GCHQ
GCHQ operates in partnership with equivalent agencies worldwide in a number of bi-lateral and multi-lateral relationships. The principal of these is with the United States (National Security Agency),
Canada (Communications Security Establishment),
Australia (Australian Signals Directorate) and New Zealand (Government Communications Security Bureau), through the mechanism of the UK-US Security Agreement, a broad intelligence-sharing agreement encompassing a range of intelligence collection methods. Relationships are alleged to include shared collection methods, such as the system described in the popular media as ECHELON, as well as analysed product.
GCHQ is led by the Director of GCHQ, Anne Keast-Butler, and a Corporate Board, made up of executive and non-executive directors.
GCHQ was originally established after the First World War as the Government Code and Cypher School (GC&CS) and was known under that name until 1946. During the Second World War it was located at Bletchley Park, where it was responsible for breaking the German Enigma codes. There are two main components of GCHQ, the Composite Signals Organisation (CSO), which is responsible for gathering information, and the National Cyber Security Centre (NCSC), which is responsible for securing the UK's own communications. The Joint Technical Language Service (JTLS) is a small department and cross-government resource responsible for mainly technical language support and translation and interpreting services across government departments. It is co-located with GCHQ for administrative purposes.
WORLD WAR I
During the First World War, the British Army and Royal Navy had separate signals intelligence agencies, MI1b and NID25 (initially known as Room 40) respectively. In 1919, the Cabinet's Secret Service Committee, chaired by Lord Curzon, recommended that a peacetime codebreaking agency should be created, a task which was given to the Director of
Naval Intelligence, Hugh Sinclair. Sinclair merged staff from NID25 and MI1b into the new organisation, which initially consisted of around 25–30 officers and a similar number of clerical staff. It was titled the "Government Code and Cypher School" (GC&CS), a cover-name which was chosen by Victor Forbes of the Foreign Office. Alastair Denniston, who had been a member of NID25, was appointed as its operational head. It was initially under the control of the Admiralty and located in Watergate House, Adelphi, London. Its public function was "to advise as to the security of codes and cyphers used by all Government departments and to assist in their provision", but also had a secret directive to "study the methods of cypher communications used by foreign powers". GC&CS officially formed on 1 November 1919, and produced its first decrypt prior to that date, on 19 October.
Before the Second World
War, GC&CS was a relatively small department. By 1922, the main focus of GC&CS was on diplomatic traffic, with "no service traffic ever worth circulating" and so, at the initiative of Lord Curzon, it was transferred from the Admiralty to the Foreign Office. GC&CS came under the supervision of Hugh Sinclair, who by 1923 was both the Chief of SIS and Director of GC&CS. In 1925, both organisations were co-located on different floors of Broadway Buildings, opposite St. James's Park. Messages decrypted by GC&CS were distributed in blue-jacketed files that became known as "BJs". In the 1920s, GC&CS was successfully reading Soviet Union diplomatic cyphers. However, in May 1927, during a row over clandestine Soviet support for the General Strike and the distribution of subversive propaganda, Prime Minister Stanley Baldwin made details from the decrypts public.
WORLD WAR II
During the Second World War, GC&CS was based largely at Bletchley Park, in present-day Milton Keynes, working on understanding the German Enigma machine and Lorenz ciphers. In 1940, GC&CS was working on the diplomatic codes and ciphers of 26 countries, tackling over 150 diplomatic cryptosystems. Senior staff included Alastair Denniston, Oliver Strachey, Dilly Knox, John Tiltman, Edward Travis, Ernst Fetterlein, Josh Cooper, Donald Michie, Alan Turing, Gordon Welchman, Joan Clarke, Max Newman, William Tutte, I. J. (Jack) Good, Peter Calvocoressi and Hugh Foss. The 1943 British–US Communication Intelligence Agreement, BRUSA, connected the signal intercept networks of the GC&CS and the US National Security Agency (NSA). Equipment used to break enemy codes included the Colossus computer. Colossus consisted of ten networked computers.
