Posts Tagged ‘Top Secret’



(Also claimed by H.E. Dr. Ray C. Dam of UNOITC)

Historical backgrounder:

The old records of the Royal Crown of England read that Queen Victoria was born on May 24, 1819 in Kensington Palace to Prince Edward, Duke of Kent, and Princess Victoria of Saxe-Coburg-Saalfeld. Interesting reading from the records: “The Duchess of Kent, Princess Victoria of Saxe-Coburg-Saalfeld, was a German princess whose brother Leopold was the widower of Princess Charlotte of Wales. Until 1819 Charlotte was the only legitimate grandchild of George III. Her death in 1817 precipitated a succession crisis in the United Kingdom that brought pressure on the Duke of Kent to marry and have children. He married the Duchess in 1818, and their only child, Victoria, was born at 4.15 am on 24 May 1819 at Kensington Palace in London.” (End of quote)
royal highness
According to unconfirmed tell-tale stories young and pregnant Princess Victoria of Saxe-Coburg-Saalfeld was on a hurried journey from her home in Southern Germany to have her child delivered in time on English soil so that her child could compete in the race for King or Queen of England. According to those tales, she gave birth too early, on a Dutch boat coming from the French coast, to a baby girl. Safely on English soil, there was a twin brother coming out. They had to realize that there was something wrong with the boy. They decided to make the records without the boy. The girl was thus born on English soil and grew up to become Queen of England as a teenager (for 63 years) while the boy was held incognito.

The boy turned man on the island of Borneo, became part of the North Borneo Company which had made a 100-year lease (1868-1968) from the Sultan of Sulu and North Borneo (now Sabah, Malaysia), and became Prince Julian Mcleod Tallano, the legal owner of the Philippines through OCT No. 01-4 which followed the 1764 Royal Protocol No. 01-4 Crown of England adjudicating the Hacienda Filipinas consisting of 7,148 islands to the Royal Family of the Tagean-Tallano-Kiram clan. Prince Julian Mcleod Tallano became the head of the Royal Family of the Philippines which was subjugated by the Spanish colonizers and the almighty Roman Catholic Church.  He decided to do something. Being of Muslim origin and place, they had to enter the northern catholic side of the Philippines.

Secretly, a new-born son of Prince Julian Mcleod was placed in a basket and found, 1861, outside the house of the Mercado Family of Calamba, Laguna. The boy genius grew up as Jose Protacio Mercado (JPM) before he called himself Rex al or Rizal (JPR) or King of Kings. Money was arranged to give him the highest education possible which he got in Madrid, Paris, and Heidelberg. He made his doctor there in German language as an eye doctor. The nephew of Queen Victoria, he operated successfully on the eyes of kings and emperors, spending extended time in Vienna with Emperor Franz-Josef of the House of Habsburg-Lorraine and in Tokyo with the Tenno which should have dire consequences for the world later.
Operating out of the Vatican where he was known as Jose Antonio Diaz de la Paz, or secretly the black pope, he became Papal Nuncio (Ambassador of good will of the Vatican) and travelled the world maybe more than anybody else at the time speaking in 10 languages. When the kings and emperors needed a trusted person to take care of all their secret treasures after WW I, Jose Antonio Diaz (JAD) of the Vatican was the given choice, secrecy being essential to the whole plan for JPR-JAD, to become the most important and most secret person of the 20ieth century.

And secrecy is the name of the game until today. The structure of this world and its gargantuan wealth is built on this secrecy which was manifested, after WW II with the secret deposit of 400,000 Metric Tons of gold in 1949 in the Central Bank of the Philippines plus another 217,500MT deposited in banks of the world all under a secret code name Tiburcio Villamor Marcos or TVM-LSM-666, the 400,000MT deposited for 50 years plus 5 years to terminate all claims of ownership of former owners. That secret agreement was signed on August 11, 1950 by US Presidents Harry S. Truman and his successor as US President, Dwight D. Eisenhower, Chiang Kai-Shek, Mao Tse Tung, Tschu Enlai, and Generalissimo Franco of Spain among others. JPR-JAD signed as Trust Depositor, young Ferdinand Marcos (33 years old then) signed as “Legal Counsel for TVM-LSM-666”.

Controlling institution for that giant undertaking was and is until today the Bank for International Settlement in Basel, Switzerland, the de-facto secret central bank of all central banks in the world, controlling also the Federal Reserve System of America, Bank of England, World Bank, IMF, and ECB.

