKS Tech Extractor 2010
XKS Workflows 2009
XKS Workflows 2011
UN Secretary General XKS

Micah Lee, Glenn Greenwald, Morgan Marquis-Boire
July 2 2015, 4:42 p.m.
Second in a series.

Find this story at 2 July 2015

Copyright https://theintercept.com/

Van nieuwsblog.burojansen.nl

One of the National Security Agency’s most powerful tools of mass surveillance makes tracking someone’s Internet usage as easy as entering an email address, and provides no built-in technology to prevent abuse. Today, The Intercept is publishing 48 top-secret and other classified documents about XKEYSCORE dated up to 2013, which shed new light on the breadth, depth and functionality of this critical spy system — one of the largest releases yet of documents provided by NSA whistleblower Edward Snowden.

The NSA’s XKEYSCORE program, first revealed by The Guardian, sweeps up countless people’s Internet searches, emails, documents, usernames and passwords, and other private communications. XKEYSCORE is fed a constant flow of Internet traffic from fiber optic cables that make up the backbone of the world’s communication network, among other sources, for processing. As of 2008, the surveillance system boasted approximately 150 field sites in the United States, Mexico, Brazil, United Kingdom, Spain, Russia, Nigeria, Somalia, Pakistan, Japan, Australia, as well as many other countries, consisting of over 700 servers.

These servers store “full-take data” at the collection sites — meaning that they captured all of the traffic collected — and, as of 2009, stored content for 3 to 5 days and metadata for 30 to 45 days. NSA documents indicate that tens of billions of records are stored in its database. “It is a fully distributed processing and query system that runs on machines around the world,” an NSA briefing on XKEYSCORE says. “At field sites, XKEYSCORE can run on multiple computers that gives it the ability to scale in both processing power and storage.”

XKEYSCORE also collects and processes Internet traffic from Americans, though NSA analysts are taught to avoid querying the system in ways that might result in spying on U.S. data. Experts and privacy activists, however, have long doubted that such exclusions are effective in preventing large amounts of American data from being swept up. One document The Intercept is publishing today suggests that FISA warrants have authorized “full-take” collection of traffic from at least some U.S. web forums.

The system is not limited to collecting web traffic. The 2013 document, “VoIP Configuration and Forwarding Read Me,” details how to forward VoIP data from XKEYSCORE into NUCLEON, NSA’s repository for voice intercepts, facsimile, video and “pre-released transcription.” At the time, it supported more than 8,000 users globally and was made up of 75 servers absorbing 700,000 voice, fax, video and tag files per day.

The reach and potency of XKEYSCORE as a surveillance instrument is astonishing. The Guardian report noted that NSA itself refers to the program as its “widest reaching” system. In February of this year, The Intercept reported that NSA and GCHQ hacked into the internal network of Gemalto, the world’s largest provider of cell phone SIM cards, in order to steal millions of encryption keys used to protect the privacy of cell phone communication. XKEYSCORE played a vital role in the spies’ hacking by providing government hackers access to the email accounts of Gemalto employees.

Numerous key NSA partners, including Canada, New Zealand and the U.K., have access to the mass surveillance databases of XKEYSCORE. In March, the New Zealand Herald, in partnership with The Intercept, revealed that the New Zealand government used XKEYSCORE to spy on candidates for the position of World Trade Organization director general and also members of the Solomon Islands government.

These newly published documents demonstrate that collected communications not only include emails, chats and web-browsing traffic, but also pictures, documents, voice calls, webcam photos, web searches, advertising analytics traffic, social media traffic, botnet traffic, logged keystrokes, computer network exploitation (CNE) targeting, intercepted username and password pairs, file uploads to online services, Skype sessions and more.

Bulk collection and population surveillance

XKEYSCORE allows for incredibly broad surveillance of people based on perceived patterns of suspicious behavior. It is possible, for instance, to query the system to show the activities of people based on their location, nationality and websites visited. For instance, one slide displays the search “germansinpakistn,” showing an analyst querying XKEYSCORE for all individuals in Pakistan visiting specific German language message boards.

