Barrett Brown Bonus Points; Listening for the Panaudicon; "Highlands Group" Pentagon incubator network for Intelligence kickstarts Google; Four Rogue Lords & UK Snoopers Charter

Roundup post. Barrett Now on the Hook for Stratfor My Post Cyberpunk Indentured Servitude - The Daily Beast [DailyBeast dropped the "you lost some rights" headline apparently as well]. Imprisoned journalist Barrett Brown gets his Declaration of Independence Back, but the +5 snark chainmail didn't do any good: cryptome.org/2015/01/brown-105.pdf

Federal sentencing agreements add and subtract points based on mysterious, occult rules derived from RolePlayingGames deep in the sweaty basement of the Federalist Society on the Yale campus.


As you can see, both dexterity and Photoshop skilz qualify as "deadly skull" level 63 month sentence:

Wait maybe this is actually the real one.


Yes "Unauthorized Access Devices" is hyperlinks.

via ( Clever: D&D Character Sheet Styled Resume | Geekologie & http://www.mmorpg-info.org/wp-content/uploads/2008/07/dd2.jpg )

Quinn Norton: We Should All Step Back from Security Journalism — The Message — Medium.


Intelligence community incubated Google: A few pretty large chunks turned up with new work from Nafeez Ahmed via crowdfunding, focused on period around the time Google was developed at Stanford. One of the computer scientists involved disputes part of Ahmed's story (and prepended his PDF source at that URL w a new statement), but the overall scope of the Highlands Forum / Group, along with the CIA's In-Q-Tel venture capital development/incubator operations, reconfigures our understanding of intersecting tech and intelligence worlds.


Highlands Group Overview The Highlands Group is an international consulting network that has been interestingly termed an "intellectual capital venture firm" with extensive experience assisting corporations, organizations, and government leaders frame issues and consider alternatives in the achievement of their objectives. The Highlands Group is a leader in helping clients to explore the edges for new ideas and approaches, create new networks, manage creativity, and succeed. The Highlands Group provides clients with a wide range of services, including: strategic planning, scenario creation and gaming for expanding global markets, and special events planning and assistance. The Highlands Group assists clients in identifying new technologies, ideas, and opportunities. Highlands draws on a network of subject matter experts and facilitates cross-disciplinary gatherings of creative thinkers, working with clients to build strategies for execution. We are a small and agile firm, supported by the strengths of a global network of experts, and provide our clients with personal involvement and dedication. The Highlands Group is headquartered in Washington, D.C. and Carmel Highlands, California, and is supported by a network of companies and independent researchers. It is truly a collaborative effort with great contributions from our sponsors; our Highlands Forum partners for the past ten years at SAIC; and the vast Highlands network of participants in the Highlands Forum, Singaporean Island Forum, the St. Michaels Forum, and the Information Engagement Forum.

Highlands Forum also has Thomas Barnett who provided crucial early post-9/11 backing for "core and gap" geopolitical dichotomy and 'rule setting' military hegemony quests within Pentagon circles. I read his book ages ago Thomas P.M. Barnett's Globlogization - The Pentagon's New Map: War & Peace in the 21st C. - it is important for understanding what framework got installed - as Ahmed digs up this was a transmission belt for Barnett and many others.

This gives earlier knowledge than the more wellknown roots of Google Earth as CIA's In-Q-Tel supported Keyhole -- they bought it partially from In-Q-Tel and turned in to Google Earth Enterprise as a platform for geospatial intelligence (GEO INT).

The powers that be have a strong interest in having one big Google (and Walmart, and foreign militant groups etc) - so it's no surprise that support among key figures - along with funding and special privileges, eventually contracts - to keep the tech scene consolidated.

INSURGE INTELLIGENCE, a new crowd-funded investigative journalism project, breaks the exclusive story of how the United States intelligence community funded, nurtured and incubated Google as part of a drive to dominate the world through control of information. Seed-funded by the NSA and CIA, Google was merely the first among a plethora of private sector start-ups co-opted by US intelligence to retain ‘information superiority.’

The origins of this ingenious strategy trace back to a secret Pentagon-sponsored group, that for the last two decades has functioned as a bridge between the US government and elites across the business, industry, finance, corporate, and media sectors. The group has allowed some of the most powerful special interests in corporate America to systematically circumvent democratic accountability and the rule of law to influence government policies, as well as public opinion in the US and around the world. The results have been catastrophic: NSA mass surveillance, a permanent state of global

PART 1: How the CIA made Google — Medium

PART 2: Why Google made the NSA — Medium

There is plenty to go over here and many links - it is a lot of material to get through, but worth your time. See Clifton - CV - Technical Reports . The Anatomy of a Search Engine.


Ubiquity of web enabled microphones: very much worth reading. If you don't know how the zeroday market works now especially. via https://panaudicon.wordpress.com/ - Jan 23 2015

Cross posted at Cryptome.org: On the Ubiquity of Web-enabled Microphones

Bruce Schneier (computer security expert, now also with the EFF) has remarked: "It's bad civic hygiene to build technologies that could someday be used to facilitate a police state. No matter what the eavesdroppers and censors say, these systems put us all at greater risk."

There are two elements of this emerging technology that prompt me to regard this as bad civic hygiene: the omnipresence of these microphones, and the increasing lack of technological constraint allowing their compromise by state and other actors.

When I say "increasing lack of technological constraint", I am referring to several things: the descriptions of actions by agencies such as NSA, GCHQ, and the FBI who are specifically targeting smartphones (e.g. Tailored Access Operations of NSA and Remote Operations Unit of FBI), the exploding grey market for zero-day vulnerabilities dominated by state actors (especially the United States), and the emerging market for contractors who are developing exploits and software tools which enable to these vulnerabilities to be efficiently utilized. (Vupen in France, Hacking Team in Italy, Endgame Systems in U.S., FinFisher in the U.K., etc.)

