430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Karma Police, how GCHQ tried to track every visible user on Internet

A new collection of GCHQ’s documents published by The Intercept reveals how the British Agency tried to track Web visits of “every visible user on Internet” A new revelation made by The Intercept confirms that the UK Government Communications Headquarters (GCHQ) has conducted  a massive online surveillance starting from the 2007. The documents accessed by The Intercept detailed an operation […]

Karma Police, how GCHQ tried to track every visible user on Internet

A new collection of GCHQ’s documents published by The Intercept reveals how the British Agency tried to track Web visits of “every visible user on Internet”

A new revelation made by The Intercept confirms that the UK Government Communications Headquarters (GCHQ) has conducted  a massive online surveillance starting from the 2007.

The documents accessed by The Intercept detailed an operation called “Karma Police” carried out by the GCHQ, the British intelligence tracked online habits of people on a global scale.

KARMA POLICE is also the name of a popular song published in 1997 by the British band Radiohead, suggesting the spies may like it.

The intelligence agency defined the Karma Police as the “world’s biggest” Internet data-mining operation, the program was launched by the GCHQ in an attempt to track “every visible user on the Internet.”

The Karma Police aimed to track individuals listening to Internet streaming audio “radio stations” with the purpose of identifying any abuse of the radio instrument to spread messages among radicals.

“The power of KARMA POLICE was illustrated in 2009, when GCHQ launched a top-secret operation to collect intelligence about people using the Internet to listen to radio shows.” states The Intercept. “A summary report detailing the operation shows that one aim of the project was to research “potential misuse” of Internet radio stations to spread radical Islamic ideas.”

karma police 2

The Karma Police system collected in its Black Hole database log the IP addresses of any individual visiting websites, as well as the associated cookies (referenced in the document as “presence events” and “target detection identifiers”).

The Black Hole  is considered the core of the GCHQ online spying operations, it is used to store raw logs of intercepted material before it has been subject to analysis.

blackhole gtac GCHQ

Among the websites used to track users, there are Amazon, BBC, CNN, Facebook, Google, Microsoft Live, Reddit, Reuters, WordPress, Yahoo, YouTube, and YouPorn.

“To find out the identity of a person or persons behind an IP address, GCHQ analysts can enter the series of numbers into a separate system named MUTANT BROTH, which is used to sift through data contained in the Black Hole repository about vast amounts of tiny intercepted files known as cookies.”

The cookies are a precious information for the online marketing, their analysis allows advertisers to track users’ habits, the same principle exploited by the GCHQ in its surveillance program.

“Cookies are automatically placed on computers to identify and sometimes track people browsing the Internet, often for advertising purposes. When you visit or log into a website, a cookie is usually stored on your computer so that the site recognizes you. It can contain your username or email address, your IP address, and even details about your login password and the kind of Internet browser you are using  like Google Chrome or Mozilla Firefox.” continues The Intercept. 

The agent tracked the users of “websites of interest” by correlating the cookies associated to their web experience.

The British spies targeted streams that included Islamic religious content in an effort to identify their Skype and social media accounts of the radicals. By 2009, the Karma Police program allowed the GCHQ to store over 1.1 trillion “events”, a term used to refer web browsing sessions.  By 2010, the overall volume of collected data reached 30 billion records per day of Internet traffic metadata. According to another GCHQ document, by 2012 the volume grew to 50 billion per day.

The analysis of the cookies allowed the GCHQ agents to discover when individuals were online and their location.

The GCHQ documents also revealed the arsenal of the British intelligence used in the Karma Police Operation. “Infinite Monkeys” was a tool used to track Web bulletin boards, meanwhile the “Samuel Pepys” tool was used to parse the content of Internet sessions and extract instant messages and e-mails.

Pierluigi Paganini

(Security Affairs – GCHQ, surveillance, Karma Police)