Trust account C-1-C-2-C-19-C-21 was opened for TVM-LSM-666, special code name Jose Bautista Cruzen, in Barclays Bank in London for payment of the returned Philippine Victory Money. In reality it was JPR-JAD signing as Jose Bautista Cruzen in the bank and in the US Treasury for the money of the Philippines which was originally printed as “Commonwealth of the Philippines Peso” in 1934/1936 in the Bureau of Printing and Engraving in Washington D.C. becoming Philippine Victory Notes in exchange of 2 Pesos for one dollar (and -unnoticed- giving the US Treasury financial and monetary control over their former colony). 17,000MT of gold were deposited by JPR-JAD in Barclays Bank Singapore as guarantee for the money which was demonetized in 1967 when the Philippines had a remarkable new President Ferdinand Marcos who was also, wonder of all wonders, the Legal Counsel of JPR-JAD code name TVM-LSM-666. He was witness when JPR-JAD transferred ownership over all his assets, properties, and belongings to his chosen successor-in-interest-and-rights “Rev. Dr. Floro E. Garcia” (Marcos).

When “the old man” (JAD) died 1974, President Ferdinand Marcos became the Legal Counsel of the successor-in-interest-and-rights and new owner TVM-TVTM-LSM-666, Rev. Dr. Floro E. Garcia, who would have to wait for maturity in the year 2005. Principally sitting on the wealth of the world, a genius Ferdinand Marcos was able to preserve everything and even create a new fortune on the side which is preserved as the back-up of managerial currencies. That would include the almighty dollar that has no other backing than C-1-C-2-C-19-C-21 or the World Bank umbrella account No. 010-22-74-OA assigned to Rev. Dr. Floro E. Garcia in the amount of $500 Trillion.
It is understandable that some leaders of the world did not like Marcos and his sheer unlimited power. They “froze” everything after he had made secret advances to China and Russia. The rest is history. The name of Marcos is destroyed and the world keeps limping from one financial crisis to the next financial crisis, for lack of and want of a clean solution. As it stands, the top institutions of the world know where the gold and where the cash is deep and safe in trust deposits with the leading banks and central banks of the world. “Only TVM-TVTM-LSM-666 can move, remove, or transfer the assets.” That is written all over the faces of the top officials in the deciding institutions of the world. Sec. Tim Geithner who was assigned by the IMF for many years to Manila, he knows. God knows what stops him.
– New Year 2013 –
Reviewed September 18, 2013 by WS Representing TVM-LSM-666

Βασίλειος Σωτήρας

TVM-LSM-666 contains 1,715,000 metric tonnes of gold in 172 banks in 49 countries.



Project Aquarius Documents

Project Aquarius Documents


From the Desk of Dr. Steven Greer:

On May 21, 2014, we received a cache of Top Secret documents related to “Project Aquarius” , a purported Majestic 12 (MJ-12) covert project related to UFOs/ETs.

Previously, summaries of the documents have appeared on the Internet. However, we received photos of the actual documents. To our knowledge, this the first time the ACTUAL (not just a transcript) of the full cache of documents has been released .  These documents, as well as their transcription, can be viewed below.

It is NOT KNOWN if these are legitimate US government documents. We note several typos and other errors. These typos do not, per se, discredit the documents since typos routinely occur, especially in government documents.

It should be noted that the information in the documents conform to other known evidence and events and is substantially correct.

We are seeking anyone with DIRECT FIRST HAND knowledge of the provenance of these documents, or anyone personally connected to Project Aquarius and the other code-named projects mentioned in these documents, or any related ops.

Second-hand opinions are of less value, though all are entitled to his or her opinion. What would be most helpful is corroboration by any first-hand sources.

The person who sent us these documents has numerous legitimate contacts in covert aerospace and military projects related to UFOs and is a credible and reliable source.

We are releasing these documents quickly for security reasons, as we feel it is not wise to let significant time pass between our receipt and public release of the documents. If they are legitimate, they are potentially historic and explosive.

Thank you for your help in locating any first-hand corroborating sources for these documents- and for any corroboration  of the other code-named projects, events and operations described in the documents.

-Dr. Greer



(For ease of viewing, the transcription of each page has been placed in the caption below.)

For a single PDF version of this fascinating document, please click here.
For a Microsoft Word document version of the full transcription, please click here.


Project Aquarius Executive Correspondence, Cover


Project Aquarius Executive Correspondence, Pg. 0 of 9

{TS/ORCON} The information contained in this document is classified TOP SECRET
with ORCON. {Only the originator may release the information} Only MJ12 has access
to Project Aquarius. No other government agency, to include the military, has access
to the information contained in this briefing. There are only two copies of Project
Aquarius and the location is known only to MJ12. This document will be destroyed
after the briefing. No notes, photographs, or audio recordings, may be made of this
PAGE 0 of 0

Project Aquarius Executive Correspondence, Pg. 1 of 9

{TS/ORCON} {PROWORD:DANCE} Contains 16 volumes of documented information collec-
ted from the beginning of the United States Investigation of Unidentified Flying
Objects {UFOs} and Identified Alien Crafts {IAC}. The Project was originally es-
tablished in 1953, by order of President Eisenhower, under control of NSC and MJ12.
In 1966, the Project’s name was changed from Project Gleem to Project Aquarius.
The Project was funded by CIA confidential funds {non-appropriated}. The Project
was originally classified SECRET but was upgraded to its present classification in
Dec 1969 after Project Blue Book was closed. The purpose of Project Aquarius was to
collect all scientific, technological, medical and inteligence information from
UFO/IAC sightings and contacts with alien life forms. This orderly file of collec-
ted information has been used to advance the United States Space Program.
{TS/ORCON} The proceeding briefing is an historical account of the United States
Government’s investigation of Aerial Phenomenas, Recovered Alien Aircrafts and
Contacts with Extraterrestrial Life Forms.

