TBR News October 5, 2013

Oct 05 2013

The Voice of the White House


          Washington, D.C. October 5, 2013: “Not only are American intelligence agencies looking into all the personal records of American citizens, they have also expanded this program to include foreign countries’ citizens. The UK, France, Germany and Switzerland are also being spied on, extensively. They are supported by the White House and none of the Snowden or Grenwald publishings will make the slightest impression on Obama or his snooping employees. These programs are here to stay. Your personal email and telephone conversations, your credit card charges, your bank account records, the contents of your safe deposit boxes, your travel, your personal property such as vehicles, homes and boats are all known or can be known on an instant. Your children’s school records, your stock holdings, your insurance policies and even your pets are subject to government knowledge. If some person inside one of these agencies, or a friend, wants to know all about you, they can. You have no secrets any more and believe me, the Administration will pay no attention to your feelings. And if you organize, believe the FBI will infiltrate you and you can be arrested without a warrant (Obama signed this one into law)and held in prison at their pleasure. What can be done about this? Think about it.”


Note: For a list of ca 4,000 names and addresses of known CIA domestic, and foreign, “assets,” send an email to: tbrnews@hotmail.com and put in the word “List.” This will be sent to you free of charge at once. Learn what your purported friends and neighbors might be up to. Probably you.


Attacking Tor: how the NSA targets users’ online anonymity

Secret servers and a privileged position on the internet’s backbone used to identify users and attack target computers


October 4, 2013

by Bruce Schneier



            The online anonymity network Tor is a high-priority target for the National Security Agency. The work of attacking Tor is done by the NSA’s application vulnerabilities branch, which is part of the systems intelligence directorate, or SID. The majority of NSA employees work in SID, which is tasked with collecting data from communications systems around the world.


According to a top-secret NSA presentation provided by the whistleblower Edward Snowden, one successful technique the NSA has developed involves exploiting the Tor browser bundle, a collection of programs designed to make it easy for people to install and use the software. The trick identified Tor users on the internet and then executes an attack against their Firefox web browser.


The NSA refers to these capabilities as CNE, or computer network exploitation.


The first step of this process is finding Tor users. To accomplish this, the NSA relies on its vast capability to monitor large parts of the internet. This is done via the agency’s partnership with US telecoms firms under programs codenamed Stormbrew, Fairview, Oakstar and Blarney.


The NSA creates “fingerprints” that detect http requests from the Tor network to particular servers. These fingerprints are loaded into NSA database systems like XKeyscore, a bespoke collection and analysis tool which NSA boasts allows its analysts to see “almost everything” a target does on the internet.


Using powerful data analysis tools with codenames such as Turbulence, Turmoil and Tumult, the NSA automatically sifts through the enormous amount of internet traffic that it sees, looking for Tor connections.


Last week, Brazilian TV news show Fantastico showed screenshots of an NSA tool that had the ability to identify Tor users by monitoring internet traffic.


The very feature that makes Tor a powerful anonymity service, and the fact that all Tor users look alike on the internet, makes it easy to differentiate Tor users from other web users. On the other hand, the anonymity provided by Tor makes it impossible for the NSA to know who the user is, or whether or not the user is in the US.


After identifying an individual Tor user on the internet, the NSA uses its network of secret internet servers to redirect those users to another set of secret internet servers, with the codename FoxAcid, to infect the user’s computer. FoxAcid is an NSA system designed to act as a matchmaker between potential targets and attacks developed by the NSA, giving the agency opportunity to launch prepared attacks against their systems.


Once the computer is successfully attacked, it secretly calls back to a FoxAcid server, which then performs additional attacks on the target computer to ensure that it remains compromised long-term, and continues to provide eavesdropping information back to the NSA.


Exploiting the Tor browser bundle


Tor is a well-designed and robust anonymity tool, and successfully attacking it is difficult. The NSA attacks we found individually target Tor users by exploiting vulnerabilities in their Firefox browsers, and not the Tor application directly.


This, too, is difficult. Tor users often turn off vulnerable services like scripts and Flash when using Tor, making it difficult to target those services. Even so, the NSA uses a series of native Firefox vulnerabilities to attack users of the Tor browser bundle.


According to the training presentation provided by Snowden, EgotisticalGiraffe exploits a type confusion vulnerability in EX4, which is an XML extension for Javascript. This vulnerability exists in Firefox 11.0 – 16.0.2, as well as Firefox 10.0 ESR – the Firefox version used until recently in the Tor browser bundle. According to another document, the vulnerability exploited by EgotisticalGiraffe was inadvertently fixed when Mozilla removed the EX4 library with the vulnerability, and when Tor added that Firefox version into the Tor browser bundle, but NSA were confident that they would be able to find a replacement Firefox exploit that worked against version 17.0 ESR.


The Quantum system


To trick targets into visiting a FoxAcid server, the NSA relies on its secret partnerships with US telecoms companies. As part of the Turmoil system, the NSA places secret servers, codenamed Quantum, at key places on the internet backbone. This placement ensures that they can react faster than other websites can. By exploiting that speed difference, these servers can impersonate a visited website to the target before the legitimate website can respond, thereby tricking the target’s browser to visit a Foxacid server.


In the academic literature, these are called “man-on-the-middle” attacks, and have been known to the commercial and academic security communities. More specifically, they are examples of “man-on-the-side” attacks.


They are hard for any organization other than the NSA to reliably execute, because they require the attacker to have a privileged position on the internet backbone, and exploit a “race condition” between the NSA server and the legitimate website. This top-secret NSA diagram, made public last month, shows a Quantum server impersonating Google in this type of attack.


The NSA uses these fast Quantum servers to execute a packet injection attack, which surreptitiously redirects the target to the FoxAcid server. An article in the German magazine Spiegel>, based on additional top secret Snowden documents, mentions an NSA developed attack technology with the name of QuantumInsert that performs redirection attacks. Another top-secret Tor presentation provided by Snowden mentions QuantumCookie to force cookies onto target browsers, and another Quantum program to “degrade/deny/disrupt Tor access”.


This same technique is used by the Chinese government to block its citizens from reading censored internet content, and has been hypothesized as a probable NSA attack technique.


The FoxAcid system


According to various top-secret documents provided by Snowden, FoxAcid is the NSA codename for what the NSA calls an “exploit orchestrator,” an internet-enabled system capable of attacking target computers in a variety of different ways. It is a Windows 2003 computer configured with custom software and a series of Perl scripts. These servers are run by the NSA’s tailored access operations, or TAO, group. TAO is another subgroup of the systems intelligence directorate.


The servers are on the public internet. They have normal-looking domain names, and can be visited by any browser from anywhere; ownership of those domains cannot be traced back to the NSA.


However, if a browser tries to visit a FoxAcid server with a special URL, called a FoxAcid tag, the server attempts to infect that browser, and then the computer, in an effort to take control of it. The NSA can trick browsers into using that URL using a variety of methods, including the race-condition attack mentioned above and frame injection attacks.


FoxAcid tags are designed to look innocuous, so that anyone who sees them would not be suspicious. An example of one such tag is given in another top-secret training presentation provided by Snowden.


There is no currently registered domain name by that name; it is just an example for internal NSA training purposes.


The training material states that merely trying to visit the homepage of a real FoxAcid server will not result in any attack, and that a specialized URL is required. This URL would be created by TAO for a specific NSA operation, and unique to that operation and target. This allows the FoxAcid server to know exactly who the target is when his computer contacts it.


According to Snowden, FoxAcid is a general CNE system, used for many types of attacks other than the Tor attacks described here. It is designed to be modular, with flexibility that allows TAO to swap and replace exploits if they are discovered, and only run certain exploits against certain types of targets.


The most valuable exploits are saved for the most important targets. Low-value exploits are run against technically sophisticated targets where the chance of detection is high. TAO maintains a library of exploits, each based on a different vulnerability in a system. Different exploits are authorized against different targets, depending on the value of the target, the target’s technical sophistication, the value of the exploit, and other considerations.


In the case of Tor users, FoxAcid might use EgotisticalGiraffe against their Firefox browsers.


FoxAcid servers also have sophisticated capabilities to avoid detection and to ensure successful infection of its targets. One of the top-secret documents provided by Snowen demonstrates how FoxAcid can circumvent commercial products that prevent malicious software from making changes to a system that survive a reboot process.


According to a top-secret operational management procedures manual provided by Snowden, once a target is successfully exploited it is infected with one of several payloads. Two basic payloads mentioned in the manual, are designed to collect configuration and location information from the target computer so an analyst can determine how to further infect the computer.


These decisions are made in part by the technical sophistication of the target and the security software installed on the target computer; called Personal Security Products or PSP, in the manual.


FoxAcid payloads are updated regularly by TAO. For example, the manual refers to version of one of them.