An outstation in the Far East, the Far East Combined Bureau, was set up in Hong Kong in 1935 and moved to Singapore in 1939. Subsequently, with the Japanese advance down the Malay Peninsula, the Army and RAF codebreakers went to the Wireless Experimental Centre in Delhi,
India. The Navy codebreakers in FECB went to Colombo, Ceylon, then to Kilindini, near Mombasa,
Kenya.
POST WWII
GC&CS was renamed the Government Communications Headquarters (GCHQ) in June
1946.
The organisation was at first based in Eastcote in northwest London, then in
1951 moved to the outskirts of Cheltenham, setting up two sites at Oakley and Benhall. One of the major reasons for selecting Cheltenham was that the town had been the location of the headquarters of the United States Army Services of Supply for the European Theater during the War, which built up a telecommunications infrastructure in the region to carry out its logistics tasks.
Following the Second World War, US and British intelligence have shared information as part of the UKUSA Agreement. The principal aspect of this is that GCHQ and its US equivalent, the National Security Agency (NSA), share technologies, infrastructure and information.
GCHQ ran many signals intelligence (SIGINT) monitoring stations abroad. During the early Cold War, the remnants of the British Empire provided a global network of ground stations which were a major contribution to the UKUSA Agreement; the US regarded RAF Little Sai Wan in Hong Kong as the most valuable of these. The monitoring stations were largely run by inexpensive National Service recruits, but when this ended in the early 1960s, the increased cost of civilian employees caused budgetary problems. In 1965 a Foreign Office review found that 11,500 staff were involved in SIGINT collection (8,000 GCHQ staff and 3,500 military personnel), exceeding the size of the Diplomatic Service. Reaction to the Suez War led to the eviction of GCHQ from several of its best foreign SIGINT collection sites, including the new Perkar, Ceylon site and RAF Habbaniya, Iraq. The staff largely moved to tented encampments on military bases in Cyprus, which later became the Sovereign Base Area.
During the Cuban Missile Crisis, GCHQ Scarborough intercepted radio communications from Soviet ships reporting their positions and used that to establish where they were heading. A copy of the report was sent directly to the White House Situation Room, providing initial indications of Soviet intentions with regards the US naval blockade of Cuba.
Duncan Campbell and Mark Hosenball revealed the existence of GCHQ in 1976 in an article for Time Out; as a result, Hosenball was deported from the UK. GCHQ had a very low profile in the media until 1983 when the trial of Geoffrey Prime, a KGB mole within it, created considerable media interest.
THE INTERNET - 2000s
At the end of 2003, GCHQ moved in to its new building. Built on a circular plan around a large central courtyard, it quickly became known as the Doughnut. At the time, it was one of the largest public-sector building projects in Europe, with an estimated cost of £337 million. The new building, which was designed by Gensler and constructed by Carillion, became the base for all of GCHQ's Cheltenham operations.
The public spotlight fell on GCHQ in late 2003 and early 2004 following the sacking of Katharine Gun after she leaked to The Observer a confidential email from agents at the United States' National Security Agency addressed to GCHQ officers about the wiretapping of UN delegates in the run-up to the 2003 Iraq war.
GCHQ gains its intelligence by monitoring a wide variety of communications and other electronic signals. For this, a number of stations have been established in the UK and overseas. The listening stations are at Cheltenham itself, Bude, Scarborough, Ascension Island, and with the United States at RAF Menwith Hill. Ayios Nikolaos Station in
Cyprus is run by the British Army for GCHQ.
In March 2010, GCHQ was criticised by the Intelligence and Security Committee for problems with its IT security practices and failing to meet its targets for work targeted against cyber attacks.
As revealed by Edward Snowden in The
Guardian, GCHQ spied on foreign politicians visiting the 2009 G-20 London Summit by eavesdropping phonecalls and emails and monitoring their computers, and in some cases even ongoing after the summit via keystroke logging that had been undertaken during the summit.
