Danish military intelligence uses XKEYSCORE to tap cables in co-op with the NSA

Last modified on November 02, 2020

Closing August, it got here out {that a} whistleblower accused the Danish navy and alerts intelligence provider (Forsvarets Efterretningstjeneste or FE) of illegal actions and deliberately misleading the intelligence oversight board.

In the meantime, the Danish press used to be prepared to coloration a surprisingly complete and detailed picture of how the FE cooperated with the NSA in cable tapping on Danish soil.

It used to be further printed that the Americans geared up Denmark with a cosmopolitan distinctive look system which accommodates the NSA's recordsdata processing system XKEYSCORE.

A Danish paper moreover disclosed that the accusation of illegal sequence got here from a youthful FE employee who reminds of Edward Snowden. A newly established investigation fee now has to clarify whether or not or now not he used to be pushed by fears or by info.

The Sandagergård difficult of the FE on the island of Amager, the place a model distinctive

recordsdata coronary heart used to be constructed for its deployment of the XKEYSCORE system

Cable tapping

In an intensive portion from September 13, the famed Danish newspaper Berlingske (based in 1749) describes how the FE, in cooperation with the NSA, started to faucet a world telecommunications cable in report to amass in a international nation intelligence.

In the mid-1990s, the NSA had stumbled on out that someplace beneath Copenhagen there used to be a backbone cable containing telephone calls, e-mails and textual content messages from and to nations devour China and Russia, which used to be of broad passion for the Americans.

Tapping that cable, on the different hand, used to be virtually inconceivable with out the attend of the Danes, so the NSA requested the FE for safe entry to to the cable, however this put a question to used to be denied, in step with Berlingske.

Agreement with the US

The US authorities did now not cease, and in a letter despatched immediately to the Danish high minister Poul Nyrup Rasmussen, US president Clinton requested his Danish colleague to reassess the alternative. And Nyrup, who used to be a sworn supporter of a end relationship with the US, talked about sure.

The cooperation used to be laid down in a sage, which, in step with Berlingske, all Danish protection ministers wanted to sign "in order that any distinctive minister also can check that his predecessor - and his predecessors prior to his predecessors - with their signatures had been portion of this tiny, irregular circle of those that knew considered one of many kingdom's largest secrets and techniques and methods."

The code identify for this cooperation is now not identified, however or now not it is perchance portion of the NSA's umbrella program RAMPART-A. Under this program, which began in 1992, in a international nation companions present safe entry to to high-skill world fiber-optic cables, whereas the US provides the tools for transport, processing and prognosis:

Agreement with a cable operator

To respect decided that tapping the cable used to be as merely as conceivable, the authorities requested approval of the interior most Danish agency that operated the cable. The agency agreed, however absolute high when it used to be present on the very ample stage, and so the settlement used to be signed by high minister Rasmussen, minister of protection Hækkerup and head of division Troldborg.

Since the cable contained world telecommunications it used to be perception to be as to tumble all the blueprint throughout the FE's in a international nation intelligence mandate. The settlement used to be prepared in absolute high one copy, which used to be proven to the agency after which locked in a secure on the FE's headquarters on the Kastellet fortress in Copenhagen, in step with Berlingske.

This Danish settlement is very a lot similar to the Transit Agreement between the German in a international nation intelligence provider BND and Deutsche Telekom, whereby the latter agreed to type safe entry to to world transit cables at its switching coronary heart in Frankfurt am Predominant. The BND then tapped these cables with attend from the NSA beneath operation Eikonal (2004-2008).

Processing at Sandagergård

Berlingske reported that the communications recordsdata that had been extracted from the backbone cable in Copenhagen had been despatched from the Danish agency's technical hub to the Sandagergård difficult of the FE on the island of Amager. The US had paid for a cable between the two areas.

At Sandagergård, the "NSA made decided to arrange the know-how that made it conceivable to enter key phrases and translate the monumental quantity of recordsdata, so-known as uncooked recordsdata from the cable tapping, into "readable" recordsdata."

The filter system used to be now not absolute high fed by key phrases from the FE, however the NSA moreover geared up "the FE with a sequence of key phrases which are related to the US. The FE then experiences them - and exams that there are assuredly no Danes amongst them - after which enters mainly the main phrases" in step with sources cited by Berlingske.

Besides this filtering with key phrases and selectors, the FE and the NSA will moreover respect worn the metadata for contact-chaining, that means reconstructing which telephone numbers and e-mail addresses had been concerned with each completely different, in report to create social community graphs - one factor the sources it seems did not want to verbalize to Berlingske.

Design of the most up to date backbone cables round the Danish capital Copenhagen
and the Sandagergård difficult of the FE on the island of Amager
(supply: Infrapedia - click on to develop)

Relied on companions

Fragment of the settlement between the US and Denmark used to be that "the US does now not command the system in opposition to Danish citizens and companies. And the completely different method round". Identical phrases will be show in an NSA presentation from 2011: "No US sequence by Accomplice and No Host Nation sequence by US" - even if right here is adopted by "there ARE exceptions!"

