View Full Version : Meet the Spies Doing the NSA's Dirty Work (It's the FBI)

11-22-2013, 05:40 PM
This obscure FBI unit does the domestic surveillance that no other intelligence agency can touch.
http://www.foreignpolicy.com/articles/2013/11/21/the_obscure_fbi_team_that_does_the_nsa_dirty_work? page=0,0

With every fresh leak, the world learns more about the U.S. National Security Agency's massive and controversial surveillance apparatus. Lost in the commotion has been the story of the NSA's indispensable partner in its global spying operations: an obscure, clandestine unit of the Federal Bureau of Investigation that, even for a surveillance agency, keeps a low profile.

When the media and members of Congress say the NSA spies on Americans, what they really mean is that the FBI helps the NSA do it, providing a technical and legal infrastructure that permits the NSA, which by law collects foreign intelligence, to operate on U.S. soil. It's the FBI, a domestic U.S. law enforcement agency, that collects digital information from at least nine American technology companies as part of the NSA's Prism system. It was the FBI that petitioned the Foreign Intelligence Surveillance Court to order Verizon Business Network Services, one of the United States' biggest telecom carriers for corporations, to hand over the call records of millions of its customers to the NSA.

But the FBI is no mere errand boy for the United States' biggest intelligence agency. It carries out its own signals intelligence operations and is trying to collect huge amounts of email and Internet data from U.S. companies -- an operation that the NSA once conducted, was reprimanded for, and says it abandoned.

The heart of the FBI's signals intelligence activities is an obscure organization called the Data Intercept Technology Unit, or DITU (pronounced DEE-too). The handful of news articles that mentioned it prior to revelations of NSA surveillance this summer did so mostly in passing. It has barely been discussed in congressional testimony. An NSA PowerPoint presentation given to journalists by former NSA contractor Edward Snowden hints at DITU's pivotal role in the NSA's Prism system -- it appears as a nondescript box on a flowchart showing how the NSA "task[s]" information to be collected, which is then gathered and delivered by the DITU.

But interviews with current and former law enforcement officials, as well as technology industry representatives, reveal that the unit is the FBI's equivalent of the National Security Agency and the primary liaison between the spy agency and many of America's most important technology companies, including Google, Facebook, YouTube, and Apple.

The DITU is located in a sprawling compound at Marine Corps Base Quantico in Virginia, home of the FBI's training academy and the bureau's Operational Technology Division, which runs all the FBI's technical intelligence collection, processing, and reporting. Its motto: "Vigilance Through Technology." The DITU is responsible for intercepting telephone calls and emails of terrorists and foreign intelligence targets inside the United States. According to a senior Justice Department official, the NSA could not do its job without the DITU's help. The unit works closely with the "big three" U.S. telecommunications companies -- AT&T, Verizon, and Sprint -- to ensure its ability to intercept the telephone and Internet communications of its domestic targets, as well as the NSA's ability to intercept electronic communications transiting through the United States on fiber-optic cables.

For Prism, the DITU maintains the surveillance equipment that captures what the NSA wants from U.S. technology companies, including archived emails, chat-room sessions, social media posts, and Internet phone calls. The unit then transmits that information to the NSA, where it's routed into other parts of the agency for analysis and used in reports.

After Prism was disclosed in the Washington Post and the Guardian, some technology company executives claimed they knew nothing about a collection program run by the NSA. And that may have been true. The companies would likely have interacted only with officials from the DITU and others in the FBI and the Justice Department, said sources who have worked with the unit to implement surveillance orders.

"The DITU is the main interface with providers on the national security side," said a technology industry representative who has worked with the unit on many occasions. It ensures that phone companies as well as Internet service and email providers are complying with surveillance law and delivering the information that the government has demanded and in the format that it wants. And if companies aren't complying or are experiencing technical difficulties, they can expect a visit from the DITU's technical experts to address the problem.

