The German Functioning Eikonal Every Mo Business Office Of Nsa's Rampart-A Program

(Updated: May 30, 2015)

Just over a calendar week ago, the regional High German paper Süddeutsche Zeitung together with the regional broadcasters NDR together with WDR came alongside a story proverb that betwixt 2004 together with 2008, the High German unusual intelligence service BND had tapped into the Frankfurt meshing telephone substitution DE-CIX together with shared the intercepted information alongside the NSA. As non all communications of High German citizens could last filtered out, this is considered a violation of the constitution.

Here nosotros volition give a summary of what is currently known almost this BND performance together with nosotros volition combine this alongside information from before reports. This volition present that it was most probable business office of the RAMPART-A computer programme of the NSA, which includes similar interception efforts yesteryear unusual partner agencies. Finally, nosotros volition await at where just the BND interception mightiness withdraw keep taken place.

> See also: New details almost the articulation NSA-BND performance Eikonal

Update #1:
On Oct 20, the Danish paper Information has confirmed that the High German BND performance Eikonal was indeed business office of the RAMPART-A program: a document from NSA's SSO sectionalization lists an performance codenamed "EIKANOL" equally business office of RAMPART-A together with says it was decommissioned inwards June 2008. Unfortunately the master copy document wasn't published.

Update #2:
During hearings of BND officials yesteryear the High German parliamentary committee investigating NSA spying, it became clear that performance Eikonal was genuinely tapping into only i fiber-optic cable from Deutsche Telekom, together with non into the Frankfurt meshing telephone substitution DE-CIX. This was confirmed yesteryear High German media on Dec 4, 2014.

The High German performance Eikonal

The codename for the BND performance was Eikonal, which is a scientific High German word, derived from Greek, pregnant likeness, icon or image. Details almost it were flora inwards BND documents marked Streng Geheim (Top Secret), which were handed over to a committee of the High German parliament that investigates NSA spying activities (NSA Untersuchungsausschuss). It's non clear whether journalists were able to read these documents themselves, or were only told almost their contents.

The performance was fix inwards 2003 equally a cooperation betwixt BND together with NSA, whith the BND providing access to the Frankfurt meshing telephone substitution DE-CIX, together with NSA providing sophisticated interception equipment, which the Germans didn't had but were eager to use. Interception of telephone traffic started inwards 2004, meshing information were captured since 2005. Reportedly, NSA was peculiarly interested inwards communications from Russia.

For this, NSA provided BND alongside lists of 'selectors' similar telephone numbers together with electronic mail addresses. According to the testimony of an BND employee at a commission hearing finally month, his co-workers pulled these selectors from an American server 2, 3 or four times a solar daytime together with entered them into the scheme that does the actual interception.

The article inwards Süddeutsche Zeitung says that from DE-CIX, the information initiative off went to BND headquarters inwards Pullach, together with hence to the Mangfall barracks inwards Bad Aibling, where BND together with NSA analysts secretly worked together equally the Joint SIGINT Activity (JSA, terminated inwards 2012). From there, at that spot was a secure line of piece of employment dorsum to NSA headquarters.

Operations centre room inwards the one-time BND headquarters inwards Pullach
(click to enlarge)

To foreclose communications of High German citizens beingness passed on to NSA, BND installed a special computer programme (codenamed DAFIS) to filter these out. But according to the documents, this filter didn't operate properly from the beginning. An initial essay inwards 2003 showed the BND that 5% of the information of High German citizens could not last filtered out.

Influenza A virus subtype H5N1 review of performance Eikonal reported that a "complete together with accurate" separation betwixt High German together with unusual telecommunication was impossible. Also BND wasn't able to fully banking company check this because of a lack of technical expertise.

The documents also propose that the intelligence oversight committees of the Bundestag were non properly informed. The BND noticed at some betoken that the NSA searched for information almost the European defence forcefulness contractor EADS (now Airbus Group), the Eurocopter together with French authorities agencies. Together alongside doubts almost the legality of the Eikonal operation, this resulted inwards ending the cooperation alongside NSA inwards 2008.

Reportedly, NSA wasn't happy alongside that together with sent its deputy manager John Inglis to Berlin inwards lodge to need some form of "compensation": if non Frankfurt, hence BND should offering access to some other European fiber-optic cable. Süddeutsche Zeitung says that at that time, BND got access to a cable of "global importance", where NSA did non withdraw keep access to. NSA hence became a "silent partner" receiving information from this novel BND interception effort.