As sites like Twitter and Facebook become increasingly significant in the world’s day-to-day communications (a Pew study shows that 71 percent of online adults in the U.S. use Facebook), they become a critical source of surveillance data. Traffic from popular social media sites is described as “a great starting point” for tracking individuals, according to an XKEYSCORE presentation titled “Tracking Targets on Online Social Networks.”

When intelligence agencies collect massive amounts of Internet traffic all over the world, they face the challenge of making sense of that data. The vast quantities collected make it difficult to connect the stored traffic to specific individuals.

Internet companies have also encountered this problem and have solved it by tracking their users with identifiers that are unique to each individual, often in the form of browser cookies. Cookies are small pieces of data that websites store in visitors’ browsers. They are used for a variety of purposes, including authenticating users (cookies make it possible to log in to websites), storing preferences, and uniquely tracking individuals even if they’re using the same IP address as many other people. Websites also embed code used by third-party services to collect analytics or host ads, which also use cookies to track users. According to one slide, “Almost all websites have cookies enabled.”

The NSA’s ability to piggyback off of private companies’ tracking of their own users is a vital instrument that allows the agency to trace the data it collects to individual users. It makes no difference if visitors switch to public Wi-Fi networks or connect to VPNs to change their IP addresses: the tracking cookie will follow them around as long as they are using the same web browser and fail to clear their cookies.

Apps that run on tablets and smartphones also use analytics services that uniquely track users. Almost every time a user sees an advertisement (in an app or in a web browser), the ad network is tracking users in the same way. A secret GCHQ and CSE program called BADASS, which is similar to XKEYSCORE but with a much narrower scope, mines as much valuable information from leaky smartphone apps as possible, including unique tracking identifiers that app developers use to track their own users. In May of this year, CBC, in partnership with The Intercept, revealed that XKEYSCORE was used to track smartphone connections to the app marketplaces run by Samsung and Google. Surveillance agency analysts also use other types of traffic data that gets scooped into XKEYSCORE to track people, such as Windows crash reports.

In a statement to The Intercept, the NSA reiterated its position that such sweeping surveillance capabilities are needed to fight the War on Terror:

“The U.S. Government calls on its intelligence agencies to protect the United States, its citizens, and its allies from a wide array of serious threats. These threats include terrorist plots from al-Qaeda, ISIL, and others; the proliferation of weapons of mass destruction; foreign aggression against the United States and our allies; and international criminal organizations.”

Indeed, one of the specific examples of XKEYSCORE applications given in the documents is spying on Shaykh Atiyatallah, an al Qaeda senior leader and Osama bin Laden confidant. A few years before his death, Atiyatallah did what many people have often done: He googled himself. He searched his various aliases, an associate and the name of his book. As he did so, all of that information was captured by XKEYSCORE.

XKEYSCORE has, however, also been used to spy on non-terrorist targets. The April 18, 2013 issue of the internal NSA publication Special Source Operations Weekly boasts that analysts were successful in using XKEYSCORE to obtain U.N. Secretary General Ban Ki-moon’s talking points prior to a meeting with President Obama.

XKEYSCORE for hacking: easily collecting user names, passwords and much more

XKEYSCORE plays a central role in how the U.S. government and its surveillance allies hack computer networks around the world. One top-secret 2009 NSA document describes how the system is used by the NSA to gather information for the Office of Tailored Access Operations, an NSA division responsible for Computer Network Exploitation (CNE) — i.e., targeted hacking.

Particularly in 2009, the hacking tactics enabled by XKEYSCORE would have yielded significant returns as use of encryption was less widespread than today. Jonathan Brossard, a security researcher and the CEO of Toucan Systems, told The Intercept: “Anyone could be trained to do this in less than one day: they simply enter the name of the server they want to hack into XKEYSCORE, type enter, and are presented login and password pairs to connect to this machine. Done. Finito.” Previous reporting by The Intercept revealed that systems administrators are a popular target of the NSA. “Who better to target than the person that already has the ‘keys to the kingdom?’” read a 2012 post on an internal NSA discussion board.