Project Aquarius Executive Correspondence, Pg. 1 of 9

{TS/ORCON} In Jun 1947, a civilian pilot flying over the Cascade mountains
of Washington State observed nine flying discs, {later referred to as UFOs}. The
Commander, Air Technical Intelligence Center of the then Army Air Force, became
concerned and ordered an inquiry. This was the beginning gof the United States
Involvement with UFO investigations. In 1947 an aircraft of extraterrestrial orgin,
crashed in the desert of New Mexico. The craft was recovered by the military.
Four Alien {non homo-sapiens} bodies were recovered in the wreckage. The Aliens
were found to be creatures not related to human beings {Atch 1}. In late 1949,
another Alien aircraft crashed in the United States and was recovered partially intact
by the military. One Alien of extraterrestrial origin survived the crash. The
surviving Alien was male and called itself, “EBE”. The Alien was thoroughly in-
terrogated by military intelligence personnel at a base in New Mexico. The Alien’s
language was translated by means of picturegraphs. It was learned the Alien came
from a planet in the Zeta Riticuli star system, approximately 40 light years from
Earth. EBE lived until Jun 18, 1952, when he died of an unexplained illness. During
the time period EBE was alive, he provided valuable information regarding space
technology, origins of the Universe, and exobiological matters. Further data is
contained in Atch 2.

Project Aquarius Executive Correspondence, Pg. 3 of 9

{TS/ORCON} The recovery of Alien aircrafts lead the United States on an exn-
tensive investigative program to determine whether these Aliens posed a direct
threat to our national security. In 1947, the newly created Air Force initiated
a program to investigate incidents involving UFOs. The program was operated under
three different code names: Grudge, Sign and finally Blue Book. The original
mission of the Air Force program was to collect and analyze all reported sightings
or incidents involving UFOs and determine whether the information could be in-
terrupted as having any bearing on the security of the United States. Some in-
formation was evaluated with the idea of using the gained data to advance our
own space technology and future space programs. 90 percent of the estimated 12,000
reports analyzed by the Air Force were considered hoaxes, explained aerial
phenomenas or natural astronmical objects. The other 10 percent were considered
legitimate Alien sightings and/or incidents. However, not all UFO sightings or
incidents were reported under the Air Force program. In 1953, Project Gleem was
initiated by order of President Eisenhower, who believed the UFOs presented a threat
to the national security of the United States. Project Gleem, which became Project
Aquarius in 1966 was a parallel reporting for UFO sightings and incidents.
Reports collected under Project Aquarius were considered actual sightings of Alien
aircrafts or contact with Alien Life forms. Most reports were made by reliable
military and defense department civilian personnel.


Project Aquarius Executive Correspondence, Pg. 4 of 9

{TS/ORCON} In 1958 the United States recovered a third Alien aircraft from
the desert of Utah. The aircraft was in excellent flying condition. The aircraft
was apparently abandoned by the Aliens for some unexplainable reason, since no Alien
Life forms wer found in or around the aircraft. The aircraft was considered a
technological marvel by United States Scientists. However, the operating instrumen-
tations of the aircraft were so complexed that our scientists could not interrupt
their operation. The aircraft was stored in a top security area and analyzed
throughout the years by our best aerospace scientists. The United States gained a
large volume of technological data from the recovered Alien aircraft.
A detailed description and further information regarding the aircraft is explained
In Atch 3.

Project Aquarius Executive Correspondence, pg. 5 of 9

{TS/ORCON} Several independent scientific investigations at the request of
the Air Force and CIA, were initiated during the era of Project Blue Book. MJ12
decided that officially, the Air Force should end their investigation of UFOs.
This decision was arrived at during the _ _ _ _ meeting {Atch 4} in 1966. The reason
was twofold. First, the United States had established communication with the
Aliens. The United States felt relatively sure the Aliens exploration of earth
was non-aggressive and non-hostile. It was also established that the Aliens presence
did not directly threaten the security of the United States. Secondly, the public
was beginning to believe that the UFOs were real. The NSC felt this public feeling
could lead to a nationwide panic. The United States was involved in several sen-
sitive project during this time period. It was felt that public awareness of these
projects would have jeopardized the future space program for the United States.
Therefore, MJ12 decided that an independent scientific study of the UFO phenonena
would be needed to satisfy public curiosity. The final official study of the UFO
phenomena was accomplished by the University of Colorado under Air Force contract.
The study concuded that sufficient data did not exist that would indicate UFOs
threatened the security of the United States. The final conclusion satisfied the
government and allowed the Air Force to officially step out of the UFO investigating