Meanwhile, 2 members of the High German parliamentary investigation committee, who are cleared for the BND documents almost Eikonal, said that the aforementioned press reports were non ever correct. According to i member, it genuinely wasn't BND, but NSA that ended the cooperation, evidently because the Germans were hence heavily filtering the data, that the consequence wasn't of much involvement for NSA anymore.

The RAMPART-A computer programme of NSA

Those who withdraw keep followed the Snowden-leaks, may withdraw keep recognized that performance Eikonal is identical to cable tapping operations which are conducted nether the RAMPART-A computer programme of NSA. According to some of the Snowden-documents, this is an umbrella computer programme nether which NSA cooperates alongside 3rd Party countries, who "provide access to cables together with host U.S. equipment".

The slide below clearly shows that such a partner province taps an international cable at an access betoken (A) somewhere inwards that province together with hence forwards the information to a processing centre (B). Equipment provided yesteryear the NSA processes the information together with analysts from the host province tin send away hence analyse the intercepted information (C) before they are forwarded to an NSA site inwards the U.S. of America (D):

Details almost NSA's RAMPART-A computer programme were published yesteryear the Danish paper number of records are NSA's second, 3rd together with 5th most productive cable tapping programs - which shows the importance of these 3rd Party relationships for NSA.

Eikonal (which ~~most probable had a different NSA codename~~ seems to last misspelled EIKANOL inwards the NSA document seen yesteryear Information) isn't included inwards these documents equally they engagement from at to the lowest degree 2 years after this performance was ended.

The exact locations of these access points are protected nether the Exceptionally Controlled Information (ECI) compartment REDHARVEST (RDV), to which Snowden seems to withdraw keep had no access. Therefore nosotros don't know which countries are participating inwards the RAMPART-A program, although some of the documents incorporate leads pointing to Kingdom of Denmark together with Germany.

These unusual partnerships operate on the status that the host province volition non utilisation the NSA’s technology scientific discipline to collect whatever information on U.S. of America citizens. The NSA agrees that it volition non utilisation the access it has been granted to collect information on the host countries’ citizens, but i NSA presentation slide (marked NOFORN: Not for Foreign Nationals) notes that "there ARE exceptions" to this rule:

According to a 2010 briefing, intelligence collected via RAMPART-A yielded over 9000 intelligence reports the previous year, out of which one-half was based solely on intelligence intercepted through RAMPART-A.

More almost RAMPART-A

What the reports on both websites didn't cite is that RAMPART-A is evidently focussed on collecting information almost Russia, the Middle East together with North Africa. This comes from Der NSA Komplex, a majority almost the Snowden-revelations written yesteryear 2 journalists from Der Spiegel. Unfortunately this book, which is much to a greater extent than informative than the i yesteryear Glenn Greenwald, is only available inwards German.

Besides 3rd Party partners giving access to cables inwards their ain country, there's also a construction inwards which such a partner way cooperates alongside yet some other province that secretly provides access to information traffic, which is also shared alongside NSA. In recent years, BND together with NSA conducted almost one-half a dozen of such operations, 3 of which are mentioned inwards Der NSA Komplex:

- Tiamat (access to high-level international targets nether risky circumstances. This performance had ended before 2013)*

- Hermos (in the Spring of 2012, BND got access to communication cables inwards a crisis zone country, but this performance had to last terminated yesteryear the goal of the yr when the province of affairs almost went out of control)*

- Wharpdrive (this performance was nonetheless active inwards 2013, but inwards the Spring of that year, employees of the somebody companionship that operates the communication cables, accidently discovered the hugger-mugger BND/NSA equipment, but the performance was rescued yesteryear providing a plausible comprehend story)*

Update:
In the follow-up written report yesteryear the Danish paper Information from Oct 20, 2014, it is said that the WHARPDRIVE access was opened inwards Feb 2013 together with had the same size equally EIKANOL. Information claims that according to Der Spiegel this access was also located inwards Germany, but Der NSA Komplex says it was a articulation venture alongside a 3rd province together with inwards an NSA document from Apr 2013 it is also called a "trilateral program", which was "identified for possible termination due to financial constraints". From this document it seems the computer programme had EMERALD equally an alternate codename.

Where did the tapping took place?

The best kept secret is the actual location where the BND tapping betoken was. Süddeutsche Zeitung reports that inwards the master copy documents the shout out of the provider is blacked out, but that according to insiders, it must withdraw keep been Deutsche Telekom that assisted BND. The paper fifty-fifty says both parties signed an understanding inwards which the provider earned a payment of 6.000,- euros a calendar month inwards render for the access.