According to Edward Snowden, at that time GCHQ had two principal umbrella programs for collecting communications:
- "Mastering the Internet" (MTI) for Internet traffic, which is extracted from fibre-optic cables and can be searched by using the Tempora computer system.
- "Global Telecoms Exploitation" (GTE) for telephone traffic.
GCHQ has also had access to the US internet monitoring programme PRISM from at least as far back as June 2010. PRISM is said to give the National Security Agency and FBI easy access to the systems of nine of the world's top internet companies, including Google, Facebook, Microsoft, Apple, Yahoo, and Skype.
From 2013, GCHQ realised that public attitudes to Sigint had changed and its former unquestioned secrecy was no longer appropriate or acceptable. The growing use of the Internet, together with its inherent insecurities, meant that the communications traffic of private citizens were becoming inextricably mixed with those of their targets and openness in the handling of this issue was becoming essential to their credibility as an organisation. The Internet had become a "cyber commons", with its dominance creating a "second age of Sigint". GCHQ transformed itself accordingly, including greatly expanded Public Relations and Legal departments, and adopting public education in cyber security as an important part of its remit.
NCSC
In 2016, the National Cyber Security Centre was established under GCHQ but located in
London, as the UK's authority on cybersecurity. It absorbed and replaced CESG as well as activities that had previously existed outside GCHQ: the Centre for Cyber Assessment (CCA), Computer Emergency Response Team UK (CERT UK) and the cyber-related responsibilities of the Centre for the Protection of National Infrastructure (CPNI).
GCHQ'S PRIME FUNCTIONS
-
Signals Intelligence (SIGINT): This is the core mission. It involves collecting and analyzing communications from foreign governments, militaries, and other entities. This
includes Interception of communications, Phone calls, emails, text messages, internet traffic, etc.
-
Codebreaking: Decrypting encrypted messages and electronic surveillance, the
monitoring of radio, radar, and other electronic signals.
-
Cybersecurity: GCHQ plays a crucial role in defending US government networks and critical infrastructure from
cyberattacks.
- Foreign Intelligence Support: GCHQ provides intelligence support to other US government agencies, such as the
CIA,
FBI, and Department of Defense.
- Technology Research and Development: GCHQ conducts cutting-edge research in areas such as cryptography, computer science, and data analysis.
The NSA plays a vital role in protecting US national security interests by gathering intelligence on foreign threats, such as terrorism, espionage, and the proliferation of weapons of mass destruction.
The intelligence gathered by the NSA informs US foreign policy decisions and helps to protect US interests abroad.
The NSA plays a crucial role in counterterrorism efforts by providing intelligence on terrorist organizations and their activities.
The NSA's activities have also raised concerns about privacy and civil liberties. There have been ongoing debates about the balance between national security and individual privacy rights.
Not to mention the cost and number of spies spying on honest workers, that
add to the national debt and is considered unsustainable. With pensions for
the army of multi-layered non-productive agency workers, civil servants and
politicians, that outnumber the workforce in the USA approximately 3:1,
allegedly, 4:1 in the UK.
The
NSA is well aware of the shifting power patterns as the US slides against
the save for later policies of China, against the borrow for now politics of
America, as one giant bank with growing powers to spy on civilians to
extract every last cent, subject to bubbles that regularly get burst as
they print more paper money than they can afford - without gold reserves. Putting
the $Dollar are risk as the world's reserve currency. Potentially, leading
to a New
World Order, as World War
Three looms large.
In
this fictional John
Storm adventure, the Agency is keen to gain any advantage they can to retain
dominance for as long as possible, including enhancing their own military
leaders and preventing anyone else from obtaining such technology, such as
with the Panamanian
Running Man.