Project Aquarius Executive Correspondence, pg. 6 of 9

{TS/ORCON} When the Air Force officially closed Project Blue Book in Dec 1969,
Project Aquarius continued operation under control of NSC/MJ12. The NSC felt in-
vestigations of UFO sightings and incidents had to continue in secrecy without
any public knowledge. The reasoning behind the decision was this: if the Air
Force continued its investigation of UFOs, eventually some uncleared and unbriefed
Air Force or defense department civilian officials would obtain the facts behind
Project Aquarius. Obviously {for operational security reasons} this could not
be allowed. In order to continue the investigation of UFO sightings and incidents
in secrecy, investigators from CIA/DCD and MJ12 were assigned to military and other
governmental agencies with ordes to investigate all legitimate UFO/IAC sightings
and incidents. These agents are presently operating at various locations throughout
the the United States and Canada. All reports are filtered either directly or
indirectly to MJ12. These agents are collecting reports of UFO/IAC sightings and
incidents occurring on or near sensitive governmental installations. {NOTE: Aliens
have been extremely interested in our nuclear weapons and nuclear research. Many
reported military sightings and incidents occur over nuclear weapons bases. The
Alien’s interest in our nuclear weapons can only be attributed to the future threat
of a nuclear war on earth. The Air Force have initiated measures to assure the
security of the nuclear weapons from Alien theft or destruction}. MJ12 feels con-
fident the Aliens are on an exploration of our solar system for peaceful purposes.
However, we must continue to observe and track the Aliens movement until it is de-
termined that the Alien’s future plans contain no threat to our national security or
the civilization of earth.

Project Aquarius Executive Correspondence, pg. 7 of 9

Visitation of earth back some 5,000 years. EBE reported that 2,000 years ago his ancestors planted a human creature on earth to assist the inhabitants of earth in developing a civilization. This information was only vague and the exact identity or background information on this homo-sapien was not obtained. Undoubtfully, if this information was released to the public, it would cause a worldwide religious panic. MJ3 has developed a plan that will allow release of Project Aquarius, Volumes I thru III. The release program calls for a gradual release of information over a period of time in order to condition the public for future disclosures. Atch 5 of this briefing contains certain guidlines for future public releases. PAGE 7 of 9 TOP SECRET TOP SECRET –
Project Aquarius Executive Correspondence, pg. 8 of 9
{TS/ORCON} In the 1976 MJ3 report {Atch 6} , it was estimated the Alien’s tech-
nology was many thousands of years ahead of the United States technology. Our scientists
speculate that until our technology develops to a level equal to the Aliens, we cannot
understand the large volume of scientific information the United States has already
gained from the Aliens. This advancement of United States Technology may take many
hundred of years.

Project Aquarius Executive Correspondence, pg. 9 of 9

1. {TS/ORCON} PROJECT BANDO: {PROWORD: RISK} Originally established in
1949. Tis mission was to collect and evaluate medical information from the sur-
viving Aliens creature and the recovered Alien bodies. This Project medically
examined EBE and provided the United States medical researchers with certain answers
to the evolution theory. {OPR: CIA} {Terminated in 1974}.
2. {TS/ORCON} PROJECT SIGMA: {PROWORD: MIDNIGHT}. Originally established
as part of Project Gleem in 1954. Became a separate project in 1976. Its mission
was to establish communication with Aliens. This Project met with positive success
when in 1959, the United States established primitive communications with the
Aliens. On April 25, 1964, a USAF intelligence Officer, met two Aliens at a pre-
arranged location in the desert of New Mexico. The contact lasted for approximately
three hours. Based on the Alien’s language given to us by EBE, the Air Force
officer managed to exchange basic information with the two Aliens {Atch 7}. This
project is continuing at an Air Force base in New Mexico. {OPR: MJ12/NSA}.
3. {TS/ORCON} PROJECT SNOWBIRD; {PROWORD:CETUS} Originally established
in 1972. Its mission was to test fly a recovered Alien aircraft. This project
is continuing in Nevada. {OPR: USAF/NASA/CIA/MJ12}
4. {TS/ORCON} PROJECT POUNCE: {PROWORD:DIXIE} Originally established
In 1968. Its mission was to evaluate all UFO/IAC information pertaining to space
technology. PROJECT POUNCE continues. {OPR: NASA/USAF}


