Dragonfly

Friday, 1 February 2019


The secrecy surrounding the work was unheard of at Google. It was not unusual for planned new products to be closely guarded ahead of launch. But this time was different. The objective, code-named Dragonfly, was to build a search engine for China that would censor broad categories of information about human rights, democracy, and peaceful protest.

In February 2017, during one of the first group meetings about Dragonfly at Google’s Mountain View headquarters in California, some of those present were left stunned by what they heard. Senior executives disclosed that the search system’s infrastructure would be reliant upon a Chinese partner company with data centers likely in Beijing or Shanghai.

Locating core parts of the search system on the Chinese mainland meant that people’s search records would be easily accessible to China’s authoritarian government, which has broad surveillance powers that it routinely deploys to target activists, journalists, and political opponents.

Yonatan Zunger, then a 14-year veteran of Google and one of the leading engineers at the company, was among a small group who had been asked to work on Dragonfly. He was present at some of the early meetings and said he pointed out to executives managing the project that Chinese people could be at risk of interrogation or detention if they were found to have used Google to seek out information banned by the government.

Scott Beaumont, Google’s head of operations in China and one of the key architects of Dragonfly, did not view Zunger’s concerns as significant enough to merit a change of course, according to four people who worked on the project. Beaumont and other executives then shut out members of the company’s security and privacy team from key meetings about the search engine, the four people said, and tried to sideline a privacy review of the plan that sought to address potential human rights abuses.

Zunger — who left his position at Google last year — is one of the four people who spoke to The Intercept for this story. He is the first person with direct involvement in Dragonfly to go on the record about the project. The other three who spoke to The Intercept are still employed by Google and agreed to share information on the condition of anonymity because they were not authorized to talk to the media. Their accounts provide extraordinary insight into how Google bosses worked to suppress employee criticism of the censored search engine and reveal deep fractures inside the company over the China plan dating back almost two years.

Google’s leadership considered Dragonfly so sensitive that they would often communicate only verbally about it and would not take written notes during high-level meetings to reduce the paper trail, two sources said. Only a few hundred of Google’s 88,000 workforce were briefed about the censorship plan. Some engineers and other staff who were informed about the project were told that they risked losing their jobs if they dared to discuss it with colleagues who were themselves not working on Dragonfly.

“They [leadership] were determined to prevent leaks about Dragonfly from spreading through the company,” said a current Google employee with knowledge of the project. “Their biggest fear was that internal opposition would slow our operations.”

UK's Far Right

Thursday, 31 January 2019


The town of Banff on the northeastern coast of Scotland is a peaceful place, with just 4,000 residents and a picturesque bay that flows into the open sea. Fifty miles from the nearest big city, the air is fresh and the pace of life is slow. But for one young man, the town’s seaside location offered no contentment. He was stockpiling weapons and planning an act of terrorism.

Connor Ward lived in a gray, semi-detached apartment building a short walk from Banff’s marina, where dozens of small boats are docked and fishermen depart each day on a hunt for mackerel or sea trout. Inside his home, 25-year-old Ward was plugged into a different kind of world. He was reading neo-Nazi propaganda on the internet about an imminent race war.

Ward began preparing for the conflict. He purchased knives, swastika flags, knuckle-dusters, batons, a stun gun, and a cellphone signal jammer. He obtained deactivated bullets and scoured Google for information about how to reactivate them. From his Banff home, he purchased hundreds of steel ball bearings and researched bomb-making methods. He wrote a note addressed to Muslims that stated: “You will all soon suffer your demise.” Then he compiled a map showing the locations of mosques in the nearest city – Aberdeen – that he appeared intent on attacking.

In April, a judge sentenced Ward to life in prison after concluding that he had been planning a “catastrophic” terrorist attack and was “deeply committed to neo-Nazi ideology.” During his week-long trial in Edinburgh, Scotland’s capital city, it emerged that police had uncovered his plot by chance, after receiving a tip that he was trying to import weapons from the United States. Officers searched his home – and the home of his mother – and discovered his large armory, as well as a stash of 131 documents about Nazism, terrorism, and manufacturing explosives.

