October 31, 2013

How NSA targeted chancellor Merkel's mobile phone

(Updated: June 28, 2016)

Last week, the German weekly Der Spiegel revealed that NSA intercepted the mobile phone of the German chancellor Angela Merkel. Although most details were not known yet, the fact itself caused a severe crisis in the relationship between the United States and Germany.

Meanwhile, the original NSA targeting record containing chancellor Merkel's phone number has been published. One of the entries refers to a document about the NSA's SYNAPSE data model, which was disclosed earlier and provides us with a context for the targeting record. Finally, an impression of how the interception could have been conducted is given by a picture of the SCS interception equipment, which is presumably located in the US embassy in Berlin.

The NSA targeting record

The NSA document mentioning Merkel's phone number was published in the print editions of several German newspapers, but the tabloid paper BILD made a scan for their website:

Acoording to Der Spiegel, this document apparently comes from an NSA database in which the agency records its targets. This could be a database codenamed OCTAVE, which is used for tasking telephony targets. According to still undisclosed NSA documents, OCTAVE was replaced by the Unified Targeting Tool (UTT) in 2011.* This record has the following entries:

- SelectorType: a selector is the intelligence term for a name or a number that identifies an espionage target. This line says the type of the selector is PUBLIC DIRECTORY NUM[ber]

- SynapseSelectorTypeID: this designator, SYN_0044, refers to the SYNAPSE Data Model (see below).

- SelectorValue: here's the actual phone number of Merkel. In the print edition of the magazine we can see this phone number written as +49173-XXXXXXX. The country code for Germany (+49) is followed by the prefix code for mobile phone numbers from Vodafone (0173). According to Der Spiegel this is the number of Merkel's cell phone which was provided by her political party and which is the one she uses most to communicate with party members, ministers and confidants, often by text message. It's is just an ordinary cell phone without any security features, and therefore an easy target for intelligence agencies like NSA. It means that her official secure mobile phone wasn't targeted nor compromised.

- Realm: according to Der Spiegel, this field determines the format.

- RealmName: the name of the format, in this case 'rawPhoneNumber'

- Subscriber: GE CHANCELLOR MERKEL. As Angela Merkel wasn't yet chancellor when the surveillance started in 2002, either this entry or the whole record must have been updated after she became chancellor in November 2005.
A bit strange is that the abbreviation for Germany which is used here, GE, should have been replaced by DE after 2004, when the NATO STANAG codes were replaced with the ISO 3166-1 alpha-2 codes.

- Ropi: stands for Responsible Office of Primary Interest, an NSA unit that selects which targets should be monitored. In this case it's S2C32, the European branch of the so-called Product Line for International Security Issues.

- NSRL: stands for National SIGINT Requirements List, which is a daily updated compendium of the tasks, and the priority of those tasks, given to the various Signals Intelligence collection units around the world. 2002-388* indicates that this target was set in 2002, when Angela Merkel was head of the Christian democratic party CDU. Then Bundeskanzler Gerhard Schröder refused to join the US in the war against Iraq, so the US government could have been interested in knowing the position of his main political opponent.

- Status: A, which stands for Active. Der Spiegel says this status was valid a few weeks before President Obama’s Berlin visit in June 2013.

- Topi: stands for Target Office of Primary Interest. According to an NSA document, TOPIs are part of the Analysis & Production division, but Der Spiegel says these are units which are doing the actual interception. In this case, the TOPI is designated F666E, where F6 stands for the joint NSA/CIA Special Collection Service (SCS), which performs eavesdropping actions from inside US embassies in foreign capitals. 66E might then be (a part of) the SCS unit based in the US embassy in Berlin.

- Zip: this Zip code, 166E, is a distribution code for the OCTAVE tasking database (see below).

- Country Name: left blank, apparently the country code below was sufficient.

- CountryCode: which is GE for Germany

An interesting question is how Edward Snowden obtained this database record. Is it part of an NSA document for internal education or presentation purposes, or did he made a copy from the database itself? And if so, are there (many) more of these tasking records in his collection?

A targeting record like this marks the starting point of NSA's collection process. Because of that we know nothing about the follow up, except for the involvement of SCS unit F666E. Therefore, we have no indication about what form of surveillance has taken place: were only metadata gathered or also conversations recorded and text messages stored? And was this continuously, or (given the presumably small number of German linguists) only when there was a more specific need for information ?

The SYNAPSE data model

As we have seen, the second entry of the targeting record refers to SYNAPSE, which is some kind of data model used by NSA to analyze connections of foreign intelligence targets. A slide from a powerpoint presentation about this model was published by the New York Times on September 29, 2013. Note that the title has a huge spelling error as it reads SYANPSE instead of SYNAPSE:

SYNAPSE slide as published in the print edition of the NY Times
(scan by Cryptome - click for a bigger version)

The slide shows a rather complex diagram of all elements involved in examining the communications of a target. We will go through this diagram from top to bottom:

First we see a target, like a person or an organization, mentioned as "agent". These agents are designated by a name and identified by a NIC, which could stand for something like National Identification Card. 'Paki' could be a database for these ID numbers. The agents (targets) themselves are registered in TKB, which stands for Target Knowledge Base.

Agents use various devices, identified by designators like an e-mail or an IP address, a phone number or an IMEI, IMSI, IMN, RHIN or FHIN number (not clear what the last three stand for). The designations of these devices and the connections between them are collected in MAINWAY, which is NSA's main database for bulk telephone metadata.

The designators of the devices used by an agent/target get a 'Subscriber ID' for the OCTAVE database and are listed in the OCTAVE Tasked List. They also get a 'ShareableName' for the Unified Targeting Tool (UTT) to be listed in the UTT Active List. The designators are also labeled with UTT categories and OCTAVE Zip Codes.

Bottom right we see the Responsible Office of Primary Interest (ROPI) which somehow seems to manage the designators, maybe because these are the offices where Tasking takes place, which means selecting the targets to be monitored. Device designators (like phone numbers) of which the communications have to be collected are called Selectors.

