Spying On Sharing: Canada's Intelligence Agency Collecting Data And IP Addresses From Free File-Sharing Sites

from the more-sharing-going-on-than-previously-imagined dept

Wed, Jan 28th 2015 1:36pm — Tim Cushing

If it can be accessed with minimal effort, it's safe to say one government or another is looking at it. Here in the US, phone records, license plate data, cell site location information and any number of communications traveling across international internet backbones are all fair game for the world's law enforcement and intelligence agencies.

In the first document from Snowden's stash to detail the spying efforts of our ever-polite and apologetic neighbor to the north, it's file sharers who are under the ~~microscope~~ mass surveillance macroscope.

The covert operation, revealed Wednesday by CBC News in collaboration with The Intercept, taps into Internet cables and analyzes records of up to 15 million downloads daily from popular websites commonly used to share videos, photographs, music, and other files…

According to the documents, the LEVITATION program can monitor downloads in several countries across Europe, the Middle East, North Africa, and North America. It is led by the Communications Security Establishment, or CSE, Canada’s equivalent of the NSA.

The CSE is keeping tabs on (at least) 102 file-sharing sites (and likely eyeing traffic on BitTorrent networks), but only three are listed in the leaked document: SendSpace, RapidShare and the now-dead MegaUpload. In a statement given to The Intercept, SendSpace said that “no organization has the ability/permission to trawl/search Sendspace for data.” Not that SendSpace's permission (or promises to its users about data security) ultimately matters.

LEVITATION does not rely on cooperation from any of the file-sharing companies. A separate secret CSE operation codenamed ATOMIC BANJO obtains the data directly from internet cables that it has tapped into, and the agency then sifts out the unique IP address of each computer that downloaded files from the targeted websites.

The documents (dated 2012) say the agency is only looking for about "2,200 documents" related to terrorists and terrorist activity. From the piles of data amassed, the agency begins its straightforward-as-a-patent-thicket sorting process…

…which at least attempts to sort out the TV episodes from the hostage videos.

The agency then uses the captured IP addresses as selectors to trace activity across the web. The slides show that it has had success linking downloads of targeted files to Facebook accounts and Google profile pages by using two intelligence tools created by outside agencies: MARINA Profile and MUTANT BROTH. NSA-developed MARINA harvests a vast amount of internet activity and GCHQ's MUTANT BROTH intercepts "billions" of ad cookies to help correlate IP addresses.

But, while the agency says it's only tracking ~2,200 files (leading to 350 "interesting" downloads per month), there's nothing in the document (other than the filtering out of unwanted files) that suggests the harvested file-sharing activity isn't stored in bulk. And, like many other spy programs, it bypasses safeguards these sites have implemented and grabs data straight from the backbone.

It's safe to say that no major file-sharing service is able to protect its users' data. Even the promise that this information will only be turned over to law enforcement/intelligence services who present the proper legal paperwork is hollow -- if unintentionally so. The document notes that the agency "sees" about 10-15 million FFUs (Free File Uploads) per day, but fails to provide any clarification as to what that word entails. If "sees" means "collects," then the agency has access to millions of non-relevant IP addresses and uploads. If "sees" means "disregards non-'interesting' uploads/downloads," then the effort is more focused than most of its counterparts' surveillance programs.

On top of that, there's nothing included here that indicates the program has usefulness beyond harvesting data for data-harvesting's sake.

It is unclear from the document whether LEVITATION has ever prevented any terrorist attacks. The agency cites only two successes of the program in the 2012 presentation: the discovery of a hostage video through a previously unknown target, and an uploaded document that contained the hostage strategy of a terrorist organization. The hostage in the discovered video was ultimately killed, according to public reports.

When defended, the CSE will probably note that this is part of a suite of tools designed to gather as much information as possible on suspected terrorists. But it has been shown that massive amounts of data makes terrorist hunting harder, rather than easier. And while there is at least some form of targeting built into the system, there's always the potential for abuse. CSE says it won't spy on its own citizens but this statement is undercut by its vast collection effort. It can't have it both ways, especially if it's gathering data directly from backbones. It could be anybody's data, but the agency won't know whose it is until it's looked at it.

Cse Presentation on the Levitation Project (PDF)Cse Presentation on the Levitation Project (Text)

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: canada, copyright, cse, file sharing, five eyes, nsa, surveillance, terrorism
Companies: megaupload, rapidshare, sendspace

20 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

TruthHurts (profile), 28 Jan 2015 @ 1:40pm

lolololol
quote "and the agency then sifts out the unique IP address of each computer that downloaded files from the targeted websites."

Buah-hah-hah-hah

When there are at any one time, hundreds if not thousands of "computers" NAT'd behind a single ISP's ip address, yeah, good luck with that there bub.
[ link to this | view in chronology ]
- danR, 28 Jan 2015 @ 5:50pm
  
  Re: lolololol
  Because that's all they work with. Right.
  