Zero-day vulnerabilities are essentially unintentional backdoors that are discovered in various software applications every year by hackers. There are hundreds of these things discovered every year, and they are an unavoidable by-product of the software development cycle. They are a special kind of software bug that can permit a third-party who knows about them to take over a person's device. Sort of like skeleton keys which allow entry into anyone's device that happens to use the operating system or application in which the vulnerability is discovered, and they permit various degrees of power over a person's device. Programmers create exploits known as "zero-day exploits" to make use of these vulnerabilities. A market has emerged whereby these exploits are sold to the highest bidders, which, unsurprisingly, happen to be state actors. An exploit for the iPhone's iOS was sold for $500,000 at one point to an unknown buyer -- the NSA perhaps, but every intelligence agency on the planet is willing to pay top dollar for these things. Parties are willing to pay much more if it seems the exploit is likely to go undetected for some time and if it provides a lot of power over the device (laptop, smartphone, or tablet). However, when a vulnerability is discovered "in the wild" and reported to the software company (as should be the case), the value drops to near zero very quickly as the software company develops a "patch" and sends out security updates to consumers. In any event, the result of these activities over just the past decade is that sophisticated intelligence agencies, and certainly the FBI and NSA, now possess a revolving set of skeleton keys that allow them to reach inside virtually anyone's device on the planet. They don't need a warrant to do this, and they don't need permission from the telecoms or software companies. They don't have to notify any third parties that this is happening. This is a HUGE amount of power for any state actor to have.

Federal law enforcement agencies like the FBI have been clamoring for mandatory backdoors into all these new web-based technologies, but there are fundamental technical issues with integrating a CALEA-type system with the internet (CALEA = Communications Assistance for Law Enforcement Act of 1994). Security experts are suggesting that the feds (including domestic agencies like the FBI) develop teams of hackers to perform wiretaps in the future. They are essentially recommending that the FBI develop their own Tailored Access Operations (an NSA hacking division). Installing a CALEA-type system will fundamentally weaken the security of the internet for everyone, they claim, and it's also not very practical because new technologies develop so rapidly. It will hinder innovation. (From later note: we now know the FBI has already developed their own hacking team with the Remote Operations Unit. Chris Soghoian, principal technologist with the ACLU, discovered the Remote Operations Unit through former contractors' CVs on LinkedIn and put the pieces together.)

See this paper for background:


"Going Bright: Wiretapping without Weakening Communications Infrastructure" | Steven M. Bellovin, Matt Blaze, Sandy Clark, Susan Landau | IEEE Security & Privacy 11:1, Jan/Feb 2013

My comments on the authors' analysis in this paper: OK, fine, mandatory backdoors are unacceptable. But if the feds' teams of hackers develop the power to enact wiretaps and bugs without having to ask for third-party permission, that will facilitate intelligence laundering on a wide scale. Sure, the information/evidence can't be presented in court. But they are more than happy to find other ways to use the information. Numerous examples of this have cropped up in the past year in the press (e.g. Special Operations Division -- a joint operation between DEA, FBI, and NSA -- slides were released a few months after Snowden to the press in a leak, but they were not part of the Snowden dump. Agents are specifically instructed to "recreate" the trail of an investigation to hide the original sources. They are effectively removing any poisonous taint from illegal surveillance by fabricating an independent source and never revealing the original surveillance. I believe they are generally handling narcotics cases, and the ACLU and EFF filed an Amicus brief late last year in a case in SF court as a result of the slides, because they suspected illegal surveillance might be taking place and intelligence was being laundered -- see United States of America v. Diaz-Rivera -- a very recent case, not sure what the outcome was at the suppression hearing. Google: Special Operations Division) ….

The "recreated trails" are also known as "parallel construction." Also here a good solution for analog switch on the mics for cell phones & also antenna & GPS seems a very constructive idea. Good deal. SEE DEA and NSA Team Up to Share Intelligence, Leading to Secret Use of Surveillance in Ordinary Investigations | Electronic Frontier Foundation August 2013.


Besides the NYC Homeland Security grant madness, there is naturally a Rainbow Family in Montana Homeland Security money story now too: Police Seek DHS Grant to Deal With "Extremist" Hippy Group Which Stresses 'Non-violence, Peace and Love' - via Paul Joseph Watson.


Four Rogue Lords & UK Snoopers Charter: Shameless: rogue Lords sneak Snooper's Charter back in AGAIN - Boing Boing && Shameless: rogue Lords sneak Snooper's Charter back in AGAIN - Boing Boing

NSA Boundless Informant explicated - for moar efficient flat databases of all yr phone records

Just had to crosspost this relatively down-to-earth explanation of how all the cell phone data is hoarded in the NSA mass data mining system. What this lacks in documentation it makes up for with relative plausibility & general lack of fancifulness.
SOURCE: Cryptome.org : http://cryptome.org/2013/11/nsa-boundless-informant-explicated.htm

25 November 2013


Date: Mon, 25 Nov 2013 15:37:33 -0800 (PST)
From: xxxxx[at]efn.org
To: cryptome[at]earthlink.net
Subject: A very interesting forum post on electrospaces

This was written from a person who purports to actually use the Boundless Informant tool. The email address is fake of course, but it sounds both knowledgeable and credible.

If the source is genuine, it provides considerable insight into the use and capabilities of the tool. It seems to do a lot more than we've seen so far, including the ability to see individual call detail records.

It also gives us clues to how mobile interception is accomplished.




Anonymous jbond@MI5.mil.gov.uk said...