This system enables analysts to access web mail servers with remarkable ease.

The same methods are used to steal the credentials — user names and passwords — of individual users of message boards.

Hacker forums are also monitored for people selling or using exploits and other hacking tools. While the NSA is clearly monitoring to understand the capabilities developed by its adversaries, it is also monitoring locations where such capabilities can be purchased.

Other information gained via XKEYSCORE facilitates the remote exploitation of target computers. By extracting browser fingerprint and operating system versions from Internet traffic, the system allows analysts to quickly assess the exploitability of a target. Brossard, the security researcher, said that “NSA has built an impressively complete set of automated hacking tools for their analysts to use.”

Given the breadth of information collected by XKEYSCORE, accessing and exploiting a target’s online activity is a matter of a few mouse clicks. Brossard explains: “The amount of work an analyst has to perform to actually break into remote computers over the Internet seems ridiculously reduced — we are talking minutes, if not seconds. Simple. As easy as typing a few words in Google.”

These facts bolster one of Snowden’s most controversial statements, made in his first video interview published by The Guardian on June 9, 2013. “I, sitting at my desk,” said Snowden, could “wiretap anyone, from you or your accountant, to a federal judge to even the president, if I had a personal email.”

Indeed, training documents for XKEYSCORE repeatedly highlight how user-friendly the program is: with just a few clicks, any analyst with access to it can conduct sweeping searches simply by entering a person’s email address, telephone number, name or other identifying data. There is no indication in the documents reviewed that prior approval is needed for specific searches.

In addition to login credentials and other target intelligence, XKEYSCORE collects router configuration information, which it shares with Tailored Access Operations. The office is able to exploit routers and then feed the traffic traveling through those routers into their collection infrastructure. This allows the NSA to spy on traffic from otherwise out-of-reach networks. XKEYSCORE documents reference router configurations, and a document previously published by Der Spiegel shows that “active implants” can be used to “cop[y] traffic and direc[t]” it past a passive collector.

XKEYSCORE for counterintelligence

Beyond enabling the collection, categorization, and querying of metadata and content, XKEYSCORE has also been used to monitor the surveillance and hacking actions of foreign nation states and to gather the fruits of their hacking. The Intercept previously reported that NSA and its allies spy on hackers in order to collect what they collect.

Once the hacking tools and techniques of a foreign entity (for instance, South Korea) are identified, analysts can then extract the country’s espionage targets from XKEYSCORE, and gather information that the foreign power has managed to steal.

Monitoring of foreign state hackers could allow the NSA to gather techniques and tools used by foreign actors, including knowledge of zero-day exploits—software bugs that allow attackers to hack into systems, and that not even the software vendor knows about—and implants. Additionally, by monitoring vulnerability reports sent to vendors such as Kaspersky, the agency could learn when exploits they were actively using need to be retired because they’ve been discovered by a third party.

Seizure v. searching: oversight, audit trail and the Fourth Amendment

By the nature of how it sweeps up information, XKEYSCORE gathers communications of Americans, despite the Fourth Amendment protection against “unreasonable search and seizure” — including searching data without a warrant. The NSA says it does not target U.S. citizens’ communications without a warrant, but acknowledges that it “incidentally” collects and reads some of it without one, minimizing the information that is retained or shared.

But that interpretation of the law is dubious at best.

XKEYSCORE training documents say that the “burden is on user/auditor to comply with USSID-18 or other rules,” apparently including the British Human Rights Act (HRA), which protects the rights of U.K. citizens. U.S. Signals Intelligence Directive 18 (USSID 18) is the American directive that governs “U.S. person minimization.”

Kurt Opsahl, the Electronic Frontier Foundation’s general counsel, describes USSID 18 as “an attempt by the intelligence community to comply with the Fourth Amendment. But it doesn’t come from a court, it comes from the executive.”

