Stand: 03.07.14 17:08 Uhr

NSA targets the privacy-conscious

von J. Appelbaum, A. Gibson, J. Goetz, V. Kabisch, L. Kampf, L. Ryge

The investigation discloses the following:

Two servers in Germany - in Berlin and Nuremberg - are under surveillance by the NSA.

Merely searching the web for the privacy-enhancing software tools outlined in the XKeyscore rules causes the NSA to mark and track the IP address of the person doing the search. Not only are German privacy software users tracked, but the source code shows that privacy software users worldwide are tracked by the NSA.

Among the NSA's targets is the Tor network funded primarily by the US government to aid democracy advocates in authoritarian states.

The XKeyscore rules reveal that the NSA tracks all connections to a server that hosts part of an anonymous email service at the MIT Computer Science and Artificial Intelligence Laboratory (CSAIL) in Cambridge, Massachusetts. It also records details about visits to a popular internet journal for Linux operating system users called "the Linux Journal - the Original Magazine of the Linux Community", and calls it an "extremist forum".

Disclosure Three authors of this investigation have personal and professional ties to the Tor Project, an American company mentioned within the following investigation. Jacob Appelbaum is a paid employee of the Tor Project, Aaron Gibson is a paid contractor for the Tor Project, and Leif Ryge is a volunteer contributor to various Tor-related software projects. Their research in this story is wholly independent from the Tor Project and does not reflect the views of the Tor Project in any way. During the course of the investigation, it was further discovered that an additional computer system run by Jacob Appelbaum for his volunteer work with helping to run part of the Tor network was targeted by the NSA. Moreover, all members of this team are Tor users and appear to be have been targets of the mass surveillance described in the investigation.

It is a small server that looks like any of the other dozens in the same row. It is in a large room devoted to computers and computer storage, just like every other room in this industrial park building on Am Tower Street just outside the city of Nuremberg. That the grey building is surrounded by barbed wire seems to indicate that the servers' provider is working hard to secure their customers' data.

Yet despite these efforts, one of the servers is targeted by the NSA.

The IP address 212.212.245.170 is explicitly specified in the rules of the powerful and invasive spy software program XKeyscore. The code is published here exclusively for the first time.

After a year of NSA revelations based on documents that focus on program names and high-level Powerpoint presentations, NDR and WDR are revealing NSA source code that shows how these programs function and how they are implemented in Germany and around the world.

Months of investigation by the German public television broadcasters NDR and WDR, drawing on exclusive access to top secret NSA source code, interviews with former NSA employees, and the review of secret documents of the German government reveal that not only is the server in Nuremberg under observation by the NSA, but so is virtually anyone who has taken an interest in several well-known privacy software systems.

The NSA program XKeyscore is a collection and analysis tool and "a computer network exploitation system", as described in an NSA presentation. It is one of the agency’s most ambitious programs devoted to gathering "nearly everything a user does on the internet." The source code contains several rules that enable agents using XKeyscore to surveil privacy-conscious internet users around the world. The rules published here are specifically directed at the infrastructure and the users of the Tor Network, the Tails operating system, and other privacy-related software.