  Poor spooks, they should've hired you all along.
  [ link to this | view in chronology ]
Anonymous Coward, 28 Jan 2015 @ 1:57pm

can someone please tell me if they think that any terrorist, bank robber or criminal in general is going to use a free file sharing site to pass on anything at all, let alone anything of importance to whatever their evil agenda may be? i dont believe any would! i believe this was done intentionally to try to justify some funding, or some surveillance or some other function on ordinary people simply because ordinary people are easy to spy on, to listen in on and to have messages, txts emails read! those doing this had to show that they were doing something with the money, with the time so that nothing was taken away from the agency!
[ link to this | view in chronology ]
- Anonymous Coward, 28 Jan 2015 @ 2:20pm
  
  Re:
  can someone please tell me if they think that any terrorist, bank robber or criminal in general is going to use a free file sharing site to pass on anything at all
  
  Terrorists do not want to keep everything secret, they want their propaganda widely distributed, which they can do via such sites, and using cutouts to actually post it..
  [ link to this | view in chronology ]
- danR, 28 Jan 2015 @ 5:55pm
  
  Re:
  If you actually read the report, it repeatedly refers to the phenomenon as a hypothesis. You test a hypothesis by—ta-daaahh ——testing it.
  [ link to this | view in chronology ]
Padpaw (profile), 28 Jan 2015 @ 2:05pm

It has never been about stopping terrorism. That's just the buzz word they use to justify what they do.
[ link to this | view in chronology ]
- NovaScotian, 28 Jan 2015 @ 3:25pm
  
  Re: Terrorism, Child Porn, Drug Smuggling......
  "It has never been about stopping terrorism. That's just the buzz word they use to justify what they do."
  
  Agree. Given their abysmally poor record in actually catching anyone anywhere the primary motivation is to increase their budgets by adapting the appropriate buzz phrase.
  [ link to this | view in chronology ]
Anonymous Coward, 28 Jan 2015 @ 2:23pm

Re:
Well the core concept is not so bad; encrypt the message and upload it to a file hosting site and hide in the crowd.

A lot of these files are already encrypted to frustrate the copyright mafiaa, so bruteforcing everything is a waste of time.
[ link to this | view in chronology ]
John Fenderson (profile), 28 Jan 2015 @ 2:48pm

It's always hollow
Even the promise that this information will only be turned over to law enforcement/intelligence services who present the proper legal paperwork is hollow

All such promises are hollow (especially in the US), not just because of backbone spying -- but because the "proper legal paperwork" is devoid of a lot of meaning, and is trivially easy to obtain.

Although having that paperwork is a good thing because it ensures there's some sort of paper trail, that sort of statement is functionally equivalent to saying "we'll let the government access anything they want."
[ link to this | view in chronology ]
Torrent Site Staffer, 28 Jan 2015 @ 3:49pm

I can tell you that jihadi's do use torrent sites to distribute video content among their friends/allies.

We used to see some jihadi videos on our site sometimes weeks before they showed up in the media. The same users were also uploading encrypted zip files, with no torrent description, and garbage/random names.

We allowed the videos for free speech reasons, but nuked the zip files for violating site rules about no personal/encrypted uploads.
[ link to this | view in chronology ]
- Anonymous Coward, 28 Jan 2015 @ 7:00pm
  
  Re:
  well, theres no guarantee of anybodies identity on the internet, at least thats what its suppose to be, at least not a bloody global database, i guess what i mean is, yes they could be members of the label you mentioned, but then again i, as not being a jihadi, but being against jihadi, could claim to be a jihadi on the internet tomorow to incite anger from people against random boggeyman of the day...... and nobody would be the wiser, hell, many people wont even care to call for validation, because it fits their thinking, they'll accept it as if its expected.........i would not be surprised to find out this going on.........yes im gonna say it, i DO think our governments or blind supporters are quite capable of pretending to be the enemy they paint in order to incite violance over those they paint, why.......because its easy to get away with, i.e. secrecy compatible..........whether this is the case with your situation, i have no clue, i suspect not as you seem to be a bright lad
  [ link to this | view in chronology ]
- John Fenderson (profile), 29 Jan 2015 @ 7:50am
  
  Re:
  You don't allow private or encrypted files? That's very odd.
  [ link to this | view in chronology ]
Anonymous Coward, 28 Jan 2015 @ 4:25pm

One, i call for the total abolishment of ALL snooping surveillance

Second, for the sake of argument, IF , i stress IF, our governments had any kind of fucking common sense in remotely implementing something that could be vaguely seen as a "good idea", it certainly wouldnt fucki be allow other nations WITH NO FUCKING juristriction to spy on the nation you represent, least not, to even say nothing to that effect PUBLICALLY

Offcourse we all suspect that they are colluding with one another, all having the same goal purely by their already existant participation on global fucking surveillane to fight terrorism but is in actual fact an excuse to implement something they know would look REALLY FUCKING BAD if their wasnt this ever so fucki convinient excuse

