Systems and Tools GCHQ Used to Spy on the World

October 06, 2015

GCHQ at Cheltenham, Gloucestershire

The United States is not the only country guilty of recording the daily activities of billions of ordinary people; the United Kingdom is too.

Government Communications Headquarters (GCHQ) was the agency responsible for building and heading the mass surveillance operation, KARMA POLICE. The operation was launched over seven years ago, without any public debate or consent. Moreover, KARMA POLICE isn’t the only surveillance operation of the GCHQ; it’s only a part of a giant global apparatus responsible for spying on billions of people and storing their data.

KARMA POLICE works by identifying the IP addresses of people visiting websites; however, the IP address alone isn’t sufficient enough to identify a person. That’s where GCHQ’s massive repository, BLACKHOLE, comes in. BLACKHOLE obtains data, known as cookies, from “probes” tapped into the international fiber-optic cables that transport Internet traffic across the world. This data is then sifted through a separate system called MUTANT BROTH. Working in tandem, KARMA POLICE detects the IP address and MUTANT BROTH searches BLACKHOLE for cookies connected to that IP address. Putting those pieces of information together, like magic provides the identity of the person in question.

The GCHQ also uses other methods of eavesdropping:
SOCIAL ANTHROPOID analyzes metadata from emails, instant messenger chats, social media connections and conversations, and “telephony” metadata regarding phone calls, cell phone locations, texts, and multimedia messages.
MEMORY HOLE logs query entered into search engines and associates each query with an IP address.
MARBLED GECKO sifts through searches made by people on Google Earth and Google Maps.
INFINITE MONKETS analyzes the data usage of online bulletin boards and forums.
TEMPORA acquires vast numbers of emails, instant messages, voice calls, and other communications, and can easily be searched using a Google-style tool named XKEYSCORE.
SAMUEL PEPYS analyzes the content and metadata of emails, browsing sessions, and instant messages as they are intercepted in real-time.

These were the programs, tools, system, and operations used by the GCHQ as reported in the files revealed by Edward Snowden. It’s very fortunate for us today that these actions were brought to light and that proper restrictions were applied. However, according to a top secret report co-authored by an official who has worked with the British Agency and who was an NSA employee in 2011, these restrictions aren’t the greatest threat to governments’ ability to do effective target discovery/development; rather, the biggest threat to government surveillance is the fast spreading of encryption.

“Pertinent metadata events will be locked within the encrypted channels and difficult, if not impossible, to prise out,” the report says, adding that the agencies are working on a plan that would “(hopefully) allow our Internet exploitation strategy to prevail.”

To read more on the history and activities of the GCHQ, you can click here.