FoxAcid servers also have sophisticated capabilities to avoid detection and to ensure successful infection of its targets. The operations manual states that a FoxAcid payload with the codename DireScallop can circumvent commercial products that prevent malicious software from making changes to a system that survive a reboot process.


The NSA also uses phishing attacks to induce users to click on FoxAcid tags.


TAO additionally uses FoxAcid to exploit callbacks – which is the general term for a computer infected by some automatic means – calling back to the NSA for more instructions and possibly to upload data from the target computer.


According to a top-secret operational management procedures manual, FoxAcid servers configured to receive callbacks are codenamed FrugalShot. After a callback, the FoxAcid server may run more exploits to ensure that the target computer remains compromised long term, as well as install “implants” designed to exfiltrate data.


By 2008, the NSA was getting so much FoxAcid callback data that they needed to build a special system to manage it all.



Seymour Hersh on Obama, NSA and the ‘pathetic’ American media

Pulitzer Prize winner explains how to fix journalism, saying press should ‘fire 90% of editors and promote ones you can’t control’


The Guardian


Seymour Hersh has got some extreme ideas on how to fix journalism – close down the news bureaus of NBC and ABC, sack 90% of editors in publishing and get back to the fundamental job of journalists which, he says, is to be an outsider.


It doesn’t take much to fire up Hersh, the investigative journalist who has been the nemesis of US presidents since the 1960s and who was once described by the Republican party as “the closest thing American journalism has to a terrorist”.


He is angry about the timidity of journalists in America, their failure to challenge the White House and be an unpopular messenger of truth.


Don’t even get him started on the New York Times which, he says, spends “so much more time carrying water for Obama than I ever thought they would” – or the death of Osama bin Laden. “Nothing’s been done about that story, it’s one big lie, not one word of it is true,” he says of the dramatic US Navy Seals raid in 2011 [see footnote].


Hersh is writing a book about national security and has devoted a chapter to the bin Laden killing. He says a recent report put out by an “independent” Pakistani commission about life in the Abottabad compound in which Bin Laden was holed up would not stand up to scrutiny. “The Pakistanis put out a report, don’t get me going on it. Let’s put it this way, it was done with considerable American input. It’s a bullshit report,” he says hinting of revelations to come in his book.


The Obama administration lies systematically, he claims, yet none of the leviathans of American media, the TV networks or big print titles, challenge him.


“It’s pathetic, they are more than obsequious, they are afraid to pick on this guy [Obama],” he declares in an interview with the Guardian.


“It used to be when you were in a situation when something very dramatic happened, the president and the minions around the president had control of the narrative, you would pretty much know they would do the best they could to tell the story straight. Now that doesn’t happen any more. Now they take advantage of something like that and they work out how to re-elect the president.


He isn’t even sure if the recent revelations about the depth and breadth of surveillance by the National Security Agency will have a lasting effect.


Snowden changed the debate on surveillance


He is certain that NSA whistleblower Edward Snowden “changed the whole nature of the debate” about surveillance. Hersh says he and other journalists had written about surveillance, but Snowden was significant because he provided documentary evidence – although he is sceptical about whether the revelations will change the US government’s policy.


“Duncan Campbell [the British investigative journalist who broke the Zircon cover-up story], James Bamford [US journalist] and Julian Assange and me and the New Yorker, we’ve all written the notion there’s constant surveillance, but he [Snowden] produced a document and that changed the whole nature of the debate, it’s real now,” Hersh says.


“Editors love documents. Chicken-shit editors who wouldn’t touch stories like that, they love documents, so he changed the whole ball game,” he adds, before qualifying his remarks.


“But I don’t know if it’s going to mean anything in the long [run] because the polls I see in America – the president can still say to voters ‘al-Qaida, al-Qaida’ and the public will vote two to one for this kind of surveillance, which is so idiotic,” he says.


Holding court to a packed audience at City University in London’s summer school on investigative journalism, 76-year-old Hersh is on full throttle, a whirlwind of amazing stories of how journalism used to be; how he exposed the My Lai massacre in Vietnam, how he got the Abu Ghraib pictures of American soldiers brutalising Iraqi prisoners, and what he thinks of Edward Snowden.


Hope of redemption


Despite his concern about the timidity of journalism he believes the trade still offers hope of redemption.


“I have this sort of heuristic view that journalism, we possibly offer hope because the world is clearly run by total nincompoops more than ever … Not that journalism is always wonderful, it’s not, but at least we offer some way out, some integrity.”


His story of how he uncovered the My Lai atrocity is one of old-fashioned shoe-leather journalism and doggedness. Back in 1969, he got a tip about a 26-year-old platoon leader, William Calley, who had been charged by the army with alleged mass murder.


Instead of picking up the phone to a press officer, he got into his car and started looking for him in the army camp of Fort Benning in Georgia, where he heard he had been detained. From door to door he searched the vast compound, sometimes blagging his way, marching up to the reception, slamming his fist on the table and shouting: “Sergeant, I want Calley out now.”


Eventually his efforts paid off with his first story appearing in the St Louis Post-Despatch, which was then syndicated across America and eventually earned him the Pulitzer Prize. “I did five stories. I charged $100 for the first, by the end the [London] Times were paying $5,000.”


He was hired by the New York Times to follow up the Watergate scandal and ended up hounding Nixon over Cambodia. Almost 30 years later, Hersh made global headlines all over again with his exposure of the abuse of Iraqi prisoners at Abu Ghraib.


Put in the hours


For students of journalism his message is put the miles and the hours in. He knew about Abu Ghraib five months before he could write about it, having been tipped off by a senior Iraqi army officer who risked his own life by coming out of Baghdad to Damascus to tell him how prisoners had been writing to their families asking them to come and kill them because they had been “despoiled”.


“I went five months looking for a document, because without a document, there’s nothing there, it doesn’t go anywhere.”


Hersh returns to US president Barack Obama. He has said before that the confidence of the US press to challenge the US government collapsed post 9/11, but he is adamant that Obama is worse than Bush.


“Do you think Obama’s been judged by any rational standards? Has Guantanamo closed? Is a war over? Is anyone paying any attention to Iraq? Is he seriously talking about going into Syria? We are not doing so well in the 80 wars we are in right now, what the hell does he want to go into another one for. What’s going on [with journalists]?” he asks.


He says investigative journalism in the US is being killed by the crisis of confidence, lack of resources and a misguided notion of what the job entails.


“Too much of it seems to me is looking for prizes. It’s journalism looking for the Pulitzer Prize,” he adds. “It’s a packaged journalism, so you pick a target like – I don’t mean to diminish because anyone who does it works hard – but are railway crossings safe and stuff like that, that’s a serious issue but there are other issues too.


“Like killing people, how does [Obama] get away with the drone programme, why aren’t we doing more? How does he justify it? What’s the intelligence? Why don’t we find out how good or bad this policy is? Why do newspapers constantly cite the two or three groups that monitor drone killings. Why don’t we do our own work?


“Our job is to find out ourselves, our job is not just to say – here’s a debate’ our job is to go beyond the debate and find out who’s right and who’s wrong about issues. That doesn’t happen enough. It costs money, it costs time, it jeopardises, it raises risks. There are some people – the New York Times still has investigative journalists but they do much more of carrying water for the president than I ever thought they would … it’s like you don’t dare be an outsider any more.”


He says in some ways President George Bush’s administration was easier to write about. “The Bush era, I felt it was much easier to be critical than it is [of] Obama. Much more difficult in the Obama era,” he said.


Asked what the solution is Hersh warms to his theme that most editors are pusillanimous and should be fired.


“I’ll tell you the solution, get rid of 90% of the editors that now exist and start promoting editors that you can’t control,” he says. I saw it in the New York Times, I see people who get promoted are the ones on the desk who are more amenable to the publisher and what the senior editors want and the trouble makers don’t get promoted. Start promoting better people who look you in the eye and say ‘I don’t care what you say’.


Nor does he understand why the Washington Post held back on the Snowden files until it learned the Guardian was about to publish.


If Hersh was in charge of US Media Inc, his scorched earth policy wouldn’t stop with newspapers.


“I would close down the news bureaus of the networks and let’s start all over, tabula rasa. The majors, NBCs, ABCs, they won’t like this – just do something different, do something that gets people mad at you, that’s what we’re supposed to be doing,” he says.


Hersh is currently on a break from reporting, working on a book which undoubtedly will make for uncomfortable reading for both Bush and Obama.


“The republic’s in trouble, we lie about everything, lying has become the staple.” And he implores journalists to do something about it.


• This article was amended on 1 October 2013. The original text stated that Hersh sold a story about the My Lai massacre to the New York Times for $5,000 when in fact it was the Times of London. Hersh has pointed out that he was in no way suggesting that Osama bin Laden was not killed in Pakistan, as reported, upon the president’s authority: he was saying that it was in the aftermath that the lying began. Finally, the interview took place in the month of July, 2013.