* * *

Recently, the DITU has helped construct data-filtering software that the FBI wants telecom carriers and Internet service providers to install on their networks so that the government can collect large volumes of data about emails and Internet traffic.

The software, known as a port reader, makes copies of emails as they flow through a network. Then, in practically an instant, the port reader dissects them, removing only the metadata that has been approved by a court.

The FBI has built metadata collection systems before. In the late 1990s, it deployed the Carnivore system, which the DITU helped manage, to pull header information out of emails. But the FBI today is after much more than just traditional metadata -- who sent a message and who received it. The FBI wants as many as 13 individual fields of information, according to the industry representative. The data include the route a message took over a network, Internet protocol addresses, and port numbers, which are used to handle different kinds of incoming and outgoing communications. Those last two pieces of information can reveal where a computer is physically located -- perhaps along with its user -- as well as what types of applications and operating system it's running. That information could be useful for government hackers who want to install spyware on a suspect's computer -- a secret task that the DITU also helps carry out.

The DITU devised the port reader after law enforcement officials complained that they weren't getting enough information from emails and Internet traffic. The FBI has argued that under the Patriot Act, it has the authority to capture metadata and doesn't need a warrant to get them. Some federal prosecutors have gone to court to compel port reader adoption, the industry representative said. If a company failed to comply with a court order, it could be held in contempt.

The FBI's pursuit of Internet metadata bears striking similarities to the NSA's efforts to obtain the same information. After the 9/11 terrorist attacks, the agency began collecting the information under a secret order signed by President George W. Bush. Documents that were declassified Nov. 18 by Barack Obama's administration show that the agency ran afoul of the Foreign Intelligence Surveillance Court after it discovered that the NSA was collecting more metadata than the court had allowed. The NSA abandoned the Internet metadata collection program in 2011, according to administration officials.

But the FBI has been moving ahead with its own efforts, collecting more metadata than it has in the past. It's not clear how many companies have installed the port reader, but at least two firms are pushing back, arguing that because it captures an entire email, including content, the government needs a warrant to get the information. The government counters that the emails are only copied for a fraction of a second and that no content is passed along to the government, only metadata. The port reader is designed also to collect information about the size of communications packets and traffic flows, which can help analysts better understand how communications are moving on a network. It's unclear whether this data is considered metadata or content; it appears to fall within a legal gray zone, experts said.

* * *

The DITU also runs a bespoke surveillance service, devising or building technology capable of intercepting information when the companies can't do it themselves. In the early days of social media, when companies like LinkedIn and Facebook were starting out, the unit worked with companies on a technical solution for capturing information about a specific target without also capturing information related to other people to whom the target was connected, such as comments on posts, shared photographs, and personal data from other people's profiles, according to a technology expert who was involved in the negotiations.

The technicians and engineers who work at the DITU have to stay up to date on the latest trends and developments in technology so that the government doesn't find itself unable to tap into a new system. Many DITU employees used to work for the telecom companies that have to implement government surveillance orders, according to the industry representative. "There are a lot of people with inside knowledge about how telecommunications work. It's probably more intellectual property than the carriers are comfortable with the FBI knowing."

The DITU has also intervened to ensure that the government maintains uninterrupted access to the latest commercial technology. According to the Guardian, the unit worked with Microsoft to "understand" potential obstacles to surveillance in a new feature of Outlook.com that let users create email aliases. At the time, the NSA wanted to make sure that it could circumvent Microsoft's encryption and maintain access to Outlook messages. In a statement to the Guardian, Microsoft said, "When we upgrade or update products we aren't absolved from the need to comply with existing or future lawful demands." It's the DITU's job to help keep companies in compliance. In other instances, the unit will go to companies that manufacture surveillance software and ask them to build in particular capabilities, the industry representative said.

