Jump to content

NSA's Ragtime program targets Americans, leaked files show

Recommended Posts

Several more variants of Ragtime appear in recently leaked documents.


A leaked document shines new light on a surveillance program developed by the National Security Agency.


The program, known as Ragtime, collects the contents of communications, such as emails and text messages, of foreign nationals under the authority of several US surveillance laws.


Details of the program are held in the highest tiers of secrecy, known as exceptionally controlled information, with only a few NSA staffers having access to the program and its data.


There were four known versions, Please login or register to see this link. , released just months before the first documents published from the cache of documents leaked by whistleblower Edward Snowden. Ragtime-A is said to involve the US-based collection of foreign-to-foreign counterterrorism data; Ragtime-B collects foreign government data that travels through the US; and Ragtime-C focuses on the nuclear counterproliferation effort.


Another program stands for Ragtime-P, which is said to stand for the Patriot Act, which authorizes the collection of Please login or register to see this link. of telecom providers. A Please login or register to see this link. showed Verizon was ordered to turn over customer call records to the NSA on a daily basis. Dozens of other companies have Please login or register to see this link. to provide data for Ragtime.


But the Ragtime program has many more versions -- including one that appears to involve Americans' data.


The document was found buried Please login or register to see this link. , discovered by UpGuard's Chris Vickery.


The document seen by ZDNet, dated November 2011, shows the Ragtime program has eleven variants, including the four that were already known. The document alludes to Ragtime-BQ, F, N, PQ, S, and T.


The eleventh version refers to Ragtime-USP. "USP" is a common term used across the intelligence community to refer to "US person," like a US citizen or lawful permanent resident.


Image: ZDNet


Americans are generally protected from government surveillance under the Fourth Amendment. A few exceptions exist, such as if the secretive Washington DC-based Foreign Intelligence Surveillance Court, which authorizes the government's spying activities, issues a warrant based on probable cause, such as if there is evidence of an American working for a foreign power.


But the NSA has long "incidentally" collected data on Americans, Please login or register to see this link. .


Ragtime dates back to 2002, according to Please login or register to see this link. . The program forms part of a wider collection of systems and databases under the STELLARWIND umbrella of warrantless surveillance programs, Please login or register to see this link. of then-president George W. Bush in response to the September 11, 2001 terrorist attacks. After a series of leaks in 2008 detailing the scope and breadth of STELLARWIND's domestic collection capability, Congress limited the government's surveillance powers.


Changes to the law had an immediate impact on the Ragtime program. Although the government was barred from collecting new metadata on Americans under Ragtime-P, the NSA retained the data. Analysts with clearance were still permitted to search the database.


Only a fraction of NSA staffers have the appropriate security clearance to access Ragtime's databases. One Please login or register to see this link. says analysts must have special "need to know" clearance to access the data, and any information relating to Ragtime is restricted from being shared to foreign intelligence partners. The exception is Ragtime-C, which the new document implies a level of co-operation from the UK government.


The data stored in Ragtime's databases is so sensitive that their very existence is compartmentalized. The clearance level for each Ragtime version, according to the document, is "unpublished," in an effort to ensure that the programs themselves aren't widely known about across the agency.


The NSA said in internal security guidance that unpublished classification markings are set for some programs "due to sensitivity and restrictive access controls."


When reached, an NSA spokesperson declined to comment on Ragtime, or its purpose.


"In accordance with longstanding policy, the National Security Agency will neither confirm nor deny that any of the purported information referenced in the article has any connection to NSA or the US government," a spokesperson said. "The National Security Agency is focused on the protection of the United States, its citizens, and our allies through around-the-clock pursuit of valid foreign intelligence targets."




"The Foreign Intelligence Surveillance Act makes clear that, except in limited circumstances, NSA must obtain a court order, based on probable cause, from the Foreign Intelligence Surveillance Court to conduct electronic surveillance targeting a US person," the spokesperson added.



News of the leak comes just weeks before Congress has to pass reforms or a reauthorization of the US government's surveillance laws.


Lawmakers have until the end of the year to pass a bill to ensure powers under the Foreign Intelligence Surveillance Act are put back in the law books, or the NSA risks losing those powers at the end of the annual intelligence cycle. These are the same powers that authorized the Please login or register to see this link. , which collects data from servers of internet giants, the massive bulk collection of internet traffic, and the government's computer and network hacking powers.


Several bills have Please login or register to see this link. by members of both the House and Senate.