The
problem for DARPA,
the CIA and NSA, is that they cannot understand the technology developed by the
emerging Fourth
Reich knights. Fortunately, that means competing powers, such as
China and Russia, will also be in the dark. Assuming the status quo is
preserved. And that all depends on John
Storm and his crew onboard the Elizabeth
Swann - and the President
of the United States.
The
NSA, is the National Security Agency of the United States of
America, made infamous by the Will Smith film: Enemy
of the State, a film that reveals how corrupt the system can become in
the wrong hands.
The
NSA is the US intelligence agency responsible for global monitoring, collection, and processing of foreign signals intelligence
(SIGINT).
THE
GUARDIAN 6 SEPTEMBER 2013 - REVEALED: HOW US AND UK SPY AGENCIES DEFEAT INTERNET PRIVACY AND SECURITY
- NSA and GCHQ unlock encryption used to protect emails, banking and medical records
- $250m-a-year US program works covertly with tech companies to insert weaknesses into products
- Security experts say programs ‘undermine the fabric of the internet’
US and British intelligence agencies have successfully cracked much of the online encryption relied upon by hundreds of millions of people to protect the privacy of their personal data, online transactions and emails, according to top-secret documents revealed by former contractor Edward Snowden.
The files show that the National Security Agency and its UK counterpart GCHQ have broadly compromised the guarantees that internet companies have given consumers to reassure them that their communications, online banking and medical records would be indecipherable to criminals or governments.
[Is it that governments
behave like criminals, and can no longer tell which side of the law they are
on.]
The agencies, the documents reveal, have adopted a battery of methods in their systematic and ongoing assault on what they see as one of the biggest threats to their ability to access huge swathes of internet traffic – "the use of ubiquitous encryption across the internet".
Those methods include covert measures to ensure NSA control over setting of international encryption standards, the use of supercomputers to break encryption with "brute force", and – the most closely guarded secret of all – collaboration with technology companies and internet service providers themselves.
Through these covert partnerships, the agencies have inserted secret vulnerabilities – known as backdoors or trapdoors – into commercial encryption software.
The files, from both the NSA and GCHQ, were obtained by the
Guardian, and the details are being published today in partnership with the
New York Times and ProPublica. They reveal:
A 10-year NSA program against encryption technologies made a breakthrough in 2010 which made "vast amounts" of data collected through internet cable taps newly "exploitable".
The NSA spends $250m a year on a program which, among other goals, works with technology companies to "covertly influence" their product designs.
The secrecy of their capabilities against encryption is closely guarded, with analysts warned: "Do not ask about or speculate on sources or methods."
The NSA describes strong decryption programs as the "price of admission for the US to maintain unrestricted access to and use of cyberspace".
A GCHQ team has been working to develop ways into encrypted traffic on the "big four" service providers, named as Hotmail, Google, Yahoo and Facebook.
The agencies insist that the ability to defeat encryption is vital to their core missions of counter-terrorism and foreign intelligence gathering.
But security experts accused them of attacking the internet itself and the privacy of all users. "Cryptography forms the basis for trust online," said Bruce Schneier, an encryption specialist and fellow at Harvard's Berkman Center for Internet and Society. "By deliberately undermining online security in a short-sighted effort to eavesdrop, the NSA is undermining the very fabric of the internet." Classified briefings between the agencies celebrate their success at
"defeating network security and
privacy".
"For the past decade, NSA has lead [sic] an aggressive, multi-pronged effort to break widely used internet encryption technologies," stated a 2010 GCHQ document. "Vast amounts of encrypted internet data which have up till now been discarded are now exploitable."
An internal agency memo noted that among British analysts shown a presentation on the NSA's progress: "Those not already briefed were gobsmacked!"
The breakthrough, which was not described in detail in the documents, meant the intelligence agencies were able to monitor "large amounts" of data flowing through the world's fibre-optic cables and break its encryption, despite assurances from internet company executives that this data was beyond the reach of government.
The key component of the NSA's battle against encryption, its collaboration with technology companies, is detailed in the US intelligence community's top-secret 2013 budget request under the heading "Sigint [signals intelligence] enabling".