The DITU falls under the FBI's Operational Technology Division, home to agents, engineers, electronic technicians, computer forensics examiners, and analysts who "support our most significant investigations and national security operations with advanced electronic surveillance, digital forensics, technical surveillance, tactical operations, and communications capabilities," according to the FBI's website. Among its publicly disclosed capabilities are surveillance of "wireline, wireless, and data network communication technologies"; collection of digital evidence from computers, including audio files, video, and images; "counter-encryption" support to help break codes; and operation of what the FBI claims is "the largest fixed land mobile radio system in the U.S."

The Operational Technology Division also specializes in so-called black-bag jobs to install surveillance equipment, as well as computer hacking, referred to on the website as "covert entry/search capability," which is carried out under law enforcement and intelligence warrants.

The tech experts at Quantico are the FBI's silent cybersleuths. "While [the division's] work doesn't typically make the news, the fruits of its labor are evident in the busted child pornography ring, the exposed computer hacker, the prevented bombing, the averted terrorist plot, and the prosecuted corrupt official," according to the website.

According to former law enforcement officials and technology industry experts, the DITU is among the most secretive and sophisticated outfits at Quantico. The FBI declined Foreign Policy's request for an interview about the unit. But in a written statement, an FBI spokesperson said it "plays a key role in providing technical expertise, services, policy guidance, and support to the FBI and the intelligence community in collecting evidence and intelligence through the use of lawfully authorized electronic surveillance."

In addition to Carnivore, the DITU helped develop early FBI Internet surveillance tools with names like CoolMiner, Packeteer, and Phiple Troenix. One former law enforcement official said the DITU helped build the FBI's Magic Lantern keystroke logging system, a device that could be implanted on a computer and clandestinely record what its user typed. The system was devised to spy on criminals who had encrypted their communications. It was part of a broader surveillance program known as Cyber Knight.

In 2007, Wired reported that the FBI had built another piece of surveillance malware to track the source of a bomb threat against a Washington state high school. Called a "computer and Internet protocol address verifier," it was able to collect details like IP addresses, a list of programs running on an infected computer, the operating system it was using, the last web address visited, and the logged-in user name. The malware was handled by the FBI's Cryptologic and Electronic Analysis Unit, located next door to the DITU's facilities at Quantico. Wired reported that information collected by the malware from its host was sent via the Internet to Quantico.

The DITU has also deployed what the former law enforcement official described as "beacons," which can be implanted in emails and, when opened on a target's computer, can record the target's IP address. The former official said the beacons were first deployed to track down kidnappers.

* * *

Lately, one of the DITU's most important jobs has been to keep track of surveillance operations, particularly as part of the NSA's Prism system, to ensure that companies are producing the information that the spy agency wants and that the government has been authorized to obtain.

The NSA is the most frequent requester of the DITU's services, sources said. There is a direct fiber-optic connection between Quantico and the agency's headquarters at Fort Meade, Maryland; data can be moved there instantly. From the companies' perspective, it doesn't much matter where the information ends up, so long as the government shows up with a lawful order to get it.

"The fact that either the targets are coming from the NSA or the output goes to the NSA doesn't matter to us. We're being compelled. We're not going to do any more than we have to," said one industry representative.

But having the DITU act as a conduit provides a useful public relations benefit: Technology companies can claim -- correctly -- that they do not provide any information about their customers directly to the NSA, because they give it to the DITU, which in turn passes it to the NSA.

But in the government's response to the controversy that has erupted over government surveillance programs, FBI officials have been conspicuously absent. Robert Mueller, who stepped down as the FBI's director in September, testified before Congress about disclosed surveillance only twice, and that was in June, before many of the NSA documents that Snowden leaked had been revealed in the media. On Nov. 14, James Comey gave his first congressional testimony as the FBI's new director, and he was not asked about the FBI's involvement in surveillance operations that have been attributed to the NSA. Attorney General Eric Holder has made few public comments about surveillance. (His deputy has testified several times.)

