(Last edited: Nov 23, 2015)
Almost unnoticed, the Austrian fellow member of parliament Peter Pilz of late disclosed novel information almost performance Eikonal, nether which NSA together with BND cooperated inwards tapping some fiber-optic cables at a switching middle of Deutsche Telekom inwards Frankfurt, Germany.
As component of the NSA umbrella programme RAMPART-A, Eikonal was laid upward to assemble intelligence almost targets from Russia, the Middle East together with North-Africa. Because the cables that were tapped came also from countries similar Austria, Switzerland, France, Kingdom of Belgium together with the Netherlands, at that spot were fears that their communications were intercepted too.
Here, the newly disclosed information volition live discussed together with combined amongst things nosotros learned from the hearings of the German linguistic communication parliamentary commission that investigates NSA spying, including performance Eikonal.
Overview of the articulation NSA-BND performance Eikonal (2004-2008)
(Click to enlarge)
Leak
The novel information comes from transcripts of some fax together with electronic mail messages from employees of BND, Deutsche Telekom together with the federal Chancellery, which Peter Pilz published on his website on Oct 23, 2015.
He never told how he got these highly sensitive documents, but equally they were made available to the parliamentary research commission, it seems most probable mortal from or real unopen to this committee must take away maintain leaked them to Pilz. Strangely enough, this leak was never investigated.
Media attention
Also remarkable is that the information together with documents disclosed yesteryear Peter Pilz were almost completely ignored yesteryear mainstream German linguistic communication media similar ARD together with ZDF together with the major newspapers. The latest disclosure was for illustration only reported yesteryear the Austrian paper Der Standard together with the German linguistic communication tech website Heise.de.
By contrast, inwards neighbouring countries similar Austria, Kingdom of Belgium together with the Netherlands, the Pilz revelations were large intelligence together with led to official investigations. Through May together with June of this year, he had published lists of communication links related to Switzerland, France, Grand Duchy of Luxembourg together with Poland too, claiming they showed to what extent BND together with NSA spied upon these countries.
First component of the listing amongst communication links related to France
(Source: Peter Pilz - Click to enlarge)
Whose's links?
Initially, Peter Pilz claimed these links were from a priority listing of the NSA, but neither he, nor the committee hearings could clearly confirm this. The Dutch website De Correspondent reported that at that spot was fifty-fifty a much larger listing of some grand transit links, of which ca. 250 were marked inwards yellow.
Now, Pilz confirms that there's indeed such a large list: it was prepared yesteryear Deutsche Telekom together with contains all its 1028 transit links. Employees of BND had marked 256 of them inwards yellow, champaign the ones they were most interested in, together with hence the listing became known equally the BND priority list. He doesn't refer an involvement of NSA at this phase anymore.
Now that nosotros know the large listing of over grand links isn't an fifty-fifty larger "wish list", but a listing of all available transit links, it could good live that BND tried to select to a greater extent than or less 20% of them, equally a rather unusual provision inwards German linguistic communication police line says that mass collection is only allowed upward to a maximum of 20% of a cable's capacity.
As Telekom Republic of Austria rented the channels to Vienna, nosotros tin forcefulness out assume that other national telecommunication providers also rented their links to Frankfurt, amongst Deutsche Telekom beingness the possessor of the cables equally component of their international backbone network.
Determining the access points
After BND selected the 256 channels, Deutsche Telekom had to expression which of them ran through Frankfurt together with could live intercepted there. For this purpose Harald Helfrich of the lawful interception unit of measurement of Deutsche Telekom AG (DTAG) sent his collegue mr. Tieger the next electronic mail on September 16, 2003:
Hallo LK,
wie heute morgen besprochen übersende ich Ihnen decease Liste der Transit-Leitungen der DTAG. Wir bitten Sie decease gelb unterlegten Verbindungen bzgl. ihrer Führung (z.B. Ffm 21 oder Norden-Nordeich) und ob inwards der 2-Mb-Ebene greifbar, zu analysieren.