Finally, the designators are referenced in the SIGINT Product Reports (blue dot) and the Intelligence Community (IC) Product Reports (red dot) which are released by the various Target Offices of Primary Interest (TOPI). LEXHOUND could be a database for these reports.

As the diagram shows pictures of a personal computer, but OCTAVE and MAINWAY are for telephony data, it seems the whole process is meant for both internet and telephony data.

According to an internal NSA Wiki entry, a tool called Synapse Workbench is used for querying metadata under the Supplemental Procedures governing Communications Metadata Analysis (SPCMA).

Note that the SYNAPSE model has some resemblance with a tool that NSA provided to the Dutch military intelligence service to track communications of Somali pirates, as was revealed on March 8, 2014 by NRC Handelsblad.

The SCS interception equipment

Except for the targeting record, there is no information about how exactly NSA intercepted Merkel's phone, but there are some strong indications. In Berlin, Vodafone mostly uses microwave transmissions on its mobile network and intelligence agencies can intercepted these without much effort.

To show how this could have taken place, Der Spiegel published a slide from a presentation of the Special Collection Service (SCS) showing pictures of an SCS antenna system codenamed EINSTEIN and its corresponding control device codenamed CASTANET. This unit can apparently intercept cell phone signals while simultaneously locating people of interest.

In Berlin, the SCS unit operates from inside the US embassy, which is in a building next to the famous Brandenburger Tor. It was opened on July 4, 2008 - in the presence of chancellor Merkel. Before, the US embassy was in a 19th century building in the Neustädtischen Kirchstraße. The spying equipment of the SCS unit is likely to be on the roof of the building, in a structure with conceiled windows:

(photo: Christian Thiel/Der Spiegel)

According to investigative journalist Duncan Campbell, who revealed the existence of the ECHELON system, these windows are covered by special dielectric (insulating) panels, that allow radio waves to pass through and be intercepted, while blocking visible light and concealing the interception equipment behind it.

This equipment usually consists of antenna, dishes or arrays which can collect every type of wireless communications on all available wavelengths. On the opposite side of the embassy's rooftop stucture there's a similar conceiled window right at the corner. With these corner windows on both sides, SCS can catch signals from all directions:

(photo through Dailyphotostream.blogspot.com)

On German television, the US embassador to Germany said that on the embassy's roof there's rather ordinary communications equipment, to stay in touch with Washington and other US embassies around the world. The embassy wouldn't let reporters and politicians in to take a look inside the rooftop structure, probably also because only people with the proper security clearance are allowed to enter these areas.

Because the targeting record clearly mentions unit F666E, it's most likely that chancellor Merkel's cell phone was intercepted by SCS from inside the US embassy. But as her phone uses the Vodafone network, it's also possible that NSA has some kind of backdoor access to this cellular network. Vodafone is a British company and at least NSA's British counterpart GCHQ has an arrangement with this company for tapping undersea fiber optic cables.

It is supposed that data gathered by the various SCS embassy units are send to the SCS headquarters at the joint CIA/NSA facility in College Park, Maryland, through an SCS communications hub, which is at the US Air Force base in Croughton, Northamptonshire, England.

Infrared images taken by the German television station ARD showed that behind the windows there was heat producing (electronic) equipment. But shortly after the eavesdropping came out publicly, the heat signature dropped dramatically. This seems to indicate that the spying facility has been shut down for the time being.

Ending the interception

Apparently, NSA started bugging chancellor Merkel upon intelligence requests from the State Department, according to two anonymous US government officials. The phone number of Angela Merkel was finally removed from the NSA's target list this Summer. According to the Wall Street Journal there was an internal government review which turned up that the agency was monitoring some 35 world leaders.

After learning this, the White House ordered to cut of some of these programs, including the one tracking the German chancellor and some other world leaders. Obama also ordered NSA to stop eavesdropping operations against the headquarters of the United Nations, the International Monetary Fund and the World Bank.

On June 12, 2015, the highest German public prosecutor, Harald Range, said the investigation into the eavesdropping on chancellor Merkel was closed, and no court case would be filed. This because there was no sufficient hard evidence: no original documents were provided, and also Edward Snowden seemed not to have any personal insights in this matter.

During a hearing of the German parliamentary investigation commission on June 23, 2016, it came out that the German information assurance agency BSI offered to investigate chancellor Merkel's cell phone, but this offer wasn't accepted by the chancellery and therefore it wasn't possible to for example check the phone for any kind of malware implants.

President Obama talks with chancellor Merkel using his telephone
for secure communications, August 29, 2013
(White House Photo by Pete Souza)

Links and Sources
- DuncanCampbell.org: The embassy spy centre network (updated)
- NYTimes.com: Tap on Merkel Provides Peek at Vast Spy Net
- DuncanCampbell.org: How embassy eavesdropping works
- TheWeek.com: Did the NSA mislead the President and Congress about foreign leader spying?
- FAZ.net: Es war Merkels Parteihandy
- Spiegel.de: How NSA Spied on Merkel Cell Phone from Berlin Embassy

October 25, 2013

How secure is the Merkel-Phone?

(Updated: March 30, 2015)

In an article by the German magazine Der Spiegel it was said that the NSA probably also eavesdropped on the mobile phone of chancellor Angela Merkel, which is dubbed Merkel-Phone in popular media. Der Spiegel provided little detail, but according to an article in Die Welt, the old cell phone number of Merkel was mentioned in a document provided by Edward Snowden.

Der Spiegel presented their evidence to the German government, which led to an investigation by German intelligence and security agencies. Apparently the material proved to be trustworthy and chancellor Merkel expressed her anger in the media and even in a phone call to president Obama.

Here we will take a closer look at how the official mobile phone of chancellor Merkel has been secured.

German chancellor Angela Merkel holding a secure BlackBerry Z10 in 2013
(photo: Nicki Demarco/The Fold/The Washington Post)

A new article by Der Spiegel says that a phone number of chancellor Merkel was on an NSA target list since 2002. The document doesn't say what kind of communications were monitored or whether actual content had been recorded.