The latter commentary also can respect impressed Edward Snowden to accuse the NSA of abusing these cooperations with in a international nation affiliate corporations to seem on European citizens, however as a supply instructed Berlingske:

"I'm in a position to for certain now not think about in my creativeness that the NSA would betray that belief. I retain in ideas it absolutely and completely now not going. If the NSA had a want to respect details about Danish citizens or companies, the US would merely flip to [the domestic security service] PET, which might then present the wanted merely basis."

The supply moreover talked about that "the NSA wished to soar and trudge for Denmark. The company did all the items Denmark requested for, with out dialogue. The NSA continuously helped Denmark - thanks to this cable safe entry to. [...] Denmark used to be a really, very end and valued affiliate."

This end and favorable cooperation used to be it seems considered one of many causes for the controversy over with of president Bill Clinton to Denmark in July 1997, in step with Berlingske.

Danish high minister Poul Nyrup Rasmussen and US president Bill Clinton
inside the midst of his speak over with to Denmark in July 1997 (picture: Linda Kastrup)

A model distinctive look system

In the wake of the FE scandal extraordinary further newest traits had been printed: a file by the Danish broadcaster DR from September 24, 2020 provides difficult details about how the Americans geared up Denmark with a cosmopolitan distinctive "look system".

After the FE acquired a model distinctive head of procurement in 2008, NSA employees steadily traveled to Denmark for fairly some time to type the wanted {hardware} and arrange the wanted machine for the distinctive system, which DR Info describes as extraordinarily developed. It moreover has a selected interior code identify, which the broadcaster decided now not to publish. Or now not it is moreover this distinctive system in which the alleged unlawful sequence of Danish recordsdata took quandary.

According to DR Info, the NSA technicians had been moreover desirous concerning the attain of a model distinctive recordsdata coronary heart on the FE's Sandagergård difficult on Amager that used to be specifically constructed to condominium the distinctive look system, which used to be taken into command someplace between 2012 and 2014. The cooperation between the FE and the NSA on this explicit system used to be based totally upon a Memorandum of Idea (MoU) signed by then FE chief Thomas Ahrenkiel.

Filter packages

The DR Info file moreover goes into further element concerning the interception route of. It says that first, the intelligence provider identifies an recordsdata motion that may be difficult, after which they "replicate" the light that passes throughout the express fiber-optic cables. On this kind, they copy each metadata and dispute, devour textual content messages, chat conversations, telephone calls and e-mails, and ship them to the FE's recordsdata coronary heart at Sandagergård.

According to DR Info, the FE tried to type a special of filters to respect decided recordsdata from Danish citizens and companies is sorted out and now not made searchable by the distinctive look system. The worn Danish minister of protection Claus Hjort Frederiksen now not too lengthy inside the previous talked about that there used to be certainly an try to type such filters, however on the similar time he admitted that there will be no assure that no Danish recordsdata will dart by means of.


DR Info moreover reported that the coronary coronary heart of the distinctive look system is shaped by XKEYSCORE, which used to be developed by the NSA and the existence of which used to be first printed by The Guardian in June 2013.

The NSA's British counterpart GCHQ included XKEYSCORE in its have system for processing bulk web recordsdata codenamed TEMPORA and it may really be assumed that the completely different 2nd Occasion companions (moreover often known as the 5 Eyes) moreover command this method, whether or not or now not or now not beneath a transparent codename.

From the Snowden paperwork we all know that the NSA moreover geared up XKEYSCORE to a few of its Third Occasion companions: the German in a international nation intelligence provider BND and home safety provider BfV, the Swedish alerts intelligence provider FRA and the Jap Directorate for SIGINT. It is unique although that the Danish navy intelligence provider FE uses the system too.

Some press studies seem to counsel that these affiliate corporations "develop safe entry to to XKEYSCORE" as if it might presumably perchance enable them to be a part of to a monumental world mass surveillance system. The latter incessantly is the case for the NSA's 2nd Occasion companions, however the Third Occasion companions are the command of XKEYSCORE absolute high to route of and analyze recordsdata from their have tapping factors and are now not prepared to safe entry to recordsdata from 5 Eyes sequence platforms.

Likewise, NSA analysts the command of XKEYSCORE would not respect advise safe entry to to, in this case, Danish sequence packages, absolute high to recordsdata that the Danes agreed to portion with the US as "third event sequence".


Glenn Greenwald introduced XKEYSCORE as the NSA's "widest-reaching" instrument to amass "practically all the items a consumer does on the on-line". Here's misleading, on legend of or now not it is further about high quality than about quantity: the system genuinely helps analysts to "downsize their monumental shrimping nets [of traditional collection methods] to tiny goldfish-sized nets and merely dip them into the oceans of recordsdata, working smarter and scooping out exactly what they need".

The NSA has XKEYSCORE put in at some 150 recordsdata sequence websites all the blueprint throughout the sector. There, it creates a rolling buffer of three to 5 days of dispute and round 30 days of metadata, which is prepared to be remotely searched by analysts. They'll command passe selectors devour telephone numbers and e-mail addresses to choose out recordsdata of passion, however that's the frail method and the way completely different corporations originate bulk sequence.

