Did You Know XKeyscore?

The program that sees everything

XKeyscore is a tool used by the NSA (National Security Agency) of the USA to search “nearly everything a user does on the Internet”. It is like a simple google search that gives the analyst emails, chats, voice calls, video calls, web history, social media approaches, keystrokes, docs, pics and even usernames and passwords of the target. A user just must fill a simple form of keywords and suggested phrases or a username to start the search. This is a Linux software that uses an Apache web server and stores collected data in MySQL databases. However, NSA says no analyst can work freely on gathering such data while Edward Snowden says something completely opposite.

Data sources

XKeyscore consists of over 700 servers at approximately 150 sites where the NSA collects data, like “US and allied military and other facilities as well as US embassies and consulates” in many countries around the world. Among the facilities involved in the program are four bases in Australia and one in New Zealand. According to an NSA presentation from 2008, these XKeyscore servers are fed with data from the following collection systems. F6 (Special Collection Service) — joint operation of the CIA and NSA that carries out clandestine operations including espionage on foreign diplomats and leaders.

FORNSAT — which stands for “foreign satellite collection” and refers to intercepts from satellites. SSO (Special Source Operations) — a division of the NSA that cooperates with telecommunication providers. In a single, undated slide published by Swedish media in December 2013, the following additional data sources for XKeyscore are mentioned. Overhead — intelligence derived from American spy planes, drones and satellites. Tailored Access Operations — a division of the NSA that deals with hacking and cyberwarfare. ISA — all types of surveillance approved by the Foreign Intelligence Surveillance Court Third-party — foreign partners of the NSA such as the (signals) intelligence agencies of Belgium, Denmark, France, Germany, Italy, Japan, the Netherlands, Norway, Sweden, etc.

From these sources, XKeyscore stores “full-take data”, which are indexed by plug-ins that extract certain types of metadata (like phone numbers, e-mail addresses, logins, and user activity) and index them in metadata tables, which can be queried by analysts. XKeyscore has been integrated with MARINA, which is NSA’s database for internet metadata. One of the top-secret documents describes how the program searches within the “bodies of emails, web pages and documents,” including the “To, From, CC, BCC lines” and “Contact-Us” pages on websites.

By Nipun Pramodya (Level 01)

Industrial Management Science Students' Association of University of Kelaniya, Sri Lanka