US intelligence chiefs are Please login or register to see this link. of the surveillance powers, while privacy groups are fighting for greater transparency.

Several members of Congress have vowed to fight the reauthorization until they learn how many Americans are swept up in section 702 surveillance.


The government's spy chief has so far refused to say what that number is.


Via Please login or register to see this link.


Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Similar Content

    • By OKQL
      Article: Please login or register to see this link.
      Press:  Please login or register to see this link.
      SERVICE: www.vulnerability-lab.com
    • By Aerosol

      WE’VE SUSPECTED IT all along—that Skynet, the massive program that brings about world destruction in the Terminator movies, was just a fictionalization of a real program in the hands of the US government. And now it’s confirmed—at least in name.
      As The Intercept reports today, the NSA does have a program called Skynet. But unlike the autonomous, self-aware computerized defense system in Terminator that goes rogue and launches a nuclear attack that destroys most of humanity, this one is a surveillance program that uses phone metadata to track the location and call activities of suspected terrorists. A journalist for Al Jazeera reportedly became one of its targets after he was placed on a terrorist watch list.
      Ahmad Muaffaq Zaidan, bureau chief for Al Jazeera’s Islamabad office, got tracked by Skynet after he was identified by US intelligence as a possible Al Qaeda member and assigned a watch list number. A Syrian national, Zaidan has scored a number of exclusive interviews with senior Al Qaeda leaders, including Osama bin Laden himself.
      Skynet uses phone location and call metadata from bulk phone call records to detect suspicious patterns in the physical movements of suspects and their communication habits, according to a 2012 government presentation The Intercept obtained from Edward Snowden.
      The presentation indicates that Skynet looks for terrorist connections based on questions such as “who has traveled from Peshawar to Faisalabad or Lahore (and back) in the past month? Who does the traveler call when he arrives?” It also looks for suspicious behaviors such as someone who engages in “excessive SIM or handset swapping” or receives “incoming calls only.”
      The goal is to identify people who move around in a pattern similar to Al Qaeda couriers who are used to pass communication and intelligence between the group’s senior leaders. The program tracked Zaidan because his movements and interactions with Al Qaeda and Taliban leaders matched a suspicious pattern—which is, it turns out, very similar to the pattern of journalists meeting with sources.
      We should note that the NSA has a second program that more closely resembles the Terminator‘s Skynet. This one is called MonsterMind, as revealed by Edward Snowden last year in an interview with WIRED and James Bamford. MonsterMind, like the film version of Skynet, is a defense surveillance system that would instantly and autonomously neutralize foreign cyberattacks against the US, and could be used to launch retaliatory strikes as well. Under this program algorithms would scour massive repositories of metadata and analyze it to differentiate normal network traffic from anomalous or malicious traffic. Armed with this knowledge, the NSA could instantly and autonomously identify, and block, a foreign threat.
      Snowden also suggested, however, that MonsterMind could one day be designed to return fire—automatically, without human intervention—against an attacker. Because an attacker could tweak malicious code to avoid detection, a counterstrike would be more effective in neutralizing future attacks. Sounds a lot like Skynet. No word from the NSA on why they didn’t use that iconic film name for its real-world Skynet.
      Please login or register to see this link.
    • By Aerosol

