Donate for the Cryptome archive of files from June 1996 to the present

3 July 2014

NSA Hacks TOR in Germany, Calls Users Extremists

Original German:

German named an extremist targeted by U.S. intelligence from the NSA

Published: 07.03.2014 05:00 clock

The NSA peeks specifically from German that deal with encryption on the Internet. This emerges from a secret source, the NDR and WDR exists. NSA victim can thus be identified by name. One of them is a student from Erlangen.

By Lena Kampf, Jacob Appelbaum and John Goetz, NDR

[Images omitted.]

It is one of the most sensitive secrets of the NSA, the engine of the global monitoring machine: the source code of the XKeyscore program, the most comprehensive Ausspähprogramm of U.S. foreign intelligence.

NDR and WDR have excerpts of the source code. Parts of the collection infrastructure ie, so-called software rules that define the intelligence, what or who they want to investigate.

There are only a few numbers and characters to string together the programmer. But when the program executes XKeyscore these rules, get people and their data in their sights. The connections from computers to the Internet are identified and stored in a database type. The users are quasi marked. It is the dragnet of the 21st century.

Download the video file

Users of the Tor network aim of penetration

In the present source is about the spying infrastructure and the users of the Tor network. Tor stands for "the onion router" - a program in which Internet traffic, such as a query to a search engine, is passed through various servers and lie encryption layers like an onion to make the request. Thus, the origin of the request, so obscures the IP address. The IP address is like a mailing address and reveals among other things, the location of the computer.

There are about 5,000 Tor servers worldwide which are operated by volunteers. It is an anonymizing infrastructure, which is often used, especially in countries where it is dangerous to abandon the regime, which websites you visited or where they retrieve. In Iran and Syria, for example. Tor is used by journalists, human rights activists and lawyers worldwide.

Popular German IP addresses in Fort Meade

The reporting of the "Guardian" on PowerPoint presentations from the Snowden archive has shown in the past year that the Tor network the NSA is a particular thorn in the side. The top-secret documents and the first time published the source code show that the NSA is making significant efforts to deanonymisieren users of the Tor network. Search of the NDR and WDR show: German IP addresses are defined in the source code of the NSA as a unique destination.

The IP 212 212 245 170 leads to a gray, factory-like building, whose high walls are fenced with barbed wire. "On the Tower" is the street in an industrial area near Nürnberg. There is a computer center with Mietservern in long shelves. They all look the same. But one is spied on by the NSA. Sebastian Hahn, a student and employee of the computer science department in Erlangen has rented this server.

The program goal: TOR a thorn in the NSA.

Momentous commitment to the Internet community

In his spare time he is involved in the Tor network, as well as one of the authors of this paper. The gate community trusts Sebastian Hahn especially: He may run one of nine so-called "Directory Authorities". On his server is a list, in which all Tor servers are listed. Users who connect to the Tor network, automatically access to one of the nine "Directory Authorities" to download the latest list. Hundreds of thousands of hits a day there are at Sebastian Hahn.

All of these accesses are marked by the NSA and land according to research by the NDR and WDR then in a special NSA database. In the source code appeared even the name of the server on tap: "Gabelmoo" had called him cock predecessor, Frankish for "fork man," as the Bamberger call a Poseidon statue lovingly.

"This is shocking," says Hahn. Because: "The connection data of millions of people are listed every day." Sebastian Hahn found next to "Gabelmoo" all other names of "Directory Authorities" in Berlin, the Netherlands, Austria, Sweden and the USA. They are also target of the NSA.

Second notably known NSA victims

Although he is only a means to an end for the NSA - finally, the intelligence want to filter on its server who uses the Tor network - Hahn feels violated his privacy. Because he wanted to do something good, he random "in the focus of the intelligence agencies," he says, visibly shocked. He is now probably after German Chancellor Angela Merkel, the second known by name German surveillance victims of American intelligence.

The lawyer specializing in IT law, Thomas Stadler, sees a "suspicion of intelligence agents work". The Attorney General expressed only in general terms: you examine all instructions. On request, the NSA shares only generally, we consider strictly to the law: "privacy and civil liberties always be considered in the computer monitor."

What you want to anonymize is deanonymized

Ironically, it is in accordance with the special rules that NDR and WDR present, so just people with the desire for anonymity that are the target of the NSA. In the eyes of the Secret Service: extremists. This is not rhetoric, no journalistic escalation. The term is even in the Comment column of the source text, quoted by programmers of the NSA.

Extremists? The opposite is the case, as the search point. The German victims are politically to find not at the outer edge. Extreme they are alone on one point: They are concerned about the security of their data. And that's what makes them suspect in the eyes of the U.S. Secret Service.

How quickly do you become a "Extremist"

"Tails" is an operating system that uses the Tor network to post on the Internet any traces, but nothing saves the user on the computer from which it is, for example, on a USB stick, booted.

Darko Medic, 18, short brown hair, sitting in front of his laptop. He is "Tails" and "USB" in the mask its search engine. What Darko not know: He's just so also landed in a database of the NSA. Marked as one of the extremists, they seek the secret service so diligently.

Limitless espionage

How the NSA spying friends and enemies and the consequences of that.

Because what the rules of the source code also revealed: The NSA observed on a large scale search queries worldwide - also in Germany. Just the simple search for encryption software, such as "Tails" is enough to get into the grid of the NSA. The connection of the request with search engines makes suspicious. His search for "Tails" opens a door, access to Darko and his world. Once in the database, any inquiry from Darko can be accessed selectively. Darko is under observation.

This Darko has traveled in the computer-AG so he learns how to protect themselves from the spying by the NSA. "I do not think anyone is reading my e-mails," he says.

His seatmate has opened the website of the Tor project. His connection to the site is now marked and stored in a database. For the entire Web page of the Tor project is under observation. Everyone who visits them, like the Neukölln students ends with a marker.

The NSA peeks specifically from people who deal with encryption on the Internet.

It's not just about metadata

In addition, it can be shown beyond reasonable doubt through the source code for the first time, that the NSA is not only so-called metadata, ie connection data reads. According programming command, e-mails used to connect to the Tor network, then the contents of the so-called e-mail body, analyzed and stored. The relevant quote from the source code reads: "email_body ('': c + + extractors"

William Binney, 70, was technical director of the NSA until he left in 2001 because the machines he invented, were directed against its own people. Today he is testifying before the NSA Untersuchungssauschuss. In an interview with NDR and WDR, he explains why the secret service have calculated it apart to users of the Tor network: "There shall be no free, anonymous rooms give," he says. "They want to know everything about everyone."

Only a few are excluded: Registered in the source code, the NDR and WDR exists, is the differentiation between the partner countries of the United States, the so-called "Five Eyes", in New Zealand, Australia, Britain and Canada, and other countries. Compounds that are made from the "Five Eyes" countries on the Tor website, according to the present rule should not be marked. From all other countries, however, already. Without exception.

More on the topic tonight at Panorama, 21.45 clock in the First