GCHQ snooped on every single internet user

Documents show how spy agency carried out mass surveillance on web

New documents revealed that British spy agency GCHQ has been running a mass surveillance programme that managed to record the activities of just about every user on the internet in the UK.

Called "Karma Police", the programme sniffed internet data from cables landing in the country at Cornwall. According to a report by online publication, The Intercept, the programme was launched several years ago. Details of the programme are contained in documents as part of files leaked by former NSA whistleblower Edward Snowden.

The scheme collected full details of sites visited, usernames and even passwords. While equivalent programmes run by the NSA in the US required judicial oversight, there appears to be no such oversight of GCHQ's activities in the UK.

In slides, Karma Police was built between 2007 and 2008 with the purpose of comparing "every user visible to passive SIGINT with every website they visit, hence providing either (a) a web browsing profile for every visible user on the Internet, or (b) a user profile for every visible website on the Internet."

The programme itself is named after a Radiohead song and initially tracked people listening to internet radio stations, in particular, Islamic ones. These ones were targeted for more data collection including the identification of Skype and social networking accounts. The programme also tracked users on sites such as Google, Yahoo, Facebook, Reddit, CNN, the BBC, Channel 4 News, Reuters and adult sites.

The programme expanded as it became more successful. By 2009, the programme recorded 1.1 trillion events, such as web browsing sessions, in its "Black Hole" database. In 2010, the project was collecting 30 billion metadata records every day, rising to 50 billion per day by 2012.

The Black Hole database logged individual IP addresses visiting websites as well as cookies. Users visiting websites of interest to spies would then be profiled by correlating cookies from other websites and login credentials.

The data collected by GCHQ and its Five Eyes partners allowed spies to carry out attacks against persons of interest.

Featured Resources

2021 Thales access management index: Global edition

The challenges of trusted access in a cloud-first world

Free download

Transforming higher education for the digital era

The future is yours

Free download

Building a cloud-native, hybrid-multi cloud infrastructure

Get ready for hybrid-multi cloud databases, AI, and machine learning workloads

Free download

The next biggest shopping destination is the cloud

Know why retail businesses must move to the cloud

Free Download

Most Popular

Best Linux distros 2021
operating systems

Best Linux distros 2021

11 Oct 2021
Apple MacBook Pro 15in vs Dell XPS 15: Clash of the titans
Laptops

Apple MacBook Pro 15in vs Dell XPS 15: Clash of the titans

11 Oct 2021
Veritas Backup Exec 21.3 review: Covers every angle
backup software

Veritas Backup Exec 21.3 review: Covers every angle

14 Oct 2021