German chancellor Angela Merkel using
her former Nokia 6260 Slide phone
(photo: dapd, March 1, 2011)

If NSA targeted Merkel's old cell phone number, it's likely the one that belonged to her former smart phone, a Nokia 6260 Slide. This phone was used heavily by Merkel from October 2009 until July 2013. Voice communications through this device were secured by a system called SecuVOICE, made by the small Düsseldorf based company Secusmart GmbH, which was founded in 2007.

Initially, the solution provided by Secusmart could only encrypt voice, not text messages (SMS) or e-mail. For encrypting text messages Secusmart introduced a separate solution called SecuSMS in 2010, which means that between October 2009 and the implementation of SecuSMS, it was rather easy for NSA to at least intercept the text messages from Merkel's official phone (maybe in the same way they collected text messages of the Mexican president).

Another easy option could have been the monitoring and/or intercepting of the non-secure mobile phone that chancellor Merkel uses, which was provided by her political party (so no government money is used for party politics) and which she apparently also uses for her private conversations. For convenience, many politicians often use their private cell phones for government business too.

On October 27, the German tabloid paper BILD revealed that according to anonymous intelligence officials, it was president Obama who ordered the monitoring of chancellor Merkel's communication and that NSA was apparently able to intercept her newest secure mobile phone (see below). Only the secure landline telephone in her office wasn't intercepted.

In an unusual rapid and specific response, NSA said that director Alexander "did not discuss with President Obama in 2010 an alleged foreign intelligence operation involving German Chancellor Merkel, nor has he ever discussed alleged operations involving Chancellor Merkel. News reports claiming otherwise are not true".

Already on October 24, the German paper FAZ learned that the Snowden-document seen by Der Spiegel mentioned the number of the cell phone provided to chancellor Merkel by her political party, which has no security features. There's no evidence that NSA targeted or even broke the encrypted communications from her secure mobile phone.

SecuSUITE @ BlackBerry 10

Since last July, chancellor Merkel uses the new BlackBerry Z10, which is equipped with the SecuSUITE system, consisting of SecuVOICE for encrypting voice, SecuSMS for encrypting text messages and some other applications for securing e-mail and sensitive data stored in the phone (SecuVOICE should not be confused with SecurVoice, the software which was used to secure Obama's Blackberry in 2009).

German chancellor Angela Merkel at the CeBIT 2013, showing
the BlackBerry Z10 with Secusmart encryption chip
(photo: Bundesregierung/Bergmann, March 4, 2013)

A new feature, which is standard available for this phone, is BlackBerry Balance. This enables users to keep both personal data and office work data securely separated in different partitions. In the personal section one can freely use social media and downloaded apps. These are separated from the business section, which can be automatically configured with business applications and e-mail through the Blackberry Enterprise Service 10 server. Users can easily switch from the personal to the business profile by entering a password. Stored user data are protected via 256-bit AES encryption.

For secure communications, the SecuSUITE application is added by inserting a Micro-SD card, called the Secusmart Security Card, in the memory card slot of the phone. This card contains a tamper-proof SmartMX P5CT072 crypto-controller made by NXP, with a PKI-coprocessor for performing the user authentication and a high speed coprocessor for encrypting voice and other data using the 128-bit AES algorithm. These encryption keys are transmitted using the Elliptic Curve Diffie Hellman (ECDH) protocol.

The microSD card used for SecuVOICE was specially developed for Secusmart by Giesecke & Devrient Secure Flash Solutions (G&D SFS), which is a joint venture of G&D and Phison Electronics Corporation. G&D is a major German manufacturer of SIM cards and related security products. Also contained on the micro-SD card is a 4GB flash memory, which allows users to store their data, like MS messages, contacts and calendar entries, in an encrypted format.

The BlackBerry Z10 with SecuSUITE application has been approved by the German government for use at the classification level Restricted (in German: Verschlussache - Nur für den Dienstgebrauch, abbreviated: VS-NfD). It's somewhat surprising that this is the lowest level, which might be explained by the fact that communications are encrypted using only 128-bit keys. Nowadays, it's generally advised to use keys with 256-bit length. Another reason is that a commercial available smart phone device is used, which is less secure than a custom made one.

For conversations at a higher classification level, German government and military officials are bound to dedicated landline phones, and conversations classified as Top Secret (German: Streng Geheim) may only take place from inside rooms that are secured against eavesdropping. Such high level voice and data communications are encrypted through the Elcrodat 6-2 system.

Nonetheless, the German federal government ordered 5000 secured BlackBerry devices, costing around 2500,- euro a piece. The new BlackBerry 10 with SecuSUITE was first presented by Secusmart at the IT business event and conference CeBIT 2013 in March:

The SecuVOICE solution is also available in the Netherlands, where it is (or was?) sold by Fox-IT and approved by the government for encrypting phone calls at the classification level Restricted (in Dutch: Departementaal Vertrouwelijk). NATO also approved SecuVOICE for usage at the level of Restricted.

In November 2014, the German government approved Blackberry's plan to take over Secusmart, which would mean the German crypto company wil become part of the canadian smartphone manufacturer. The German government examined whether this might pose a threat to its national security interests. Germany insisted that its Federal Office for Information Security (BSI) be granted certain access and control rights related to the code used in the Blackberry operating system.

SiMKo3 @ Samsung Galaxy

The secured BlackBerry 10 is not the only secure mobile smartphone approved for German government use.

There's also the SiMKo3 (the abbreviation of the German Sichere Mobile Kommunikation, Generation 3) solution from Deutsche Telekom, which comes with the Samsung Galaxy S III smart phone devices. Presently, this application is only approved for data communications at the Restricted level, but priced at 1700,- euro a piece, these phones are less costly than the BlackBerrys.

The SiMKo3 technique is similar to that of GD Protected, a system developed by General Dynamics to secure Samsung Galaxy S IV and LG Optimus smart phones so they can be used by high level government officials in the United States.

