XKEYSCORE - Under the Microscope

[[PRISM]] | [[National Security Administration (NSA)]] | [[QUANTUM]] | [[Edward Snowden]] | [[Australia]] | [[Canada]] | [[New Zealand]] | [[United Kingdom]] | [[Japan]] | [[Germany]] | [[Denmark]] # NSA's "Google for the World's Private Communications" **XKEYSCORE** (stylized XKeyscore): NSA's most powerful mass surveillance tool—described by agency as its **"widest reaching"** data collection system. Think **Google search engine for anyone's private internet activity worldwide**. Revealed by Edward Snowden July 2013. ## What It Is **Official NSA description**: "DNI Exploitation System/Analytic Framework" (DNI = Digital Network Intelligence from internet traffic) **Snowden's description**: **"Front-end search engine"**—"**one-stop shop for access to NSA's information**" **Technical reality**: Linux-based software (Red Hat servers, Apache web server, MySQL databases) that makes tracking anyone's internet usage **"as easy as entering an email address"**—provides **no built-in technology to prevent abuse**. ## Capabilities: "Nearly Everything You Do on the Internet" **January 26, 2014 Snowden interview** (German broadcaster Norddeutscher Rundfunk): **"What could you do if you would use XKeyscore?"** Snowden's answer: > **"You could read anyone's email in the world, anybody you've got an email address for. Any website: You can watch traffic to and from it. Any computer that an individual sits at: You can watch it. Any laptop that you're tracking: you can follow it as it moves from place to place throughout the world."** **Search capabilities**: - Name, telephone number, IP address, keywords - Language used, browser type - Email addresses, usernames, passwords - Internet searches, websites visited - Documents, online chats, browsing histories - **Real-time interception** of activity **"Fingerprinting"**: Build unique network activity profile—**"anywhere you go in the world, anywhere you try to hide your online presence, your identity"** ## Scale: Global Mass Surveillance Infrastructure **As of 2008-2009**: - **~150 field sites** globally (U.S., Mexico, Brazil, UK, Spain, Russia, Nigeria, Somalia, Pakistan, Japan, Australia, many others) - **700+ servers** storing "full-take data" - **20+ terabytes/day** at some sites (equivalent 5.7M songs or 13K films daily) - **Tens of billions of records** stored **Data retention**: - **Content: 3-5 days** (too much to store longer) - **Metadata: 30-45 days** - Feeds into other databases: PINWALE (content up to 5 years), MARINA (metadata) **Federated system**: Single query from central site searches **all field sites simultaneously**—global reach, instant results. ## How It Works: The Plumbing of Surveillance **Collection**: Fed constant flow from **fiber optic cables forming backbone of world communication network** + other sources **"Passive" system**: Listens, doesn't transmit on targeted networks **Can trigger "active" attacks**: Tips QUANTUM programs (QUANTUMINSERT, QUANTUMHAND, etc.) through Tailored Access Operations **Gamification**: NSA incorporated **"skilz points" and "unlock achievements"** to motivate analysts—those good at using XKEYSCORE acquire points. German Griesheim training unit achieved **"highest average skilz points"** vs. all NSA departments. ## No Oversight: The Honor System **Training materials**: Analysts search by "filling in simple on-screen form giving only broad justification"—**requests NOT reviewed by court or NSA personnel before processing** **2021 Privacy Board revelation**: Privacy and Civil Liberties Oversight Board (PCLOB) member Travis LeBlanc stated NSA **never proved it conducted prior written legal analysis before launching system**—"concerning that any surveillance tool would have been conceptualized, coded, implemented, executed and routinely used **without such prior written legal analysis**" **Audit system**: Snowden (January 2015 Harvard symposium): Analysts **"completely free from any meaningful oversight"**—"majority of people doing auditing are **friends of analysts**. Work same office. **Not full-time auditors**, guys with other duties assigned." **Shared admin account**: Systems administrators use **shared "oper" account**—"means changes made by administrator **cannot be logged**"—malicious actions untraceable. **Database access**: Admins can run MySQL queries directly—**bypass audit trail** that tracks analyst searches. ## International Sharing: Five Eyes and Beyond **Access granted to**: - **GCHQ** (UK) - **German BND** (foreign intelligence) and BfV (domestic intelligence)—BND described as **"NSA's most prolific partner"** in information gathering - **Sweden's FRA** (National Defence Radio Establishment) - **Australia, New Zealand, Canada** (Five Eyes) **Secret partnerships**: NSA's Foreign Affairs Directorate organized such that **"foreign governments can insulate their political leaders"** from public outrage if leaked. **Snowden accusation**: NSA **"in