Upload
marcosmatch9
View
212
Download
0
Embed Size (px)
DESCRIPTION
news article, web spying. 2015-09-26
Citation preview
Web visits of “every visible user on Internet” were tracked byGCHQ 0BY KAVITA IYER ON SEPTEMBER 26, 2015
http://www.techworm.net/2015/09/web-visits-of-every-visible-user-on-internet-were-tracked-by-gchq.html
GCHQ’s Karma Police program followed “suspicious” Web searches around the globe and profiled each and every Internet user
According to the documents published by The Intercept, it disclosed that the United Kingdom’s
Government Communications Headquarters (GCHQ) has been tracking World Wide Web users since
2007, with an operation called “Karma Police” – a program that spied Web browsing habits of people
worldwide, which the agency itself calls as the “world’s biggest” Internet data-mining operation, meant to
ultimately track “every visible user on the Internet.”
It appears that Karma Police that was named after the Radiohead song started as a top-secret operation
to collect intelligence about people using the Internet to listen to radio shows. The main aim of the project
was to research “potential misuse” of Internet radio stations to spread messages. In an attempt to
recognize their Skype and social media accounts, listeners to streams that included Islamic religious
content were targeted for more data collection. Due to the success of the program, it started growing
slowly.
According to GCHQ documents, between August 2007 and March 2009, the “Black Hole” database was
used to store more than 1.1 trillion “events” — Web browsing sessions — with about 10 billion new entries
added every day. By 2010, the system was logging 30 billion metarecords per day. Further, by 2012, the
collection had increased to 50 billion per day, and work was in progress to double capacity to 100 billion.
For instance, the Karma Police works by showing the IP addresses of people visiting websites. IP
addresses are unique identifiers that are allocated to computers when they connect to the Internet. The
Karma Police system and its Black Hole database log the IP addresses of individuals visiting Internet sites,
as well as the cookies related to their Web traffic. By connecting recorded cookies from other sites, users
of specific sites can then be profiled with site login credentials or with those used to deliver personalized
ads (for instance, the Google “pref” cookie).
Cookies are placed automatically on computers to recognize and at times track people browsing the
Internet, mostly for advertising purposes. When you log into or visit a website, a cookie is basically stored
on your computer so that the site can identify you. It can contain your username or email address, your
login password, your IP address, and even the type of Internet browser you are using such as Mozilla
Firefox or Google Chrome.
According to GCHQ analysts in the documents, they called cookies “target detection identifiers” or
“presence events” detection identifiers” and praised their value as to how they help monitor people’s
Internet use and uncover online identities. They can also be used to analyze “pattern of life”— analysis
showing the times of day and locations at which the person is most active online and where they connect
to the Internet from.
In an effort to covertly collect cookies on a massive scale, some specific popular websites were targeted. A
sample search by the agency shows that the data was extracted from cookies that had information about
people’s visits to the adult website YouPorn, search engines Yahoo and Google, and the Reuters news
website.
Other websites listed as “sources” of cookies in the 2009 document are Hotmail, YouTube, Facebook,
Reddit, WordPress, Amazon, and sites operated by the broadcasters CNN, BBC, and the U.K.’s Channel
4.
Also, e-mail addresses and other identifiers passed in traffic were collected by the Karma Police,
comprising those stored within the cookies of the Bebo social networking site. A miscellaneous collection
of additional tools tracked other elements of online behavior and placed them into the data store.
“Infinite Monkeys” analyzes data about the usage of online bulletin boards and forums, while “Samuel
Pepys” is one tool built by the British spies to analyze both the content and metadata of emails, browsing
sessions, and instant messages as they are being intercepted in real time.
The GCHQ documents published by the Intercept shows one such example wherein someone with a
Swedish IP address was tracked while visiting the Cryptome website to look at a page about the GCHQ’s
spying.
All the information collected by these surveillance techniques presented GCHQ and its “Five Eyes”
partners with weapons to execute high level targeted attacks against individuals of interest. The data
gathered by Karma Police was helpful in “Operation Socialist,” the hack of the Belgian telecom company
Belgacom, giving the IP address of a target with a level of access that is desired.