Funding for the program – $254.9m for this year – dwarfs that of the Prism program, which operates at a cost of $20m a year, according to previous NSA documents. Since 2011, the total spending on Sigint enabling has topped $800m. The program "actively engages US and foreign IT industries to covertly influence and/or overtly leverage their commercial products' designs", the document states. None of the companies involved in such partnerships are named; these details are guarded by still higher levels of classification.
Among other things, the program is designed to "insert vulnerabilities into commercial encryption systems". These would be known to the NSA, but to no one else, including ordinary customers, who are tellingly referred to in the document as "adversaries".
"These design changes make the systems in question exploitable through Sigint collection … with foreknowledge of the modification. To the consumer and other adversaries, however, the systems' security remains intact."
The document sets out in clear terms the program's broad aims, including making commercial encryption software "more tractable" to NSA attacks by "shaping" the worldwide marketplace and continuing efforts to break into the encryption used by the next generation of 4G phones. Among the specific accomplishments for 2013, the NSA expects the program to obtain access to "data flowing through a hub for a major communications provider" and to a "major internet peer-to-peer voice and text communications system".
Technology companies maintain that they work with the intelligence agencies only when legally compelled to do so. The Guardian has previously reported that Microsoft co-operated with the NSA to circumvent encryption on the Outlook.com email and chat services. The company insisted that it was obliged to comply with "existing or future lawful demands" when designing its products.
The documents show that the agency has already achieved another of the goals laid out in the budget request: to influence the international standards upon which encryption systems rely. Independent security experts have long suspected that the NSA has been introducing weaknesses into security standards, a fact confirmed for the first time by another secret document. It shows the agency worked covertly to get its own version of a draft security standard issued by the US National Institute of Standards and Technology approved for worldwide use in 2006.
"Eventually, NSA became the sole editor," the document states.
The NSA's codeword for its decryption program, Bullrun, is taken from a major battle of the American civil war. Its British counterpart, Edgehill, is named after the first major engagement of the English civil war, more than 200 years earlier.
A classification guide for NSA employees and contractors on Bullrun outlines in broad terms its goals.
"Project Bullrun deals with NSA's abilities to defeat the encryption used in specific network communication technologies. Bullrun involves multiple sources, all of which are extremely sensitive." The document reveals that the agency has capabilities against widely used online protocols, such as HTTPS, voice-over-IP and Secure Sockets Layer (SSL), used to protect online shopping and banking.
The document also shows that the NSA's Commercial Solutions Center, ostensibly the body through which technology companies can have their security products assessed and presented to prospective government buyers, has another, more clandestine role.
It is used by the NSA to "to leverage sensitive, co-operative relationships with specific industry partners" to insert vulnerabilities into security products. Operatives were warned that this information must be kept top secret "at a minimum".
A more general NSA classification guide reveals more detail on the agency's deep partnerships with industry, and its ability to modify products. It cautions analysts that two facts must remain top secret: that NSA makes modifications to commercial encryption software and devices "to make them exploitable", and that NSA "obtains
cryptographic details of commercial cryptographic information security systems through industry relationships".
The agencies have not yet cracked all encryption technologies, however, the documents suggest. Snowden appeared to confirm this during a live Q&A with
Guardian readers in June. "Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on," he said before warning that NSA can frequently find ways around it as a result of weak security on the computers at either end of the communication.
The documents are scattered with warnings over the importance of maintaining absolute secrecy around decryption capabilities.
Strict guidelines were laid down at the GCHQ complex in Cheltenham, Gloucestershire, on how to discuss projects relating to decryption. Analysts were instructed: "Do not ask about or speculate on sources or methods underpinning Bullrun." This
information was so closely guarded, according to one document, that even those with access to aspects of the program were warned: "There will be no 'need to know'."