      Privacy International (PI) is calling on people to sign up to be part of a mass request for confirmation they have been spied on by Five Eyes spy agencies and to demand the removal of captured information.
      Would-be signatories are being asked to submit their name and email address to the organisation, which will then pass them on to Britain's Investigatory Powers Tribunal tasked with determining if the sharing of NSA-intercepted material with the UK's GCHQ spy agency was illegal.
      The requests would cover a prodigious amount of data numbering billions of records hoovered up by the NSA and shared with the GCHQ until December last year.
      PI will not reveal if agencies other than the NSA collected data, and would cover only that shipped to the GCHQ. This could conceivably include data captured by any Five Eyes agency and shared with the GCHQ via the NSA.
      The offer came on the heels of the tribunal's ruling this month in favour of Privacy International that the mass funnelling of intelligence information between Britain and the United States was illegal prior to December.
      That decision made on the grounds that rules governing the exchange were secret opened an avenue for users to request the tribunal examine and notify if their data was illegally obtained and, if found in breach, for the information to be destroyed.
      The British charity dubbed the ruling a "major victory against the Five Eyes" group of nations which includes Australia, New Zealand and Canada, and said it was possible only due to the flurry of NSA leaks from Edward Snowden.
      "Through their secret intelligence sharing relationship with the NSA, GCHQ has had intermittently unrestricted access to PRISM - NSA's means of directly accessing data and content handled by some of the world’s largest Internet companies, including Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube and Apple," deputy director Eric King said at the time.
      "GCHQ's access to NSA material therefore makes up the large bulk of all surveillance material handled by the security services; some ex- GCHQ staffers estimated that 95 per cent of all signals intelligence material handled at GCHQ is American.
      "The extraordinary implications of [the] judgement is that all historical sharing of raw intelligence between NSA and GCHQ took place without an adequate legal framework, and thus was unlawful."
      The Tribunal will likely be swamped if the campaign takes off. Probes could trawl records collected from NSA programmes UPSTREAM, CO-TRAVELLER, and DISHFIRE, the former having intercepted some 160 billion records from its top five programmes in one month alone.
      Privacy International said requests could take years to be fulfilled.
      New requests could be made to discover the data collected by individual agencies to current day if the charity was successful in its appeal with the European Court of Human Rights against the decision that the data shared between the US and UK spy agencies was kosher due to the policies of the arrangement being made public as a result of the legal action
      Please login or register to see this link.
    • By Aerosol

      The NSA’s phone-snooping program is on its last legs after senators voted Tuesday to approve the USA Freedom Act, banning bulk collection of Americans’ data two years after the practice was revealed to the public by Edward Snowden.
      President Obama signed the bill late Tuesday, moving quickly to kick-start several Patriot Act powers that expired this weekend after senators missed a deadline for renewing them.
      But the bill, which cleared the Senate on a 67-32 vote, puts limits on a key power. Investigators still can demand businesses to turn over customers’ documents and records, but the data must be targeted to individuals or groups and cannot be done indiscriminately.
      The National Security Agency must end its snooping program within six months, forcing intelligence officials to set up a system that will leave the information with phone companies. Investigators will be able to submit a query only if they have a specific terrorism lead.
      “It’s the first major overhaul of government surveillance in decades and adds significant privacy protections for the American people,” said Sen. Patrick J. Leahy, a Vermont Democrat who led a two-year fight to end the NSA’s snooping. “Congress is ending the bulk collection of Americans’ phone records once and for all.”
      Supporters of the NSA program predicted that intelligence officials will not be able to get the same kinds of results if phone companies rather than government agencies hold the data.
      Senate Majority Leader Mitch McConnell, Kentucky Republican, said Mr. Obama will be blamed for weakening U.S. security and that the NSA program’s end was in line with the president’s opposition to detaining suspected terrorists at Guantanamo Bay, Cuba, and failing to confront the Islamic State.
      “The president’s efforts to dismantle our counterterrorism tools have not only been inflexible, they are especially ill-timed,” Mr. McConnell said.
      But it was the majority leader’s miscalculations about scheduling that backed NSA supporters into a corner. Mr. McConnell wanted the entire program to be extended and tried to use the June 1 expiration deadline to force fellow senators into a take-it-or-leave-it choice. But his colleagues, including a large percentage of Republicans, rejected his bid, sending the Senate over the deadline and undercutting Mr. McConnell’s leverage.
      On Tuesday, Mr. McConnell made a last-ditch effort to change the bill, doubling the six-month grace period for the NSA and requiring the government to certify that it could keep producing the same results even without storing the phone data itself.
      Even some senators who were sympathetic to his cause, though, voted against the amendments, saying any changes would have sent the bill back to the House and prolonged the fight, leaving the Patriot Act neutered in the meantime.
      Nearly half of Senate Republicans voted for the USA Freedom Act, joining all but one Democrat and a Democrat-leaning independent.
      The vote was a major vindication for the House, which for the second time this year has driven the legislative agenda on a major issue, striking a bipartisan compromise that senators were forced to accept.
      The bill also had the backing of the intelligence community, which has assured Congress that it won’t be giving up any major capabilities and can make the new system work even with the data held by phone companies instead of the NSA.
      Mr. Obama initially defended the program, but after several internal reviews found it to be ineffective and potentially illegal, he said he would support a congressional rewriting to end the law.
      The George W. Bush and Obama administrations justified the program under Section 215 of the Patriot Act, which gives federal investigators power to compel businesses to turn over customers’ documents and records. Using that power, the NSA demanded the metadata — the numbers, dates and durations involved — from all Americans’ calls.
      The information was stored and queried when investigators suspected a number was associated with terrorism and wanted to see who was calling whom.
      Backers said the program didn’t impinge on Americans’ liberty because the information, while stored by the government, wasn’t searched until there was a specific terrorism nexus. They said there were never any documented abuses of the program.
      But opponents said repeated reviews, including one last month by the Justice Department’s inspector general, found the program has never been responsible for a major break in a terrorism case. Given its ineffectiveness, they said, it was time to end it.
      Sen. Ron Wyden, an Oregon Democrat who had been battling behind closed doors for years as a member of the intelligence committee to end the program, said the vote was a first step.
      He said he and like-minded colleagues now will turn to other powers under the Foreign Intelligence Surveillance Act that the government uses to scoop up emails — a power Mr. Wyden said is increasingly gathering information on Americans, contrary to its intent.
      “This is only the beginning. There is a lot more to do,” he said.
      Some of Mr. Wyden’s colleagues in those fights, including Sen. Rand Paul, Kentucky Republican, voted against the USA Freedom Act.
      “Forcing us to choose between our rights and our safety is a false choice,” said Mr. Paul, who is running for the Republican presidential nomination and making his stand against the Patriot Act a major part of his campaign.
      Mr. Paul even used the obstruction powers the Senate gives to a single lawmaker to block action Sunday, sending Congress hurtling across the deadline and causing three powers to expire: the records collection, the ability to target “lone wolf” terrorists and the power to track suspected terrorists from phone to phone without obtaining a wiretap each time.
      The lone-wolf and wiretap powers were extended without changes.
      Please login or register to see this link.
    • By Aerosol