Anlage: Trans mit ausgesuchten Strecken
In this postal service it is asked to analyse whether the transit channels marked inwards yellowish tin forcefulness out live intercepted at the 2 Mbit-level, either at Deutsche Telekom's Frankfurt am Main Point-of-Presence 21 (Ffm 21) or at Norden-Norddeich.
The latter is a town at the northern coast of Germany, where the SeaMeWe-3 together with TAT-14 submarine cables land. For the parliamentary committee this was a argue to inquire whether also cables where intercepted over there, but that was strongly denied yesteryear the witnesses involved.
Selecting private channels?
Interestingly, the phrase "ob inwards der 2-Mb-Ebene greifbar" suggests that it could live possible to only intercept specific 2 Mbit/s channels piece leaving the other ones untouched (one physical STM1-cable has a information charge per unit of measurement of 155 Mbit/s together with contains 63 virtual channels).
Whether this is possible is of import for how focused such cable tapping tin forcefulness out be. Isolating private channels depends inwards the origin house on where just the tapping takes place:
A. When the physical fiber is intercepted before it reaches the switch, it has to live curvature inwards social club to grab the low-cal that leaks. Because this leaking signal is much weaker, it has to live amplified before it tin forcefulness out live processed. In this way it's non possible to select private channels: the eavesdropper gets everything that runs over the fiber, together with has to demultiplex the channels himself to select the ones that comprise traffic of interest.
Splitting a traffic from a fiber-optic cable yesteryear bowing it
(diagram: OSA Publishing, slightly simplified)
B. When the interception takes house at an optical switch itself, so it's possible to only grab the virtual channels you lot are interested in. Influenza A virus subtype H5N1 physical cable contains channels which take away maintain to live demultiplexed at the switch inwards social club to live forwarded (switched) to the fiber that leads to the intended destination. When the switch converts the optical signals into electronic signals it is fifty-fifty to a greater extent than tardily to duplicate only private channels of interest.
Diagram showing (de)multiplexing at a fiber-optic switch
(diagram modified from Wikimedia Commons/Jflabourdette)
Different methods
During the committee hearing of March 26, 2015, Klaus Landefeld, board fellow member of the DE-CIX cyberspace exchange, indicated that at to the lowest degree since 2009, interception takes house at the switch. Also, the so-called G10-orders authorise interception based upon Autonomous System Numbers (ASN) which are used for logical paths, rather than yesteryear naming physical cables to or from a sure as shooting city.
However, it seems that nether performance Eikonal, the fiber-optic cables were tapped yesteryear splitting the cable signal before it reached the switch. This was to a greater extent than or less clearly indicated yesteryear several witnesses heard yesteryear the parliamentary commission, together with at that spot are several other indications too.
In 2004, it was champaign non yet possible to works life a tap at the switch itself to acquire access to private channels (although Deutsche Telekom could take away maintain demultiplexed the fiber together with only frontwards the channels of involvement to BND, but this wasn't the case).
Government authorisation
After BND had made clear what they wanted, the Deutsche Telekom administration wasn't sure as shooting whether such cable access was legal. Therefore they wanted to live backed yesteryear the federal Chancellery. On Dec 30, 2003, the coordinator for the intelligence services at the Chancellery, Ernst Uhrlau, sent the next fax message to Kai-Uwe Ricke, so CEO of Deutsche Telekom, together with Josef Brauner, caput of the landline sectionalization T-Com:
Sehr geehrter Herr Ricke, sehr geehrter Herr Brauner,
das Bundeskanzleramt ist sehr interessiert, dass der Bundesnachrichtendienst im Rahmen seines gesetzlichen Auftrages kabelgestützte Transitverkehre aufklärt. Der vom Bundesnachrichtendienst inwards Ihrem Unternehmen geplante Aufklärungsansatz steht aus hiesiger Sicht inwards Einklang mit geltendem Recht.