Links and Sources
- BILD.de: Obama wollte alles über Merkel wissen
- Spiegel.de: NSA-Überwachung: Merkels Handy steht seit 2002 auf US-Abhörliste
- T-Online.de: Mit welchem Handy hat die Kanzlerin telefoniert?
- Welt.de: Merkels Handy-Nummer in Snowdens Dokumenten
- WiWo.de: Sicherheitshandys: Blackberry sticht Telekom aus
- Heise.de: Technische Details zum Merkel-Phone 2.0
- ComputerWoche.de: Das können die neuen „Merkel-Phones“

October 22, 2013

BOUNDLESSINFORMANT only shows metadata

(Updated: January 23, 2017)

The day before yesterday, the French paper Le Monde broke with a story saying that NSA is intercepting French telephone communications on a massive scale. This is mainly based upon a graph from the BOUNDLESSINFORMANT program, which shows that during one month, 70,3 million telephone data of French citizens were recorded by the NSA.

Here, it will be clarified that the BOUNDLESSINFORMANT tool only shows numbers of metadata. Also some screenshots will be analysed, showing information about collection related to:


As the Le Monde article, written by Jacques Follorou and Glenn Greenwald, failed to clarify the exact nature of the 70,3 million, it was unclear whether this number was about metadata or also about the content of phone calls. Combined with some sensationalism, this led to headlines like U.S. intercepts French phone calls on a 'massive scale'.

But this is incorrect. According to a presentation and a FAQ document, the BOUNDLESSINFORMANT tool is for showing the collection capabilities of NSA's Global Access Operations (GAO) division, which is responsible for intercepts from satellites and other international SIGINT platforms.

The program presents this information through counting and analysing all DNI (internet) and DNR (telephony) metadata records passing through the NSA SIGINT systems.

This means, all figures shown in the BOUNDLESSINFORMANT screenshots are about metadata and not about content. It is unclear how many phone calls are represented by the numbers of metadata records, but it's likely much less.

So for France, we only know for sure that NSA collected 70,3 million metadata records and not how many phone calls were actually intercepted in the sense of recording the call contents.

It should also be noted that BOUNDLESSINFORMANT is apparently only showing metadata collected by the GAO division. Therefore, data gathered by NSA's other main Signals Intelligence divisions, SSO (for collection from commercial companies) and TAO (for collection by hacking networks and computers), may not be included in the charts and the heat maps.

On October 29, 2013, the Wall Street Journal reported that according to US officials, the metadata records for France and Spain were not collected by the NSA, but by French and Spanish intelligence services. The metadata were gathered outside their borders, like in war zones, and then shared with NSA. This confirms the explanation of the numbers of German metadata, given by Der Spiegel on August 5.

On October 30, 2013, Glenn Greenwald published a statement claiming that his original reports, saying that NSA massively collected data in foreign countries, are still correct.

On February 5, 2014, the Dutch interior minister revised his earlier statement from October by declaring that the 1.8 million "Dutch" metadata are actually collected from foreign sources by the Dutch military intelligence service MIVD in order to support military operations abroad.

This means that the initial interpretation of the BOUNDLESSINFORMANT charts showing that NSA intercepted phone calls of European citizens is not correct. Instead they show metadata which were collected by European intelligence agencies for military purposes and subsequently shared with partner agencies like NSA.


Below is a screenshot from BOUNDLESSINFORMANT that shows information about collection from France between December 10, 2012 and January 8, 2013. In total, almost 70,3 million metadata records were collected:

The bar chart in the top part shows the numbers by date, with DNR (telephony) in green and DNI (internet) in blue. In this case only telephony metadata were collected, so we only see green bars.

In the lower part of the screenshot we see three sections with break-ups for "Signal Profile", "Most Volume" and "Top 5 Techs".

Signal Profile

The Signal Profile section shows a pie chart which can show the following types of communication:

- PCS: Personal Communications Service (mobile phone networks)
- INMAR: INMARSAT (satellite communications network)
- MOIP: Mobile communications over IP
- VSAT: Very Small Aperture Terminal
- HPCP: High Power Cordless Phone
- PSTN: Public Switched Telephone Network
- DNI: Digital Network Intelligence (internet data)

In this case, the majority of the signals are from PCS or mobile phone networks (dark blue) and a minor fraction from the Public Switched Telephone Network (dark yellow).

Most Volume

This section shows that all French metadata during the one month period were collected by a facility designated US-985D. This SIGAD is seen here for the first time and also Le Monde has no further information, except for the suggestion that it's from a range of numbers corresponding to the NSA's third party partners.

As the French metadata are all collected from mobile and traditional telephone networks, they may have been intercepted with the help of a (foreign or even French) telecommunications provider. In that case, it's possible that the metadata are from French phone numbers which are used by foreign targets (see Germany below).

Top 5 Techs

The techniques used for these interceptions appear under the codenames DRTBOX and WHITEBOX, which are disclosed here for the first time. Le Monde wasn't able to provide any more details about these programs or systems, but if we compare the numbers collected by these programs with the pie chart under Signal Profile, it seems likely that DRTBOX (which collected 89% of the data) accounts for the big PCS part of the pie chart, and WHITEBOX (11%) for the small PSTN part.

The Netherlands

Almost immediatly after Le Monde came with their story on October 20, 2013, the Dutch IT website Tweakers.net noticed that the German magazine Der Spiegel had published a similar screenshot about collection from the Netherlands early August:

In this case we only have the top part, with a bar chart showing that during a one month period, about 1,8 million telephony metadata records were collected from the Netherlands.

Again, this number is only about metadata, and therefore it doesn't tell us how many phone calls, let alone how many phone numbers were possibly involved.

The report by Tweakers.net was correct in explaining that the chart only shows metadata, but unfortunately, the headline initially said "NSA intercepted 1.8 million phonecalls in the Netherlands". This gave many people, including politicians, the idea that NSA was actually eavesdropping on a vast number of Dutch phone calls, which is not what the chart says, and which is also probably not what NSA is doing.