At the very fing least, IF, i stress IF, our governments didnt at least want to look like complete and utter incompatent evil fing morons, they would have had the sense to know, at the very fing least, that you should'nt let other fing nations without LEGAL fing juristriction to ILLEGALLY spy on those you SUPPOSEDLY "represent"

Offcourse, we all can guess you are in fact colluding with one another IN SECRET, behind our backs, i.e withou public knowledge........AND STILL, have the audacity to try and pass illegal laws for things you can ALREADY DO....TODAY,......IF NOT .....MORE........i.e. recent snoopers charter house of lords debate were one lord made the statement that the bill was asking for something the snowden documents already say they have the capability............your a bunch of liars, thieves, murderes and backstabbers to your nations(except the ones who care enough to say something and the ones on the fence).........i mean, im confused why i cant get behind that /s

Ffs.......the more you think you reasonably know just how fu our shared situation is, this happens, then the more you realise, what else could be lurking out there

House of lords debate on the bill had a few folks talking about the lack of trust in the system if we pass this laws trampling human rights......im sorry, but its now past the point of no return for me, you thank yourselves, because i dont think i can trust the system without it being COMPLETELY demolished and built brand new.......oh, and trials galore for the too big to jail

Im sorry, i sure as hell dont want to think like that, their not really giving much people a choice, i think they crossed the line a long time ago in the specific case of the entitled surveilance mentality and secret implementation,

God dammit, through your own actions you create your own opposition, and thats why, I, think their is this drive for surveillance sacrificing the what i now see as the illusion of the moral high ground.......it just anothef tool to control, circumvent, disrupt, kidnap/kill? any and ALL that oppose the actions you take...........you are making the action, and you want to CONTROL the RE-action

God dammit man, nothing more in this life infuriates me more to hear about what they are doing what they ALREADY have set up, and being helpless to do anything about it, or exercise my natural right to NOT GIVE MY CONSENT.........i SERIOUSLY question the morality of the system as a whole when it comes to using terrorism as the excuse to justify 1984........

And where was it mandated that information that coincidently and undeniably helps MEDIA distributers and their need to exist, where is it mandated that this this thing that is OBVIOUSLY, NOT solely intended to catch terrorist but to allow a corporation to spy on nation outside their scope of non existant authority

ughhhh!
This is wrong,
[ link to this | view in chronology ]
Anonymous Coward, 28 Jan 2015 @ 7:04pm

i predicted they would try to use ads......plainly obvious that anything that is widely used in whatever shape or form will be a target to exploit
[ link to this | view in chronology ]
tqk (profile), 28 Jan 2015 @ 8:29pm

In the first document from Snowden's stash to detail the spying efforts of our ever-polite and apologetic neighbor to the north ...

Tim, I love your writings, but you guys have got to get over this fiction. It's delusional.

Yes, we're very civilized and polite ordinarily, but you don't want to be anywhere near us once our dander is up. Ask the Netherlanders. They love us to this day for kicking Nazi butt in some of the most horrific battles of WWII. Hell, we did it in WWI too (Ypres).

CSE is looking for people who're looking for "Anarchist Cookbook" crap (how to build a gasoline bomb). Compare that to USA's "troll everybody then hand it to the DEA to try too."

Don't ever believe Canucks will just present their hind quarters to tyrants when threatened. It'll be the last thing you do.

You may've forgotten "Don't tread on me." We never have nor will. !@#$ with us at your peril.

Have a nice day. :-)
[ link to this | view in chronology ]
- John Fenderson (profile), 29 Jan 2015 @ 7:52am
  
  Re:
  Absolutely true. As a Canadian friend once informed me, Canada's military may be armed with toothpicks and napkins, but when push comes to shove they'll totally kick your ass with them.
  [ link to this | view in chronology ]
Anonymous Coward, 28 Jan 2015 @ 8:32pm

If they wanted to stop terrorism they would stop bombing the undeveloped countries.
[ link to this | view in chronology ]
Anonymous Coward, 29 Jan 2015 @ 12:17am

Just a quick thought...
If they tap the internet cables they read every bit that passes through such a cable to find out what everybody is sending... Now, that means they are making copies of the information (yes, computers work this way).

But if they eavesdrop on my (legitimate) streaming of some song, aren't they infringing on the copyright? Even if they are 'just listening'.
(Hell, that's all everyone ever does with songs...)
[ link to this | view in chronology ]
Dave, 29 Jan 2015 @ 7:30am

filters out episodes?
Is this how I can keep Glee from showing up on my TV guide?

I'll take two please!
[ link to this | view in chronology ]
theBuckWheat, 29 Jan 2015 @ 3:29pm

The Iron Law of Bureaucracy is that bureaucracies will expand until some superior power stops them. Up until the refinement of fiat money, the hard limits of a budget stopped bureaucrats from running amok. Now, near-infinite money buys near-infinite government.
[ link to this | view in chronology ]