British spy agency wanted to save browsing profile of ‘every internet user’
The British intelligence service GCHQ stored internet users’ browsing data on a large scale and in an untargeted manner. The service thus combined profiles with IP addresses to identify internet users and track their behaviour. That’s according to new Snowden documents.
The storage project was called Black Hole and was or is being used to store large amounts of data from internet users, including not only browsing history but also email addresses, instant messaging data, search terms used, social media activities and whether or not use of anonymization tools. That writes The Intercept based on newly released Snowden documents.
The British spies were able to browse Black Hole using analytics tools in several ways, including the Mutant Broth tool to identify internet users and Karma Police to gain insight into their browsing history. The Infinite Monkeys tool made forum usage insightful and Marbled Gecko was able to answer the where question by showing Google Maps and Earth data. The goal of Karma Police during development was to provide either a ‘browsing profile of every visible user on the Internet’ or to provide ‘user profiles from every visible site on the Internet’.
GCHQ used Black Hole in combination with IP addresses to identify internet users whose online activity could then be monitored. The combination of data made a so-called ‘pattern of life’ analysis possible, the site writes, in which the spy service could, for example, map at which times the person is most active on the internet.
Not only would the system have been used to target terrorists, but also to crack systems of European companies, claims The Intercept. For example, it would have been used to identify Gemalto employees in order to penetrate that company’s internal network. This would have happened with the help of Facebook cookies. In that hack, the GCHQ would have obtained encryption keys for mobile traffic. Mutant Broth would also have been used to identify Belgacom employees, prior to the hack by that company’s GCHQ. This would have been done by using cookies to find out about the Google, Yahoo and LinkedIn accounts of three Belgacom technicians.
At 41 percent, Internet users’ browsing history data would occupy most of Black Hole. The GCHQ would get that data by intercepting cookies on the international fiber optic cables. The service would target the cookies of Yahoo, Google, Microsoft, Facebook, Reddit, WordPress and Amazon, but in an example the service also shows the extraction of data from cookies from porn site YouPorn.
Between 2007 and March 2009, the GCHQ is said to have stored more than 1.1 trillion events in Black Hole. An event refers to metadata, which does not mean substantive data but derived data, such as who emails when with whom. It would be 217TB of uncompressed data. 10 billion new events would be added to Black Hole every day.
It is not known whether the GCHQ will still continue with the systems and the untargeted collection of data. The slides published by The Intercept relate to the period 2006 to 2012.