Feeds

Latest Snowden leak claims NSA bugged ALL mobile calls in the Bahamas

Not cool, mon, not cool ...

Internet Security Threat Report 2014

A fresh dossier of documents apparently from NSA whistleblower Edward Snowden claims that the NSA is running a telephone-tapping system that records the metadata and content of all mobile phone calls of two countries, including the island paradise of the Bahamas.

The documents, published in The Intercept, state that the system, dubbed SOMALGET, was installed as part of a legal Drug Enforcement Administration tapping system. This was then used by NSA operatives to record a month's worth of audio calls made in the Bahamas. SOMALGET can process "over 100 million call events per day," and store them for a month at a time.

A 2012 memo from an official in the NSA's International Crime & Narcotics division claims that SOMALGET has already been useful in tracking down drug smugglers and "special-interest alien smugglers." With the right data warehousing and server support, the system is capable of storing five billion "call events", the memo says.

Another memo states that the data processing for such information has been outsourced to US firm General Dynamics, which signed an eight-year, $51m contract with the NSA for the job. The company declined to comment on the issue and referred media questions to the NSA.

SOMALGET has only been deployed in the Bahamas and one other country, according to the documents. The Intercept isn't releasing the name of the other country having its calls slurped "in response to specific, credible concerns that doing so could lead to increased violence."

The SOMALGET system is part of a larger telephone-tapping system developed by the NSA dubbed MYSTIC. The newly leaked documents show MYSTIC is active in others countries – including Mexico, Kenya, and the Philippines – but that in those cases it only collects phone metadata.

MYSTIC was set up in 2009 by the NSA's Special Source Operations (SSO), and uses tapping equipment set up by telecommunications companies to implement legally requested taps for law enforcement. The NSA team uses these covertly to intercept signals intelligence, an NSA memo states.

An undated SSO memo states that the MYSTIC taps are run in conjunction with other government agencies, including the DEA and the CIA. Both the Kenyan and Mexican metadata logging systems are run in conjunction with the CIA and are dubbed DUSKPALLET and EVENINGEASEL respectively.

While declining to comment on the specifics of SOMALGET, the NSA said that "the implication that NSA's foreign intelligence collection is arbitrary and unconstrained is false," adding that it follows procedures to "protect the privacy of U.S. persons" when communications are "incidentally collected." ®

Internet Security Threat Report 2014

More from The Register

next story
BIG FAT Lies: Porky Pies about obesity
What really shortens lives? Reading this sort of crap in the papers
Assange™ slumps back on Ecuador's sofa after detention appeal binned
Swedish court rules there's 'great risk' WikiLeaker will dodge prosecution
You think the CLOUD's insecure? It's BETTER than UK.GOV's DATA CENTRES
We don't even know where some of them ARE – Maude
prev story

Whitepapers

Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
10 threats to successful enterprise endpoint backup
10 threats to a successful backup including issues with BYOD, slow backups and ineffective security.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
The hidden costs of self-signed SSL certificates
Exploring the true TCO for self-signed SSL certificates, including a side-by-side comparison of a self-signed architecture versus working with a third-party SSL vendor.