N.S.A. Gathers Data on Social Connections of U.S. Citizens


September 28, 2013

by James Risen and Laura Poitras

New York Times



WASHINGTON — Since 2010, the National Security Agency has been exploiting its huge collections of data to create sophisticated graphs of some Americans’ social connections that can identify their associates, their locations at certain times, their traveling companions and other personal information, according to newly disclosed documents and interviews with officials.


The spy agency began allowing the analysis of phone call and e-mail logs in November 2010 to examine Americans’ networks of associations for foreign intelligence purposes after N.S.A. officials lifted restrictions on the practice, according to documents provided by Edward J. Snowden, the former N.S.A. contractor.


The policy shift was intended to help the agency “discover and track” connections between intelligence targets overseas and people in the United States, according to an N.S.A. memorandum from January 2011. The agency was authorized to conduct “large-scale graph analysis on very large sets of communications metadata without having to check foreignness” of every e-mail address, phone number or other identifier, the document said. Because of concerns about infringing on the privacy of American citizens, the computer analysis of such data had previously been permitted only for foreigners.


The agency can augment the communications data with material from public, commercial and other sources, including bank codes, insurance information, Facebook profiles, passenger manifests, voter registration rolls and GPS location information, as well as property records and unspecified tax data, according to the documents. They do not indicate any restrictions on the use of such “enrichment” data, and several former senior Obama administration officials said the agency drew on it for both Americans and foreigners.


N.S.A. officials declined to say how many Americans have been caught up in the effort, including people involved in no wrongdoing. The documents do not describe what has resulted from the scrutiny, which links phone numbers and e-mails in a “contact chain” tied directly or indirectly to a person or organization overseas that is of foreign intelligence interest.


The new disclosures add to the growing body of knowledge in recent months about the N.S.A.’s access to and use of private information concerning Americans, prompting lawmakers in Washington to call for reining in the agency and President Obama to order an examination of its surveillance policies. Almost everything about the agency’s operations is hidden, and the decision to revise the limits concerning Americans was made in secret, without review by the nation’s intelligence court or any public debate. As far back as 2006, a Justice Department memo warned of the potential for the “misuse” of such information without adequate safeguards.


An agency spokeswoman, asked about the analyses of Americans’ data, said, “All data queries must include a foreign intelligence justification, period.”


“All of N.S.A.’s work has a foreign intelligence purpose,” the spokeswoman added. “Our activities are centered on counterterrorism, counterproliferation and cybersecurity.”


The legal underpinning of the policy change, she said, was a 1979 Supreme Court ruling that Americans could have no expectation of privacy about what numbers they had called. Based on that ruling, the Justice Department and the Pentagon decided that it was permissible to create contact chains using Americans’ “metadata,” which includes the timing, location and other details of calls and e-mails, but not their content. The agency is not required to seek warrants for the analyses from the Foreign Intelligence Surveillance Court.


N.S.A. officials declined to identify which phone and e-mail databases are used to create the social network diagrams, and the documents provided by Mr. Snowden do not specify them. The agency did say that the large database of Americans’ domestic phone call records, which was revealed by Mr. Snowden in June and caused bipartisan alarm in Washington, was excluded. (N.S.A. officials have previously acknowledged that the agency has done limited analysis in that database, collected under provisions of the Patriot Act, exclusively for people who might be linked to terrorism suspects.)


But the agency has multiple collection programs and databases, the former officials said, adding that the social networking analyses relied on both domestic and international metadata. They spoke only on the condition of anonymity because the information was classified.


The concerns in the United States since Mr. Snowden’s revelations have largely focused on the scope of the agency’s collection of the private data of Americans and the potential for abuse. But the new documents provide a rare window into what the N.S.A. actually does with the information it gathers.


A series of agency PowerPoint presentations and memos describe how the N.S.A. has been able to develop software and other tools — one document cited a new generation of programs that “revolutionize” data collection and analysis — to unlock as many secrets about individuals as possible.


The spy agency, led by Gen. Keith B. Alexander, an unabashed advocate for more weapons in the hunt for information about the nation’s adversaries, clearly views its collections of metadata as one of its most powerful resources. N.S.A. analysts can exploit that information to develop a portrait of an individual, one that is perhaps more complete and predictive of behavior than could be obtained by listening to phone conversations or reading e-mails, experts say.


Phone and e-mail logs, for example, allow analysts to identify people’s friends and associates, detect where they were at a certain time, acquire clues to religious or political affiliations, and pick up sensitive information like regular calls to a psychiatrist’s office, late-night messages to an extramarital partner or exchanges with a fellow plotter.


“Metadata can be very revealing,” said Orin S. Kerr, a law professor at George Washington University. “Knowing things like the number someone just dialed or the location of the person’s cellphone is going to allow them to assemble a picture of what someone is up to. It’s the digital equivalent of tailing a suspect.”


The N.S.A. had been pushing for more than a decade to obtain the rule change allowing the analysis of Americans’ phone and e-mail data. Intelligence officials had been frustrated that they had to stop when a contact chain hit a telephone number or e-mail address believed to be used by an American, even though it might yield valuable intelligence primarily concerning a foreigner who was overseas, according to documents previously disclosed by Mr. Snowden. N.S.A. officials also wanted to employ the agency’s advanced computer analysis tools to sift through its huge databases with much greater efficiency.


The agency had asked for the new power as early as 1999, the documents show, but had been initially rebuffed because it was not permitted under rules of the Foreign Intelligence Surveillance Court that were intended to protect the privacy of Americans.


A 2009 draft of an N.S.A. inspector general’s report suggests that contact chaining and analysis may have been done on Americans’ communications data under the Bush administration’s program of wiretapping without warrants, which began after the Sept. 11 attacks to detect terrorist activities and skirted the existing laws governing electronic surveillance.


In 2006, months after the wiretapping program was disclosed by The New York Times, the N.S.A.’s acting general counsel wrote a letter to a senior Justice Department official, which was also leaked by Mr. Snowden, formally asking for permission to perform the analysis on American phone and e-mail data. A Justice Department memo to the attorney general noted that the “misuse” of such information “could raise serious concerns,” and said the N.S.A. promised to impose safeguards, including regular audits, on the metadata program. In 2008, the Bush administration gave its approval.


A new policy that year, detailed in “Defense Supplemental Procedures Governing Communications Metadata Analysis,” authorized by Defense Secretary Robert M. Gates and Attorney General Michael B. Mukasey, said that since the Supreme Court had ruled that metadata was not constitutionally protected, N.S.A. analysts could use such information “without regard to the nationality or location of the communicants,” according to an internal N.S.A. description of the policy.


After that decision, which was previously reported by The Guardian, the N.S.A. performed the social network graphing in a pilot project for 1 ½ years “to great benefit,” according to the 2011 memo. It was put in place in November 2010 in “Sigint Management Directive 424” (sigint refers to signals intelligence).


In the 2011 memo explaining the shift, N.S.A. analysts were told that they could trace the contacts of Americans as long as they cited a foreign intelligence justification. That could include anything from ties to terrorism, weapons proliferation or international drug smuggling to spying on conversations of foreign politicians, business figures or activists.


Analysts were warned to follow existing “minimization rules,” which prohibit the N.S.A. from sharing with other agencies names and other details of Americans whose communications are collected, unless they are necessary to understand foreign intelligence reports or there is evidence of a crime. The agency is required to obtain a warrant from the intelligence court to target a “U.S. person” — a citizen or legal resident — for actual eavesdropping.


The N.S.A. documents show that one of the main tools used for chaining phone numbers and e-mail addresses has the code name Mainway. It is a repository into which vast amounts of data flow daily from the agency’s fiber-optic cables, corporate partners and foreign computer networks that have been hacked.


The documents show that significant amounts of information from the United States go into Mainway. An internal N.S.A. bulletin, for example, noted that in 2011 Mainway was taking in 700 million phone records per day. In August 2011, it began receiving an additional 1.1 billion cellphone records daily from an unnamed American service provider under Section 702 of the 2008 FISA Amendments Act, which allows for the collection of the data of Americans if at least one end of the communication is believed to be foreign.


The overall volume of metadata collected by the N.S.A. is reflected in the agency’s secret 2013 budget request to Congress. The budget document, disclosed by Mr. Snowden, shows that the agency is pouring money and manpower into creating a metadata repository capable of taking in 20 billion “record events” daily and making them available to N.S.A. analysts within 60 minutes.


The spending includes support for the “Enterprise Knowledge System,” which has a $394 million multiyear budget and is designed to “rapidly discover and correlate complex relationships and patterns across diverse data sources on a massive scale,” according to a 2008 document. The data is automatically computed to speed queries and discover new targets for surveillance.


A top-secret document titled “Better Person Centric Analysis” describes how the agency looks for 94 “entity types,” including phone numbers, e-mail addresses and IP addresses. In addition, the N.S.A. correlates 164 “relationship types” to build social networks and what the agency calls “community of interest” profiles, using queries like “travelsWith, hasFather, sentForumMessage, employs.”