The agencies were supposed to be "selective in which contractors are given exposure to this information", but it was ultimately seen by Snowden, one of 850,000 people in the US with top-secret
clearance. A 2009 GCHQ document spells out the significant potential consequences of any leaks, including "damage to industry relationships".
"Loss of confidence in our ability to adhere to confidentiality agreements would lead to loss of access to proprietary information that can save time when developing new capability," intelligence workers were told. Somewhat less important to GCHQ was the public's trust which was marked as a moderate risk, the document stated.
"Some exploitable products are used by the general public; some exploitable weaknesses are well known eg possibility of recovering poorly chosen passwords," it said. "Knowledge that GCHQ exploits these products and the scale of our capability would raise public awareness generating unwelcome publicity for us and our political masters."
The decryption effort is particularly important to GCHQ. Its strategic advantage from its Tempora program – direct taps on transatlantic fibre-optic cables of major telecommunications corporations – was in danger of eroding as more and more big internet companies encrypted their traffic, responding to customer demands for guaranteed privacy.
Without attention, the 2010 GCHQ document warned, the UK's "Sigint utility will degrade as information flows changes, new applications are developed (and deployed) at pace and widespread encryption becomes more commonplace." Documents show that Edgehill's initial aim was to decode the encrypted traffic certified by three major (unnamed) internet companies and 30 types of Virtual Private Network (VPN) – used by businesses to provide secure remote access to their systems. By 2015, GCHQ hoped to have cracked the codes used by 15 major internet companies, and 300 VPNs.
Another program, codenamed Cheesy Name, was aimed at singling out encryption keys, known as 'certificates', that might be vulnerable to being cracked by GCHQ supercomputers.
Analysts on the Edgehill project were working on ways into the networks of major webmail providers as part of the decryption project. A quarterly update from 2012 notes the project's team "continue to work on understanding" the big four communication providers, named in the document as Hotmail, Google, Yahoo and Facebook, adding "work has predominantly been focused this quarter on Google due to new access opportunities being developed".
To help secure an insider advantage, GCHQ also established a Humint Operations Team (HOT). Humint, short for "human intelligence" refers to information gleaned directly from sources or undercover agents.
This GCHQ team was, according to an internal document, "responsible for identifying, recruiting and running covert agents in the global telecommunications industry."
"This enables GCHQ to tackle some of its most challenging targets," the report said. The efforts made by the NSA and GCHQ against encryption technologies may have negative consequences for all internet users, experts warn.
"Backdoors are fundamentally in conflict with good security," said Christopher Soghoian, principal technologist and senior policy analyst at the American Civil Liberties Union. "Backdoors expose all users of a backdoored system, not just intelligence agency targets, to heightened risk of data compromise." This is because the insertion of backdoors in a software product, particularly those that can be used to obtain unencrypted user communications or data, significantly increases the difficulty of designing a secure product."
This was a view echoed in a recent paper by Stephanie Pell, a former prosecutor at the US Department of Justice and non-resident fellow at the Center for Internet and Security at Stanford Law School.
"[An] encrypted communications system with a lawful interception back door is far more likely to result in the catastrophic loss of communications confidentiality than a system that never has access to the unencrypted communications of its users," she states.
Intelligence officials asked the Guardian, New York Times and ProPublica not to publish this article, saying that it might prompt foreign targets to switch to new forms of encryption or communications that would be harder to collect or read.
The three organisations removed some specific facts but decided to publish the story because of the value of a public debate about government actions that weaken the most powerful tools for protecting the privacy of internet users in the US and worldwide.
CONTACT
THE NSA
By mail:
National Security Agency
9800 Savage Rd., Suite 6272
Fort George G. Meade, MD 20755-6000
By Phone: 301-688-6311
Applicants: 1-866-672-4473 (1-866-NSA-HIRE)
National Cryptologic Musuem
8290 Colony Seven Road
Annapolis Junction, MD 20701 (Not a mailing address)
By phone: 301-688-5849
|