The former law enforcement official said Holder and Mueller should have offered testimony and explained how the FBI works with the NSA. He was concerned by reports that the NSA had not been adhering to its own minimization procedures, which the Justice Department and the FBI review and vouch for when submitting requests to the Foreign Intelligence Surveillance Court.

"Where they hadn't done what was represented to the court, that's unforgivable. That's where I got sick to my stomach," the former law enforcement official said. "The government's position is, we go to the court, apply the law -- it's all approved. That makes for a good story until you find out what was approved wasn't actually what was done."


11-22-2013, 05:58 PM
The FBI is Helping the NSA Spy, but Senators Don't Want to Know About It

http://killerapps.foreignpolicy.com/posts/2013/11/14/the_fbi_is_helping_the_nsa_spy_but_senators_don_t_ want_to_know_about_it

James Comey's first appearance before a congressional committee as the new director of the FBI was a walk in the park. The hearing Thursday, on threats to the U.S. homeland, was notable not for what Comey said, so much as what he didn't say, and what he wasn't asked.

After telling members of the Homeland Security and Governmental Affairs Committee that he thinks cyber attacks and homegrown extremists are the biggest threats to U.S. national security, Comey, who was sworn in on September 4, was asked only a few questions about the role of government surveillance in monitoring those threats. And the questions were not about the FBI's activities, but the National Security Agency's. Which is a shame. While the leaks of the last five months have mostly been about the NSA's snooping, it's the bureau that actually serves surveillance orders on telephone companies, e-mail and Internet service providers, and other corporations in the United States whose data the government wants to analyze.

Classified documents disclosed by the former NSA contractor Edward Snowden show a little-known FBI organization, the Data Intercept Technology Unit, is apparently in charge of obtaining information from companies like Google and Facebook as part of the NSA's Prism system, and then providing the data to the NSA. It's this handoff of information, some security experts say, that allows the companies to avoid the appearance of complicity in surveillance programs by saying they don't give information directly to the NSA. The Senate panel asked no questions about Prism.

The lack of inquiry on surveillance was all the more surprising considering that Comey has famously held forth on that subject before. Appearing before another Senate committee in May 2007, Comey recounted how, three years earlier, he had rushed to the hospital bedside of a critically ill Attorney General John Ashcroft and fended off White House aides who wanted him to sign an order authorizing President George W. Bush's so-called warrantless wiretapping program. Comey, along with other senior Justice Department officials, had concluded that a significant part of the program was illegal. As the acting attorney general, Comey refused to sign the order, and he later told Congress that he was "very upset; I was angry" at the White House officials' attempts to "take advantage of a very sick man..."

"That night was probably the most difficult night of my professional life, so it's not something I forget," Comey said.

Not that the Senate panel was convened to revisit history. But considering that the administration has stressed the importance, and the legality, of surveillance programs in protecting the United States, the FBI director is a logical official to address the role of law enforcement in those efforts.

Instead, Congress has focused more attention on the NSA director, Keith Alexander, even though he technically neither orders surveillance operations nor has the legal responsibility for executing them in the United States. Alexander has appeared six times before congressional committees since the first Snowden leak in June, according to a review of public documents. Robert Mueller, whom Comey replaced at the head of the FBI, testified about those programs twice, in his last appearances before the House and Senate judiciary committees. Those were previously-scheduled hearings about a range of FBI oversight issues, and they took place shortly after the initial leaks, when relatively few surveillance programs had been disclosed.

The leaks themselves, however, were the subject of some discussion at Thursday's hearing. Comey and his fellow witnesses argued that Snowden had damaged the work of government security agencies and tipped off the United States' enemies.

Comey said that in his first two months on the job, he has seen terrorists "change their behavior," he argued as a result of knowing how the government monitors their communications.

"Terrorists are seeking to learn about the ways we collect intelligence," said Matt Olsen, the director of the National Counterterrorism Center. The leaks about NSA programs have "made our job significantly harder." Neither Olsen nor Comey provided any information to substantiate those claims.