A 2009 PowerPoint presentation provided more examples of data sources available in the “enrichment” process, including location-based services like GPS and TomTom, online social networks, billing records and bank codes for transactions in the United States and overseas.


At a Senate Intelligence Committee hearing on Thursday, General Alexander was asked if the agency ever collected or planned to collect bulk records about Americans’ locations based on cellphone tower data. He replied that it was not doing so as part of the call log program authorized by the Patriot Act, but said a fuller response would be classified.


If the N.S.A. does not immediately use the phone and e-mail logging data of an American, it can be stored for later use, at least under certain circumstances, according to several documents.


One 2011 memo, for example, said that after a court ruling narrowed the scope of the agency’s collection, the data in question was “being buffered for possible ingest” later. A year earlier, an internal briefing paper from the N.S.A. Office of Legal Counsel showed that the agency was allowed to collect and retain raw traffic, which includes both metadata and content, about “U.S. persons” for up to five years online and for an additional 10 years offline for “historical searches.”



James Risen reported from Washington and New York. Laura Poitras, a freelance journalist, reported from Berlin.


In Test Project, N.S.A. Tracked Cellphone Locations


October 2, 2013

by Charlie Savage 

New York Times


WASHINGTON — The National Security Agency conducted a secret pilot project in 2010 and 2011 to test the collection of bulk data about the location of Americans’ cellphones, but the agency never moved ahead with such a program, according to intelligence officials.


The existence of the pilot project was reported on Wednesday morning by The New York Times and later confirmed by James R. Clapper, the director of national intelligence, at a Senate Judiciary Committee hearing. The project used data from cellphone towers to locate people’s cellphones.


In his testimony, Mr. Clapper revealed few details about the project. He said that the N.S.A. does not currently collect locational information under Section 215 of the Patriot Act, the provision the government says is the legal basis for the N.S.A.’s once-secret program under which it collects logs of all domestic calls from telephone companies.


“In 2010 and 2011, N.S.A. received samples in order to test the ability of its systems to handle the data format, but that data was not used for any other purpose and was never available for intelligence analysis purposes,” Mr. Clapper said.


He added that the N.S.A. had promised to notify Congress and seek the approval of a secret surveillance court in the future before any locational data was collected using Section 215.


An official familiar with the test project said its purpose was to see how the locational data would flow into the N.S.A.’s systems. While real data was used, it was never drawn upon in any investigation, the official said. It was unclear how many Americans’ locational data was collected as part of the project, whether the agency has held on to that information or why the program did not go forward.


But Senator Ron Wyden, an Oregon Democrat who receives classified briefings as a member of the Intelligence Committee and who has raised concerns about cellphone location tracking, said in a statement that there was more to know about the matter than the government had now declassified.


“After years of stonewalling on whether the government has ever tracked or planned to track the location of law-abiding Americans through their cellphones, once again, the intelligence leadership has decided to leave most of the real story secret — even when the truth would not compromise national security,” Mr. Wyden said.


 Gen. Keith B. Alexander, the director of the N.S.A., who also testified Wednesday at the hearing, sharply criticized an article on the agency in The New York Times on Sunday. He said it was “flat wrong” that the agency was “creating dossiers on Americans from social networks.” He added that “we’re not creating social networks on our families.”


 The article, based on documents leaked by the former N.S.A. contractor Edward J. Snowden, said that the agency changed a policy several years ago to allow “contact chaining” of Americans who had been in touch, directly or indirectly, with foreign intelligence suspects, using phone and e-mail logging data. It also described the process of data “enrichment,” by which other data — including information that is publicly or commercially available — is added to flesh out analysts’ understanding of people associated with various phone numbers in the social network analysis.


The article said it was not known how many Americans’ data was used in this process.


The chairman of the Senate Judiciary Committee, Senator Patrick Leahy, Democrat of Vermont, said Wednesday that he was drafting legislation to eliminate the N.S.A.’s ability to systematically obtain Americans’ calling records.


“The government has not made its case that bulk collection of domestic phone records is an effective counterterrorism tool, especially in light of the intrusion on American privacy,” Mr. Leahy said.


But Senator Dianne Feinstein of California, the chairwoman of the Senate Intelligence committee, warned that ending the bulk call records program would increase the risk of a terrorist attack.


“I so regret what is happening; I will do everything I can to prevent this program from being canceled out,” she said.


Questions about what, if anything, the agency has been doing to track Americans’ movements using cellphone location data have been simmering for years. The issue flared up again after an ambiguous exchange between Mr. Wyden and General Alexander at a Senate Intelligence Committee hearing last week.


Mr. Wyden has been a critic of domestic surveillance programs and filed legislation in 2011 and again this year to require warrants for obtaining someone’s locational data in a criminal investigation. He has not disclosed what prompted his concerns.


At the hearing last week, Mr. Wyden asked Mr. Alexander “whether the N.S.A. has ever collected or made any plans to collect Americans’ cell-site information in bulk.”


General Alexander replied that the N.S.A. was not “receiving cell-site location data and has no current plans to do so” under Section 215 of the Patriot Act, which allows the secret surveillance court to issue orders for records from businesses — like telephone companies — if the records are “relevant” to an intelligence investigation.


But General Alexander also said last week that there was other classified information that the N.S.A. had sent to the committee that provided “additional detail.”


It is unclear whether long-term tracking of people’s movements by the government raises privacy rights under the Fourth Amendment. In a 1979 case involving the small-scale collection of calling logs, the Supreme Court ruled that such records were not protected by constitutional privacy rights because people had already revealed the existence of their calls to telephone companies.


But in a 2012 case about the police’s use of a GPS tracker attached to a suspect’s car, five justices suggested that any long-term, automated collection of a person’s publicly displayed actions might raise Fourth Amendment issues.


James Risen contributed reporting.


‘The End of Global Privacy’: Greenwald Talks NSA


In extended online forum Guardian journalist and editor discuss implications of their paper’s work on global surveillance state


October 2, 2013

by Jon Queally, staff writer

Common Dreams


Journalist Glenn Greenwald and Guardian US editor-in-chief Janine Gibson on Tuesday afternoon participated in a 90 minute live Q&A on Reddit in which they answered questions related to the past, current, and future reporting on the NSA revelations made possible by documents released by whistleblower Edward Snowden.


On Wednesday, Greenwald posted a few highlights from that online forum—known on Reddit as an “ask me anything” session (or AMA)—on his page at the Guardian. The complete AMA can be viewed here.


According to Greenwald, the session was “largely smart and provocative” and he made special mention of two issues that surfaced during the hour and a half discussion: 1) the degree to which Snowden has aggressively tried to maintain a low profile in order to keep the spotlight off of him and on the NSA programs themselves; and 2) the role that the Democratic Party, specifically under Obama, has exposed its deep hyprocrisy on national security and surveillance issues in the wake of the disclosures.


In addition, Common Dreams scanned the AMA and picked out a few notable questions and their corresponding responses.


Will there be any more groundbreaking leaks? Also, how do you feel about the response from the American people?


Greenwald (GG): There are definitely huge new stories to come: many more. I’ve said that from the start every time I was asked and I think people see by now that it’s true. In fact, as Janine said the other day, the documents and newsworthy revelations are so massive that no one news organization can possibly process them all.


As for public opinion, I’m incredibly gratified that Americans, and people around the world, have been so engaged by these issues and that public opinion polls show radical shifts in how people perceive that threats to their privacy/civil liberties from their own government are greater than threats to their safety from The Terrorists.


Is it too late to roll back the surveillance state?


Gibson (JG): I think this is the question we’ve all been asking. It’s at the heart of this story. And we fundamentally think it’s a debate best had in the open. It’s going to come down to what citizens, users and voters think about how much they’re prepared to give up in order to feel secure. It’s not an easy question.


We had an event recently in NYC and the former general counsel for the NSA said this is a debate that has to be had once a generation — that each generation needs to feel it has given consent. I think that’s an interesting point. It certainly feels like there are a couple of generations who have been taken aback by the sheer size and scale of surveillance.


With so many people working with these documents in so many locations, how do you keep these documents secure (in terms of both from less discerning journalistic operations and from antagonistic governments)?


(GG): We use highly advanced means of encryption.


Remember, the only ones whose op sec has proven horrible and who has lost control of huge numbers of documents is the NSA and GCHQ.


We have lost control of nothing. All of the documents we have remain secure.


Do you feel that the protections that journalists count on are disappearing? Is journalism as a whole in danger? Can we in the US trust our major publications for the true story or is there too much manipulation? Is Rupert Murdoch the Anti-Christ?