Ward is just one individual, but his actions reflect a broader trend. British authorities say they are currently facing a growing terrorist threat from right-wing extremists, whose numbers have increased in recent years. Rooted in the notion that white European people are facing extinction, the extremists’ ideas have gained currency following a spate of Islamist attacks in Europe and a refugee crisis that has seen millions of migrants travel to the continent from war-torn Afghanistan and Syria.

In Austria, Germany, Poland, the Czech Republic, Slovakia, France, Sweden, Hungary, and the Netherlands, far-right ideas have also surged in popularity. The same is true in the United States, where Donald Trump’s presidency has energized white supremacists. Far-right politicians and activists have successfully tapped into concerns about economic uncertainty, unemployment, and globalization. But they have built most of their support base around the issues of immigration and terrorism.

In June 2016, an act of brutal violence highlighted the burgeoning danger in the United Kingdom. In broad daylight in a small village in the north of England, 52-year-old white supremacist Thomas Mair pulled out a homemade rifle and shot dead Jo Cox, a member of Parliament. Mair saw Cox as a “traitor” to white people due to her pro-immigration politics. Six months later, for the first time in U.K. history, a far-right group was banned as a terrorist organization, alongside the likes of Al Qaeda and Al Shabaab. Since then, the problem has continued to spiral.

British police say they have thwarted four far-right terrorist plots in the last year. In a speech in London in late February, the U.K.’s counter-terrorism police chief, Mark Rowley, cautioned that far-right groups were “reaching into our communities through sophisticated propaganda and subversive strategies, creating and exploiting vulnerabilities that can ultimately lead to acts of violence and terrorism.” Police were monitoring far-right extremists among a group of some 3,000 “subjects of interest,” Rowley said, adding: “The threat is considerable at this time.”

To Syria and Back

Saturday, 16 September 2017


It was a quiet night until the bombs began crashing out of the sky. Only a few minutes earlier, on the roof of a gray, single-story building not far from the city of Manbij in northern Syria, Josh Walker had been peacefully sleeping. Now the walls were collapsing beneath him, he was surrounded by fire, and his friends were dead.

Walker, a 26-year-old university student from Wales in the United Kingdom, was in Syria volunteering with the People’s Protection Units, or YPG, a Kurdish-led militia that has been a leading force in the ground battle against the Islamic State. He had made the long journey to Syria after flying out of a London airport on a one-way ticket to Istanbul, appalled by the Islamic State’s brutal fascism and inspired by the YPG’s democratic socialist ideals.

Over the course of six months last year, Walker learned to speak Kurdish and shoot AK-47 assault rifles. He trained and fought alongside militia units made up of Kurds, Arabs, and young American, Canadian, and European volunteers. He faced Islamic State suicide bombers in battle and helped the YPG as it advanced toward Raqqa, the capital of the extremist group’s self-declared “caliphate.”

In late December, Walker returned to London. There was no welcome home party waiting to greet him. Instead, there were three police officers at the airport who swiftly arrested him. The officers took him into custody, interrogated him, searched his apartment, and confiscated his laptop and notebooks. After risking his life to fight against the Islamic State, Walker was charged under British counterterrorism laws — not directly because of his activities in Syria, but because the police had found in a drawer under his bed a partial copy of the infamous “Anarchist Cookbook,” a DIY explosives guide published in 1971 that has sold more than 2 million copies worldwide.

The case against Walker is highly unusual. He is the first anti-Islamic State fighter to be prosecuted by British authorities under terrorism laws after returning to the U.K., and he appears to be the only person in the country who has ever faced a terror charge merely for owning extracts of the “Anarchist Cookbook.” The authorities have not alleged that he was involved in any kind of terror plot; rather, they claim that because he obtained parts of the “Cookbook” — which is freely available in its entirety on the internet — he collected information “of a kind likely to be useful to a person committing or preparing an act of terrorism.”