The hearing was nominally about threats to U.S. security, and in his appraisal, Comey put himself in lock step with his predecessor. Terrorism and cyber attacks top the list, he said. The risk of a "spectacular" attack on the scale of the September 11 attacks had diminished since 2001, thanks to counterterrorism operations overseas, Comey judged. But that the risk remains high of an attack by extremists in the United States who are inspired by terrorist propaganda and successful attacks in foreign countries. Olsen and Rand Beers, the acting secretary of the Homeland Security Department, concurred with that assessment.

Comey said that Mueller had told him that the threat of cyber attacks would become the most pressing issue facing the FBI in Comey's time as director. Now that he's in the job, Comey said he agrees. Americans have connected all aspects of their personal and professional lives to the Internet, and placed their money, their secrets, and their intellectual property there, Comey said. "There are no safe neighborhoods." Everything and everyone is a target.

Comey praised the work of the Homeland Security Department, with which the FBI "is working better than ever." For years the department has feuded with the NSA over which agency should have the primary responsibility for protecting U.S. computer networks and critical infrastructure, such as the power grid and the financial sector, from cyber attackers and spies. The Snowden revelations, which have damaged NSA's credibility in the eyes of many lawmakers and businesses, have put wind in Homeland Security's sales as it asserts its role in leading national cyber security strategy, current and former U.S. officials say.

Beers, who urged the Senate to confirm President Obama's nominee for secretary, Jeh Johnson, said that the department is doing all it can to implement the administration's cybersecurity policy under current authorities and an executive order. But it cannot move forward without legislation from Congress, Beers said. Topping the department's wish list is a provision in law that would allow companies to share information with the government for the purposes of preventing cyber attacks without the threat of being sued if that information turns out to contain private information about Americans.

At the FBI, which is responsible for investigating computer crimes and intellectual property theft, Comey said cyber task forces have been set up in each of the bureau's 56 field offices across the country. They work with state and local officials and businesses to investigate and help prevent crime. And FBI agents are working in the offices of law enforcement agencies in Romania, Estonia, the United Kingdom, the Netherlands, and other countries, Comey said.

Comey warned that mandatory budget cuts, as part of the sequestration process, would hinder the FBI's operations. "I worry we're approaching a situation where we're going to do less with less," Comey said. The bureau is not hiring additional personnel. There are about 36,000 employees at the FBI now, and Comey said he will cut that number down to 31,000, about where it was in 2009. He said that he will also cut $700 million in expenditures from the FBI's budget this year, on top of $600 million Mueller took out last year.

As the hearing came to a close, Committee Chairman Thomas Carper, from Delaware, asked Comey if he could assure Americans that the NSA was not using their personal information inappropriately. (No one from the spy agency was present for the hearing.)

"I've seen no indications NSA is acting outside the law," Comey said, adding that the agency is "obsessed with compliance" and operating by the rules. Olsen, who once served as general counsel of the NSA, concurred.

Comey said he welcomed the opportunity to discuss surveillance operations, and said committee hearings were a fundamental component of the constitutional system of checks and balances.

"We shouldn't be doing anything we can't explain," Comey said.

It was a commendable sentiment, but odd in the moment, considering Comey wasn't asked to explain much of anything.


11-22-2013, 06:11 PM
We have a "secret" building in reno that is part of this.

11-22-2013, 06:29 PM
Yeah, but if you call them saying someone just stole your identity; robbed your bank accounts... stole everything and here is who, what, when, and where.. They say they will get back to you, and you never hear from them again.

tod evans
11-22-2013, 09:07 PM
Yeah, but if you call them saying someone just stole your identity; robbed your bank accounts... stole everything and here is who, what, when, and where.. They say they will get back to you, and you never hear from them again.

Governments purpose is to protect government.

What in the world caused you to think otherwise?

11-22-2013, 09:28 PM