If you used the World Wide Web anytime after 2007, the United Kingdom’s Government Communications Headquarters (GCHQ) has probably spied on you. That’s the revelation contained in documents published today by The Intercept, which detail a GCHQ operation called “Karma Police”—a program that tracked Web browsing habits of people around the globe in what the agency itself billed as the “world’s biggest” Internet data-mining operation, intended to eventually track “every visible user on the Internet.”
Karma Police—apparently named after the Radiohead song—started as a program to track individuals listening to Internet streaming audio “radio stations” as part of a research project into how radicals might “misuse” Internet radio to spread their messages. Listeners to streams that included Islamic religious content were targeted for more data collection in an effort to identify their Skype and social media accounts. The program gradually grew with its success. According to GCHQ documents, by 2009 the program had stored over 1.1 trillion “events”—Web browsing sessions—in its “Black Hole” database. By 2010, the system was gathering 30 billion records per day of Internet traffic metadata. According to another GCHQ document, that volume grew to 50 billion per day by 2012.
The Karma Police system and its Black Hole database log the IP addresses of individuals visiting Internet sites, as well as the cookies associated with their Web traffic. The users of specific sites can then be profiled by correlating recorded cookies from other sites, such as those used to deliver personalized ads (for instance, the Google “pref” cookie) or site login credentials.
In the documents, GCHQ analysts called cookies “presence events” and “target detection identifiers” and lauded their value in uncovering specific Internet users’ identities. They can be used to analyze “pattern of life”—when a person is usually online and where they connect to the Internet from. Some of the sites targeted specifically for covert cookie collection include Facebook, Microsoft Live, Amazon, YouTube, Reddit, WordPress, Yahoo, Google, the YouPorn adult video site, and news sites such as Reuters, CNN, and the BBC.
Karma Police also gathered e-mail addresses and other identifiers passed in traffic, including those stored within the cookies of the Bebo social networking site. An assortment of additional tools tracked other elements of online behavior, pulling them into the data store—”Infinite Monkeys” tracked Web bulletin boards, and a tool called “Samuel Pepys” (after the 17th-century British Lord of the Admiralty who was famous for his diaries) analyzed the content of Internet sessions, including e-mails, webpages viewed, and instant messages. One example within the GCHQ documents published by the Intercept shows the tracking of someone with a Swedish IP address visiting the Cryptome website to look at a page about the GCHQ’s spying.
All the data gathered by these surveillance techniques provided GCHQ and its “Five Eyes” partners with ammunition to carry out highly targeted attacks against individuals of interest. The data gathered by Karma Police was instrumental in “Operation Socialist,” the hack of the Belgian telecom company Belgacom, providing the IP address of a target with a desired level of access.