This seems to represent alongside a written report broadcasted yesteryear the High German tv set mag Frontal 21 inwards July finally year, proverb that BND had access to the Frankfurt meshing telephone substitution through its ain cable since 2009. According to an insider, this cable access was nether the comprehend of a major High German telecom provider, together with it was speculated this was Deutsche Telekom.

But equally people noticed, Deutsche Telekom was not connected to DE-CIX when performance Eikonal took place. In 2008, the actual routers together with switches of DE-CIX were situated inwards xviii information centers from InterXion, TeleCity, Equinix, Level 3, ITENOS together with e-shelter. Since 2008, the distributed DE-CIX switches are interconnected through the priva|nex somebody fiber-optic network from euNetworks.

Diagram of the Frankfurt meshing telephone substitution betoken DE-CIX

Maybe before 2008 the DE-CIX switches were connected yesteryear fiber cables from Deutsche Telekom, but if not, at that spot seems to last no way this companionship could withdraw keep provided the BND access to the Frankfurt meshing exchange. If the 6000,- euro contract genuinely involved Deutsche Telekom, hence maybe for the rent of a somebody cable from the tapping betoken to a BND site.

In reply to before media reports, the DE-CIX administration pose out a press release on June 26, 2014 saying: We exclude that whatever unusual or domestic secret service had access to our meshing telephone substitution together with the connected fiber-optic networks during the menstruum of 2004 - 2007". It was added that DE-CIX itself doesn't operate whatever information centers, nor stores or processes information on its own.

This arguing only speaks almost the past, hence it doesn't contradict the fact that the BND was of late authorized to intercept the communications from 25 meshing service providers (ISPs), alongside their cables beingness tapped at the DE-CIX meshing exchange, equally was reported yesteryear Der Spiegel on Oct 6, 2013. Influenza A virus subtype H5N1 missive of the alphabet containing this authorization was sent to the Association of the High German Internet Industry, which is the possessor of the companionship that operates the Frankfurt meshing exchange.

Among these 25 providers at that spot are unusual companies from Russia, Central Asia, the Middle East together with North Africa, but also half dozen High German providers: 1&1, Freenet, Strato AG, QSC, Lambdanet together with Plusserver, who almost solely withdraw keep domestic traffic.

However, said that he couldn't dominion out that some providers connected to the telephone substitution would allow interception on their equipment when ordered hence yesteryear their national governments.

This points to for illustration Level 3, a U.S. of America companionship that has a information centre which houses some DE-CIX routers. But if Level 3 would withdraw keep provided access to DE-CIX, hence at that spot was no necessitate for NSA to cooperate alongside BND. Also, on August 1, 2013, Level 3 gave out a press release proverb that the companionship had non given whatever unusual authorities access to its networks inwards Federal Republic of Federal Republic of Germany inwards lodge to send surveillance.

Update:
On March 26, 2015, the High German parliamentary investigation commission heard Klaus Landefeld, board fellow member of DE-CIX, who provided some interesting insights inwards the workings of this meshing exchange.

Conclusion

Although nosotros withdraw keep no positive confirmation that Eikonal was business office of the RAMPART-A program, this High German performance perfectly fits the way inwards which unusual parters of NSA larn access to of import meshing cables together with switches together with portion the results alongside their American counterparts. In this case, NSA evidently cooperated alongside BND inwards lodge to larn access to communications from Russian Federation together with in all likelihood also from the Middle East together with North Africa that traveled through Germany.

The best kept secret is how together with where such interception takes place, together with nosotros withdraw keep seen that tapping the Frankfurt meshing telephone substitution DE-CIX is far to a greater extent than complex than it seems. This makes it hard to pinpoint the taps, but yesteryear combining before press reports alongside the construction of the DE-CIX exchange, it seems unlikely that Deutsche Telekom was involved.

Update #1:
Because of the confusion almost the purpose of Deutsche Telekom inwards performance Eikonal, the parliamentary investigation commission has decided to also investigate whether this companionship assisted BND inwards tapping the Frankfurt meshing telephone substitution or not. As an option choice it's suggested that Deutsche Telekom mightiness withdraw keep only given access to its ain Frankfurt backbone switch, instead of to DE-CIX - this would ameliorate tally NSA's description of what is intercepted nether RAMPART-A: "International Gateway Switches; End-Point GSM Switches; Leased Internet Circuits; Internet Backbone Routers".

Update #2:
During hearings of BND officials yesteryear the High German parliamentary committee investigating NSA spying, it became clear that performance Eikonal was indeed tapping into only i fiber-optic cable from Deutsche Telekom, together with non into the Frankfurt meshing telephone substitution DE-CIX. This was confirmed yesteryear High German media on Dec 4, 2014.