Featured photo - How the NSA Plans to Infect ‘Millions’ of Computers with MalwareOne presentation outlines how the NSA performs “industrial-scale exploitation” of computer networks across the world.
Top-secret documents reveal that the National Security Agency is dramatically expanding its ability to covertly hack into computers on a mass scale by using automated systems that reduce the level of human oversight in the process.
The classified files – provided previously by NSA whistleblower Edward Snowden – contain new details about groundbreaking surveillance technology the agency has developed to infect potentially millions of computers worldwide with malware “implants.” The clandestine initiative enables the NSA to break into targeted computers and to siphon out data from foreign Internet and phone networks.
The covert infrastructure that supports the hacking efforts operates from the agency’s headquarters in Fort Meade, Maryland, and from eavesdropping bases in the United Kingdom and Japan. GCHQ, the British intelligence agency, appears to have played an integral role in helping to develop the implants tactic.
In some cases the NSA has masqueraded as a fake Facebook server, using the social media site as a launching pad to infect a target’s computer and exfiltrate files from a hard drive. In others, it has sent out spam emails laced with the malware, which can be tailored to covertly record audio from a computer’s microphone and take snapshots with its webcam. The hacking systems have also enabled the NSA to launch cyberattacks by corrupting and disrupting file downloads or denying access to websites.
The implants being deployed were once reserved for a few hundred hard-to-reach targets, whose communications could not be monitored through traditional wiretaps. But the documents analyzed by The Intercept show how the NSA has aggressively accelerated its hacking initiatives in the past decade by computerizing some processes previously handled by humans.

The automated system – codenamed TURBINE – is designed to “allow the current implant network to scale to large size (millions of implants) by creating a system that does automated control implants by groups instead of individually.”

In a top-secret presentation, dated August 2009, the NSA describes a pre-programmed part of the covert infrastructure called the “Expert System,” which is designed to operate “like the brain.” The system manages the applications and functions of the implants and “decides” what tools they need to best extract data from infected machines.
Mikko Hypponen, an expert in malware who serves as chief research officer at the Finnish security firm F-Secure, calls the revelations “disturbing.” The NSA’s surveillance techniques, he warns, could inadvertently be undermining the security of the Internet.
“When they deploy malware on systems,” Hypponen says, “they potentially create new vulnerabilities in these systems, making them more vulnerable for attacks by third parties.”
Hypponen believes that governments could arguably justify using malware in a small number of targeted cases against adversaries. But millions of malware implants being deployed by the NSA as part of an automated process, he says, would be “out of control.”
“That would definitely not be proportionate,” Hypponen says. “It couldn’t possibly be targeted and named. It sounds like wholesale infection and wholesale surveillance.”
The NSA declined to answer questions about its deployment of implants, pointing to a new presidential policy directive announced by President Obama. “As the president made clear on 17 January,” the agency said in a statement, “signals intelligence shall be collected exclusively where there is a foreign intelligence or counterintelligence purpose to support national and departmental missions, and not for any other purposes.”

“Owning the Net”

The NSA began rapidly escalating its hacking efforts a decade ago. In 2004, according to secret internal records, the agency was managing a small network of only 100 to 150 implants. But over the next six to eight years, as an elite unit called Tailored Access Operations (TAO) recruited new hackers and developed new malware tools, the number of implants soared to tens of thousands.
To penetrate foreign computer networks and monitor communications that it did not have access to through other means, the NSA wanted to go beyond the limits of traditional signals intelligence, or SIGINT, the agency’s term for the interception of electronic communications. Instead, it sought to broaden “active” surveillance methods – tactics designed to directly infiltrate a target’s computers or network devices.
In the documents, the agency describes such techniques as “a more aggressive approach to SIGINT” and says that the TAO unit’s mission is to “aggressively scale” these operations.
But the NSA recognized that managing a massive network of implants is too big a job for humans alone.
“One of the greatest challenges for active SIGINT/attack is scale,” explains the top-secret presentation from 2009. “Human ‘drivers’ limit ability for large-scale exploitation (humans tend to operate within their own environment, not taking into account the bigger picture).”
The agency’s solution was TURBINE. Developed as part of TAO unit, it is described in the leaked documents as an “intelligent command and control capability” that enables “industrial-scale exploitation.”
TURBINE was designed to make deploying malware much easier for the NSA’s hackers by reducing their role in overseeing its functions. The system would “relieve the user from needing to know/care about the details,” the NSA’s Technology Directorate notes in one secret document from 2009. “For example, a user should be able to ask for ‘all details about application X’ and not need to know how and where the application keeps files, registry entries, user application data, etc.”
In practice, this meant that TURBINE would automate crucial processes that previously had to be performed manually – including the configuration of the implants as well as surveillance collection, or “tasking,” of data from infected systems. But automating these processes was about much more than a simple technicality. The move represented a major tactical shift within the NSA that was expected to have a profound impact – allowing the agency to push forward into a new frontier of surveillance operations.
The ramifications are starkly illustrated in one undated top-secret NSA document, which describes how the agency planned for TURBINE to “increase the current capability to deploy and manage hundreds of Computer Network Exploitation (CNE) and Computer Network Attack (CNA) implants to potentially millions of implants.” (CNE mines intelligence from computers and networks; CNA seeks to disrupt, damage or destroy them.)
Eventually, the secret files indicate, the NSA’s plans for TURBINE came to fruition. The system has been operational in some capacity since at least July 2010, and its role has become increasingly central to NSA hacking operations.
Earlier reports based on the Snowden files indicate that the NSA has already deployed between 85,000 and 100,000 of its implants against computers and networks across the world, with plans to keep on scaling up those numbers.
The intelligence community’s top-secret “Black Budget” for 2013, obtained by Snowden, lists TURBINE as part of a broader NSA surveillance initiative named “Owning the Net.”
The agency sought $67.6 million in taxpayer funding for its Owning the Net program last year. Some of the money was earmarked for TURBINE, expanding the system to encompass “a wider variety” of networks and “enabling greater automation of computer network exploitation.”