(JG): This is a critical time for journalistic freedom and there are two major shifts which are threatening important work. One is the attempt to categorise “who is a journalist” which we are in danger, as an industry, of enabling. I feel profoundly uncomfortable about any line drawn around pay, employer, hours or volume of work which will define a “real” journalist. And then only the “real” journalists will be protected.


I don’t think that’s how the world works anymore, so that’s problematic.


The second is the attempt to define journalism as outside the national interest and the Guardian has felt the impact of that in the UK, when the government demanded we destroy some of the material we were working on. That’s much less problematic here in the US where we enjoy the protection of the first amendment. Let’s hope we can all continue to use that protection to do good reporting.


Is Rupert Murdoch the Anti-Christ? Is there only one?


What would you say is the single most shocking revelation that Snowden has leaked and why?


(GG): The general revelation that the objective of the NSA is literally the elimination of global privacy: ensuring that every form of human electronic communication – not just those of The Terrorists™ – is collected, stored, analyzed and monitored.


The NSA has so radically misled everyone for so long about its true purpose that revealing its actual institutional function was shocking to many, many people, and is the key context for understanding these other specific revelations.


I’m curious about the offensive cyberactions of the US. Will you write more about it? Can you tell us about aggressions made by the US?


(GG): In my view, the two most overlooked stories we’ve published are the one you reference (about the secret presidential directive signed by Obama to prepare for offensive cyber operations: essentially the militarization of the internet) and the document we recently published showing NSA gives unminimized communications of US persons to Israel with very few binding safeguards.


I hope we’ll have more on the topic you asked about, though so far the information is limited.


Are there any documents that you personally think should remain unreleased because of National Security?


(GG): I personally would not publish documents that could help other states learn how better to spy on their own citizens. I also would not publish the names of covert agents or agency employees (except for publicly identified high-ranking political officials), or documents that could unfairly smear/defame someone.


Do you ever worry about your safety?


(GG): All good journalism entails risk, by definition, because all good journalism makes someone powerful angry. It’s important to be rationally aware of those risks and take reasonable precautions, but not fixate on them or, under any circumstances, allow them to deter you in doing what you thin should be done. Fearlessness can be its own form of power.



The NSA has so radically misled everyone for so long about its true purpose that revealing its actual institutional function was shocking to many, many people, and is the key context for understanding these other specific revelations.


I’m curious about the offensive cyberactions of the US. Will you write more about it? Can you tell us about aggressions made by the US?


(GG): In my view, the two most overlooked stories we’ve published are the one you reference (about the secret presidential directive signed by Obama to prepare for offensive cyber operations: essentially the militarization of the internet) and the document we recently published showing NSA gives unminimized communications of US persons to Israel with very few binding safeguards.


I hope we’ll have more on the topic you asked about, though so far the information is limited.


Are there any documents that you personally think should remain unreleased because of National Security?


(GG): I personally would not publish documents that could help other states learn how better to spy on their own citizens. I also would not publish the names of covert agents or agency employees (except for publicly identified high-ranking political officials), or documents that could unfairly smear/defame someone.


Do you ever worry about your safety?


(GG): All good journalism entails risk, by definition, because all good journalism makes someone powerful angry. It’s important to be rationally aware of those risks and take reasonable precautions, but not fixate on them or, under any circumstances, allow them to deter you in doing what you thin should be done. Fearlessness can be its own form of power.



Lavabit Founder Waged Privacy Fight as F.B.I. Pursued Snowden


October 2, 2013

by Nicole Perlroth

New York Times


DALLAS — One day last May, Ladar Levison returned home to find an F.B.I. agent’s business card on his Dallas doorstep. So began a four-month tangle with law enforcement officials that would end with Mr. Levison’s shutting the business he had spent a decade building and becoming an unlikely hero of privacy advocates in their escalating battle with the government over Internet security.Prosecutors, it turned out, were pursuing a notable user of Lavabit, Mr. Levison’s secure e-mail service: Edward J. Snowden, the former National Security Agency contractor who leaked classified documents that have put the intelligence agency under sharp scrutiny. Mr. Levison was willing to allow investigators with a court order to tap Mr. Snowden’s e-mail account; he had complied with similar narrowly targeted requests involving other customers about two dozen times.


But they wanted more, he said: the passwords, encryption keys and computer code that would essentially allow the government untrammeled access to the protected messages of all his customers. That, he said, was too much.


“You don’t need to bug an entire city to bug one guy’s phone calls,” Mr. Levison, 32, said in a recent interview. “In my case, they wanted to break open the entire box just to get to one connection.”


On Aug. 8, Mr. Levison closed Lavabit rather than, in his view, betray his promise of secure e-mail to his customers. The move, which he explained in a letter on his Web site, drew fervent support from civil libertarians but was seen by prosecutors as an act of defiance that fell just short of a crime.


The full story of what happened to Mr. Levison since May has not previously been told, in part because he was subject to a court’s gag order. But on Wednesday, a federal judge unsealed documents in the case, allowing the tech entrepreneur to speak candidly for the first time about his experiences. He had been summoned to testify to a grand jury in Virginia; forbidden to discuss his case; held in contempt of court and fined $10,000 for handing over his private encryption keys on paper and not in digital form; and, finally, threatened with arrest for saying too much when he shuttered his business.


Spokesmen for the Justice Department and the F.B.I. said they had no comment beyond what was in the documents.


Mr. Levison’s battle to preserve his customers’ privacy comes at a time when Mr. Snowden’s disclosures have ignited a national debate about the proper limits of surveillance and government intrusion into American Internet companies that promise users that their digital communications are secure.


Much of the attention has been focused on Internet giants like Microsoft and Google. Lavabit, with just two employees and perhaps 40,000 regular users, was a midget by comparison, but its size and Mr. Levison’s personal pledge of security made it attractive to tech-savvy users like Mr. Snowden.


While Mr. Levison’s struggles have been with the F.B.I., hovering in the background is the N.S.A., which has worked secretly for years to undermine or bypass encrypted services like Lavabit so that their electronic message scrambling cannot obstruct the agency’s spying. Earlier in September, The New York Times, ProPublica and The Guardian wrote about the N.S.A.’s campaign to weaken encryption. Mr. Levison’s case shows how law enforcement officials can use legal tools to pry open messages, no matter how well protected.


Mr. Levison said he set up Lavabit to make it impossible for outsiders, whether governments or hackers, to spy on users’ communications. He followed the government’s own secure coding guidelines, based on the N.S.A.’s technical guidance, and engineered his systems so as not to log user communications. That way, even if he received a subpoena for a user’s communications, he would not be able to gain access to them. For added measure, he gave customers the option to pay extra to encrypt their e-mail and passwords.


Mr. Levison, who studied politics and computer science at Southern Methodist University, started Lavabit in April 2004, the same month Google rolled out Gmail. To pay his bills, he worked as a Web consultant, helping develop Web sites for major brands like Dr Pepper, Nokia and Adidas. But by 2010, the e-mail service had attracted enough paying customers to allow Mr. Levison to turn to Lavabit full time.


On occasion, he was asked to comply with government requests for specific e-mail accounts, including that of a child pornography suspect in Maryland this year. Mr. Levison said he had no qualms about cooperating with such demands, but the latest request was far broader, apparently to allow investigators to track Mr. Snowden’s whereabouts and associates. When Mr. Levison called the F.B.I. agent who had left the business card, the agent seemed interested in learning how Lavabit worked and what tools would be necessary to eavesdrop on an encrypted e-mail account


The agent did not mention at first who the government was pursuing, and Mr. Levison will not name the targets of the government’s investigation. The name was redacted from the court order unsealed Wednesday, but the offenses listed are violations of the Espionage Act, and the timing of the government’s case coincides with its leak investigation into Mr. Snowden, which began in May when he fled Hawaii for Hong Kong carrying laptops containing thousands of classified documents.


By then, Mr. Snowden’s Lavabit e-mail address was already public. He had listed his personal Lavabit e-mail address in January 2010, and was still using a Lavabit address this July, when he summoned reporters to a news conference at the Moscow airport.


That e-mail invitation proved to be an unintended endorsement for Lavabit’s security. Before that, Mr. Levison said that, on average, Lavabit was signing up 200 new users daily. In the days after Mr. Snowden’s e-mail, more than 4,000 new customers joined each day.


But a month before the news conference, court documents show, Mr. Levison had already received a subpoena for Mr. Snowden’s encrypted e-mail account. The government was particularly interested in his e-mail metadata — with whom Mr. Snowden was communicating, when and from where. The order, from the Federal District Court in Alexandria, Va., required Mr. Levison to log Mr. Snowden’s account information and provide the F.B.I. with “technical assistance,” which agents told him meant handing over the private encryption keys, technically called SSL certificates, that unlock communications for all users, he said.


“It was the equivalent of asking Coca-Cola to hand over its secret formula,” Mr. Levison said.


