
Snowden Documents Reveal Surveillance and Pressure Tactics Aimed at WikiLeaks - ibsathish
https://firstlook.org/theintercept/article/2014/02/18/snowden-docs-reveal-covert-surveillance-and-pressure-tactics-aimed-at-wikileaks-and-its-supporters/
======
r0h1n
> One classified document shows that GCHQ used its surveillance system to
> secretly monitor visitors to a WikiLeaks site. By exploiting its ability to
> tap into the fiber-optic cables that make up the backbone of the Internet,
> the agency confided to allies in 2012, it was able to collect the IP
> addresses of visitors in real time, as well as the search terms that
> visitors used to reach the site from search engines like Google.

This is _real-time surveillance_ of website visitors & search terms to
websites that governments don't like. I'm guessing it wouldn't take much for
them to correlate those visitors to IP addresses, cookies, device IDs and cell
tower signals to pinpoint people in real time too?

 _Knock knock_

Who is it?

 _It 's the police. We know you're browsing Wikileaks right now._

Edit: Looks like GCHQ's "ANTICRISIS GIRL" [0], the tool used to monitor
Wikileaks visitors in real time, was based on Piwik [1]

[0] [https://prod01-cdn01.cdn.firstlook.org/wp-
uploads/2014/02/pi...](https://prod01-cdn01.cdn.firstlook.org/wp-
uploads/2014/02/piwik2.png)

[1] [http://piwik.org/](http://piwik.org/)

~~~
d0
Well spotted. To be honest, I'd be pissed off if I found out GCHQ had
repurposed my project for this sort of thing.

Not really possible to fix this situation either as "do no evil" license
clauses are pointless.

~~~
__alexs
If it was GPL you might be able to argue that they violated the derivatives
clause. I doubt it would help since this is top secret intel work and I'm sure
they have legal loop holes that essentially allow them to ignore things as
trivial as copyright when it suits them.

~~~
eurleif
[https://www.gnu.org/licenses/gpl-
faq.html#GPLRequireSourcePo...](https://www.gnu.org/licenses/gpl-
faq.html#GPLRequireSourcePostedPublic)

~~~
__alexs
s/GPL/AGPL/

Which raises the question of whether or not a program that passively wiretaps
you falls under the provision of network services clause in that :)

------
aspensmonster
>Illustrating how far afield the NSA deviates from its self-proclaimed focus
on terrorism and national security, the documents reveal that the agency
considered using its sweeping surveillance system against Pirate Bay, which
has been accused of facilitating copyright violations. The agency also
approved surveillance of the foreign “branches” of hacktivist groups,
mentioning Anonymous by name.

Good to know that the NSA is on top of that Pirate Bay threat! I was worried
for a little bit. Good thing they're keeping tabs on script kiddies too. And
of course WikiLeaks; that's just information terrorism. Better go ahead and
classify them all as malicious foreign actors:

>any communication with a group designated as a “malicious foreign actor,”
such as WikiLeaks and Anonymous, would be considered fair game for
surveillance.

>When NSA officials are asked in the document if WikiLeaks or Pirate Bay could
be designated as “malicious foreign actors,” the reply is inconclusive: “Let
us get back to you.” There is no indication of whether either group was ever
designated or targeted in such a way.

Knowing Greenwald, I've got a suspicion that he already knows the answer to
that question. Gonna go grab some popcorn. Y'all want anything from the
concession stand?

EDIT:

Notice of course that it doesn't really matter if the NSA classifies any of
them as malicious foreign actors or not. They can always count on the GCHQ to
scrape up US citizens' data for them:

[https://prod01-cdn01.cdn.firstlook.org/wp-
uploads/2014/02/pi...](https://prod01-cdn01.cdn.firstlook.org/wp-
uploads/2014/02/piwik2.png)

That blue spot on the "Visitor Countries" map looks familiar...

~~~
e12e
> Good to know that the NSA is on top of that Pirate Bay threat!

As I've mentioned in another comment already, this reminds me of Pete Seeger's
comments on the (anti-communist) Black List:

[https://www.youtube.com/watch?v=Y0_IME9WsHQ](https://www.youtube.com/watch?v=Y0_IME9WsHQ)

------
panarky
Now we know what we've speculated darkly about all long: the NSA and GCHQ
actively track users who visit sites they don't like.

Presumably your visit to The Intercept and First Look are similarly tracked
and correlated with your other online and offline activity.

I for one will visit this site and open every linked document from each IP I
have access to. These tactics of mass surveillance and intimidation must be
resisted.