Circumventing Encryption

The NSA has a diverse arsenal of malware tools, each highly sophisticated and customizable for different purposes.
One implant, codenamed UNITEDRAKE, can be used with a variety of “plug-ins” that enable the agency to gain total control of an infected computer.
An implant plug-in named CAPTIVATEDAUDIENCE, for example, is used to take over a targeted computer’s microphone and record conversations taking place near the device. Another, GUMFISH, can covertly take over a computer’s webcam and snap photographs. FOGGYBOTTOM records logs of Internet browsing histories and collects login details and passwords used to access websites and email accounts. GROK is used to log keystrokes. And SALVAGERABBIT exfiltrates data from removable flash drives that connect to an infected computer.
The implants can enable the NSA to circumvent privacy-enhancing encryption tools that are used to browse the Internet anonymously or scramble the contents of emails as they are being sent across networks. That’s because the NSA’s malware gives the agency unfettered access to a target’s computer before the user protects their communications with encryption.
It is unclear how many of the implants are being deployed on an annual basis or which variants of them are currently active in computer systems across the world.
Previous reports have alleged that the NSA worked with Israel to develop the Stuxnet malware, which was used to sabotage Iranian nuclear facilities. The agency also reportedly worked with Israel to deploy malware called Flame to infiltrate computers and spy on communications in countries across the Middle East.
According to the Snowden files, the technology has been used to seek out terror suspects as well as individuals regarded by the NSA as “extremist.” But the mandate of the NSA’s hackers is not limited to invading the systems of those who pose a threat to national security.
In one secret post on an internal message board, an operative from the NSA’s Signals Intelligence Directorate describes using malware attacks against systems administrators who work at foreign phone and Internet service providers. By hacking an administrator’s computer, the agency can gain covert access to communications that are processed by his company. “Sys admins are a means to an end,” the NSA operative writes.
The internal post – titled “I hunt sys admins” – makes clear that terrorists aren’t the only targets of such NSA attacks. Compromising a systems administrator, the operative notes, makes it easier to get to other targets of interest, including any “government official that happens to be using the network some admin takes care of.”
Similar tactics have been adopted by Government Communications Headquarters, the NSA’s British counterpart. As the German newspaper Der Spiegel reported in September, GCHQ hacked computers belonging to network engineers at Belgacom, the Belgian telecommunications provider.
The mission, codenamed “Operation Socialist,” was designed to enable GCHQ to monitor mobile phones connected to Belgacom’s network. The secret files deem the mission a “success,” and indicate that the agency had the ability to covertly access Belgacom’s systems since at least 2010.
Infiltrating cellphone networks, however, is not all that the malware can be used to accomplish. The NSA has specifically tailored some of its implants to infect large-scale network routers used by Internet service providers in foreign countries. By compromising routers – the devices that connect computer networks and transport data packets across the Internet – the agency can gain covert access to monitor Internet traffic, record the browsing sessions of users, and intercept communications.
Two implants the NSA injects into network routers, HAMMERCHANT and HAMMERSTEIN, help the agency to intercept and perform “exploitation attacks” against data that is sent through aVirtual Private Network, a tool that uses encrypted “tunnels” to enhance the security and privacy of an Internet session.
The implants also track phone calls sent across the network via Skype and other Voice Over IP software, revealing the username of the person making the call. If the audio of the VOIP conversation is sent over the Internet using unencrypted “Real-time Transport Protocol” packets, the implants can covertly record the audio data and then return it to the NSA for analysis.
But not all of the NSA’s implants are used to gather intelligence, the secret files show. Sometimes, the agency’s aim is disruption rather than surveillance. QUANTUMSKY, a piece of NSA malware developed in 2004, is used to block targets from accessing certain websites. QUANTUMCOPPER, first tested in 2008, corrupts a target’s file downloads. These two “attack” techniques are revealed on a classified list that features nine NSA hacking tools, six of which are used for intelligence gathering. Just one is used for “defensive” purposes – to protect U.S. government networks against intrusions.