Walker is due to go to trial in October, where in the worst-case scenario he could be sentenced to up to 10 years in prison. Until then, he is free on bail, living with his mother and working part time as a kitchen porter in a restaurant. In an interview with The Intercept, he talked in-depth about his experiences in Syria and shared stories about the harrowing scenes he witnessed on the front line, which have profoundly affected his life. He also discussed for the first time the British government’s charges against him, which have not previously been publicized due to court-ordered reporting restrictions that have prevented news organizations in the U.K. from disclosing information about the background of his case. A judge lifted the restrictions late last month.

**

The sun is beating down on a hot summer’s day in Bristol, the largest city in southwest England, with a population of about 449,000. Outside a derelict former electronics store on a busy residential street in the St. Werburgh’s area of the city, Josh Walker is waiting. He is thin, about 5 foot 9 with a thick head of wavy, dark brown hair, wearing a faded green T-shirt, black trousers, and sneakers, and carrying a white plastic bag. We walk to a nearby park, where Walker pulls out two cans of cold beer from his bag, lights a cigarette, and begins explaining how he wound up on a journey to fight the Islamic State in Syria.

After leaving high school at age 18 in 2009, Walker had a variety of temporary jobs — he worked in construction, in gardening, and in an office as a volunteer for a politician who would later become the mayor of Bristol. In 2014, he decided to enroll at a university in Aberystwyth in Wales, about 130 miles west of Bristol, and he began studying for a degree in international politics and strategic studies.

As an avid follower of global affairs, Walker had been keeping a close eye on the fallout from the Arab Spring — the democratic uprisings that in late 2010 spread across the Middle East and North Africa. By 2016, the major unrest in most of the countries — like Tunisia, Yemen, Bahrain, and Egypt — had largely petered out. In Syria, however, the demonstrations evolved into a full-blown civil war and led to the worst humanitarian crisis since World War II.

What began as protests against the tyrannical leadership of Bashar al-Assad morphed into something far more complex, with a multitude of warring militias fighting one another to gain control of territory across the country. Islamist extremists were quick to capitalize on the chaos. The Islamic State group, which had previously been active primarily in Iraq, entered into the fray and took control of large swaths of Syria through 2013 and 2014, imposing strict Islamic rules and draconian punishments for anyone who disobeyed.

At university, Walker had watched it all unfold and discussed the events with his friends and professors. But he was not content to view the crisis on television as a passive observer. He wanted to help.

“I had enough of talking about history while it was being made,” he recalls. “I couldn’t just let it play out without being involved somehow and without seeing it for myself.”

So he hatched a secret plan to travel to Syria.

Inside Menwith Hill

Sunday, 23 October 2016


The narrow roads are quiet and winding, surrounded by rolling green fields and few visible signs of life beyond the occasional herd of sheep. But on the horizon, massive white golf ball-like domes protrude from the earth, protected behind a perimeter fence that is topped with piercing razor wire. Here, in the heart of the tranquil English countryside, is the National Security Agency’s largest overseas spying base.

Once known only by the code name Field Station 8613, the secret base — now called Menwith Hill Station — is located about nine miles west of the small town of Harrogate in North Yorkshire. Originally used to monitor Soviet communications through the Cold War, its focus has since dramatically shifted, and today it is a vital part of the NSA’s sprawling global surveillance network.

For years, journalists and researchers have speculated about what really goes on inside Menwith Hill, while human rights groups and some politicians have campaigned for more transparency about its activities. Yet the British government has steadfastly refused to comment, citing a longstanding policy not to discuss matters related to national security.

Now, however, top-secret documents obtained by The Intercept offer an unprecedented glimpse behind Menwith Hill’s razor wire fence. The files reveal for the first time how the NSA has used the British base to aid “a significant number of capture-kill operations” across the Middle East and North Africa, fueled by powerful eavesdropping technology that can harvest data from more than 300 million emails and phone calls a day.

Over the past decade, the documents show, the NSA has pioneered groundbreaking new spying programs at Menwith Hill to pinpoint the locations of suspected terrorists accessing the internet in remote parts of the world. The programs — with names such as GHOSTHUNTER and GHOSTWOLF — have provided support for conventional British and American military operations in Iraq and Afghanistan. But they have also aided covert missions in countries where the U.S. has not declared war. NSA employees at Menwith Hill have collaborated on a project to help “eliminate” terrorism targets in Yemen, for example, where the U.S. has waged a controversial drone bombing campaign that has resulted in dozens of civilian deaths.

