DEV Community

Ethereal Aether
Ethereal Aether

Posted on

What Was GCHQ's Project Tempora? Is This Still Was?

We have an ocean in which we are immersed in millions of bytes within minutes, and we call this the internet today. Almost every second, every user provides data, retrieves data, and interacts with this mechanism, which has become one of the biggest engagements in our daily lives.

This is a reality for every individual on this planet with internet access.

At first glance, these massive data heaps, so large that they are difficult to even visualize in our minds, may seem unanalyzable. However, some organizations have researched ways to obtain and analyze this data.

I used the word "researched" with goodwill, but this is actually a much more serious situation.

These organizations not only researched how to collect and analyze this data but also learned how to use it, against everyone who uses the internet.

Leading these organizations is the UK's GCHQ (Government Communications Headquarters), classified as an intelligence agency.

In the shadows of global surveillance, Project Tempora stands as one of the most extensive data collection operations to date. Spearheaded by GCHQ, the UK’s intelligence and security organization, Tempora is a sophisticated program designed for physically tapping into over 200 fiber-optic cables. These cables carry vast amounts of internet traffic, and through this program, content and metadata are extracted in bulk as they enter and exit the United Kingdom.

This colossal surveillance initiative is conducted quietly yet systematically, with Tempora intercepting private communications and internet traffic on a global scale—all under the guise of national security.

Imagine every email, every call, and every file transfer flowing across these global cables, potentially intercepted, stored, and analyzed.

Tempora’s reach is secured through intercept points strategically located within the United Kingdom and at Ayios Nikolaos, a British military base situated in Akrotiri and Dhekelia, a British Overseas Territory. These placements are not random; they are carefully chosen sites that ensure maximum capture of data flowing through critical fiber-optic cables.

What’s more, this setup operates with the knowledge and implicit approval of the companies that own either the cables or the landing stations. These corporations, whether for reasons of legality, cooperation, or silent compliance, enable Tempora’s surveillance capabilities to thrive.

Leaked documents by whistleblower Edward Snowden expose an unsettling dimension of Tempora: its foundation rests on secret agreements with certain commercial entities, known as "intercept partners."

These companies, which own or manage the targeted cables, allegedly cooperate with GCHQ to ensure seamless data collection. Some were reportedly compensated for their collaboration, transforming their role from passive infrastructure providers to active players in global surveillance.

Image description

According to Snowden, GCHQ instructed its staff to obscure the origin of intercepted data in their reports to avoid exposing these companies’ involvement, fearing severe political repercussions. Companies bound by these covert agreements are legally barred from acknowledging the warrants compelling them to cooperate, forced into silence about their participation in one of the most expansive surveillance programs to date. If they were to resist, GCHQ holds the power to enforce compliance, effectively removing any path for resistance.

There is a threatening stick being used by the state against companies.

The GCHQ team was of course not alone in this process.

Tempora’s influence extends beyond the borders of the United Kingdom, deepening the global web of surveillance through its collaboration with the United States. Documents acquired by Edward Snowden reveal that the data amassed by Tempora is routinely shared with the National Security Agency (NSA) in the U.S., weaving a transatlantic partnership in mass data collection. This exchange strengthens the surveillance capabilities of both nations, granting the NSA access to data streams it might otherwise be unable to intercept. Through Tempora, GCHQ not only taps global communications but also plays a critical role in supporting one of the most powerful intelligence agencies in the world, creating a surveillance alliance that reaches across continents.

Tempora doesn’t operate in isolation; it draws on a broader network of intelligence programs and specialized tools to enhance its data collection and analysis. One of these is INCENSER, which feeds additional bulk data into Tempora’s system, augmenting the volume and variety of information available for surveillance.

Through the WINDSTOP program, the data amassed by Tempora is then shared with the NSA, allowing American intelligence to benefit from GCHQ’s vast data streams. To manage and sift through this immense dataset, analysts use XKEYSCORE, a powerful search interface, and a specialized search language known as GENESIS. This sophisticated system allows GCHQ and the NSA to conduct deep, precise searches within the data, uncovering patterns and connections in personal communications at a granular level.

At the heart of Tempora are two key initiatives, aptly named "Mastering the Internet" (MTI) and "Global Telecoms Exploitation" (GTE). Together, these components represent GCHQ’s commitment to seizing control over both internet and telecommunications data.

Image description

Through MTI, Tempora casts a wide net over internet traffic, capturing vast volumes of information from online activities across the world. Meanwhile, GTE focuses on telecommunications, tapping into global voice and data communications that traverse international fiber-optic cables. This two-pronged approach allows Tempora to comprehensively monitor global communications, merging internet-based data with traditional telecom channels to build a unified, far-reaching surveillance network.