Ich darf auf diesem Weg decease Anregung des Bundesnachrichtendienstes weitergeben, inwards der Deutschen Telekom AG, T-Com, den Bereich RA 43 (Staatliche Sonderauflagen), zu dem bereits im Rahmen der Strategischen Fernmeldekontrolle Kontakte bestehen, mit der Durchführung der auf Seiten der Deutschen Telekom AG erforderlichen Maßnahmen zu beauftragen.
It says that inwards the thought of the Chancellery, the proposed BND performance is according to German linguistic communication law. The Chancellery encourages Deutsche Telekom to instruct its lawful intercept unit of measurement RA 43 (which is ane of iv Regionalstellen für staatliche Sonderauflagen or ReSA) to start taking the necessary measures for the interception.
Transit Agreement
On behalf of the board of Deutsche Telekom, Josef Brauner answers the fax from the Chancellery on Jan 13, 2004. He says the T-Com sectionalization is aware of the importance of a well-functioning intelligence service, together with volition thence back upward the interception of cable-bound transit traffic:
Sehr geehrter Herr Ministerialdirektor,
gerne bestätigen wir Ihnen den Erhalt Ihres Schreibens vom 30. Dezember des letzten Jahres.
Die T-Com ist sich der Bedeutung eines gut funktionierenden Nachrichtendienstes für das Gemeinwesen der Bundesrepublik Deutschland - insbesondere vor dem Hintergrund der terroristischen Angriffe des 11. September 2001 - bewusst und wird daher decease geplanten Aktivitäten des Bundesnachrichtendienstes, decease kabelgestützten Transitverkehre im Rahmen seines gesetzlichen Auftrages aufzuklären, unterstützen.
Entsprechend der Anregung des Bundesnachrichtendienstes wird diesseits unser Bereich RA43 (staatliche Sonderauflagen) beauftragt, decease hierfür von unserer Seite erforderlichen Maßnahmen vorzunehmen
Then on March 1, 2004, the BND together with Deutsche Telekom signed the so-called Transit Agreement (pdf), inwards which the latter agreed to supply access to its transit cables, together with inwards render volition live paid 6.500,- euro a calendar month for the expenses. This understanding was also leaked to Peter Pilz, who published it on May 18, 2015 inwards the Austrian tabloid paper Kronen Zeitung.
Preparing for collection
After the understanding had been signed, BND sent an electronic mail on March 9, 2004 to Wolfgang Alster, caput of Deutsche Telekom's lawful interception unit of measurement RA 43 bespeak for the connector (schaltung) of the origin communication links. He adds that he had ordered the payment of the origin 2 monthly payments:
Schaltauftrag
DTAG RA 433
Hallo Herr Alster,
Der Geschäftsbesorgungsvertrag "Transit" ist ja jetzt von beiden Seiten unterzeichnet und gestern habe ich decease beiden ersten Monatszahlungen veranlasst.
Daher erdreiste ich mich, Sie um decease erste Schaltung von Leitungen zu bitten.
Realising the access was champaign non that easy, because it took until Dec 2004 before the origin cable was connected. Then it appeared that it's signal was also weak, so inwards Jan 2005 an amplifier was installed - equally the parliamentary committee was told yesteryear S.L., who was the BND projection managing director for Eikonal (note that the usage of an amplifier indicates tapping the entire fiber-optic cable).
At this origin phase of performance Eikonal, only circuit-switched (Leitungsvermittelte) telephone communications were intercepted. Collection of packet-switched (Paketvermittelte) cyberspace communications started inwards 2006 (see below).
RUBIN
On Feb 3, 2005, mr. Knau mailed his colleague Harald Helfrich at the RA 43 unit of measurement that an STM1-link betwixt switching middle Frankfurt 21 together with Grand Duchy of Luxembourg had been connected. Channels 2, 6, 14, together with 50 contained the virtual channels that had Grand Duchy of Luxembourg equally their endpoint:
Hallo Herr Helfrich,
Habe heute früh decease o.g. Verbindung auf decease Punkte 71/00/002/03 xix + 39 zugeschaltet. In der Anlage ist decease Belegung lt. RUBIN ersichtlich.