By July, he said, he had 410,000 registered users. Similar services like Hushmail, a Canadian encrypted e-mail service, had lost users in 2007 after court documents revealed that the company had handed 12 CDs’ worth of decoded e-mails from three Hushmail accounts to American law enforcement officials through a mutual assistance treaty.


“The whole concept of the Internet was built on the idea that companies can keep their own keys,” Mr. Levison said. He told the agents that he would need their request for his encryption keys in writing.


A redacted version of that request, which was among the 23 documents that were unsealed, shows that the court issued an order July 16 for Lavabit’s encryption keys. Prosecutors said they had no intention of collecting any information on Lavabit’s 400,000 other customers. “There’s no agents looking through the 400,000 other bits of information, customers, whatever,” Jim Trump, one of the prosecutors, said at a closed Aug. 1 hearing.


But Mr. Levison said he spent much of the following day thinking of a compromise. He would log the target’s communications, unscramble them with the encryption keys and upload them to a government server once a day. The F.B.I. told him that was not enough. It needed his target’s communications “in real time,” he said.


“How as a small business do you hire the lawyers to appeal this and change public opinion to get the laws changed when Congress doesn’t even know what is going on?” Mr. Levison said.


When it was clear Mr. Levison had no choice but to comply, he devised a way to obey the order but make the government’s intrusion more arduous. On Aug 2, he infuriated agents by printing the encryption keys — long strings of seemingly random numbers — on paper in a font he believed would be hard to scan and turn into a usable digital format. Indeed, prosecutors described the file as “largely illegible.”


On Aug. 5, Judge Claude M. Hilton ordered a $5,000-a-day fine until Mr. Levison produced the keys in electronic form. Mr. Levison’s lawyer, Jesse R. Binnall, appealed both the order to turn over the keys and the fine.


After two days, Mr. Levison gave in, turning over the digital keys — and simultaneously closing his e-mail service, apologizing to customers on his site. That double maneuver, a prosecutor later told his lawyer, fell just short of a criminal act.


He hopes to resurrect the business he spent a decade building. “This wasn’t about one person,” Mr. Levison said. “This was about the lengths our government was willing to go to conduct Internet surveillance on one person.”



Adobe warns 2.9 million customers of data breach after cyber-attack

Software company discloses hack and advises customers that names and encrypted credit card numbers may have been stolen


October 3, 2013

by Adam Gabbatt in New York

The Guardian  


            The computer software company Adobe has been hacked, potentially compromising the data of 2.9 million customers, the company revealed on Thursday.


Adobe said “sophisticated attacks” had been carried out “very recently”.


“Our investigation currently indicates that the attackers accessed Adobe customer IDs and encrypted passwords on our systems,” said Brad Arkin, chief security officer at Adobe.


“We also believe the attackers removed from our systems certain information relating to 2.9 million Adobe customers, including customer names, encrypted credit or debit card numbers, expiration dates, and other information relating to customer orders.”


Arkin said he did not believe the attackers had removed decrypted credit or debit card numbers from its systems.


“We deeply regret that this incident occurred,” he said. Arkin did not specify the level of encryption of the data stolen.


It has reset passwords on customers’ accounts and recommended that customers change their passwords on any other website where they used the same code. Customers whose credit and debit card information will be notified by Adobe, it said, and the company has also alerted federal law enforcement.


Adobe also said it would give affected customers the option of enrolling in a one-year complimentary credit monitoring membership.


In a separate statement posted on Wednesday, Adobe said there had also been an illegal access of its source code for Adobe Acrobat, ColdFusion and other software. It said it was “not aware of any specific increased risk to customers” as a result of the breach.

The following have been identified as being involved in CIA rendition.



Aviation Worldwide Services, LLC, sister company to Presidential (see below), both owned by Blackwater, USA Melbourne, FL, mercenaries. 1371 General Aviation Drive, Melbourne, Brevard County, Florida 32935-6310


Aviation Worldwide Services LLC (AWS) is a sister company to Presidential Airways, Inc., both of which are owned by Blackwater USA, Melbourne, FL. AWS owns the planes, and Presidential Airways operates them. The company appears to provide air services to the CIA – flight records show that its N964BW has made at least two trips to the agency’s Camp Peary training facility and N962BW went there in May 2006 Another plane it owns, N968BW, flew from Washington Dulles International Airport to Camp Peary on March 13, 2007.

Bayard Foreign Marketing LLC is is alleged to have been involved in extraordinary rendition. Bayard is a “phantom company registered in Oregon State since August 2003. 755 Pittock Block, 921 SW Washington Street ,Portland, OR 97205 Located in Multnomah County, OR Plane Registered to Bayard. The following plane was formerly owned by Bayard and was registered to Premier Executive Transport Services, Inc. after December 2004: r-N8068V (now N44982; ex N379P, N581GA) – Gulfstream V – s/n 581 r-N44982 (ex N379P, N8068V, N581GA) – Gulfstream V – s/n 581


Keeler and Tate Management LLC (AVSPEC) Legal counsel for Keeler and Tate is Streven F. Petersen who is involved in political public relations. Petersen shares an office with Paul D.Laxalt and Frank R. Petersen  The following are identified according to Number, Maker Model, and Serial Number (as of January 2006). r-N313P (now N4476S) – Boeing 737-7ET – s/n 33010 (ex- Premier Executive Transport Services, Inc. r-N4476S (N313P) – Boeing 737-7ET – s/n 33010 (ex-Premier N313P)


Path Corporation Path’s address is that of Barbara-Cherix O’Leay a real estate lawyer. 413 Rehoboth Avenue / PO Box 305, Rehoboth Beach, DE 19971, Located in Sussex County, DEThe following planes are registered to Path: N120JM – Fairchild SA227-AT – s/n AT-577 N212CP – Cessna 208B – s/n 208B0531 r-N221SG – Gates Learjet 35A – s/n 182


Premier Executive Transport Services, Inc. is an aviation contractor. the company had originally been incorporated in Delaware on Jan. 10, 1994. “On Jan. 23, 1996, Dean Plakias, a lawyer with Hill & Plakias in Dedham, Mass., filed incorporation papers with the Commonwealth of Massachusetts listing the company’s president as Bryan P. Dyess. According to public documents, Premier Executive ordered a new Gulfstream V in 1998. It was delivered in November 1999 with tail number N581GA, and re-registered in March 2000 with a new tail number, N379P. It began flights in June 2000, and changed the tail number again in December 2003.”


Presidential Airways, Inc. is a sister company to  Aviation Worldwide Services, LLC  (AWS), both of which are owned by Blackwater, USA  Melbourne, FL.


S&K Aviation, LLC is involved in Extraodrinary Rendition S&K was “first registered in Florida in December 2003 and is an active company with a registered agent.”


Wells Fargo Bank Northwest NA, a subsidiary of  Wells Fargo & Company, is Trustee for the aircraft N168BF, a Raytheon Hawker 800XP with Serial # 258373.

Rapid Air Transportation, Inc. Planes Registered to Rapid Air 10606 Baltimore Avenue ,Suite 300 , Beltsville, Prince George’s County,  MD 20705-2131Rapid is the registered owner of the following planes. However, they are operated by Tepper Aviation, Inc. N2189MLockheed 382G-44K-30 – s/n 4582, N4557C Lockheed 382G-44K-30 – s/n 5027, N8193J Lockheed 382G-44K-30 – s/n 4796

Stevens Leasing, Inc. Stevens was incorporated by Mark E. Klass (see Devon Holding & Leasing, Inc.), who is now a judge in Lexington, NC. 8130 Country Village Drive, Suite 101 Cordova, TN 38016  Located in Shelby County, TN.Planes Registered to Stevens N173S – Beech B300 – s/n FM-4 N845S – Douglas DC3 – s/n 25509 (43-48248)  N4009L – Raytheon B300C – s/n FM-9 N4042J – Beech B200 – s/n BB-874

Tepper Aviation, Inc. is based at the Bob Sikes Airport in Crestview, Florida. The company has a long association with the CIA. In the late 1980s and early 1990s, it was widely reported to be flying weapons into Angola to arm the UNITA rebels. More recently, it has been linked with the practice of extraordinary rendition.  Tepper is closely connected  with Crestview Aerospace Corporation: it shares the same address, and Charles R. Shanklin is a director of both companies. Additionally, Tepper director Jack E. Owen was President of Crestview Aerospace until 2001. Tepper uses a Hercules aircraft, with the registration N3867X.