I'm seeing a great deal of confusion out there about NSA databases and how reports are generated from their architecture. Here is how it works:

Let's begin with rows and columns making up a matrix, variously called a table, array, grid, flatfile database, or spreadsheet. In the database world, rows are called records, columns are called fields, and the individual boxes specified by row and column coordinates -- which hold the actual data -- are called cells.

For cell phone metadata, each call generates one record. NSA currently collects 13 fields for that call, such as To, From, IMEI, IMSI, Time, Location, CountryOrigin, Packet etc etc, primarily from small Boeing DRTBOXs placed on or near cell towers.

Because metadata from a single call can be intercepted multiple times along its path, generating duplicative records, NSA runs an ingest filtering tool to reduce redundancy, which is possible but not trivial because metadata acquisitions may not be entirely identical (eg timing). After this refinement, one call = one metadata record = one row x 13 columns in the BOUNDLESS INFORMANT's matrix.

Cell phone metadata is structured, unlike content (he said she said). However, as collected from various provider SIGADs, it is not cleanly or consistently structured -- see the messy example at wikipedia IMSI. So another refinement is needed: NSA programmers write many small extractors to get the metadata out of its various native protocols into the uniformly formatted taut database fields that it wants.

After all this, for a hundred calls, a metadata database such as BOUNDLESS INFORMANT consists of 100 records and 13 fields so 100 x 13 = 1300 cells. A counting field (all 1's) and consecutive serial numbers (indexing field) for each record may be added to facilitate report generation and linkage to other databases, see below.

-1- The first point of confusion is between BOUNDLESS INFORMANT as a flatfile database (we've never seen a single row, column or cell of it) and the one-page summary reports that can be generated using BOUNDLESS INFORMANT as the driving database (eg, the Norway slide).

These BOUNDLESS INFORMANT reports give the number of records (rows) in the table after various filters have been applied (eg country, 1EF = one end foreign, specified month, DNR type, intercept technology used, legal authority cited FISA vs FAA vs EO 12333).

BOUNDLESS INFORMANT does NOT report the number of cells nor gigabytes of storage taken up. It easily could, but it doesn't. Instead, it reports the main object of interest: the number of calls, after some filtering scheme has been applied.

-2- The second point of confusion arises over database viewing options. Myself, I like scrolling down row after row, page after page, plain black text in 8 pt courier font, lots of records per screen, thin lines separating cells, no html tables. A lot of people don't.

So a cottage industry has evolved around generating pretty monitor displays, web pages, and ppts from databases; these typically display one record per screen. All database views are equivalent: given a presentation, you can recover the database; given the database, you can make the pretty user interface.

Views are dressed up injecting the data fields into a fixed but fancy template (eg dept of motor vehicles putting your picture field into an antique wood frame and your name field into drop-shadow text). Nothing but a warmed-over version of spewing out form letters by mail-merging an address database into a letter template.

We've not seen *any* view of BOUNDLESS INFORMANT records to date, only summary reports it has generated. You cannot recover the underlying database from a few summary reports, only information about the number of records and a few of the 13 fields.

November 25, 2013 at 2:34 PM

Anonymous jbond@MI5.mil.gov.uk said...

-3- The third point of confusion: a given database like BOUNDLESS INFORMANT is capable of self-generating many summary reports about itself. Summary reports can have views too -- injections into templates. We've seen 3 of them for BOUNDLESS INFORMANT, Aggregate, DNI and DNR.

Databases can be sorted, according to the values in any column. For example, if NSA sorted by IMSI, that would pull together all the call records made from a particular cell phone with that id. Using the counting field, allowing the activity of each phone to be tallied. Or they could sort to pull up the least active phones-- to identify the user who tosses her 'burner' phones in the trash after one use.

Databases can be restricted. If NSA wanted to count the number of distinct cell phone calls during a given month that originated in Norway and terminated abroad (1EF one end foreign), it can restrict the records to the relevant time and location fields, masking out the others. They could compress each cell phone to a single line and count rows to get summary data on the number of phones doing 1EF. That summary data could be injected into a template for a BOUNDLESS INFORMANT slide.

Databases can be queried (tasked) to pull out only those records satisfying some string of selector logic. For example, you could submit a FOIA request to NSA in the form of a query that consisted of your selectors and a database like BOUNDLESS INFORMANT to see what call metadata they have on you in storage.

Here you would be wise to request simple output (rows of plain text with column values separated by commas,CSV format), to keep file size down. Then you could make your own mail-merge templates and spew out colorful BOUNDLESS INFORMANT graphs and reports about yourself, or just use the default templates provided by Excel.

November 25, 2013 at 2:36 PM

Anonymous jbond@MI5.gov.uk said...

-4- Next up on confusion, relational databases. NSA maintains hundreds of separate flatfile databases that might however share a field or two in common, for example someone texting, google searching, or shopping as well as making phone calls with with a given phone, the number or IMSI being the common field.

Those other activities involve different fields from those already in BOUNDLESS INFORMANT, such as your login to eBay or search term text instead of email subject line.

It could all be put into BOUNDLESS INFORMANT by expanding the number of fields. However this doesn't scale very well : it results in the voice call fields being massively blank for an IMSI making lots of google searches, creating a huge sparse table that is very slow to process, wasting analysts time (called high latency by NSA).

Instead, BOUNDLESS INFORMANT will just link to all the other databases which share a field. And those in turn could link to other simple databases sharing some other field that BOUNDLESS INFORMANT might lack. And so on -- it's how all the little constituent databases can be seamlessly integrated..

A query now calls through to this whole federation of linked databases, which can reside geographically anywhere on the Five Eyes network (though NSA is moving to one stop shopping from their Bluffdale cloud to improve security and reduce latency).