Auf den Kanälen 2, 6, 14, 50 befinden sich decease inwards der Liste markierten DSVn mit der Endstelle Luxembourg.
Bitte um Rückmeldung ob das ganze funktioniert.
Anlage: Belegung 7571 Luxbg
We also run into the term RUBIN (German for ruby), together with during the committee hearings it seemed that this was an alternate codename for performance Eikonal. But when heard on Jan 15, 2015, Harald Helfrich explained that RUBIN is genuinely a arrangement that Deutsche Telekom uses to grapple its communication links together with cables - which perfectly fits how the term is used inwards this e-mail.
Channels of interest
The side yesteryear side electronic mail is also from Feb 3, 2005, but was already published yesteryear Peter Pilz on May 15, 2015 together with is the only ane that is available inwards what seems to live its master copy form. It's from Harald Helfrich, who informs a mr. Siegert at the BND that mr. Knau had connected an STM1-link before that morn (see previous e-mail). He says it contains the channels that were on the BND priority list:
This electronic mail says that BND was interested inwards the next 2 Mbit/s channels from the Transit STM1-cable "Ffm 21 - Grand Duchy of Luxembourg 757/1":
Channel 2: Luxembourg/VG - Wien/000 750/3
Channel 6: Luxembourg/CLUX - Moscow/CROS 750/1
Channel 14: Ankara/CTÃœR - Luxembourg/CLUX 750/1
Channel 50: Luxembourg/VG - Prague/000 750/1
According to Peter Pilz, additional cables were connected on Feb xiv together with 25, equally good equally on March 3, 2005. Unfortunately, he either doesn't possess or didn't break the related e-mails, so nosotros withal don't know how many together with which channels take away maintain genuinely been intercepted.
The interception of telephony communications thence started inwards the Spring of 2005, which agency that collection nether Eikonal only lasted for three years, together with non 4 years, when ane would count from signing the understanding inwards 2004 until the terminate of the performance inwards 2008.
Ending telephone interception
Peter Pilz published the transcripts of 2 to a greater extent than e-mails, which are almost ending the telephone interception. On May 27, 2008, mr. Thorwald from Deutsche Telekom sent the next message to his colleague Harald Helfrich, informing him that fully circuit-switched transit traffic isn't supported anymore. Therefore, the extraction of transit traffic at the company's premises tin forcefulness out live terminated:
Sehr geehrter Herr Helfrich,
Wie wir bereits telefonisch besprochen, teile ich Ihnen mit, dass decease Verarbeitung von reinen leitungsvermittelten "Transit-Verkehren" von uns nicht mehr durchgeführt wird.
Aus diesem Grund kann decease Ableitung der Transit-Verkehre inwards unseren Betriebsräumen eingestellt werden.
Im leitungsvermittelten Bereich (Ableitung auf höherer Ebene) besteht aktuell der Bedarf zur Ableitung von folgenden Verkehren:
+ 2 x STM-64
+ 4 x STM-16
After that, Thorwald writes that there's currently a demand to extract the traffic of 2 STM-64 together with iv STM-16 cables, which take away maintain a information charge per unit of measurement of ca. 10 Gbit/s together with 2,5 Gbit/s respectively. This is also said to live circuit-switched, but "extraction at a higher level".
Anomalies
If nosotros assume that Peter Pilz provided the right engagement for this e-mail, it's unusual that at that spot was champaign a demand for novel cable accesses, hardly a calendar month before performance Eikonal was officially terminated (June 2008).
Even to a greater extent than unusual is that the electronic mail says the novel accesses are also circuit-switched (leitungsvermittelt), piece during the hearings it was testified that the collection of such telephone communications ended inwards Jan 2007, after Deutsche Telekom fased-out its concern model for dedicated transit cables. This electronic mail brings that message almost 1,5 years later!