CIA Cryptonyms




AE Soviet Union sources, in particular defectors and agents. “Cold Warrior” p.166, Mary’s DB AE entry. MFF.
AEBARMAN Soviet officer Yuri Ivonovich Nosenko, who defected in Feb 1964 with information about Oswald. His other crypts were AEFOXTROT and AEDONOR. “The Secret History of the CIA” p.491, Mary’s DB Nosenko entry. MFF.
AEBURBLE Stateside Soviet double-agent controlled by the FBI, and code-named TUMBLEWEED by the FBI. Actual name Guenter Schulz. AEBURBLE (TUMBLEWEED)’s information was what made the connection between Valeriy Kostikov and the KGB’s “Department 13.” 104-10068-10183, 104-10436-10025, 104-10414-10342, 104-10015-10433, 104-10419-10021. Jerry Ennis.
AEDONOR Soviet officer Yuri Ivonovich Nosenko, who defected in Feb 1964 with information about Oswald. His other crypts were AEBARMAN and AEFOXTROT. “Cold Warrior” p.166, 104-10054-10378, 104-10429-10115. MFF.
AEFOXTROT Soviet officer Yuri Ivonovich Nosenko, who defected in Feb 1964 with information about Oswald. His other crypts were AEBARMAN and AEDONOR. “Passport to Assassination” p.222, 104-10312-10354. MFF.
AEGUSTO Yuriy Loginov, a KGB officer who became an in-place double agent for the CIA. “Cold Warrior” p.22, Mary’s DB Longinov entry. MFF.
AELADLE Anatoliy Golitsyn, a Soviet defector prized by CIA CounterIntelligence head James Angleton. CIA Family Jewels p.28, “Cold Warrior” p.81, 104-10263-10006. MFF.





AM Operations, organizations, and individuals relating to Cuba.    
AMBANG-1 Manuel Ray Rivero, leader of the Revolutionary Movement of the People (MRP) and later Junta Revolucionaria Cubana (JURE).    
AMBANTY Paramilitary operation of internal resistance in Cuba, originally called AMCOBRA, rolled up by Castro in 1964.    
AMBANTY-1 Colonel Abad (see AMBANTY).    
AMBIDDY-1 Manuel Artime Buesa, a prominent Cuban exile who was in the Bay of Pigs invasion, in 1963 moved to Nicaragua as leader of operation AMWORLD.    
AMBUD Cuban Revolutionary Council (CRC), Cuban exile organization formed on 22 Mar 1961 under U.S. guidance to unify various exile groups.    
AMBUD-1 Jose Miro Cardona, first Prime Minister of Cuba under Castro, who left Cuba and headed the Cuban Revolutionary Council (CRC) exile group.    
AMCALL-1 Reynold Gonzalez Gonzalez.    
AMCANOE Project of U.S. contacts for a resistance group in Cuba, incl. support of Unidad de Liberacion Nacional (ULN).    
AMCANOE-1 Eduardo Garcia Molina.    
AMCANOE-3 Antonio Jose Ramirez Mendez.    
AMCANOE-7 Benjamin Acosta Valdes.    
AMCANOE-9 Juan Amestoy Dominguez.    
AMCAPE-1 Tad Szulc, New York Times journalist involved in AMTRUNK project, suspected by CIA of being hostile foreign agent.    
AMCARBON-1 Al Burt, Miami Herald journalist used as source and “operational support” for CIA’s JMWAVE station.    
AMCARBON-3 Donald Dean Bohning, Latin American editor of Miami Herald and CIA source.    
AMCIGAR Frente Revolucionario Democratico (FRD), aka Cuban Democratic Revolutionary Front.    
AMCLATTER-1 Bernard Leon Barker, Cuban exile and contract agent for CIA, worked with E. Howard Hunt and Frank Sturgis. One of the Watergate burglars.    
AMCLATTER-5 Alberto de Jesus Alberty Garcia.    
AMCOBRA Paramilitary operation of internal resistance in Cuba, renamed AMBANTY, rolled up by Castro in 1964.    
AMCOVE An “operation centered around an FI (Foreign Intelligence) net in Cuba to report intelligence information via Secret Writing.”    
AMCOVE-1 Alejandra Sanchez.    
AMDENIM-1 Alberto Fernandez Hechevarria, Cuban exile whose boat Tejana was used in anti-Castro activities.    
AMEMBER-1 Julio Lobo, sugar magnate in Cuba and later an exile and donor to the anti-Castro cause.    
AMFAUNA Network of in-Cuba agents, nearly all women, providing military, political, and economic reporting, including reports on attempts to kill Castro.    
AMHAWK Manuel Antonio (Tony) de Varona, a leader in the Cuban Revolutionary Council and other anti-Castro exile groups.    
AMHIM Project for the “distribution of news and information bulletins and radio newscast tapes to addresses throughout Latin America” via AIP (Agencia de Informaciones Periodisticas).    
AMHIM-2 Agustin Alles Soberon, worked under AMHIM project and also for Juana Castro’s radio program.    
AMHINT-5 Isidro ‘Chilo’ Borja, early member of the DRE. Educated as an engineer in Canada, he controlled the group’s boats and headed the group’s military section in 1963    
AMHINT-53 Luis Fernandez-Rocha, Secretary General of the Revolutionary Student Directorate (DRE).    
AMHINT-56 Juan Francisco Blanco Fernandez, participated in DRE raids on Cuba.    
AMICE-14 Miguel A. Diaz Isalgue, a “principal” in the AMTRUNK operation.    
AMICE-27 Dr. Nestor Moreno, a “principal” in the AMTRUNK operation.    
AMKHAN-2 Carlos Martin Ahrens Temple, Western Union employee in Cuba recruited by CIA agent Bernard Barker (AMCLATTER-1).    
AMLASH Rolando Cubela Secades, a Cuban doctor and official who was recruited in 1963 for an assassination attempt on Castro. Cubela was being given a CIA poison pen on Nov 22 when news of JFK’s death broke.    
AMLEO “An FI propaganda operation involving the exploitation of Capt. Jose Ricardo Rabel Nunez (AMLEO-3), a high-level defector who escaped from Cuba in an INRA plane on 6 December 1962.”    
AMLEO-3 Capt. Jose Ricardo Rabel Nunez, “a high-level defector who escaped from Cuba in an INRA plane on 6 December 1962.”    
AMLOUT-1 Raul Castro, brother of Fidel.    
AMMUG-1 Cuban intelligence officer named Vladimir Lahera Rodriguez, who defected to U.S. via Canada in April 1964, and was interrogated about Oswald in addition to other matters.    
AMNIP-1 Miguel Roche Monroy – Cuban DGI defector.    
AMOT “Cubans in Miami (outside group) controlled by JMWAVE station who gathered information on Cubans, primarily from debriefing of Cuban refugees.”    
AMPALM-4 Angel Fernandez Varela.    
AMQUACK (AMQUACK-1) Che Guevera, guerrilla leader and minister in Castro’s Cuba, killed in Bolivia in 1968.    
AMROD CIA operations against the Cuban intelligence service. One such operation involved planting false papers on Cuban Cultural Attache Teresa Proenza, to make it look like the Vice-Minister of Defense had betrayed the Soviet missile buildup in Cuba to the Americans.    
AMSHALE-1 Antonia Veciana, leader of Cuban exile group ALPHA-66. Veciana told HSCA investigator Gaeton Fonzi that he had worked with a “Maurice Bishop” who Fonzi came to believe was CIA officer David Phillips.    
AMSPELL The Directorio Revolucionario Estudiantil, or DRE (Cuban Student Directorate). DRE delegate Carlos Bringuier had the famous altercation with Lee Oswald in New Orleans in the summer of 1963, and DRE members quickly spread information about Oswald after JFK’s assassination.    
AMSTRUT-2 Juana de la Caridad Castro Ruz, sister of Fidel and Raul, who ran a radio program against her brothers’ regime.    
AMSWIRL-1 Customs agent Cesar Diosdado.    
AMTHUG Fidel Castro, the Cuban leader who took power in 1959 and whose demise the U.S. began unsuccessfully plotting soon thereafter.    
AMTRUNK Operation for military overthrow of Castro’s government in 1963, promoted within White House circles but distrusted by CIA. Aka Plan Leonardo.    
AMTRUNK-1 George Volsky.    
AMTRUNK-9 Modesto Orlando Orozco Basulto.    
AMTRUNK-10 Ramon Thomas Guin Diaz.    
AMTRUNK-11 Carlos Pedraza Aguilar.    
AMTURVY An operation “designed for the purpose of conducting sabotage operations against Cuba. It consisted of a net of 13 AMTURVY assets whose primary function, apart from sabotage, was the preparation of target studies and analysis of sabotage operations.”    
AMTURVY-1 Alturo Maria Jesus Varona [Alesso?].    
AMTURVY-4 Enrique Diaz Fernandez.    
AMTURVY-13 Mario Salabarria Aguiar.    
AMUPAS-1 Viola June Cobb, who informed for CIA under crypt AMUPAS-1 while working for Castro, and played a role in the Elena Garro de Paz story, with Mexican crypt LICOOKY-1.    
AMWAIL-1 Justo Carillo Hernandez, leader of Agrupacion Montecristi and a founding member of the Frente Civico Revolucionario (FRD), forerunner of the CRC.    
AMWORLD Plan to invade Cuba from offshore, primarily involving Manuel Artime (AMBIDDY-1), based in Nicaragua. Lamar Waldron (“Ultimate Sacrifice”) interprets this as the CIA’s portion of a JFK-sponsored coup plan set for 1 Dec 1963 involving Juan Almeida.    