The disclosures about Menwith Hill raise new questions about the extent of British complicity in U.S. drone strikes and other so-called targeted killing missions, which may in some cases have violated international laws or constituted war crimes. Successive U.K. governments have publicly stated that all activities at the base are carried out with the “full knowledge and consent” of British officials.

The revelations are “yet another example of the unacceptable level of secrecy that surrounds U.K. involvement in the U.S. ‘targeted killing’ program,” Kat Craig, legal director of London-based human rights group Reprieve, told The Intercept.

“It is now imperative that the prime minister comes clean about U.K. involvement in targeted killing,” Craig said, “to ensure that British personnel and resources are not implicated in illegal and immoral activities.”

Objective Peckham

Saturday, 30 January 2016

As he walked through the busy streets of London, Bilal el-Berjawi was glancing over his shoulder. Everywhere he went, he suspected he was being followed. Within a few years — 4,000 miles away in remote Somalia — he would be dead, killed by a secret U.S. drone strike.

A small and stocky British-Lebanese citizen with a head of thick dark hair, Berjawi had grown up much like any other young boy in the United Kingdom’s capital city, attending school during the day and playing soccer with friends in his free time. But by his early 20s he was leading no ordinary life. He was suspected of having cultivated ties with senior al Qaeda militants in East Africa, his British citizenship was abruptly revoked, and he was placed on a U.S. kill list.

In January 2012, Berjawi met his sudden end, about 10 miles northwest of Mogadishu, when a missile crashed into his white car and blasted it beyond recognition.

At the time of Berjawi’s death, the Associated Press reported that the missile strike targeting him had been carried out by a drone, citing an anonymous U.S. official. The Economist criticized the secrecy surrounding the attack and questioned whether it had amounted to a “very British execution.”

Now, a classified U.S. document obtained by The Intercept shines new light on the circumstances surrounding Berjawi’s death. It reveals that the U.S. government was monitoring him for at least five years as he traveled between London and Somalia; that he was targeted by a covert special operations unit running a fleet of more than two dozen drones, fighter jets, and other aircraft out of East Africa; and that cellphone surveillance facilitated the strike that killed him.

The document, a case study included in a secret 2013 report by the Pentagon’s Intelligence, Surveillance, and Reconnaissance Task Force, does not mention Berjawi by name, instead referring to a target code-named “Objective Peckham.” But it contains enough specific details about the target’s movements and the time and place of the attack that killed him to confirm his identity beyond doubt.

The Intercept has pieced together the final years of Berjawi’s life based on the Pentagon case study, public records, interviews with individuals who knew him, and a transcript of a long conversation Berjawi had in April 2009 with members of Cage, a London-based rights group, in which he discussed his encounters with security agencies in the U.K. and Kenya.

The story of Berjawi’s life and death raises new questions about the British government’s role in the targeted assassination of its own citizens — also providing unique insight into covert U.S. military actions in the Horn of Africa and their impact on al Qaeda and its affiliate in the region, al Shabaab.

Operation Socialist

Friday, 20 March 2015

When the incoming emails stopped arriving, it seemed innocuous at first. But it would eventually become clear that this was no routine technical problem. Inside a row of gray office buildings in Brussels, a major hacking attack was in progress. And the perpetrators were British government spies.

It was in the summer of 2012 that the anomalies were initially detected by employees at Belgium’s largest telecommunications provider, Belgacom. But it wasn’t until a year later, in June 2013, that the company’s security experts were able to figure out what was going on. The computer systems of Belgacom had been infected with a highly sophisticated malware, and it was disguising itself as legitimate Microsoft software while quietly stealing data.

Last year, documents from National Security Agency whistleblower Edward Snowden confirmed that British surveillance agency Government Communications Headquarters was behind the attack, codenamed Operation Socialist. And in November, The Intercept revealed that the malware found on Belgacom’s systems was one of the most advanced spy tools ever identified by security researchers, who named it “Regin.”