      Security experts are still trying to assess the effects of the reported attack on SIM card manufacturer that resulted in the theft of millions of encryption keys for mobile phones around the world, but it’s safe to say that the operation has caused reverberations throughout the industry and governments in several countries.
      The attack, reported by The Intercept, is breathtaking in its scope and audacity. Attackers allegedly associated with the NSA and GCHQ, the British spy agency, were able to compromise a number of machines on the network of Gemalto, a global manufacturer of mobile SIM cards. The attackers have access to servers that hold the encryption keys for untold millions of mobile phones, allowing them to monitor the voice and data communication of those devices.
      The document on which the report is based was provided by Edward Snowden, and it says in part, “Gemalto–successfully implanted several machines and believe we have their entire network…” If true, that would mean that the attackers had access to far more than just those SIM encryption keys. Gemalto officials said in a statement that they were previously unaware of this operation.
      “The publication indicates the target was not Gemalto per se – it was an attempt to try and cast the widest net possible to reach as many mobile phones as possible, with the aim to monitor mobile communications without mobile network operators and users consent. We cannot at this early stage verify the findings of the publication and had no prior knowledge that these agencies were conducting this operation,” the statement says.
      Security researchers have said since the beginning of the NSA scandal–and before that, in some cases–that the agency and its allies have an intense interest in monitoring mobile communications. Mobile networks present different challenges than traditional computer networks do for attackers, but they are not insurmountable ones for organizations with the resources of NSA and GCHQ. Gemalto, as one of the larger SIM manufacturers on earth, would be a natural target for signals intelligence agencies, as it provides products to hundreds of wireless providers, including Verizon, AT&T and Sprint.
      Bruce Schneier, CTO of CO3 Systems and a noted cryptographer, said that this operation may represent the most serious revelation of the Snowden documents.
      “People are still trying to figure out exactly what this means, but it seems to mean that the intelligence agencies have access to both voice and data from all phones using those cards,” Schneier said on his blog. “I think this is one of the most important Snowden stories we’ve read.”
      The Gemalto revelation could have long-term effects for the technology industry and its relations with the government in the United States and UK. The relationships already have been strained by past revelations of NSA operations against infrastructure owned by companies such as Google, Yahoo and many others. This latest revelation likely won’t help matters. But White House officials aren’t worried.
      “We certainly are aware of how important it is for the United States government to work with private industry; that there are a lot of situations in which our interests are pretty cleanly aligned. And there are certainly steps that the U.S. government has taken in the name of national security that some members of private industry haven’t agreed with. But I do think that there is common ground when it comes to — and this is a principle that I’ve cited before — it’s hard for me to imagine that there are a lot of technology executives that are out there that are in a position of saying that they hope that people who wish harm to this country will be able to use their technology to do so,” Josh Earnest, White House press secretary, said during a briefing on Friday.
      Please login or register to see this link.