If, for instance, an analyst searched XKEYSCORE for all iPhone users, this query would violate USSID 18 due to the inevitable American iPhone users that would be grabbed without a warrant, as the NSA’s own training materials make clear.

Opsahl believes that analysts are not prevented by technical means from making queries that violate USSID 18. “The document discusses whether auditors will be happy or unhappy. This indicates that compliance will be achieved by after-the-fact auditing, not by preventing the search.”

Screenshots of the XKEYSCORE web-based user interface included in slides show that analysts see a prominent warning message: “This system is audited for USSID 18 and Human Rights Act compliance.” When analysts log in to the system, they see a more detailed message warning that “an audit trail has been established and will be searched” in response to HRA complaints, and as part of the USSID 18 and USSID 9 audit process.

Because the XKEYSCORE system does not appear to prevent analysts from making queries that would be in violation of these rules, Opsahl concludes that “there’s a tremendous amount of power being placed in the hands of analysts.” And while those analysts may be subject to audits, “at least in the short term they can still obtain information that they shouldn’t have.”

During a symposium in January 2015 hosted at Harvard University, Edward Snowden, who spoke via video call, said that NSA analysts are “completely free from any meaningful oversight.” Speaking about the people who audit NSA systems like XKEYSCORE for USSID 18 compliance, he said, “The majority of the people who are doing the auditing are the friends of the analysts. They work in the same office. They’re not full-time auditors, they’re guys who have other duties assigned. There are a few traveling auditors who go around and look at the things that are out there, but really it’s not robust.”

In a statement to The Intercept, the NSA said:

“The National Security Agency’s foreign intelligence operations are 1) authorized by law; 2) subject to multiple layers of stringent internal and external oversight; and 3) conducted in a manner that is designed to protect privacy and civil liberties. As provided for by Presidential Policy Directive 28 (PPD-28), all persons, regardless of their nationality, have legitimate privacy interests in the handling of their personal information. NSA goes to great lengths to narrowly tailor and focus its signals intelligence operations on the collection of communications that are most likely to contain foreign intelligence or counterintelligence information.”

—

Coming next: A Look at the Inner Workings of XKEYSCORE

Source maps: XKS as a SIGDEV Tool, p. 15, and XKS Intro, p. 6

Documents published with this article:

Advanced HTTP Activity Analysis
Analyzing Mobile Cellular DNI in XKS
ASFD Readme
CADENCE Readme
Category Throttling
CNE Analysis in XKS
Comms Readme
DEEPDIVE Readme
DNI101
Email Address vs User Activity
Free File Uploaders
Finding and Querying Document Metadata
Full Log vs HTTP
Guide to Using Contexts in XKS Fingerprints
HTTP Activity in XKS
HTTP Activity vs User Activity
Intro to Context Sensitive Scanning With XKS Fingerprints
Intro to XKS AppIDs and Fingerprints
OSINT Fusion Project
Phone Number Extractor
RWC Updater Readme
Selection Forwarding Readme
Stats Config Readme
Tracking Targets on Online Social Networks
TRAFFICTHIEF Readme
Unofficial XKS User Guide
User Agents
Using XKS to Enable TAO
UTT Config Readme
VOIP in XKS
VOIP Readme
Web Forum Exploitation Using XKS
Writing XKS Fingerprints
XKS Application IDs
XKS Application IDs Brief
XKS as a SIGDEV Tool
XKS, Cipher Detection, and You!
XKS for Counter CNE
XKS Intro
XKS Logos Embedded in Docs
XKS Search Forms
XKS System Administration
XKS Targets Visiting Specific Websites
XKS Tech Extractor 2009
XKS Tech Extractor 2010
XKS Workflows 2009
XKS Workflows 2011
UN Secretary General XKS

Morgan Marquis-Boire, Glenn Greenwald, Micah Lee
July 1 2015, 4:49 p.m.
Illustrations by Blue Delliquanti and David Axe for The Intercept

Find this story at 1 July 2015

copyright https://firstlook.org/theintercept/