The full story about GCHQ’s infiltration of Belgacom, however, has never been told. Key details about the attack have remained shrouded in mystery—and the scope of the attack unclear.

Now, in partnership with Dutch and Belgian newspapers NRC Handelsblad and De Standaard, The Intercept has pieced together the first full reconstruction of events that took place before, during, and after the secret GCHQ hacking operation.

Based on new documents from the Snowden archive and interviews with sources familiar with the malware investigation at Belgacom, The Intercept and its partners have established that the attack on Belgacom was more aggressive and far-reaching than previously thought. It occurred in stages between 2010 and 2011, each time penetrating deeper into Belgacom’s systems, eventually compromising the very core of the company’s networks.

Snowden told The Intercept that the latest revelations amounted to unprecedented “smoking-gun attribution for a governmental cyber attack against critical infrastructure.”

The Belgacom hack, he said, is the “first documented example to show one EU member state mounting a cyber attack on another…a breathtaking example of the scale of the state-sponsored hacking problem.”

Publicly, Belgacom has played down the extent of the compromise, insisting that only its internal systems were breached and that customers’ data was never found to have been at risk. But secret GCHQ documents show the agency gained access far beyond Belgacom’s internal employee computers and was able to grab encrypted and unencrypted streams of private communications handled by the company.

Belgacom invested several million dollars in its efforts to clean-up its systems and beef-up its security after the attack. However, The Intercept has learned that sources familiar with the malware investigation at the company are uncomfortable with how the clean-up operation was handled—and they believe parts of the GCHQ malware were never fully removed.

The revelations about the scope of the hacking operation will likely alarm Belgacom’s customers across the world. The company operates a large number of data links internationally (see interactive map below), and it serves millions of people across Europe as well as officials from top institutions including the European Commission, the European Parliament, and the European Council. The new details will also be closely scrutinized by a federal prosecutor in Belgium, who is currently carrying out a criminal investigation into the attack on the company.

Sophia in ’t Veld, a Dutch politician who chaired the European Parliament’s recent inquiry into mass surveillance exposed by Snowden, told The Intercept that she believes the British government should face sanctions if the latest disclosures are proven.

“Compensating Belgacom should be the very least it should do,” in ’t Veld said. “But I am more concerned about accountability for breaking the law, violating fundamental rights, and eroding our democratic systems.”
Other similarly sophisticated state-sponsored malware attacks believed to have been perpetrated by Western countries have involved Stuxnet, a bug used to sabotage Iranian nuclear systems, and Flame, a spy malware that was found collecting data from systems predominantly in the Middle East.

What sets the secret British infiltration of Belgacom apart is that it was perpetrated against a close ally—and is backed up by a series of top-secret documents, which The Intercept is now publishing.
GCHQ declined to comment for this story, and insisted that its actions are “necessary legal, and proportionate.”

The Surveillance Engine

Thursday, 4 September 2014

The National Security Agency is secretly providing data to nearly two dozen U.S. government agencies with a “Google-like” search engine built to share more than 850 billion records about phone calls, emails, cellphone locations, and internet chats, according to classified documents obtained by The Intercept.

The documents provide the first definitive evidence that the NSA has for years made massive amounts of surveillance data directly accessible to domestic law enforcement agencies. Planning documents for ICREACH, as the search engine is called, cite the Federal Bureau of Investigation and the Drug Enforcement Administration as key participants.

ICREACH contains information on the private communications of foreigners and, it appears, millions of records on American citizens who have not been accused of any wrongdoing. Details about its existence are contained in the archive of materials provided to The Intercept by NSA whistleblower Edward Snowden.

Earlier revelations sourced to the Snowden documents have exposed a multitude of NSA programs for collecting large volumes of communications. The NSA has acknowledged that it shares some of its collected data with domestic agencies like the FBI, but details about the method and scope of its sharing have remained shrouded in secrecy.

ICREACH has been accessible to more than 1,000 analysts at 23 U.S. government agencies that perform intelligence work, according to a 2010 memo. A planning document from 2007 lists the DEA, FBI, Central Intelligence Agency, and the Defense Intelligence Agency as core members. Information shared through ICREACH can be used to track people’s movements, map out their networks of associates, help predict future actions, and potentially reveal religious affiliations or political beliefs.