GP Crypts apparently related to the Kennedys, including JFK’s alleged assassin.    
GPFLOOR Lee Harvey Oswald (post-assassination designation).    
GPFOCUS Robert F. Kennedy, JFK’s brother and Attorney General in the JFK administration.    
GPIDEAL President Kennedy.    




HT ???
HTLINGUAL CIA mail opening and mail cover program, operated from 1952 to 1973. Lee Harvey Oswald was one of this program’s targets.




JM ???    
JMBAR Key West, Florida.    
JMWAVE CIA Station in Miami, training facility for anti-Cuban operations, existing on what is now the site of the Miami Zoo.    





KU Divisions of the CIA itself.    
KUCAGE CIA Psychological and Paramilitary Operations Staff.    
KUCLUB CIA Office of Communications.    
KUDESK Counter Intelligence (CI) division of CIA.    
KUDOVE Clandestine services of CIA.    
KUSODA CIA Office of Security.    
KUTUBE Foreign Intelligence (FI) division of CIA.    
KUTUBE/D CIA “Staff D” responsible for SIGINT (Signals Intelligence – electronic intercepts), where the ZR/RIFLE executive action program was housed.    

KU crypts to decode: KUJUMP, KUWOLF.




LC ???    
LCFLUTTER Polygraph (“lie detector”) testing, sometimes referred to simply as “FLUTTER”.    




LI Operations, organizations, and individuals related to Mexico City.
LIBIGHT Mail opening operation in Mexico City, with Soviet and/or Cuban targets.
LICALLA One of three photo surveillance sites under the LIEMPTY umbrella project. LILYRIC was an apartment which provided a view of the back of the Soviet Embassy compound in Mexico City. The other two photo sites were LIMITED and LILYRIC.
LICHANT-1 Unwitting asset Manuel Calvillo, who the HSCA failed to locate in its attempt to corroborate Elena Garro de Paz’s story regarding Oswald in Mexico City.
LICOOKY-1 Viola June Cobb, who informed for CIA under crypt AMUPAS-1 while working for Castro, and played a role in the Elena Garro de Paz story, with Mexican crypt LICOOKY-1 (aka LICOOKIE-1).
LIEMBRACE A Mexico City-based surveillance project, under the umbrella LIPSTICK project. LIEMBRACE included a surveillance team, a radio repairman, and a phototruck team.
LIEMPTY Umbrella surveillance project in Mexico City, formerly code-named LIPSTICK. Included a variety of sub-projects under it.
LIENTRAP Mobile surveillance team used to track Soviet operatives in Mexico City.
LIENVOY CIA telephone tapping program in Mexico City, targeting Cuban and Soviet embassies and run in conjunction with the Mexican DFS. Netted phone calls allegedy of Oswald. See also LIFEAT.
LIERODE CIA photosurveillance and tapping operation targeting the Cuban embassy compound in Mexico City (see refs for confusion on this). It is the LIERODE operation which allegedly failed to obtain photos of Oswald due to a camera breakdown.
LIFEAT CIA telephone tapping program on a number of phone lines in Mexico City, collecting information on a variety of targets, including home phone lines of Soviet officers, the Yugoslav Embassy, and more. Project grew to include TELEX systems and microphone placements. See also LIENVOY.
LIHUFF-1 Alfonso Rudolph Wichtrich, Executive VP, American Chamber of Commerce in Mexico.
LIJERSEY Physical surveillance team operating in Mexico City. Renamed LIRICE in 1962.
LILYRIC One of three photo surveillance sites under the LIEMPTY umbrella project. LILYRIC was a 3rd story apartment across the street from the Soviet Embassy in Mexico City, south of the LIMITED installation. The other two photo sites were LIMITED and LICALLA.
LIMERICK Soviet Embassy in Mexico City.
LIMESA Extremely sensitive monitoring operation targeting Soviet Embassy in Mexico City, run by Staff D of CounterIntelligence. Used four-unit basehouse known as LIMUST.
LIMITED One of three photo surveillance sites under the LIEMPTY umbrella project. LIMITED was a fixed site right across the street from the front gate of the Soviet Embassy. The other two photo sites were LILYRIC and LICALLA.
LIMUST A collection of four housing units used in the LIMESA project and other surveillance operations targeting the Soviet Embassy in Mexico City (actually, the exact distinction between LIMESA and LIMUST is not clear).
LIONION Photosurveillance project targeting Cuban Embassy in Mexico City. The purported failure of the LIONION installation to capture a picture of Lee Oswald in late September 1963 was a matter of concern and some disbelief in the HSCA’s investigation.
LIONION-1 Alberto Rodriguez Gallego, part of LIONION photography project targeting Cuban embassy.
LIPSTICK This Mexico City-based project was an “umbrella type project…consisted of multiline phone taps, three photographic sites, a mobile surveillance team and a mail intercept operation.” Under this project were LIMITED, LILYRIC, and LICALLA, LIEMBRACE, LIENTRAP, and possibly other projects. Renamed LIEMPTY.
LIRAVINE Mid-1960s project “for the purpose of consolidating into one administrative group a number of active Cuban informants,” including LIOLEO-1, LISICLE-1, AMSEVER-2, AMPACA-1, and LICARD-1.
LIRICE Surveillance project targeting the Communist Party in Mexico City. Some of its agents were arrested and their CIA case officer detained by the Mexican Security Service and subsequently allowed to leave the country. Originally named LIJERSEY.
LITAMIL-7 Consuelo Esperon Perez, apparently employed as a secretary at the Cuban Embassy.
LITEMPO-2 Gustavo Diaz Ordaz, President of Mexico from 1964 to 1970. He was president in 1968 during the famous Tlatelcolco massacre. Diaz Ortiz was part of Mexico City station chief Win Scott’s LITEMPO program.
LITEMPO-4 Fernando Gutierrez Barrios, head of the Mexican secret police (DFS) from 1964 to 1970, and later held other Mexican government posts. Gutierrez Barrios was part of Mexico City station chief Win Scott’s LITEMPO program.
LITEMPO-8 Luis Echevarria Alvarez, Mexican Interior Minister in 1964 and President from 1970-76. Echevarria was part of Mexico City station chief Win Scott’s LITEMPO program.





OD Departments of the U.S. government.
ODACID U.S. State Department.
ODBEAT Defense Intelligence Agency?
ODBOON U.S. Customs Agency.
ODEARL U.S. Department of Defense.
ODENVY Federal Bureau of Investigation (FBI).
ODFOAM U.S. Secret Service.
ODUNIT U.S. Air Force.
ODURGE U.S. Immigration and Naturalization Service (INS).
ODYOKE United States government.




PB Related to entire countries (?).    
PBHISTORY “Central Intelligence Agency project to gather and analyze documents from the Arbenz government in Guatemala that would incriminate Arbenz as a Communist.”    
PBPRIME United States of America.    
PBRUMEN Cuba.    
PBSUCCESS Project to overthrow Arbenz government in Guatemala in 1954, involving David Morales, David Phillips, E. Howard Hunt, Henry Hecksher, and other officers appearing in the JFK files.    
PBSWING U.S. Embassy or official installation.    




QD ???    
QDBIAS Pedro Diaz Lanz.    
QDDALE William D. Pawley.    




QK ???    
QKFLOWAGE United States Information Agency.    




WO Divisions of the CIA itself (see also KU).    
WOMACE DDO – Directorate of Operations (formerly Directorate of Plans).    
WOMUSE CIA CounterIntelligence staff.    

WO crypts to decode: WOBONE, WODISH, WOFIRM, WOLADY.




ZR ???    
ZRALERT Use of hypnotism by CounterIntelligence staff in “certain operational situations.”    
ZRCLIFF Southern Air Transport, a CIA proprietary airline (?).    
ZRKNICK Intercept operation against Cuban espionage agents in Miami by FBI, sharing results with CIA.    
ZRMETAL Washington, DC.    
ZRRIFLE “Executive action” assassinations program set up in CIA in 1961 and run by Bill Harvey (other assassination programs preceded ZRRIFLE).    


OTHER (crypts not beginning with two-letter digraph)



RYBAT “Slug” indicating extreme sensitivity (ARRB defined as “secret”, but RYBAT often appears adjacent to “secret” which would seem redundant).

Other crypts without digraphs, or with digraphs not covered above: BKCROWN, LPDICTUM, WUBRINY, WUBRINY-1, WUSALINE.




Note: For a list of ca 4,000 names and addrersses of known CIA domestic, and foreign, assets, send an email to: tbrnews@hotmail.com and put in the word “List.” This will be sent to you free of charge at once.

No responses yet

Leave a Reply