bed together with Germans"**—BND transfers "massive amounts of metadata" to NSA daily via Bad Aibling Station near Munich. ## 2021 Investigation: Still Running, Still Unaccountable **PCLOB five-year investigation** (wrapped December 2020): - System **continues operating with no judicial oversight** - **Limited congressional oversight** - **Potential to capture Americans' communications** despite FISA court requirement - NSA provided only **13-page memo of legal analysis** (dated 2016, based on older reviews NSA couldn't/didn't provide) - **No cost-benefit analysis**: How many impacted, data collected, lives saved, attacks stopped—unknown - **Compliance incidents** reported, redacted number deemed **"questionable intelligence activities"** (IC-speak for **illegal surveillance**) **LeBlanc dissent**: Report "reads more like **book report summary**"—rushed, incomplete, inadequate. ## The Technical Reality: "Ridiculously Easy" Security researcher Brossard: **"Amount of work analyst must perform to break into remote computers seems ridiculously reduced—we are talking minutes, if not seconds. Simple. As easy as typing few words in Google."** Former Twitter security lead John Adams: **"Most interesting thing is they achieved so much success with such poorly designed system...their operations team must be extremely unhappy."** **Open source stack**: Entirely runs on free software—no expensive proprietary systems. Firefox browsers, MySQL databases, Linux servers. **Design deficiencies could leave it vulnerable** to insider attack. ## Government Denials vs. Reality **Rep. Mike Rogers** (June 2013, House Intelligence Committee chairman): Snowden **"lying"** about real-time email access—**"impossible for him to do what he was saying"** **Senator Saxby Chambliss** (Senate Intelligence Committee): NSA **doesn't have capability** to monitor emails without court order **XKEYSCORE training materials**: Contradict these claims completely—**system explicitly designed for exactly what Snowden described**. **NSA spokesperson** (2021): "Representation that NSA had not conducted full legal analysis **not accurate**. NSA conducted appropriate legal reviews"—but **couldn't provide documentation to oversight board**. ## Legacy: Google for Private Life **Security researcher's summary**: **"NSA has built impressively complete set of automated hacking tools for analysts to use"**—browse fingerprints, OS versions extracted from traffic allow **quick assessment of target exploitability**. **Snowden's June 9, 2013 statement** (most controversial): Now fully vindicated—**he could wiretap anyone from accountant to federal judge to president with personal email**. **Still operational**: As of 2021+ continues running. Decade after Snowden revelation, **still hoovering up internet searches, passwords, usernames, emails, personal messages**—no meaningful reform, no accountability, **no judicial oversight**. **Bottom line**: XKEYSCORE is **search engine for everyone's private digital life**. Makes total surveillance of any individual **as simple as Google search**. No court approval required. No meaningful oversight. Friends audit friends. Shared admin accounts prevent accountability. **Tens of billions of records**. **150+ global sites**. **Feeds other attack systems**. Built on honor system in world where **"honor" means protecting capability over protecting rights**. Snowden was right. Government officials lied. **System still running. You're still being watched.** ![[Pasted image 20251025111227.jpg]] You could read anyone's email in the world, anybody you've got an email address for. Any website: You can watch traffic to and from it. Any computer that an individual sits at: You can watch it. Any laptop that you're tracking: you can follow it as it moves from place to place throughout the world. It's a one-stop-shop for access to the NSA's information. ... You can tag individuals ... Let's say you work at a major German corporation and I want access to that network, I can track your username on a website on a forum somewhere, I can track your real name, I can track associations with your friends and I can build what's called a fingerprint, which is network activity unique to you, which means anywhere you go in the world, anywhere you try to sort of hide your online presence, your identity. -Edward Snowden low-level NSA analysts can, via systems like XKeyscore, "listen to whatever emails they want, whatever telephone calls, browsing histories, Microsoft Word documents. And it's all done with no need to go to a court, with no need to even get supervisor approval on the part of the analyst XKeyscore is a "piece of Linux software that is typically deployed on [Red Hat](https://en.wikipedia.org/wiki/Red_Hat "Red Hat") servers. It uses the [Apache web server](https://en.wikipedia.org/wiki/Apache_web_server "Apache web server") and stores collected data in [MySQL](https://en.wikipedia.org/wiki/MySQL "MySQL") databases"