Filtering telephone numbers and e-mail addresses was a lot much less practical on legend of targets know that this occurs and shifted to anonymous methods to speak over the on-line. The novelty of XKEYSCORE is that it permits analysts to get your hands on exactly these anonymous communications. For that motive it reassembles IP packets into their regular structure ("sessionizing"), devour Observe paperwork, spreadsheets, chat messages, and heaps others.

Plan displaying the dataflow for the DeepDive model of XKEYSCORE

As quickly as restored, these recordsdata will be looked for traits which are linked to explicit targets or goal groups, devour command of encryption, the command of the TOR community, the command of a transparent language than the place any person is discovered, and heaps combos thereof. On this kind, analysts can stare distinctive targets after which beginning monitoring them further rigorously.

XKEYSCORE used to be moreover talked about in a categorised file from the German BND, which accommodates a diagram that reveals the variation between XKEYSCORE and passe sequence packages: inside the passe living-up, IP packets from an recordsdata motion had been reassembled after which went by means of a filter to seize absolute high these of passion, which had been forwarded for further prognosis. XKEYSCORE also can originate all that directly:

Illegal sequence?

Now that the many disclosures by the Danish press geared up fairly some perception into the FE's cable tapping actions, how concerning the abuses or now not it is accused of?

According to DR Info, it used to be the newly put in look system in which the alleged unlawful sequence of Danish recordsdata took quandary. In the first quandary we are able to bewitch that the filters weren't prepared to dam all of the communications linked to Danish citizens, residents or companies, however right here is of a technical nature and now not intentional.

One different risk is that the FE itself, or the NSA fed the system with selectors (devour telephone numbers and e-mail addresses) that can perchance consequence inside the sequence of Danish recordsdata. The NSA would not had been allowed to originate that beneath the settlement with the Danes, whereas for the FE that is in a position to perchance be in opposition to the laws.

According to a supply cited inside the aforementioned Berlingske newspaper article, there used to be one case whereby "the NSA despatched a put a question to to head making an try for a agency in a rustic in Asia, however when the FE checked the selector, it stumbled on that the agency used to be Danish-owned, whereupon the put a question to used to be rejected".

This reveals that, exact devour it used to be the case in Germany, the NSA's passion used to be fairly "astronomical", however that the FE did its ample to present safety to Danish issues and blocked such requests the place conceivable.

A 3rd risk is that the unlawful sequence took quandary throughout the further recordsdata search capabilities of the XKEYSCORE system, which is which that you just simply might think about on legend of right here the quest standards are utilized to traits of the dispute of the communications, fairly then the folks which are concerned.

According to Berlingske, the whistleblower who educated the intelligence oversight board "feared that the administration of the Protection Intelligence Provider used to be doing US trade by leaving its explicit system with technical vulnerabilities that allowed the National Security Agency to abuse it."

The whistleblower

Berlingske used to be moreover prepared to establish the whistleblower as a youthful employee of the FE, working as an IT specialist - a putting similarity to Edward Snowden. The paper says that in 2013 he was more and more further involved, however or now not it is now not certain whether or not or now not this might additionally had been brought on by the Snowden revelations, which began in June of that 365 days and included studies about XKEYSCORE, the system that had exact been put in on the FE.

Because the IT specialist insisted on his criticism, then head of the FE Thomas Ahrenkiel decided - with out informing the Americans - to dwelling up a technical working neighborhood to wade throughout the system procuring for vulnerabilities or indicators of abuse by NSA. As reported by Berlingske, the IT specialist himself, with the intention of reassuring him, moreover participated inside the working neighborhood, which in 2014 concluded that there have been no indicators of unlawful intrusion.

For the FE the case used to be closed, however, as reported by Berlingske, the IT specialist used to be now not tickled and "he made a drastic determination and smuggled a recorder into his administrative center, organized conferences with colleagues and managers for a great deal of months and recorded them in secret" - once more a further or a lot much less persistance an excellent deal like how Snowden operated. But in dissimilarity to Snowden, the Danish whistleblower did now not contact the click on, however at ultimate educated the intelligence oversight board.

Danish protection minister Trine Bramsen (left) and her predecessor
Claus Hjort Frederiksen (picture: Linda Kastrup/Scanpix)


Berlingske reported that the recordings geared up "hours of covert images with employees of the provider, just a few of which [...] respect expressed themselves in a way that confirms the suspicion that the FE also can respect acted illegally and now not intervened adequately to forestall recordsdata on Danes from being disclosed." In November 2019 that they had been handed over to the intelligence oversight board, which in December educated protection minister Trine Bramsen.

Unlike her predecessor, Bramsen it seems took these further or a lot much less accusations very severely and urged the oversight board to conduct an investigation, which on August 24, 2020 resulted inside the surprising suspension of the head of the FE and some completely different officers (inside the meantime they respect acquired returned once more, however in quite a few positions).

On October 5, the Danish authorities decided to submit a invoice to put a selected fee that has to originate an neutral and neutral investigation into the accusations in opposition to the FE, which has to show a file inner a 365 days.


In 2013, a youthful IT specialist on the FE beca

Read More

Similar Products:

    None Found

Recent Content