The primary provider of relational database software of this complexity is Oracle. However you can do about all of it free and friendly with open source MySQL. The Q is for querying -- what NSA calls tasking -- sending off some long-winded boolean logic string of field selector values and constituent databases that does the filtering you want.

The result of the query is a new little database, usually temporary, that you can use to generate fancy views and summary reports. The databases being updated continuously and storage retention varying, the same query tomorrow will give a slightly different outcome.

Your all-about-me FOIA request could be formulated in MySQL (first need to know names of linked databases) and surprisingly, the query string would be recognized and fulfilled by Oracle or whatever big relational database NSA ended up using/developing, it's that standardized.

If you're online or call a lot, that could still be a big file given 12 agencies keeping tabs, notably NSA, Homeland Security, and FBI's DITU. But if you wrote the query right, it would only take a small data center in the garage to host the response.

November 25, 2013 at 2:37 PM

New data mining revelations, DEA drawn in quickly; Privacy & Surveillance DICE, PROTON, CRISSCROSS & CLEARWATER partial master programs? Lexis-Nexis on private side

It's a pretty woolly political scene right now & wanted to slam up some docs leading different directions on this. At least the damn narrative is moving along.

More or less we're looking at the merging of criminal investigations with direct military signals intelligence (SIGINT) technology run by the same contractors that recently ran these technocratic social control 'kinetic' programs for the Pentagon in assorted occupied lands around the Middle East etc.

Naturally the war on drugs first brought this war home - special bonus points for the Viktor Bout angle of the DEA SOD/DICE projects story from Reuters earlier...

Latest: Drug Agents Use Vast Phone Trove, Eclipsing N.S.A.’s - NYTimes.com

For at least six years, law enforcement officials working on a counternarcotics program have had routine access, using subpoenas, to an enormous AT&T database that contains the records of decades of Americans’ phone calls — parallel to but covering a far longer time than the National Security Agency’s hotly disputed collection of phone call logs.

The Hemisphere Project, a partnership between federal and local drug officials and AT&T that has not previously been reported, involves an extremely close association between the government and the telecommunications giant.

The government pays AT&T to place its employees in drug-fighting units around the country. Those employees sit alongside Drug Enforcement Administration agents and local detectives and supply them with the phone data from as far back as 1987. ......

Hemisphere covers every call that passes through an AT&T switch — not just those made by AT&T customers — and includes calls dating back 26 years, according to Hemisphere training slides bearing the logo of the White House Office of National Drug Control Policy. Some four billion call records are added to the database every day, the slides say; technical specialists say a single call may generate more than one record. Unlike the N.S.A. data, the Hemisphere data includes information on the locations of callers.

The slides were given to The New York Times by Drew Hendricks, a peace activist in Port Hadlock, Wash. He said he had received the PowerPoint presentation, which is unclassified but marked “Law enforcement sensitive,” in response to a series of public information requests to West Coast police agencies.

The program was started in 2007, according to the slides, and has been carried out in great secrecy.

“All requestors are instructed to never refer to Hemisphere in any official document,” one slide says. A search of the Nexis database found no reference to the program in news reports or Congressional hearings.

The Obama administration acknowledged the extraordinary scale of the Hemisphere database and the unusual embedding of AT&T employees in government drug units in three states.

Oh the war on drugs, will your terrible travesties never end... Nice work exposing this program by all involved!! A spectacular catch for sure.


Meanwhile we also have yet to deal with the terrible secret Special Operations Division which as this slide makes clear, subverts the entire concept of criminal defense and discovery. Therefore probably all drug cases should be thrown out, eh?


Rules of SOD Photo Source - REUTERS

Exclusive: U.S. directs agents to cover up program used to investigate Americans | Reuters via Cryptogon.com: U.S. COMMUNICATIONS INTELLIGENCE SECRETLY SHARED WITH LAW ENFORCEMENT FOR USE AGAINST AMERICANS IN CRIMINAL INVESTIGATIONS

By John Shiffman and Kristina Cooke

WASHINGTON | Mon Aug 5, 2013 3:25pm EDT

(Reuters) - A secretive U.S. Drug Enforcement Administration unit is funneling information from intelligence intercepts, wiretaps, informants and a massive database of telephone records to authorities across the nation to help them launch criminal investigations of Americans.

Although these cases rarely involve national security issues, documents reviewed by Reuters show that law enforcement agents have been directed to conceal how such investigations truly begin - not only from defense lawyers but also sometimes from prosecutors and judges.

The undated documents show that federal agents are trained to "recreate" the investigative trail to effectively cover up where the information originated, a practice that some experts say violates a defendant's Constitutional right to a fair trial. If defendants don't know how an investigation began, they cannot know to ask to review potential sources of exculpatory evidence - information that could reveal entrapment, mistakes or biased witnesses.

"I have never heard of anything like this at all," said Nancy Gertner, a Harvard Law School professor who served as a federal judge from 1994 to 2011. Gertner and other legal experts said the program sounds more troubling than recent disclosures that the National Security Agency has been collecting domestic phone records. The NSA effort is geared toward stopping terrorists; the DEA program targets common criminals, primarily drug dealers.

"It is one thing to create special rules for national security," Gertner said. "Ordinary crime is entirely different. It sounds like they are phonying up investigations."


The unit of the DEA that distributes the information is called the Special Operations Division, or SOD. Two dozen partner agencies comprise the unit, including the FBI, CIA, NSA, Internal Revenue Service and the Department of Homeland Security. It was created in 1994 to combat Latin American drug cartels and has grown from several dozen employees to several hundred.