~~~
samstave
Launch a bunch of t1.micros or tiny dockers or something and have them
constantly curl or wget all the links. Setup a spot request with an autoscale
script which will constant request spot instances from the cheapest zone where
they are spawned and curl/wget to dev null then die and get a new spot spawn.

~~~
jaibot
Or, you know, lease a VPN connection.
[https://www.privateinternetaccess.com/](https://www.privateinternetaccess.com/)

~~~
e12e
I wonder how many of those are either run by spy agencies, or are infiltrated
by spy agencies?

~~~
dobbsbob
They don't even need to run fake VPNs anymore, just go to the host of vpn
host, get all the metadata you want [http://www.wipeyourdata.com/other-data-
erasing/no-logs-earth...](http://www.wipeyourdata.com/other-data-erasing/no-
logs-earthvpn-user-arrested-after-police-finds-logs/)

~~~
e12e
Well, if they already have most of that data (ip/connection metadata from
backbone isps) -- and the provider/target site is small enough that traffic
analysis is enough to defeat the vpn -- all bets are off anyway. This is a
basic problem with VPNs -- you need to assume all data going in and out is
logged -- if you're the only one visiting omghowcanimakebombsforeal.com at any
given hundreds of a second -- then you're pretty much done for.

------
oskarth
I don't know about you guys, but these two quotes together with the events in
the life of Assange seems to paint some picture.

 _According to the Post, officials “realized that they have what they
described as a ‘New York Times problem’” – namely, that any theory used to
bring charges against Assange would also result in criminal liability for the
Times, The Guardian, and other papers which also published secret documents
provided to WikiLeaks._

 _USA [...] urged other nations with forces in Afghanistan [...] to consider
filing criminal charges against J.A. [...] focus the legal elements of
national power upon non-state actor Assange, and the human network that
supports Wikileaks_ (from [https://prod01-cdn02.cdn.firstlook.org/wp-
uploads/2014/02/as...](https://prod01-cdn02.cdn.firstlook.org/wp-
uploads/2014/02/assange_pressure.png))

Not that this came as a surprise for people who read things outside NYT.

~~~
Torn
In particular:
[http://en.wikipedia.org/wiki/Assange_v_Swedish_Prosecution_A...](http://en.wikipedia.org/wiki/Assange_v_Swedish_Prosecution_Authority)

------
kyro
I am not surprised one bit.

Not directly related to the article, but more to the issue at large: One thing
many people fail to realize is that humans can be terribly, terribly corrupt.
There are those among us who, without a drop of guilt or compassion, would
take the life of another. Given the means, we are capable of carrying out some
heinous acts. Many believe that there is some moral or ethical boundary that
these spy agencies will not cross. That given all the information that's been
leaked, all the lies that've been exposed, there is still an area of corrupt
behavior that is off-limits.

I have no doubt in my mind that there are those within these agencies that
have abused their access to information for political, financial, and personal
benefit, eg insider trading, selling damaging information to political
candidates, suppressing journalists, etc. I'm not sure if it'll ever be
brought to the public light, but I'm certain it's happened and is happening.
The stuff that we read about is peanuts.

~~~
chippy
>I am not surprised one bit.

I think this is something that Hollywood movies such as Enemy of the State
promotes. So that when it does come out non of us are surprised it really
exists. We should just make sure that our lack of surprise doesn't turn into
disinterest and apathy.

------
grey-area
I find it really interesting that a huge number of GCHQ internal training
documents, giving away an awful lot about their operations and systems, was
available on demand with no logging to poorly vetted contractors at US sites.
They don't even know what he took. Contractors like Booz Allen Hamilton are a
huge, soft target with a constantly changing roster of workers.

That lack of any significant firewall between the allies, combined with a huge
army of contractors in the US with top secret access, means China/Russia etc
have probably had access to this information for years, if not decades, and
could feed CGHQ and the NSA misinformation at will, because they'll know
exactly what their capabilities and aspirations are.

~~~
DanBC
An ex director of GCHQ has said how disappointed he was at the poor control of
information the NSA had.

The way he said it made it sound like things were going to change.

------
hooande
These findings illustrate the difference between _surveillance_ and a
_surveillance state_. The GCHG and by relation the NSA had plenty of
information about who visited or donated to Wikileaks, but did not act on any
of that information [1]. These documents could easily be construed as a vote
of confidence for the agencies in question. People love to throw around the
phrase "Orwellian" these days, but his seminal work does not appear to be
relevant here. We all know that the government could be surveilling us at any
time. We should all be afraid of it taking widespread action based upon that
information. This day has not come yet.

The government can listen to what you say and watch what you do all they want.
The moment they move from surveilling to censoring, from watching to
interfering, the average citizen will come down on them with righteous fury.
No one is coming to your door or telling you what lawful websites you can and
can't look at or what you can say to people. It's a testament to the strength
of our ideals that government agents can tap your phone and hear you say how
much you hate them, and yet still not lift a finger against you [1].

Keeping an eye on quasi-legal websites and organizations is the government's
job. Using force to harm them is a line that we cannot allow them to cross.
There are many, many more documents that have yet to come to light and I'm
sure that this community will be the first to point out any serious abuses of
power.

[1] _" That we know of"_

~~~
sergiosgc
Assuming that the government reaction would be to beat down your door is
naive. The government knows, as you do, that down that path lies insurrection.
Beating down doors and imprisoning dissidents is a crude tool.

There are other tools for influencing individuals and controlling society,
much more targeted, silent and insidious.

~~~
w_t_payne
I'd love to see some brain-storming on what those techniques might be;
together with civil-society countermeasures.

