GCHQ’s Karma Police program followed “suspicious” Web searches around the globe and profiled each and every Internet user
According to the documents published by The Intercept, it disclosed that the United Kingdom’s Government Communications Headquarters (GCHQ) has been tracking World Wide Web users since 2007, with an operation called “Karma Police” – a program that spied Web browsing habits of people worldwide, which the agency itself calls as the “world’s biggest” Internet data-mining operation, meant to ultimately track “every visible user on the Internet.”
It appears that Karma Police that was named after the Radiohead song started as a top-secret operation to collect intelligence about people using the Internet to listen to radio shows. The main aim of the project was to research “potential misuse” of Internet radio stations to spread messages. In an attempt to recognize their Skype and social media accounts, listeners to streams that included Islamic religious content were targeted for more data collection. Due to the success of the program, it started growing slowly.
According to GCHQ documents, between August 2007 and March 2009, the “Black Hole” database was used to store more than 1.1 trillion “events” — Web browsing sessions — with about 10 billion new entries added every day. By 2010, the system was logging 30 billion metarecords per day. Further, by 2012, the collection had increased to 50 billion per day, and work was in progress to double capacity to 100 billion.
For instance, the Karma Police works by showing the IP addresses of people visiting websites. IP addresses are unique identifiers that are allocated to computers when they connect to the Internet. The Karma Police system and its Black Hole database log the IP addresses of individuals visiting Internet sites, as well as the cookies related to their Web traffic. By connecting recorded cookies from other sites, users of specific sites can then be profiled with site login credentials or with those used to deliver personalized ads (for instance, the Google “pref” cookie).
Cookies are placed automatically on computers to recognize and at times track people browsing the Internet, mostly for advertising purposes. When you log into or visit a website, a cookie is basically stored on your computer so that the site can identify you. It can contain your username or email address, your login password, your IP address, and even the type of Internet browser you are using such as Mozilla Firefox or Google Chrome.
According to GCHQ analysts in the documents, they called cookies “target detection identifiers” or “presence events” detection identifiers” and praised their value as to how they help monitor people’s Internet use and uncover online identities. They can also be used to analyze “pattern of life”— analysis showing the times of day and locations at which the person is most active online and where they connect to the Internet from.
In an effort to covertly collect cookies on a massive scale, some specific popular websites were targeted. A sample search by the agency shows that the data was extracted from cookies that had information about people’s visits to the adult website YouPorn, search engines Yahoo and Google, and the Reuters news website.
Other websites listed as “sources” of cookies in the 2009 document are Hotmail, YouTube, Facebook, Reddit, WordPress, Amazon, and sites operated by the broadcasters CNN, BBC, and the U.K.’s Channel 4.
Also, e-mail addresses and other identifiers passed in traffic were collected by the Karma Police, comprising those stored within the cookies of the Bebo social networking site. A miscellaneous collection of additional tools tracked other elements of online behavior and placed them into the data store.
“Infinite Monkeys” analyzes data about the usage of online bulletin boards and forums, while “Samuel Pepys” is one tool built by the British spies to analyze both the content and metadata of emails, browsing sessions, and instant messages as they are being intercepted in real time.
The GCHQ documents published by the Intercept shows one such example wherein someone with a Swedish IP address was tracked while visiting the Cryptome website to look at a page about the GCHQ’s spying.
All the information collected by these surveillance techniques presented GCHQ and its “Five Eyes” partners with weapons to execute high level targeted attacks against individuals of interest. The data gathered by Karma Police was helpful in “Operation Socialist,” the hack of the Belgian telecom company Belgacom, giving the IP address of a target with a level of access that is desired.