Today, much of the SOD's work is classified, and officials asked that its precise location in Virginia not be revealed. The documents reviewed by Reuters are marked "Law Enforcement Sensitive," a government categorization that is meant to keep them confidential.

"Remember that the utilization of SOD cannot be revealed or discussed in any investigative function," a document presented to agents reads. The document specifically directs agents to omit the SOD's involvement from investigative reports, affidavits, discussions with prosecutors and courtroom testimony. Agents are instructed to then use "normal investigative techniques to recreate the information provided by SOD."


The unit also played a major role in a 2008 DEA sting in Thailand against Russian arms dealer Viktor Bout; he was sentenced in 2011 to 25 years in prison on charges of conspiring to sell weapons to the Colombian rebel group FARC. The SOD also recently coordinated Project Synergy, a crackdown against manufacturers, wholesalers and retailers of synthetic designer drugs that spanned 35 states and resulted in 227 arrests.

Since its inception, the SOD's mandate has expanded to include narco-terrorism, organized crime and gangs. A DEA spokesman declined to comment on the unit's annual budget. A recent LinkedIn posting on the personal page of a senior SOD official estimated it to be $125 million.

Today, the SOD offers at least three services to federal, state and local law enforcement agents: coordinating international investigations such as the Bout case; distributing tips from overseas NSA intercepts, informants, foreign law enforcement partners and domestic wiretaps; and circulating tips from a massive database known as DICE.

The DICE database contains about 1 billion records, the senior DEA officials said. The majority of the records consist of phone log and Internet data gathered legally by the DEA through subpoenas, arrests and search warrants nationwide. Records are kept for about a year and then purged, the DEA officials said.

About 10,000 federal, state and local law enforcement agents have access to the DICE database, records show. They can query it to try to link otherwise disparate clues. Recently, one of the DEA officials said, DICE linked a man who tried to smuggle $100,000 over the U.S. southwest border to a major drug case on the East Coast.

"We use it to connect the dots," the official said. ...


OK so let's get to PROTON, CRISSCROSS, CLEARWATER and Lexis-Nexis. I think this covers a lot of new ground. Hard to say if the DOJ side of the story ties in, but the Lexis-Nexis level is pretty clearly documented already but not well known outside of research circles. Also some of this gets to the SCS - Special Collection Service - which I think would have been part of Snowden's tour of duty in CIA.

SOURCE: http://cryptome.org/2013/08/proton-clearwater-lexis-nexis.htm

18 August 2013


A Proton/Crisscross job ad below.

A sends:


Given the use of constitutionally repulsive practices by the Department of Justice, the Internal Revenue Service and other federal agencies, this information is being made public to educate and inform so they might arm themselves against government intrusion and for attorneys as a backgrounder for future appeals.

I suggest American guerillas seek non-Internet modes of communication. If you think Rex Sherwood was pulled over for not using a turn signal, you are wrong.

I was "read on" the PROTON/CRISSCROSS program in late 2006 and was a frequent user of this system for over a year. As part of my duties, I employed PROTON/CRISSCROSS in HUMINT exploitation role. In the Intelligence Community, PROTON/CRISSCROSS is referred to as PROTON. Unless otherwise specified, the same is true in this report.

PROTON is a storage and analysis system of telecommunications selectors at the TS/SI/FISA/ORCON/NOFORN level of classification and handling. PROTON is the program name as well as the name of the technology. It has been described as "SAP-like", and I suspect that PROTON was once a DEA special program. PROTON is well known in HUMINT and DOJ clandestine law enforcement. It remains the primary, if not fundamental, tool of HUMINT and DOJ law enforcement operations, both of which have considerable overlap in phenomenology and methodology. PROTON carries the FISA caveat because Top Secret FISA collection is contained in PROTON's massive database.

Through my professional associations within the Intelligence Community, I became aware of a Department of Justice (DOJ) system called CLEARWATER. CLEARWATER is similar to PROTON but at the SECRET/NOFORN level of classification and exclusively a DOJ program, where PROTON is CIA, DOJ and DOD. Most DOJ Special Agents and analysts do not have Top Secret clearance. Every informant is run through CLEARWATER, every witness gets vetted through the system.

PROTON and CLEARWATER are not just analytic tools, they provide actionable intelligence and both programs are used everyday for target discovery and development. CLEARWATER practically leads FBI and DEA investigations. PROTON is used throughout HUMINT for asset validation, recruitment, background checks on sources, etc. The FBI and DEA as both law enforcement and intelligence community members have resources of both sides and domestic law enforcement by these agencies is more of a HUMINT operation of the type seen in Afghanistan. Find, Fix, Arrest. PROTON and CLEARWATER work so well that Special Agents and Case Officers can't wait to get data into the system and see how it networks together.

Top Secret and FISA mean NSA sensitive sources and foreign collection. NSA resources are unneeded in America---CALEA and the DOJ have that covered for you under Title III, the Patriot Act and opinion from the federal kangaroo judiciary.

FISA is not only used against terrorists and spies but also private and quasi-government organizations . The most impressive network I ever laid eyes upon was the PROTON derived communications network of the Netherlands and Swiss SWIFT. Allot of target discovery there. It's how you find a needle in a haystack. The U.S. hosts one of three SWIFT secure messaging centers. Well, the NSA and CIA have insured SWIFT is allot less secure. SWIFT is a major communications target and the NSA is deep in that This is a modern take on "follow the money." If Americans are wondering how the IRS found their secret bank accounts..well, here 'ya go.

When I read the description of Drug Enforcement Administrations (DEA) DEA Internet Connectivity Environment (DICE) system: the billions of records, partnership with CIA, NSA and DOD, the need to cover sources at the expense of a fair trail--- it struck me that what was described sounded more like PROTON and/or CLEARWATER.