On February 5, 2014, the Dutch interior minister and the defense minister came out with an official statement saying that the 1.8 million metadata, as shown in the aforementioned screenshot, are actually collected from foreign sources by the Dutch military intelligence service MIVD in order to support military operations abroad. A few days later, NRC Handelsblad also published the complete BOUNDLESSINFORMANT chart, including the lower sections.

> Latest details about the chart: BOUNDLESSINFORMANT: metadata collection by Dutch MIVD instead of NSA

> The whole story: Dutch government tried to hide the truth about metadata collection


On July 29, the German magazine Der Spiegel published a screenshot from BOUNDLESSINFORMANT which shows information about collection from Germany between December 10, 2012 and January 8, 2013. In total, more than 552 million metadata records were collected:

The bar chart in the top part shows the numbers by date, with DNR (telephony) in green and DNI (internet) in blue.

Signal Profile

In case of Germany, the pie chart shows that the communication systems are roughly divided into:

- 40% PCS (mobile communications)
- 25% PSTN (traditional telephony)
- 35% DNI (internet traffic)

Most Volume

This section shows that all German metadata were collected by two facilities, designated by the following SIGADs:

- US-987LA (471 million records)
- US-987LB (81 million records)

In a follow-up article by Der Spiegel from August 5, the German foreign intelligence agency BND said that it collected the 552 million metadata and believed "that the SIGADs US-987LA and US-987LB are associated with Bad Aibling and telecommunications surveillance in Afghanistan".* Bad Aibling is a small town in Southern Germany which had a huge listening post during the Cold War, which was also part of the ECHELON system. In 2004, the listening post was moved to a smaller facility nearby.

According to Der Spiegel, the BND collects metadata from communications which it had placed under surveillance and passes them, in massive amounts, on to the NSA. BND says that it's operating within German law and doesn't spy on German citizens. Therefore, Der Spiegel suggests that the data are only technically acquired in Germany, but are actually about foreign targets.

However, this explanation would only make sense if those foreigners were contacting (or using) German phone numbers and e-mail addresses, because otherwise there would be no reason for NSA to count their metadata as being German.

Top 5 Techs

The techniques used for these interceptions appear under the following codenames:

- XKEYSCORE (182 million records or 33% of the total of 552 million)
- LOPERS (131 million records or 24%)
- JUGGERNAUT (93 million records or 17%)
- CERF CALL MOSES1 (39 million records or 7%)
- MATRIX (8 million records or 1,4%)

(the record numbers don't add up to the total of 552 million, apparently there are more, smaller systems involved than the 5 shown here)

If we compare these percentages with the pie chart showing the signal profiles, we see that XKEYSCORE corresponds to the DNI or internet metadata. XKEYSCORE is a tool used for indexing and analysing internet data and therefore it's possible that also the other programs mentioned in the Top 5 Tech section are not for collecting data, but for processing and analysing them.

According to Der Spiegel, LOPERS is a system to intercept the public switched telephone network. Indeed, the approximately 24% of the data collected by LOPERS fits the PSTN part of the pie chart.

This leaves the other three programs, and also those not mentioned in this Top 5, being used for data from mobile communication networks. Der Spiegel confirms this for JUGGERNAUT, but we can assume this for CERF CALL MOSES1 and MATRIX too.


In the print edition of the Spanish paper El Mundo from October 28, 2013, there was the following screenshot from BOUNDLESSINFORMANT showing information about collection from Spain between December 10, 2012 and January 8, 2013. In total, 60 million metadata records were collected:

(screenshot via koenrh)

The various parts of this figure are the same as described above, so here we only look at the specifics for Spain.

Signal Profile / Most Volume

All records were collected from mobile communications networks (PCS) and this was done through an unknown facility designated by the following SIGAD:

- US-987S (60 million records)

This SIGAD is very similar to the ones used for collecting the German data (US-987LA and US-987LB) and it's assumed they stand for 3rd party facilities, that is, collection sites run by 3rd party partner agencies of NSA. It is also rather similar to US-985D, which collected the French metadata.

Top 5 Techs

All records were processed or analysed by only one system or program:

- DRTBOX (60 million records)

In the screenshot about France, we saw DRTBOX also being used for handling (meta)data derived from mobile communication networks, so we can assume this system is not specifically used for French communications, but for traffic from mobile communication systems in general.


As almost all NSA codenames are (composed of) real words, it looks like DRTBOX is a spelling error, but a reader of this weblog pointed to another, very interesting option: DRT is also the abbreviation of Digital Receiver Technology, Inc. of Germantown, Maryland, which was taken over by US military contractor Boeing in 2009.

This makes it quite likely that the intercept devices of DRT are also used by NSA for collecting data from mobile communication networks. This equipment might then be installed at facilities with designators like US-987S and others. DRTBOX (or DRT Box) itself seems to be a system for processing or an interface for analysing the collected data, just like XKEYSCORE does for collected internet data.

> See for more about DRT: DRTBOX and the DRT surveillance systems


On November 19, the website of the Norwegian tabloid Dagbladet published the following screenshot from BOUNDLESSINFORMANT which shows information about collection from Norway between December 10, 2012 and January 8, 2013. In total, over 33 million metadata records were collected:

Once again, only telephony metadata were gathered, so we see only green bars in the bar chart.

Signal Profile / Most Volume

All records were collected from mobile communications networks (PCS), which was done through an unknown facility designated by the following SIGAD:

- US-987F (33 million records)

After US-987L for Germany and US-987S for Spain, US-987F is now the third known SIGAD starting with US-987, which indicates that this is an umbrella-designator for collection facilities in or targeted at different countries, each designated by a different letter.

Following the interpretation of former Guardian journalist Glenn Greenwald, the Norwegian paper Dagbladet wrote that NSA monitored 33 million Norwegian phone calls. This was almost immediatly corrected by the Norwegian military intelligence agency Etteretningstjenesten (or E-tjenesten), which said that they collected the data "to support Norwegian military operations in conflict areas abroad, or connected to the fight against terrorism, also abroad" and that "this was not data collection from Norway against Norway, but Norwegian data collection that is shared with the Americans".