“Mass exploitation potential”

Before it can extract data from an implant or use it to attack a system, the NSA must first install the malware on a targeted computer or network.
According to one top-secret document from 2012, the agency can deploy malware by sending out spam emails that trick targets into clicking a malicious link. Once activated, a “back-door implant” infects their computers within eight seconds.
There’s only one problem with this tactic, codenamed WILLOWVIXEN: According to the documents, the spam method has become less successful in recent years, as Internet users have become wary of unsolicited emails and less likely to click on anything that looks suspicious.
Consequently, the NSA has turned to new and more advanced hacking techniques. These include performing so-called “man-in-the-middle” and “man-on-the-side” attacks, which covertly force a user’s internet browser to route to NSA computer servers that try to infect them with an implant.
To perform a man-on-the-side attack, the NSA observes a target’s Internet traffic using its global network of covert “accesses” to data as it flows over fiber optic cables or satellites. When the target visits a website that the NSA is able to exploit, the agency’s surveillance sensors alert the TURBINE system, which then “shoots” data packets at the targeted computer’s IP address within a fraction of a second.
In one man-on-the-side technique, codenamed QUANTUMHAND, the agency disguises itself as a fake Facebook server. When a target attempts to log in to the social media site, the NSA transmits malicious data packets that trick the target’s computer into thinking they are being sent from the real Facebook. By concealing its malware within what looks like an ordinary Facebook page, the NSA is able to hack into the targeted computer and covertly siphon out data from its hard drive. A top-secret animation demonstrates the tactic in action.
The documents show that QUANTUMHAND became operational in October 2010, after being successfully tested by the NSA against about a dozen targets.
According to Matt Blaze, a surveillance and cryptography expert at the University of Pennsylvania, it appears that the QUANTUMHAND technique is aimed at targeting specific individuals. But he expresses concerns about how it has been covertly integrated within Internet networks as part of the NSA’s automated TURBINE system.
“As soon as you put this capability in the backbone infrastructure, the software and security engineer in me says that’s terrifying,” Blaze says.
“Forget about how the NSA is intending to use it. How do we know it is working correctly and only targeting who the NSA wants? And even if it does work correctly, which is itself a really dubious assumption, how is it controlled?”
In an email statement to The Intercept, Facebook spokesman Jay Nancarrow said the company had “no evidence of this alleged activity.” He added that Facebook implemented HTTPS encryption for users last year, making browsing sessions less vulnerable to malware attacks.
Nancarrow also pointed out that other services besides Facebook could have been compromised by the NSA. “If government agencies indeed have privileged access to network service providers,” he said, “any site running only [unencrypted] HTTP could conceivably have its traffic misdirected.”
A man-in-the-middle attack is a similar but slightly more aggressive method that can be used by the NSA to deploy its malware. It refers to a hacking technique in which the agency covertly places itself between computers as they are communicating with each other.
This allows the NSA not only to observe and redirect browsing sessions, but to modify the content of data packets that are passing between computers.
The man-in-the-middle tactic can be used, for instance, to covertly change the content of a message as it is being sent between two people, without either knowing that any change has been made by a third party. The same technique is sometimes used by criminal hackers to defraud people.
A top-secret NSA presentation from 2012 reveals that the agency developed a man-in-the-middle capability called SECONDDATE to “influence real-time communications between client and server” and to “quietly redirect web-browsers” to NSA malware servers called FOXACID. In October, details about the FOXACID system were reported by the Guardian, which revealed its links to attacks against users of the Internet anonymity service Tor.
But SECONDDATE is tailored not only for “surgical” surveillance attacks on individual suspects. It can also be used to launch bulk malware attacks against computers.
According to the 2012 presentation, the tactic has “mass exploitation potential for clients passing through network choke points.”
Blaze, the University of Pennsylvania surveillance expert, says the potential use of man-in-the-middle attacks on such a scale “seems very disturbing.” Such an approach would involve indiscriminately monitoring entire networks as opposed to targeting individual suspects.
“The thing that raises a red flag for me is the reference to ‘network choke points,’” he says. “That’s the last place that we should be allowing intelligence agencies to compromise the infrastructure – because that is by definition a mass surveillance technique.”
To deploy some of its malware implants, the NSA exploits security vulnerabilities in commonly used Internet browsers such as Mozilla Firefox and Internet Explorer.
The agency’s hackers also exploit security weaknesses in network routers and in popular software plugins such as Flash and Java to deliver malicious code onto targeted machines.
The implants can circumvent anti-virus programs, and the NSA has gone to extreme lengths to ensure that its clandestine technology is extremely difficult to detect. An implant named VALIDATOR, used by the NSA to upload and download data to and from an infected machine, can be set to self-destruct – deleting itself from an infected computer after a set time expires.
In many cases, firewalls and other security measures do not appear to pose much of an obstacle to the NSA. Indeed, the agency’s hackers appear confident in their ability to circumvent any security mechanism that stands between them and compromising a computer or network. “If we can get the target to visit us in some sort of web browser, we can probably own them,” an agency hacker boasts in one secret document. “The only limitation is the ‘how.’”