~~~
dredmorbius
There's the MLK method: spy on a meddlesome soul, discover his infidelity,
tell him to commit suicide or you'll tell his wife:

[http://studentactivism.net/2012/01/15/the-fbis-attempt-to-
bl...](http://studentactivism.net/2012/01/15/the-fbis-attempt-to-blackmail-
martin-luther-king-into-suicide/)

[http://news.firedoglake.com/2013/01/21/the-fbi-wrote-a-
lette...](http://news.firedoglake.com/2013/01/21/the-fbi-wrote-a-letter-to-
martin-luther-king-telling-him-to-commit-suicide/)

[http://www.lettersofnote.com/2012/01/king-like-all-frauds-
yo...](http://www.lettersofnote.com/2012/01/king-like-all-frauds-your-end-
is.html)

Or just general COINTELPRO: [http://vault.fbi.gov/cointel-
pro](http://vault.fbi.gov/cointel-pro)

(Yes, that's the FBI's own archives, happy reading.)

------
eyeareque
"discovering that an American has been selected for surveillance must be
mentioned in a quarterly report, “but it’s nothing to worry about.”"

This is so bad. Just when you think it can't get any worse.

The worst part is that more leaks with probably even more depressing
revalations are on the way.

------
higherpurpose
Who gave the order to monitor Wikileaks and its visitors? What I'd like to see
_at the very least_ is that these agencies get reformed to the point where if
we do find out about an abuse of theirs, we can put pressure on the so called
"oversight committees" who clearly aren't doing their jobs, to uncover exactly
who monitored Wikileaks and who gave the order to do it. And then fire them.

Right now even if there was such a pressure on them, there's probably no way
to link to who did it, because NSA and GCHQ seem to be run in a very chaotic
way and that's on purpose, so there are no ties for specific operations to
anyone.

------
sneak
I guess that bitcoin donation to wikileaks I sent a few years back means I
should probably dump my computer's bios and ssd firmware physically out of
flash with a logic analyzer and compare it with others of the same model.

Fuck.

~~~
sentenza
I know this guy, let's call him hypothetical Fritz, who was seen talking in
public to a WL spokesperson after an event a few years back. I don't know if
he should be worried, but from listening to him when he talks of it, I know
that he is.

------
e12e
Ah, page 19 (18 for context) of this presentation is kind of interesting:

[https://firstlook.org/theintercept/document/2014/02/18/psych...](https://firstlook.org/theintercept/document/2014/02/18/psychology-
new-kind-sigdev/)

Firefox: browser of choice for neurotic introverts!

(I use Firefox:)

Actually that whole slide deck is interesting. Watch how "Squeaky Dolphin"
help us go from "real-time" monitoring of likes on facebook and
youtube/blogger views to splunk powered(?)[1] "Battle Damage Assessment
Demonstrator - City Activity"...

[1] Slide 26-32. Splunk is namedropped, wonder if NSA are big customers of
[http://www.splunk.com](http://www.splunk.com) ? I guess all PR is good PR...

------
f_salmon
Related:

The Press Freedom Index by Reporters Without Borders has the U.S. ranked #46
in their 2004 report [0] - just above Haiti and just below Romania.

[0] [http://rsf.org/index2014/en-index2014.php](http://rsf.org/index2014/en-
index2014.php)

~~~
kennywinker
On The Media last week had a great piece on why this index is pretty bunk
[http://www.onthemedia.org/story/press-freedom-not-
decline/](http://www.onthemedia.org/story/press-freedom-not-decline/)

OTM is a pretty great podcast, by the way. Covers lots of stuff about the
Snowden leaks with a very level head.

~~~
Zigurd
Click through to the actual WaPo article. It isn't exactly a huge endorsement
of US press freedom.

The article has a graph showing US press freedom bouncing between sort of OK
down to "less than Lithuania" levels over a period of decades. In other words,
mediocre levels of press freedom happen regularly in the US. That does not
actually contradict the notion that, currently, it sucks.

------
fredgrott
Are we surprised by this?

What Snowden taught us, the lesson we all have now, is that those with that
level of internet/computer skills are not citizens of a single country but
RATHER citizens of the Internet and its our actions that determine the future
of the internet and its freedom.

------
dwbond
That screenshot of how they tracked WikiLeaks visitors... isn't that Piwik?

Edit: Oh never mind, should have kept on reading.

~~~
hrrsn
And the Wiki software they're running is MediaWiki. Viva la Open Source!

------
zimbatm
Piwik works in the same way as Google Analytics and uses an injected
JavaScript to report the stats back to the server. If they didn't modify Piwik
a lot it means that the script should be visible and the address of the server
too.

Just tested, not seeing any suspicious JavaScript tags from inside the UK.

~~~
lolwu0339
Javascript is only needed for more detailed information about their browser.
The analytics appear to collect only header information and the ip address
suggesting that they don't require Javascript to be injected.

------
at-fates-hands
The interesting thing is this is getting massive headlines here, but when the
IRS targets conservative groups, there's barely a peep.

I'd say government overreach is starting to get to a fever pitch. People have
good reason to fear their government and that's pretty scary.