Over five years, GCHQ painstakingly expanded its cable-tapping capabilities by attaching intercept probes to key transatlantic fiber-optic cables as they landed on British shores. These cables, carrying vast amounts of data between Western Europe, Asia, and North America, offered a direct line to global communications.

This ambitious expansion was made possible through covert agreements with commercial entities known as "intercept partners." These partners, operating in secrecy, permitted GCHQ to install probes that capture the constant flow of data along these routes.

The intelligence process cannot proceed without code names.

These companies (intercept partners), each assigned a codename to obscure their identities, facilitate the data capture by allowing GCHQ to attach probes to their fiber-optic infrastructure. The list of partners is as follows:

  • BT (codename:REMEDY)
  • Vodafone Cable (codename:GERONTIC)
  • Verizon Business (codename:DACRON)
  • Global Crossing (codename:PINNAGE)
  • Level 3 (codename:LITTLE)
  • Viatel (codename:VITREOUS)
  • Interoute (codename:STREETCAR)

In July 2012, Cable & Wireless Worldwide was acquired by Vodafone for £1.04 billion. Despite this change in ownership, GCHQ’s internal documents reveal that the codename GERONTIC—assigned to Vodafone’s cable assets—remained in use and was active as late as April 2013.

The impact of GERONTIC’s participation was profound. According to press reports, GCHQ leveraged Vodafone’s infrastructure to tap into 29 of the 63 undersea internet cables it accessed, enabling the agency to capture a staggering volume of global internet traffic. This partnership alone accounted for nearly 70% of the total data available to GCHQ as early as 2009.

This extensive reliance on GERONTIC highlights Vodafone’s role as a cornerstone in Tempora’s network of surveillance. Through GERONTIC, GCHQ could monitor unprecedented amounts of internet data, underscoring the scale of corporate involvement in facilitating government access to private communications on a massive scale.

Cable & Wireless Worldwide, through its various ownership structures, played a central role in facilitating GCHQ’s surveillance activities. The 29 undersea internet cables accessed by GCHQ, which were crucial to the Tempora program, were often connected to Cable & Wireless, either through Direct Cable Ownership (DCO), Indefeasible Rights of Use (IRU), or Leased Capacity (LC). These mechanisms allowed GCHQ to tap into the global flow of data passing through critical international routes.

In addition to this, the GCHQ Cable Master List from 2009 identifies GERONTIC as a key landing partner for nine major cables. These cables represent some of the most significant transcontinental data routes, including:

  • FLAG Atlantic 1 (FA1)
  • FLAG Europe-Asia (FEA)
  • Apollo North
  • Apollo South
  • Solas
  • UK-Netherlands 14
  • UK-France 3
  • Europe India Gateway (EIG)
  • GLO-1

Image description

For more information, I recommend you review the document here:
https://netzpolitik.org/wp-upload/2014-11-Snowden-Cable-Master-List/data.pdf

By May 2012, GCHQ had expanded Tempora's reach with the installation of specialized systems designed to handle the vast flow of data. These systems were strategically placed at key processing centers to ensure optimal interception and analysis of internet traffic. According to some records, the general summary can be said as follows:

  • 16 systems were installed at the CPC processing centre, each dedicated to handling 10 gigabit/second cables.
  • 7 systems were deployed at the OPC processing centre, similarly focused on 10 gigabit/second cables.
  • 23 systems were set up at the RPC1 processing centre, further amplifying GCHQ’s capability to monitor high-volume data streams.

We need to take a look at the programs used in this entire massive surveillance mechanism:

  • POKERFACE: This GCHQ program utilizes Massive Volume Reduction (MVR) to filter and select data at high speeds. By eliminating high-volume, low-value traffic like peer-to-peer downloads, POKERFACE ensures that only the most relevant communications are retained. It also conducts targeted searches using "trigger" words, email addresses, and phone numbers, further refining the scope of surveillance.
  • XKEYSCORE: Operated by the NSA, XKEYSCORE is a powerful system for searching and analyzing vast amounts of internet data. This tool allows for the rapid processing of information intercepted through programs like Tempora, helping intelligence agencies pinpoint key communications and patterns.
  • INCENSER: This GCHQ bulk collection program taps into a cable system codenamed NIGELLA, strategically placed at the intersection of two major fiber-optic cables connecting the Atlantic with Europe and Asia. INCENSER works in tandem with Tempora to capture vast volumes of data, adding another layer to GCHQ's data-gathering capabilities.
  • WINDSTOP: An NSA umbrella program for bulk data collection, WINDSTOP focuses on communications into and out of Europe and the Middle East. It operates in collaboration with "trusted second-party" nations such as the UK, Canada, Australia, and New Zealand. Through this international partnership, the program amplifies the NSA’s ability to monitor communications globally.