Internet access
From the committee hearings nosotros also learned that BND wanted access to cyberspace traffic too, which is packet-switched (Paketvermittelt). For this, the origin cable became available yesteryear the terminate of 2005, but it took some months before the backlink was also connected. In the fountain of 2006 a minute cable was added, together with the front-end arrangement together with the filters were tested until mid-2007.
Could it live that mr. Thorwald only made a mistake, together with wrote "leitungsvermittelten" where he meant "paketvermittelten"? But fifty-fifty then, why add together novel cyberspace cables, only before the performance was ended?
Another question
Influenza A virus subtype H5N1 similar anomaly tin forcefulness out live found inwards an e-mail, that according to Peter Pilz, was sent ane hateful solar daytime later, on May 28, 2008. In it, mr. Knau informed Harald Helfrich together with his superior Wolfgang Alster that the access to iv STM1-cables tin forcefulness out live terminated immediately.
Given what was said during the committee hearings, ane would take away maintain expected that this also had happened already inwards Jan 2007, instead of May 2008. It seems some things don't add together upward here.
Wie bereits fernmündlich besprochen, können nachfolgende STM1-Zuschaltungen mit sofortiger Wirkung aufgehoben werden:
Ffm 21 - Stuttgart 10 757/22A
Ffm 21 - Paris 757/1
Ffm 21 - Reims 757/1
Ffm 21 - Grand Duchy of Luxembourg 757/1
Physical cables
Unlike the numerous virtual channels inwards the lists, this electronic mail is almost physical cables. "Ffm 21 - Grand Duchy of Luxembourg 757/1" is the ane mentioned inwards the electronic mail from Feb 3, 2005, containing 4 channels of involvement to Luxembourg; the others are cables from Frankfurt (Ffm) to Reims, Paris, together with Deutsche Telekom's Point-of-Presence inwards Stuttgart. With this, nosotros at nowadays take away maintain proof of three other cables having been tapped.
According to a list (.docx) publiced yesteryear Peter Pilz, at that spot are 29 channels to/from Reims together with 22 channels to/from Paris, all of which could easily take away maintain been inwards the fiber-optic cable betwixt Frankfurt together with Reims, together with Frankfurt together with Paris, respectively, equally ane unmarried STM1-cable contains 63 separate channels:
Frankfurt - Stuttgart: ? channels of interest
Frankfurt - Paris: 22 channels of interest
Frankfurt - Reims: 29 channels of interest
Frankfurt - Luxembourg: eleven channels of interest
Peter Pilz concludes that performance Eikonal was the start of NSA's illegal mass surveillance of European telecommunications. But that's non supported yesteryear evidence. After Eikonal, NSA continued articulation cable tapping operations amongst BND together with other European agencies, but equally these programs are component of RAMPART-A, they are mainly aimed at
BND cable tapping
Operation Eikonal did start something else though: it provided BND amongst the noesis together with the sense for conducting cable tapping on its own: inwards 2009 they started intercepting cables from 25 cyberspace service providers, this fourth dimension at the DE-CIX cyberspace telephone substitution inwards Frankfurt - equally was revealed yesteryear Der Spiegel on Oct 6, 2013.
Among these 25 providers are unusual companies from Russia, Central Asia, the Middle East together with North Africa, but also vi German linguistic communication providers: 1&1, Freenet, Strato AG, QSC, Lambdanet together with Plusserver, who almost entirely grip domestic traffic.
It appears that this interception takes house inwards cooperation amongst the DE-CIX Management together with that the diverse providers themselves didn't knew that this was happening. Influenza A virus subtype H5N1 smart move, equally this provides BND amongst only ane unmarried point-of-contact, piece the indivual providers tin forcefulness out honestly deny that their cables are beingness intercepted.
Links together with sources
- Heise.de: BND-Operation Eikonal: "Freibrief" für decease Telekom aus dem Kanzleramt
- DerStandard.at: Pilz: Berlin genehmigte NSA-Spionage gegen Österreich
- PeterPilz.at: "Ich darf decease Anregung weitergeben..." Die Operation Transit inwards Europa
Tidak ada komentar:
Posting Komentar