As I read further, DICE was sounding more like a legitimate DEA program that was being used to provide cover for PROTON and/or CLEARWATER---either intentionally or sacrificially. The early descriptions of DICE present it as an information sharing and collaboration tool through the Internet. The recent public descriptions of DICE are awkward and contrived when compared to past information.

DICE is being used to cover PROTON and/or CLEARWATER.

Properly, CRISSCROSS is the database of telecommunications selectors. Selectors are, in NSA terms, that information that selects a target for analysis, investigation or collection. Telephone numbers, email addresses, hexadecimal addresses from INMARSAT telephones, IMEI---really any telecommunications "number" or "address" a person would have as a means to contact another, are contained in CRISSCROSS.

PROTON is the operating software written in JAVA for cross-platform usability and runs on JWICS for connectivity to CRISSCROSS.

PROTON contains the tools for network analysis and would be familiar to anyone who has experience in undergraduate social network analysis, statistics and data visualization.

CRISSCROSS has an interesting and murky history. As it was explained to me by a PROTON Program Officer, CRISSCROSS was originally a very secret DEA program to provide a repository for DEA collected selectors. It was, by every account, an excellent resource. With the post-911 reorganization of the Intelligence Community, everyone was required to share their resources for the "War of Terror." CRISSCROSS was very successful and well-received and ultimately exceeded DEA capabilities to manage. The CIA took over as executive agent---but CRISSCROSS is shared by the DOD and DOJ in a co-ownership manner.

It's uncertain if PROTON received Special Collection Service (SCS) data when it was a solely DEA activity, but PROTON presently receives SCS collection amounting to about 1 one terabyte monthly, and that's just selectors, not content. PROTON also receives data from Computer Network Exploitation (CNE), by the now famous Tailored Access Office (TAO). Included as well is an enormous repository of Title III data from CALEA enabled domestic collection, FISA and an enormous amount of purchased data from various communications providers like Intellius.

PROTON does not contain content, only selectors for targeting. Consider that in the context of one (1) terabyte of just selectors per month (just from the SCS) for over 10 years. I have no idea how much the TAO provides, however the two biggest contributors to PROTON are the SCS and TAO.

An analyst or law enforcement officer can "run" a selector in PROTON and visualize the social network of correspondents associated with that selector in a visual format. The user can select and display most frequent numbers called or have called, duration of call, and other functions familiar to social network analysis. An analyst may choose to look at the network in terms of who called who: persons of importance typically have allot of people calling them so we can build a network based on that to determine centricity. We can build a network based on call duration, frequency, date---pick a variable. Sometimes it's useful to look at the outliers which may be hang-arounds to some drug trafficking organization. We can task NSA or DOJ for collection on these hang-arounds and begin network deconstruction from the ground up.

These calling networks include family, friends and other non-target persons. Non-target persons, like family members, are very useful in developing the target and as leverage. Non-target communications provide intelligence from things spoken between people in confidence who may not be aware of the targets activities or associations, like the location of a fugitive who has ceased using his known selectors, but communicates with his mother through her known selectors.

Another very useful feature is the Bankswitch function, which allows network discovery by the calling pattern, not necessarily by a selector. Often, groups of U.S. government interest will use a cellphone, then dispose of them , preventing further intelligence collection from that group of cellphones. Bankswitch allows the analyst to quickly rediscover the calling network that has switched phones. Humans typically have some constant behavior in who and how they make their calls and persons. Groups and enterprises not having supplicated to the U.S. government avarice will have a whole additional set of behaviors in who and how they call.

This is highly useful for calling networks that dispose and rotate telephones regularly. A fresh cellphone provides enough of a lead to discover the calling pattern of the whole network based on historical calling records. Both the DEA and FBI have found this useful in their activities in Columbia, Mexico and the United States.

I know for certain PROTON contains communications selectors on American Citizens (AMCITS) since I ran a query on a number using only a Maryland area code and a partial prefix. PROTON returned a huge list of "masked" domestic numbers. An NSA masked number is always domestic and reveals only the area code and prefix with the rest of the number obscured. A PROTON user can email the NSA with a request to unmask the number---it's in the database, but a user has to present some justification for a number to be unmasked. Voice cuts are available through a similar process.

PROTON is really well thought out. Not only does it provide a wealth of network investigative tools, it also allows for the easy introduction of data. Let's say you're a DEA Special Agent surveilling local boat captains as part of OPERATION PANAMA EXPRESS (PANEX) in Barranquilla Columbia---a major Port of Origin for drugs to the U.S. and someone gives you a business card. Just run the number and see if it hits. The Special Agent" can take that card and mail it to the PROTON Program Office (PPO). Scans, cell pictures of the information are also acceptable to ingest.

An FBI Case Officer attending a UAV conference in Las Vegas can take all the "grey literature" and hand that to the PROTON office as well. The numbers find their way into the database The PROTON office will also ingest entire phone books---still popular in some parts of Europe and Asia. They use a method similar to Google books to automatically turn pages and scan data from them.

Anything that contains a selector can go into PROTON. Part of the PROTON program is the resource that provides software engineering to order unordered data and otherwise make raw data ingestible. PROTON users can add and edit PROTON data as well. If a user discovers the identity of a previously unidentified selector, one can edit that record or leave notes for other users.

With PROTON, you can see who's talking to whom in a telecommunications relationship context. How you hit that network is up to you.

Network deconstruction techniques vary throughout the 'Community. Domestically, the DOJ prefers the highly publicized raid with the media providing the entertainment backdrop. The DEA prefers covertness. The DOD prefers a Predator strike. Yes, those drone attacks are network deconstruction techniques and target selection is often facilitated, if not provided, by PROTON.

