GCHQ snooped on every single internet user
Documents show how spy agency carried out mass surveillance on web
New documents revealed that British spy agency GCHQ has been running a mass surveillance programme that managed to record the activities of just about every user on the internet in the UK.
Called "Karma Police", the programme sniffed internet data from cables landing in the country at Cornwall. According to a report by online publication, The Intercept, the programme was launched several years ago. Details of the programme are contained in documents as part of files leaked by former NSA whistleblower Edward Snowden.
The scheme collected full details of sites visited, usernames and even passwords. While equivalent programmes run by the NSA in the US required judicial oversight, there appears to be no such oversight of GCHQ's activities in the UK.
In slides, Karma Police was built between 2007 and 2008 with the purpose of comparing "every user visible to passive SIGINT with every website they visit, hence providing either (a) a web browsing profile for every visible user on the Internet, or (b) a user profile for every visible website on the Internet."
The programme itself is named after a Radiohead song and initially tracked people listening to internet radio stations, in particular, Islamic ones. These ones were targeted for more data collection including the identification of Skype and social networking accounts. The programme also tracked users on sites such as Google, Yahoo, Facebook, Reddit, CNN, the BBC, Channel 4 News, Reuters and adult sites.
The programme expanded as it became more successful. By 2009, the programme recorded 1.1 trillion events, such as web browsing sessions, in its "Black Hole" database. In 2010, the project was collecting 30 billion metadata records every day, rising to 50 billion per day by 2012.
The Black Hole database logged individual IP addresses visiting websites as well as cookies. Users visiting websites of interest to spies would then be profiled by correlating cookies from other websites and login credentials.
The data collected by GCHQ and its Five Eyes partners allowed spies to carry out attacks against persons of interest.
2021 Thales access management index: Global edition
The challenges of trusted access in a cloud-first worldFree download
Transforming higher education for the digital era
The future is yoursFree download
Building a cloud-native, hybrid-multi cloud infrastructure
Get ready for hybrid-multi cloud databases, AI, and machine learning workloadsFree download
The next biggest shopping destination is the cloud
Know why retail businesses must move to the cloudFree Download