This explanation is very similar to the one given by the German foreign intelligence agency about the metadata which appeared as being 'German' (see above), but also here it's the question on what grounds these data are counted as being Norwegian. If we follow the BOUNDLESSINFORMANT FAQ document, at least one end of the communication should be a Norwegian phone number.

Top 5 Techs

All records were processed or analysed by only one system or program:

- DRTBOX (33 million records)

Also in this case, the DRTBOX system is used for the communications collected from mobile networks, just like we saw in the BOUNDLESSINFORMANT screenshots about France and Spain.


On November 22, the Norwegian tabloid Dagbladet published a screenshot from BOUNDLESSINFORMANT about Afghanistan:

This screenshot about Afghanistan published by Glenn Greenwald only shows information about some 35 million telephony (DNR) records, collected by a facility only known by its SIGAD US-962A5 and processed or analysed by DRTBox. But this number is just a tiny fraction of the billions of data from both internet and telephone communications from Afghanistan as listed in the global overview map of BOUNDLESSINFORMANT.

Afghanistan is undoubtedly being monitored by numerous SIGINT collection stations and facilities (like US-3217, codenamed SHIFTINGSHADOW which targets the MTN Afghanistan and Roshan GSM telecommunication companies), so seeing only one SIGAD in this screenshot proves that it can never show the whole collection from that country.

> See for more: Screenshots from BOUNDLESSINFORMANT can be misleading


On December 6, the website of the Italian newspaper L'Espresso published the following screenshot from BOUNDLESSINFORMANT which shows information about collection from Italy between December 10, 2012 and January 8, 2013. In total, almost 46 million metadata records were collected:

Once again, only telephony metadata were gathered, so we see only green bars in the bar chart.

Signal Profile / Most Volume

All records were collected from mobile communications networks (PCS), which was done through an unknown facility designated by the following SIGAD:

- US-987A3005 (45,9 million records)

Top 5 Tech

This SIGAD is once agian from the US-987-series, and comparing this one with others could show that the suffix A stands for Italy. After the A follows an unusual long number (3005). So far, only SIGADs with two additional characters were known.

- DRTBOX (45,9 million records)

After the screenshots related to France, Spain, Norway and Afghanistan, this one about Italy is the fifth in which the technique used to process and analyse the collected (meta)data is DRTBOX, which is a system to intercept wireless communication signals made by DRT Inc.


On November 4, the Washington Post published a screenshot from BOUNDLESSINFORMANT which shows information about collection under the WINDSTOP program. Between December 10, 2012 and January 8, 2013, more than 14 billion metadata records were collected:

The bar chart in the top part shows the numbers by date, with DNR (telephony) in green and DNI (internet) in blue.

According to the Washington Post, WINDSTOP is an umbrella program for at least four collection systems which are jointly operated by NSA and one or more signals intelligence agencies of the 2nd Party countries Britain, Canada, Australia and New Zealand.

Signal Profile

The pie chart shows that more than 95% of the metadata are collected from internet traffic (DNI), less than 5% is from mobile networks (PCS).

Most Volume

This section shows that under WINDSTOP, the metadata were collected by at least the following two facilities, designated by their SIGADs:

- DS-300 (14100 million records)
- DS-200B (181 million records)

In a sidenote, the Washington Post says that DS-300 is the SIGAD for an interception facility which is also known under the codename INCENSER. With 14 billion internet metadata records in one month, INCENSER seems to be one of NSA's major internet collection programs, as for March 2013, the total of internet metadata collected worldwide was 97 billion records. For now, it's unclear where this enormous amount of data comes from.

DS-200B is a facility codenamed MUSCULAR, which is used for tapping the cables linking the big data centers of Google and Yahoo outside the US. This intercept facility is located somewhere in the United Kingdom and operated by GCHQ and NSA jointly. MUSCULAR collected some 181 million records, a small number compared to the 14 billion of INCENSER, but still way too much given its low intelligence value - according to NSA's Analysis and Production division.

It's interesting to see data from MUSCULAR mentioned in this screenshot, because a FAQ document about BOUNDLESSINFORMANT from 2010 said that no metadata from MUSCULAR were counted by this tool. But as this chart shows records from December 2012 and January 2013, it seems that meanwhile also metadata from MUSCULAR were added.

Top 5 Techs

The programs used for processing and analysing these interceptions are:

- XKEYSCORE (14100 million records)
- TURMOIL (141 million records)
- WEALTHYCLUSTER (1 million records)

Just like we saw in the chart about the German metadata, the internet (DNI) data are processed by the XKEYSCORE tool. Almost all these internet data are collected by the facility designated DS-300 and codenamed INCENSER.

TURMOIL is a database or a system which is part of the TURBULENCE program, and seems to be used for selecting and storing common internet encryption technologies, so they can be exploited by NSA. If we compare the numbers, we see that TURMOIL is used for processing most of the data collected by DS-200B or MUSCULAR. An NSA presentation confirms that data collected by MUSCULAR are ingested and processed by TURMOIL.

WEALTHYCLUSTER is also related to the TURBULENCE program and is described as "a smaller-scale effort to hunt down tips on terrorists and others in cyberspace" and is said to have helped finding members of al-Qaida.

(Updated with the information about the German metadata, the new explanation by the Wall Street Journal, the WINDSTOP metadata, the data from Spain and Norway, and the revised interpretation of the Dutch chart)

During a hearing of the German parliamentary investigation commission on January 19, 2017, former BND president Schindler said that the BOUNDLESSINFORMANT charts that Snowden took, were from training course material. This was said here for the first time and given the problems these charts caused for BND, it's possible that they asked NSA for more details after which this explanation came up. However, this still doesn't explains why the charts were interpreted incorrectly.