The creation of ICREACH represented a landmark moment in the history of classified U.S. government surveillance, according to the NSA documents.

“The ICREACH team delivered the first-ever wholesale sharing of communications metadata within the U.S. Intelligence Community,” noted a top-secret memo dated December 2007. “This team began over two years ago with a basic concept compelled by the IC’s increasing need for communications metadata and NSA’s ability to collect, process and store vast amounts of communications metadata related to worldwide intelligence targets.”

The search tool was designed to be the largest system for internally sharing secret surveillance records in the United States, capable of handling two to five billion new records every day, including more than 30 different kinds of metadata on emails, phone calls, faxes, internet chats, and text messages, as well as location information collected from cellphones. Metadata reveals information about a communication—such as the “to” and “from” parts of an email, and the time and date it was sent, or the phone numbers someone called and when they called—but not the content of the message or audio of the call.

ICREACH does not appear to have a direct relationship to the large NSA database, previously reported by The Guardian, that stores information on millions of ordinary Americans’ phone calls under Section 215 of the Patriot Act. Unlike the 215 database, which is accessible to a small number of NSA employees and can be searched only in terrorism-related investigations, ICREACH grants access to a vast pool of data that can be mined by analysts from across the intelligence community for “foreign intelligence”—a vague term that is far broader than counterterrorism.

Data available through ICREACH appears to be primarily derived from surveillance of foreigners’ communications, and planning documents show that it draws on a variety of different sources of data maintained by the NSA. Though one 2010 internal paper clearly calls it “the ICREACH database,” a U.S. official familiar with the system disputed that, telling The Intercept that while “it enables the sharing of certain foreign intelligence metadata,” ICREACH is “not a repository [and] does not store events or records.” Instead, it appears to provide analysts with the ability to perform a one-stop search of information from a wide variety of separate databases.

In a statement to The Intercept, the Office of the Director of National Intelligence confirmed that the system shares data that is swept up by programs authorized under Executive Order 12333, a controversial Reagan-era presidential directive that underpins several NSA bulk surveillance operations that monitor communications overseas. The 12333 surveillance takes place with no court oversight and has received minimal Congressional scrutiny because it is targeted at foreign, not domestic, communication networks. But the broad scale of 12333 surveillance means that some Americans’ communications get caught in the dragnet as they transit international cables or satellites—and documents contained in the Snowden archive indicate that ICREACH taps into some of that data.

Legal experts told The Intercept they were shocked to learn about the scale of the ICREACH system and are concerned that law enforcement authorities might use it for domestic investigations that are not related to terrorism.

“To me, this is extremely troublesome,” said Elizabeth Goitein, co-director of the Liberty and National Security Program at the New York University School of Law’s Brennan Center for Justice. “The myth that metadata is just a bunch of numbers and is not as revealing as actual communications content was exploded long ago—this is a trove of incredibly sensitive information.” Brian Owsley, a federal magistrate judge between 2005 and 2013, said he was alarmed that traditional law enforcement agencies such as the FBI and the DEA were among those with access to the NSA’s surveillance troves. “This is not something that I think the government should be doing,” said Owsley, an assistant professor of law at Indiana Tech Law School. “Perhaps if information is useful in a specific case, they can get judicial authority to provide it to another agency. But there shouldn’t be this buddy-buddy system back-and-forth.”

Jeffrey Anchukaitis, an ODNI spokesman, declined to comment on a series of questions from The Intercept about the size and scope of ICREACH, but said that sharing information had become “a pillar of the post-9/11 intelligence community” as part of an effort to prevent valuable intelligence from being “stove-piped in any single office or agency.”

Using ICREACH to query the surveillance data, “analysts can develop vital intelligence leads without requiring access to raw intelligence collected by other IC [Intelligence Community] agencies,” Anchukaitis said. “In the case of NSA, access to raw signals intelligence is strictly limited to those with the training and authority to handle it appropriately. The highest priority of the intelligence community is to work within the constraints of law to collect, analyze and understand information related to potential threats to our national security.”