Among the documents related to GCHQ’s cable tapping operations, an internal glossary provides additional insight into the INCENSER program. According to this glossary, INCENSER is described as a special source collection system located at Bude, a site in Cornwall, UK. This system plays a critical role in intercepting and collecting bulk data from fiber-optic cables, adding another layer to the broader Tempora surveillance infrastructure.

The strategic positioning of INCENSER at Bude, known for its role in other GCHQ operations, underscores the program’s ability to tap into high-capacity cables and intercept communications from key transatlantic routes. As part of the broader network of cable interceptions, INCENSER contributes to GCHQ’s ability to gather vast amounts of global data, facilitating the ongoing surveillance of international communications.

The document is available at this source:
https://netzpolitik.org/wp-upload/2014-11-Snowden-Gerontic/PTC_Glossary_redacted.pdf

The collection systems, including INCENSER at Bude, are not simply automated data interceptors, they can be remotely tasked to target specific communications. This means that GCHQ, and potentially the NSA, have the ability to direct these systems to focus on particular individuals, groups, or types of communication based on specific selectors.

To be more precise, the target can change at any time and any innocent can become a target depending on the current purpose.

For example, strong selectors—such as phone numbers, email addresses, and internet addresses—are entered into the system, instructing it to focus on communications that match these criteria. This level of control allows for highly targeted surveillance, ensuring that the systems collect only the data deemed relevant by intelligence agencies.

This unified structure may also include hacking methods, even if states are involved. These techniques are part of the NSA's offensive cyber capabilities, enabling them to actively manipulate and disrupt targets' online activities.

  • QUANTUMBOT: A method for hijacking Internet Relay Chat (IRC) botnets, enabling the NSA to gain control over compromised networks of devices.
  • QUANTUMBISQUIT: A technique specifically designed for targeting individuals who hide behind large proxies, helping to bypass their anonymity and access their communications.
  • QUANTUMINSERT: A hacking technique that involves HTML web page redirection, allowing the NSA to inject malicious content into the web traffic of targets, potentially gaining access to their devices or data.

If you need the full presentation here is the link:

Even the NSA's TURBULENCE Programs may be involved.

The TURMOIL program represents the NSA’s extensive, global passive SIGINT (Signals Intelligence) apparatus, focused on intercepting satellite, microwave, and cable communications as they traverse the globe. Specifically designed for high-speed passive collection, TURMOIL taps into these communications, which are presumed to be related to Internet data (DNI), rather than other forms of SIGINT. By intercepting data as it travels across international lines, TURMOIL provides the NSA with a continuous flow of global communications.

One of the key components of TURMOIL is the RAMPART-A program, which significantly enhances the NSA’s data collection capabilities. RAMPART-A facilitates the interception of long-haul international leased communications through “special access initiatives” with global SIGINT partnerships. This allows the NSA to gain access to vast amounts of internet traffic, tapping into over 3 Terabits per second of data.

The scope of RAMPART-A is truly global, with every country code in the world being visible through one or more collection accesses. The data collected through RAMPART-A comes from friendly communications companies, who provide access to their backbone links. These companies work with the NSA under the guise of an overt Comsat (communications satellite) effort, ensuring that their involvement remains covert while allowing for the wide-scale interception of international communications.

You can check this source for TURMOIL:
https://robert.sesek.com/2014/9/unraveling_nsa_s_turbulence_programs.html

You see, the partnership between the NSA and GCHQ creates a truly massive surveillance pool.

One interesting detail is that occupied countries seem to have been included in this process. An intriguing insight into the INCENSER program comes from the analysis of redacted source trigraphs found in the internal GCHQ glossary. These trigraphs, which begin with IR and YM, are believed to correspond to Iran and Yemen, suggesting that these countries were significant targets for the INCENSER program. In countries without such political power, such operations can undoubtedly be more easily concealed.

The WINDSTOP program is a key part of the NSA’s global surveillance network, operating as a collaborative effort among the “Five Eyes” countries: the UK, Canada, Australia, and New Zealand, in addition to the United States. According to the NSA’s Foreign Partner Access budget for 2013, published by Information and The Intercept in June 2014, WINDSTOP focuses primarily on gaining access to communications into and out of Europe and the Middle East. This program operates through an integrated and overarching collection system, where second-party countries—such as the UK—play a significant role in intercepting and processing data, particularly internet communications. Through WINDSTOP, the NSA is able to leverage its partnerships with these countries to gain access to large volumes of data, facilitating a comprehensive approach to global intelligence gathering.