Links and Sources
- HuffingtonPost.com: NSA: Europeans Did Spying, Handed Data To Americans
- Dagbladet.no: NSA-files repeatedly show collection of data «against countries» - not «from»
- VoiceOfRussia.com: Denmark admits to tapping phones in conflict zones abroad
- Wall Street Journal: U.S. Says France, Spain Aided NSA Spying
- Cryptome.org: Translating Telephone metadata records to phone calls
- The Week: Why the NSA spies on France and Germany
- Le Monde: France in the NSA's crosshair : phone networks under surveillance
- Tweakers.net: NSA onderschepte in maand metadata 1,8 miljoen telefoontjes in Nederland
- De Correspondent: Wat doet de NSA precies met het Nederlandse telefoonverkeer?
- Der Spiegel: Daten aus Deutschland

October 15, 2013

What are SIGADs starting with DS for?

(Updated: November 26, 2013)

Recently, some new NSA powerpoint presentations were published which mention communication intercept facilities with designators like DS-200, DS-200B, DS-300 and DS-800.

These don't fit the regular format for such SIGINT Activity Designators (SIGADs), as they normally begin with two letters indicating one of the UKUSA or Five Eyes-countries: US for the United States, UK for the United Kingdom, CA for Canada, AU for Australia and NZ for New Zealand.

Initially, the Washington Post wrote that DS referred to NSA's Australian counterpart, the Defence Signals Directorate, probably because of its abbreviation DSD, although this agency was recently renamed to Australian Signals Directorate or ASD. Later the Post corrected this and now says DS refers to the British signals intelligence agency GCHQ.


But there's another lead. In the third slide of a presentation about SSO Collection Optimization, which was published by the Washington, we see that the collection facility designated DS-200B is codenamed MUSCULAR.

This codename was mentioned earlier in a document with Frequently Asked Questions (pdf) about the BOUNDLESSINFORMANT tool. On page 2 it reads:
"Only metadata records that are sent back to NSA-W through FASCIA or FALLOUT are counted. Therefore, programs with a distributed data distribution system (e.g. MUSCULAR and Terrestrial RF) are not currently counted."

The first sentence is about data sent back to the NSA headquarters in the Washington-area (NSA-W) through FASCIA or FALLOUT, which are ingest processors for phone and internet metadata respectively.

In the second sentence we see MUSCULAR mentioned as an example of programs with a "distributed data distribution system". Another example is the interception of Terrestrial RF (Radio Frequency), which are communications through microwave radio relay systems.

Presently, it's not clear what the "distributed data distribution system" might be, but for now it's interesting that this description could very well fit the abbreviation DS.

A SIGAD like DS-200 might then stand for a particular (Distributed Data) Distribution System, not related or bound to a specific country, like the regular SIGADs starting with the country codes.

As "data distribution" is a way to describe how files are stored in data clouds, it's probably a good guess that also in this case, the "distributed data distribution system" may refer to one or more NSA data clouds. This could also explain the fact that the SIGADs starting with DS don't fit the country code scheme, this because the data cloud might be a repository shared by all five UKUSA partners.

DS-200: GCHQ Special Source collection

On October 30, the Washington Post provided more details about the MUSCULAR program, with a follow-up on November 4. Attached to that story are a number of new slides showing that MUSCULAR is a joint NSA-GCHQ operation to collect data by tapping the main communication links which connect the Yahoo and Google data centers around the world.

This interception takes place at a "large international access located in the United Kingdom". People who are familiar with Google and Yahoo’s infrastructure said it's likely that the fiber-optic cables that connect the data centers are owned by companies like Verizon Communications, the BT Group, the Vodafone Group and especially Level 3 Communications, being the world’s largest internet backbone provider. As was revealed earlier, GCHQ has surveillance arrangements with each of these companies.

More specific, the MUSCULAR "distributed data distribution system" is described by Sean Gallagher as a way to collect, filter, and process the content from the internal networks of Google and Yahoo. For doing this, the data streams, which are optimized by Google and Yahoo to be sent across wide-area networks over multiple simultaneous data links, have to be broken apart again. After that, the system separates the traffic which is of intelligence interest from the vast amount of intra-data center communications that have nothing to do with user activity.

One slide, titled "2nd Party Accesses", shows that DS-200B/MUSCULAR is a sub-program of DS-200, which is "NSA's reporting of GCHQ's "Special Source" collection", where Special Source means gathering data from private companies:

Unfortunately, the rest of the slide is completely blacked out, so we aren't even allowed to see the other SIGADs which may also be part of the DS-200 program. Nevertheless we learned from other sources about the existance of facilities designated DS-200A and DS-200X, which are clearly sub-programs of DS-200, and therefore probably similar private network tapping operations as MUSCULAR.


In an explanation of a screenshot of the BOUNDLESSINFORMANT tool, the Washington Post says that the SIGAD DS-300 refers to INCENSER, which is another high-volume cable tapping operation, jointly run by NSA and GCHQ. But INCENSER is not just "another" cable tapping operation, it's a far bigger program, collecting over 14 billion metadata records, which is 77 times as much as MUSCULAR!

Both MUSCULAR and INCENSER are part of WINDSTOP. According to the Washington Post, this is an umbrella program for at least four collection systems which are jointly operated by NSA and one or more 2nd Parties (2P) - the signals intelligence agencies of Britain, Canada, Australia and New Zealand.


Some more information abouth the SIGAD DS-800 can be found in a slide that was shown in a report by the Brazilian television magazine Fantastico from October 6, 2013. It reveals how the Canadian signals intelligence agency CSEC mapped the communications infrastructure of the Brazilian Ministry of Mines and Energy.

For that effort, CSEC used OLYMPIA, and a presentation about that tool shows step-by-step how all the ministry’s telephone and computer communications were mapped:

Reconstruction of a slide showing the interception of the
communications of the Brazilian Ministry of Mines and Energy
(click for a bigger version!)

