A slide leaked by Snowden reads: “Show me all the VPN startups in country X, and give me the data so I can decrypt and discover the users.”
Slides handed to the Guardian indicate the XKeyscore software is based on a “massive distributed Linux cluster”, consisting of over 700 servers distributed around the world across 150 sites. It looks as if there are three sites in the UK.
A “federated query mechanism” lets intelligence analysts type in just an email address, an IP address or a Facebook login to get hold of communications data. That information includes all email addresses seen during a target’s session, all phone numbers, and the username, contacts and cookies used in webmail and chat communications.
Perhaps more concerning is that the slides appear to indicate the program can be used to crack VPNs designed to provide anonymity for users. In one of the suggestions for using XKeyscore, a slide reads: “Show me all the VPN startups in country X, and give me the data so I can decrypt and discover the users.”
Many have assumed this means the NSA has access to powerful tools to breach the security mechanisms of VPNs.
Another slide suggests US intelligence services have access to “all the exploitable machines” in chosen countries, indicating at a more aggressive monitoring operation.
The tool also lets analysts gain insight into HTTP traffic, either by picking a target’s IP address or selecting a website to collect IP addresses of those visiting the site.
The “content” is stored for only three to five days, the Guardian reported, whilst metadata is stored for 30 days. It remains unclear how much content XKeyscore can actually access outside of metadata.
According to one document, “at some sites, the amount of data we receive per day (20+ terabytes) can only be stored for as little as 24 hours”.
Last year, at least 41 billion records were collected and stored by the program for a 30-day period.
A Der Spiegel report from earlier this month claimed XKeyscore had been passed on to the German government, who had used it to access information.
Over 300 terrorists were captured using intelligence generated from XKeyscore, a slide claimed.
The NSA said use of XKeyscore was contained by the right checks and balances.
“NSA’s activities are focused and specifically deployed against – and only against – legitimate foreign intelligence targets in response to requirements that our leaders need for information necessary to protect our nation and its interests,” an NSA spokesperson said.
“XKeyscore is used as a part of NSA’s lawful foreign signals intelligence collection system.
“Allegations of widespread, unchecked analyst access to NSA collection data are simply not true. Access to XKeyscore, as well as all of NSA’s analytic tools, is limited to only those personnel who require access for their assigned tasks.”