Access budget information here:
https://s3.amazonaws.com/s3.documentcloud.org/documents/1200866/foreignpartneraccessbudgetfy2013-redacted.pdf

It can’t be a party without BigTech.

We know how other giant Silicon Valley companies like Google play a role in many of the NSA’s surveillance programs. MUSCULAR is another critical program in the NSA and GCHQ’s toolkit, focused on tapping the high-volume data traffic between the data centers of major tech companies such as Google and Yahoo. The operation specifically targets the cables that link these data centers, enabling the agencies to collect vast amounts of internet data as it flows between key hubs of the global digital infrastructure. The intercept facility for MUSCULAR is located in the United Kingdom, likely within a Joint Processing Centre (JPC), where both GCHQ and NSA process the collected data. This partnership allows for a seamless collaboration between the two agencies, ensuring the effective extraction and analysis of the data. The data collected by MUSCULAR is processed using the Stage 2 version of XKEYSCORE, an advanced search and analysis system that enables the agencies to sift through massive volumes of data quickly and efficiently.

Image description

With just over 14 billion pieces of internet data a month, INCENSER is the NSA's fourth-largest cable tapping program, accounting for 9 % of the total amount collected by Special Source Operations (SSO), the division responsible for collecting data from internet cables. According to another BOUNDLESSINFORMANT chart, the NSA's Top 5 of cable tapping programs is:

  • DANCINGSOASIS – The largest program, responsible for 36% of the total data.
  • SPINNERET (part of RAMPART-A) – Collecting 14%.
  • MOONLIGHTPATH (part of RAMPART-A) – Collecting 9%.
  • INCENSER (part of WINDSTOP) – With 9% of the total.
  • AZUREPHOENIX (part of RAMPART-A) – Collecting 8%.

Image description

If you're confused, this final summary will help. All the approaches below prove how confidential projects threaten your privacy:

  • MUSCULAR (NSA & GCHQ): This program intercepts user data as it passes between Google servers, including Yahoo.
  • OPTIC NERVE (NSA & GCHQ): Launched in 2008, Optic Nerve enabled access to Yahoo! webcam chats. In one six-month period, it intercepted 1.8 million users, capturing still images every five minutes, including explicit content.
  • MYSTIC (NSA): Mystic records and monitors every phone call in five targeted countries: the Philippines, Kenya, Mexico, Afghanistan, and the Bahamas. In some countries, it collects both metadata and call content for up to 30 days.
  • OPERATION SOCIALIST (GCHQ): GCHQ hacked Belgacom, Belgium’s largest telecommunications provider, using spyware known as Regin. The attack allowed GCHQ to monitor phone and internet traffic, including sensitive communications from the European Commission and Parliament.
  • GEMALTO HACKING (NSA & GCHQ): Gemalto, the world’s largest SIM card manufacturer, was targeted to steal encryption keys, enabling eavesdropping on communications.
  • PRISM (NSA): PRISM allowed the NSA to access personal data from tech giants like Microsoft, Google, Facebook, and Apple. This included emails, search history, and social media activity.
  • THE THREE SMURFS (GCHQ): These tools allow surveillance agencies to activate a target’s phone even when it’s off, listen in through the microphone, track its location, and extract data like messages, call logs, and web history.
  • XKEYSCORE (NSA & Five Eyes): XKEYSCORE is a search tool that allows intelligence agencies to query vast amounts of intercepted data without a warrant. This includes emails, phone calls, web history, and more.
  • UPSTREAM AND TEMPORA (NSA & GCHQ): These programs intercept data from undersea fiber-optic cables, the primary medium for global communications. Upstream taps US-bound cables, while Tempora taps those connected to the UK. The intercepted data is stored for up to 30 days and includes emails, phone calls, and social media posts.

Did you feel like you were surrounded?
You're right.

The effects are far-reaching, it's not just about government surveillance; when these systems are compromised, they leave users exposed to a wide range of threats. Identity theft, hacking, and even cyberattacks become easier for criminals to carry out. Your personal life, your private conversations, and even your sensitive professional communications are no longer secure, and that’s the danger we face when these surveillance programs go unchecked.

The fact that these agencies have the ability to monitor everything from your Facebook posts to your private conversations, from video chats to phone calls, shifts the balance of power. It’s no longer just about the government monitoring for national security; it’s about stripping away the most basic form of digital privacy, and leaving everyone vulnerable to exploitation.

The fact that our phones, once personal devices, are now constantly tracking and listening to us is a stark reminder of how intertwined surveillance has become with our daily lives. It’s not just about protecting ourselves from the government—this opens the door to all sorts of malicious actors who can exploit these vulnerabilities for their own gain.

There are many facts.

But nowadays your privacy is not cared.

Top comments (0)