In this slide we can see that DS-800 collects both telephony (DNR) and internet (DNI) data. At the left side DS-800 is mentioned as the facility intercepting phone calls between the Brazilian ministry and numbers in Equador and Venezuela. Telephone communications to some other countries are monitored by facilities designated US-3294 and US-966V.

At the right side of the slide are the internet communications. Traffic between IP addresses from Global Village Telecom and internet providers in Africa, the Middle East and Canada are also collected by DS-800. We can also see that internet traffic to India is intercepted by DS-200 (maybe because GCHQ has good access to India?).

Given this information and regarding that Global Village Telecom is a major Brazilian telecommunications company, providing both telephony and internet services, DS-800 could probably be intercepting the infrastructure of this company. Because within the Five Eyes-community, Canada is more or less responsible for covering Latin America, we can imagine that DS-800 might be operated by the Canadian CSEC, just like the British GCHQ operates DS-200B.

Links and Sources
- ArsTechnica.com: How the NSA’s MUSCULAR tapped Google’s and Yahoo’s private networks
- Golem.de: Dokumente belegen Zugriffe auf Google- und Yahoo-Clouds

October 12, 2013


On September 5, The Guardian, The New York Times and ProPublica jointly revealed that NSA has a top secret program to break encryption systems used on the internet. This is done by for example inserting vulnerabilities into commercial encryption and IT systems. This program is codenamed BULLRUN, which, according to NSA documents, is not a regular sensitive information compartment, but a "secure COI".

COI or CoI stands for Community of Interest, a more common computer security feature by which network assets and/or users are segregated by technological means. This is done through a logical or physical grouping of network devices or users with access to information that should not be available to the general user population of the network. According to the 2011 Classification Manual (pdf), information residing on secure COIs may not be taken out of the COI or moved to other databases without appropriate approval.

ECI = Exceptionally Controlled Information; PTD = Penetrating Target Defences
IIB = Initial Infrastructure Build ?

According to a GCHQ briefing sheet about BULLRUN, there are at least two other COIs: ENDUE and NOCON, both for sensitive materials. These Community of Interest codenames were revealed here for the first time. For classification purposes they are treated as dissemination markings: they appear at the very end of a classification line, separated from other markings (like NOFORN and ORCON) by a single forward slash. For example: TOP SECRET//SI//NOFORN/BULLRUN


As the COI codenames BULLRUN, ENDUE and NOCON are used within a Top Secret environment for highly sensitive NSA operations, it was quite a surprise to find the NOCON marking on another document too: an appendix (pdf) of a very secret NSA document. This appendix is about Public Key crypto systems and has no date, but seems to be from the 1980s. It was declassified by the NSA in March 2007 upon request of the Cryptome website:

The document was marked TOP SECRET UMBRA LACONIC NOCON. This old style classification marking (without slashes between the categories and terms) means that the document has the overall classification level TOP SECRET and was protected by putting it in the UMBRA compartment, which was designated for the most sensitive communications intercept material. The LACONIC and NOCON markings will be explained below.


The function of LACONIC is clarified in the NSA's internal Cryptolog (pdf) magazine, 2nd issue from 1988, which says that LACONIC is not a clearance or a classification, but a handling control marking. It's described as a restrictive distribution indicator for certain techniques - what kind of techniques is blacked out. Access to documents marked with LACONIC does not require a special clearance, but the reader must have a need to know certain details about those undisclosed things.

An indication about what kind of techniques are blacked out can be found in the Cryptolog (pdf) issue of January/February 1986. There it's said that "LACONIC access" is required for attending the CRYSCO-86 conference about computer technology and cryptanalysis, so it seems likely that LACONIC is about sensitive computer codebreaking techniques.

This comes close to the BULLRUN program and therefore it's not unthinkable that LACONIC was one of its forerunners, allthough according to the New York Times, the direct predecessor of BULLRUN was a program codenamed MANASSAS.

The LACONIC marking was retired as of October 2006 and apparently replaced by a new compartment within the control system for Exceptionally Controlled Information (ECI).


In addition to restricting access to people with the need-to-know, the 1988 Cryptolog explanation says that LACONIC was also designed to deny access to contractors and consultants. Therefore, LACONIC had always to be accompanied by the NOCONTRACT marking. Apparently this marking could also be shortened to NOCON, as can be seen in the aforementioned document about public key crypto systems.

The Director of Central Intelligence Directive (DCID) 1/7 from April 12, 1995 ruled that as from that date, the NOCONTRACT marking should not be used anymore. This because it had "clearly outlived [its] usefullnes". Officials could now release intelligence bearing the NOCONTRACT marking to appropriately cleared and access-approved contractors. It's no surprise that this came at a time when US intelligence agencies started their large-scale outsourcing to private contractors.

However, it seems strange that Directive 1/7 eliminated the NOCONTRACT marking in 1995, but at the same time we still see NOCON as a COI in recent BULLRUN documents. A possible explanation could be that NSA still wanted to keep some sensitive materials out of the hands of contractors, and therefore continued to use the NOCON marking internally.

This could also explain the fact that NOCON, like the BULLRUN and ENDUE COI markings, are not listed in the extensive classification marking manuals for the intelligence community. The 2010 BULLRUN Classification Guide confirms that "the BULLRUN data label (for use in databases) and marking (for use in hard- or soft copy documents) are for NSA/CSS internal use only".


At least since the 1980s, NSA used the LACONIC marking to protect sensitive information, which was probably related to computer codebreaking techniques. Whether LACONIC was for internal NSA use only is not entirely clear, but as LACONIC material was not meant for contractors and consultants, it had to be accompanied by the NOCONTRACT marking which was used throughout the intelligence community.

After the general use of NOCONTRACT or NOCON was prohibited in 1995, NSA seems to have continued it as an internal marking. Similar are the probably more recent markings ENDUE and BULLRUN, which are all used for highly sensitive information that is protected by putting it in separated and secured parts (COIs) of NSA's internal computer networks.

In Dutch: Meer over het wetsvoorstel voor de Tijdelijke wet cyberoperaties