As stated earlier, CLEARWATER is a SECRET/NOFORN version of PROTON. The DEA red herring called DICE reportedly contained NSA collection which rules-out CLEARWATER (a S//NF system) and highlights PROTON (a TS//SI system) as the source of DICE intelligence.

I'm providing information on both since the government is no longer under constitutional restraint and is illegitimate. Parallel Construction. You fuckers. A cornerstone of American law and western culture sacrificed for the security of the Elites.

With the CALEA requirements, TITLE III collection is very simple affair involving a court order and the Cisco routers which, through CALEA legislation, are engineered for surveillance. Cisco is a very enthusiastic partner to the Intelligence Community---one of those sensitive relationships managed through the NSA Special Source Operations office. The NSA finesses such relationships---with the DOJ, you get a thug in a nice suit and the quiet menace of federal law enforcement. If you think the DOJ is a law enforcement agency, you're stupid. Internal security is DOJ Job #1. As we have seen, the DOJ is maintaining internal security by both legal and extralegal means with the full support of the federal judiciary and the lukewarm animus of the U.S. Congress.

Federal judges and congress persons are largely immune to DOJ surveillance. You are not. The "new" counter-insurgency operations by the government concentrate on a Reasonable Suspicion by persons and groups---not on Probable Cause.

CLEARWATER contains selectors from any number of sources: TITLE III, purchased data from telecommunications data brokers, National Security Letters, subpoenas, technical operations by FBI TACOPS, search warrant, informant production, arrests, detentions. If the DOJ has searched you, arrested you or let you go, count on that data being in CLEARWATER. Did you give the Special Agent your telephone number?

Arresting someone to search them without needing consent or court order is not an unheard of means to get a Person of Interests selectors into CLEARWATER. Something laying openly on your desk? A cell-phone snap and email to the program office. How about those utility bills you throw away without shredding? If you're a Person of Interest, somebody is walking away with your trash.

There is a a real motivation by DOJ Special Agents to get telecommunications selectors into PROTON or CLEARWATER to build the networks for analysis and deconstruction.

CLEARWATER has all the features of PROTON and at least one other---mapping. An FBI Case Officer operating domestically can query say, Lahore Pakistan, and place on a map, those locations in the U.S. where those calls originated or terminate---a choropleth map with colored density clusters, all in a spatial context. With that, the DOJ knows where to focus it's domestic security efforts. A DEA Special Agent can run a selector seized in an amphetamine investigation and, within a few minutes, have the calling network and visualize the correspondents locations on a map. That's how DOJ led task forces show up in your neighborhood.

Watching a OWS protester enter a number into their cell phone is perfectly legal without consent or a warrant and once I get that number, we'll look at that calling network, find the node that is you, and walk that back to that moment we shared under the chestnut tree.

If you're visiting the USA from abroad, you may have your wallet and pocket litter photocopied at secondary screening. Then an email to the National Counterrorism Center (NCTC) Terrorist Identities Datamart Environment (TIDE) office, and from there, a Forward to the PROTON office.

PROTON, CLEARWATER and LEXIS-NEXIS all provide data export into Analyst Notebook file format (and PDF for ease of sharing).

All members of the Intelligence Community have access to LEXIS-NEXIS. LEXIS-NEXIS contains biographic information on most Americans having a driver or occupational license. Your state sells the contents of its drivers license database to companies like LEXIS-NEXIS for a profit. They can do this since that information is considered in the public domain---driving is a privilege and if you don't want to be in database then don't get a drivers license. LEXIS-NEXIS contains other highly personal and granular information depending on which state is providing information. Florida provides pretty much everything it can to LEXIS-NEXIS. Automobile information, luxury water craft, occupational licenses---if you submit information to a state agency, it can end up in LEXIS-NEXIS. All domestic law enforcement has access to LEXIS-NEXIS, its a fundamental investigative tool. IRS, DOJ, Treasury, Local PD, Sheriffs Office all have a LEXIS-NEXIS access or the means to pull data from them.

Law Enforcement Officers can have their data removed from LEXIS-NEXIS. An LAPD and NYPD "spokesperson" informed me that this is the case. Imagine your a citizen in New York and you get surveilled by one of the numerous surveillance technicians the NYPD has fielded since 9-11 , a quick look-up via mobile device or WiFi and they know who you are now.

So, a Special Agent or analyst simply runs the selectors in PROTON and CLEARWATER, then runs those names or other biographic/vital information again in LEXIS-NEXIS, all that data related to the TARGET is exported in Analyst Notebook format, those files are imported into the Analyst Notebook application and...viola!...a relatively complete social network and biographics of the TARGET. That could be you of course.

By Supreme Court decision and other judicial misadventures, LEXIS-NEXIS contains public information and you do not have an expectation of privacy. There is no need for Probable Cause or Reasonable Suspicion because this data is, by judicial opinion, public. Something to think about next time you're at the DMV. Citizens are queried regularly in LEXIS-NEXIS. CLEARWATER and PROTON provides network association and the selectors. A subpoena, NSL or search warrant to the telecommunications provider of that selector gives us names and locations. LEXIS-NEXIS provides Pattern of Life, geolocation and personalia. I was able to see my past three residential addresses, past telephone numbers and identifying information about my previous automobile. LEXIS-NEXIS is coupled to Automatic License Plate Recognition Systems (ALPRS) as well. Who you are, where you were and where you are.

The DOJ and Intelligence Community access LEXIS-NEXIS through a VPN and a proxy (government). A DOD proxy is registered to the Virginia Contracting Office, but it's a non-logging proxy so, good luck in your discovery. LEXIS-NEXIS has no idea of the individual accessing it's database and, according to the spokesperson, does not maintain logs of government clients. A subpoena cannot discover what is not there.