Covert Infrastructure

The TURBINE implants system does not operate in isolation.
It is linked to, and relies upon, a large network of clandestine surveillance “sensors” that the agency has installed at locations across the world.
The NSA’s headquarters in Maryland are part of this network, as are eavesdropping bases used by the agency in Misawa, Japan and Menwith Hill, England.
The sensors, codenamed TURMOIL, operate as a sort of high-tech surveillance dragnet, monitoring packets of data as they are sent across the Internet.
When TURBINE implants exfiltrate data from infected computer systems, the TURMOIL sensors automatically identify the data and return it to the NSA for analysis. And when targets are communicating, the TURMOIL system can be used to send alerts or “tips” to TURBINE, enabling the initiation of a malware attack.
The NSA identifies surveillance targets based on a series of data “selectors” as they flow across Internet cables. These selectors, according to internal documents, can include email addresses, IP addresses, or the unique “cookies” containing a username or other identifying information that are sent to a user’s computer by websites such as Google, Facebook, Hotmail, Yahoo, and Twitter.
Other selectors the NSA uses can be gleaned from unique Google advertising cookies that track browsing habits, unique encryption key fingerprints that can be traced to a specific user, and computer IDs that are sent across the Internet when a Windows computer crashes or updates.
What’s more, the TURBINE system operates with the knowledge and support of other governments, some of which have participated in the malware attacks.
Classification markings on the Snowden documents indicate that NSA has shared many of its files on the use of implants with its counterparts in the so-called Five Eyes surveillance alliance – the United Kingdom, Canada, New Zealand, and Australia.
GCHQ, the British agency, has taken on a particularly important role in helping to develop the malware tactics. The Menwith Hill satellite eavesdropping base that is part of the TURMOIL network, located in a rural part of Northern England, is operated by the NSA in close cooperation with GCHQ.
Top-secret documents show that the British base – referred to by the NSA as “MHS” for Menwith Hill Station – is an integral component of the TURBINE malware infrastructure and has been used to experiment with implant “exploitation” attacks against users of Yahoo and Hotmail.
In one document dated 2010, at least five variants of the QUANTUM hacking method were listed as being “operational” at Menwith Hill. The same document also reveals that GCHQ helped integrate three of the QUANTUM malware capabilities – and test two others – as part of a surveillance system it operates codenamed INSENSER.
GCHQ cooperated with the hacking attacks despite having reservations about their legality. One of the Snowden files, previously disclosed by Swedish broadcaster SVT, revealed that as recently as April 2013, GCHQ was apparently reluctant to get involved in deploying the QUANTUM malware due to “legal/policy restrictions.” A representative from a unit of the British surveillance agency, meeting with an obscure telecommunications standards committee in 2010, separately voiced concerns that performing “active” hacking attacks for surveillance “may be illegal” under British law.
In response to questions from The Intercept, GCHQ refused to comment on its involvement in the covert hacking operations. Citing its boilerplate response to inquiries, the agency said in a statement that “all of GCHQ’s work is carried out in accordance with a strict legal and policy framework which ensures that our activities are authorized, necessary and proportionate, and that there is rigorous oversight.”
Whatever the legalities of the United Kingdom and United States infiltrating computer networks, the Snowden files bring into sharp focus the broader implications. Under cover of secrecy and without public debate, there has been an unprecedented proliferation of aggressive surveillance techniques. One of the NSA’s primary concerns, in fact, appears to be that its clandestine tactics are now being adopted by foreign rivals, too.
“Hacking routers has been good business for us and our 5-eyes partners for some time,” notes one NSA analyst in a top-secret document dated December 2012. “But it is becoming more apparent that other nation states are honing their skillz [sic] and joining the scene.”
Αναρτήθηκε από (C) Hellas XG

Bucket List Publications

Indulge- Travel, Adventure, & New Experiences

Economic & Multicultural Terrorism

Delves into the socioeconomic & political forces destroying our Country: White & Christian Genocide.

The Daily Post

The Art and Craft of Blogging

Art Attack

Discovering art in everything


Freedom & Ηappiness

The Blog

The latest news on and the WordPress community.