Around 2008, LEXIS-NEXIS purchased Choicepoint to start their new product line. I recall some representative, at a promotional meeting, extolling the virtues of Choicepoint---all the data in a easy to use format. A user of Choicepoint could run a query and not only get biographics and addresses but have that information located on a map or satellite image (by Pinpoint, Inc. or a Google map server). The Choicepoint representative giving the presentation said no Social Security Numbers or drivers license pictures would be included in the database in order to protect the rights of the citizen. Such conceits are good ethics in Washington, D.C.

That said, CLEARWATER and PROTON are not omnipotent. Foreign intelligence organizations use the Internet for covert and clandestine communication without detection and you can as well. Do not believe that the NSA or DOJ is all powerful. They are not and they can be defeated. Of the many systems used by NSA and DOJ, CLEARWATER, PROTON and LEXIS-NEXIS are the most significant from a "boots on the ground" investigative prospective.

There is real concern that PROTON may be to widely known for such a program and efforts are being made to walk it back into a compartment.

A Proton/Crisscross job ad:

SIGINT Analyst Job

Date: Aug 14, 2013

Location: Hanover, MD, US
Job Order: J0311-0630 - Permanent Full Time
Title: SIGINT Analyst
Category: Consulting / Business / Functional
City: Hanover, Maryland, United States

Job Description: SIGINT Analyst

CGI Federal is seeking a SIGINT Analyst to work in our Hanover, MD office.

Specific Duties:

Applicants will work as a member of a government-contractor team whose primary focus will be providing support to deployed analysts and software developers.

In this capacity, uses an in-depth knowledge of general communications procedures, traffic analysis and reporting formats and vehicles to produce time-sensitive and event-oriented reports

Provide support to force protection, indications and warning and situational awareness; provides target continuity and mentorship to a junior and rotating workforce; conducts research to answer RFIs and produces working aids to support new tool development.

Must be willing to receive and conduct training on new systems, databases, processes and procedures.

Analyst will be supporting deployed US military troops and must understand the military decision making process and miliary doctrine.

Minimum of five (5) years experience with the military or government agency using the collection management cycle, intelligence cycle, targeting cycle, and the SIGINT intelligence fusion process from tactical to national level required.

Additional Requirements:

Experience with Falconview, Analyst Notebook, Arc View, Arc-GIS, Arc-Editor, AIM, Pathfinder, SEAS, STARLIGHT, GCCS and other current analyst tools.

Active TS/SCI security clearance w/ polygraph required.


Experience with NSANET, RTRG tool suite, Global Reach, Proton/Criss Cross, Broom Stick, CW II, Banyan. Geo Bootcamp and knowledge of ArcGIS a plus.

Preferred experience includes analysis in OIF/OEF, NSA, INSCOM, or ACE At CGI, we're a team of builders. We call our employees members because all who join CGI are building their own company - one that has grown to 71,000 professionals located in more than 40 countries. Founded in 1976, CGI is a leading IT and business process services firm committed to helping clients succeed. We have the global resources, expertise, stability and dedicated professionals needed to achieve results for our clients - and for our members. Come grow with us. Learn more at www.cgi.com.

This is a great opportunity to join a winning team. CGI offers a competitive compensation package with opportunities for growth and professional development. Benefits for full-time, permanent members start on the first day of employment and include a paid time-off program and profit participation and stock purchase plans.

We wish to thank all applicants for their interest and effort in applying for this position, however, only candidates selected for interviews will be contacted.

No unsolicited agency referrals please.



- Analytical Thinking
- Signal Intelligence (SIGINT)

Reference: 137685


Check out the BOLO - be on the lookout - National Guard civil disturbance training program photos here:North Carolina National Guard Rapid Reaction Force Civil Unrest Training Photos | Public Intelligence. Obviously PROTON, DICE, CRISSCROSS, CLEARWATER style database technology would be useful in composing intelligence

Official description: CHARLOTTE, N.C. – Soldiers of the North Carolina National Guard train for Rapid Reaction Force duty at the Catawba River Pump Station here today. The training scenario tests the Soldiers ability to use nonlethal force to disperse a crowd of aggressors from a water plant. This training prepares the Soldiers to support state and local first responders and county emergency management agencies. The RRF is a quick reaction team that, on order, is deployable anywhere in North Carolina within 24 to 36 hours of a critical event. In times of crisis, the RRF may be ordered by the President of the United States or the Governor of North Carolina in order to augment Federal or State Authorities in response to actions such as a known terrorist attack, civil unrest or a natural and/or man-made disaster. (U.S. Army National Guard photo by Sgt. 1s Class Robert Jordan / released)

nc-rrf-3.jpg nc-rrf-9-1024x724.png nc-rrf-8-1024x708.png


Other targetings: Russia Issues International Travel Advisory to Its Hackers | Threat Level | Wired.com

WaPo/Snowden: U.S. spy agencies mounted 231 offensive cyber-operations in 2011, documents show - The Washington Post

Black Budget semi-surfaces: ‘Black budget’ summary details U.S. spy network’s successes, failures and objectives - The Washington Post

Israel listed as major counterintelligence threat in Black Budget: Leaked documents reveal US sees Israel as a spying threat (Video) - The Hill's Global Affairs

WIRED on cryptology cracking in black budget: New Snowden Leak Reports 'Groundbreaking' NSA Crypto-Cracking | Threat Level | Wired.com

Login Lulz for Snowden in Ars Technica Aug 29th: Sysadmin security fail: NSA finds Snowden hijacked officials’ logins | Ars Technica

.... Leaving it there for now...

Syndicate content