Photo:
Trevor Paglen
Sep. 6 2016, 10:05 a.m.
THE NARROW ROADS are quiet and winding, surrounded by rolling
green fields and few visible signs of life beyond the occasional herd of sheep.
But on the horizon, massive white golf ball-like domes protrude from the earth,
protected behind a perimeter fence that is topped with piercing razor wire.
Here, in the heart of the tranquil English countryside, is the National
Security Agency’s largest overseas spying base.
Once known only by the code name
Field Station 8613, the secret base — now called Menwith Hill Station — is located
about nine miles west of the small town of Harrogate in North Yorkshire.
Originally used to monitor Soviet communications through the Cold War, its
focus has since dramatically shifted, and today it is a vital part of the NSA’s
sprawling global surveillance network.
For years, journalists and
researchers have speculated about what really goes on inside Menwith Hill,
while human rights groups and some politicians have campaigned for more
transparency about its activities. Yet the British government has steadfastly
refused to comment, citing a longstanding policy not to discuss matters related
to national security.
Now, however, top-secret documents
obtained by The Intercept offer an unprecedented glimpse
behind Menwith Hill’s razor wire fence. The files reveal for the first time how
the NSA has used the British base to aid “a significant number of capture-kill
operations” across the Middle East and North Africa, fueled by powerful
eavesdropping technology that can harvest data from more than 300 million
emails and phone calls a day.
Over the past decade, the documents
show, the NSA has pioneered groundbreaking new spying programs at Menwith Hill
to pinpoint the locations of suspected terrorists accessing the internet in
remote parts of the world. The programs — with names such as GHOSTHUNTER and
GHOSTWOLF — have provided support for conventional British and American
military operations in Iraq and Afghanistan. But they have also aided covert
missions in countries where the U.S. has not declared war. NSA employees at
Menwith Hill have collaborated on a project to help “eliminate” terrorism
targets in Yemen, for example, where the U.S. has waged a controversial drone
bombing campaign that has resulted in dozens of civilian deaths.
The disclosures about Menwith Hill
raise new questions about the extent of British complicity in U.S. drone
strikes and other so-called targeted killing missions, which may in some cases
have violated international laws or constituted war crimes. Successive U.K.
governments have publicly stated that all activities at the base are carried
out with the “full knowledge and consent” of British officials.
The revelations are “yet another
example of the unacceptable level of secrecy that surrounds U.K. involvement in
the U.S. ‘targeted killing’ program,” Kat Craig, legal director of London-based
human rights groupReprieve, told The Intercept.
“It is now imperative that the prime
minister comes clean about U.K. involvement in targeted killing,” Craig said,
“to ensure that British personnel and resources are not implicated in illegal
and immoral activities.”
The British government’s Ministry of
Defence, which handles media inquires related to Menwith Hill, declined to
comment for this story.
The NSA referred a request for
comment to the Director of National Intelligence’s office.
Richard Kolko, a spokesperson for the
DNI, said in a statement: “The men and women serving the intelligence community
safeguard U.S. national security by collecting information, conducting
analysis, and providing intelligence for informed decision making under a
strict set of laws, policies and guidelines. This mission protects our nation
and others around the world.”
Menwith Hill on March 11, 2014.
Photo: Trevor Paglen
THE EQUIPMENT AT Menwith Hill covers roughly one square
mile, which is patrolled 24 hours a day by armed British military police and
monitored by cameras perched on posts that peer down on almost every section of
the 10-foot perimeter fence.
Most visible from the outside are a
cluster of about 30 of the giant white domes. But the site also houses a
self-contained community, accessible only to those with security clearance.
Among operations buildings in which analysts listen in on monitored
conversations, there is a bowling alley, a small pool hall, a bar, a fast food
restaurant, and a general store.
Most of the world’s international
phone calls, internet traffic, emails, and other communications are sent over a
network of undersea cables that connect countries like giant arteries. At spy
outposts across the world, the NSA and its partners tap into these cables to
monitor the data flowing through them. But Menwith Hill is focused on a
different kind of surveillance: eavesdropping on communications as they are
being transmitted through the air.
According to top-secret documents
obtained by The Intercept from NSA whistleblower Edward
Snowden, Menwith Hill has two main spying capabilities. The first is called
FORNSAT, which uses powerful antennae contained within the golf ball-like domes
to eavesdrop on communications as they are being beamed between foreign
satellites. The second is called OVERHEAD, which uses U.S. government
satellites orbiting above targeted countries to locate and monitor wireless
communications on the ground below — such as cellphone calls and even WiFi
traffic.
A spy satellite launched in 2009 and
operated from Menwith Hill. Its role was to intercept communications flowing
across “commercial satellite uplinks,” according to NSA documents.
In the late 1980s, international
communication networks were revolutionized by new fiber-optic undersea cables.
The technology was cheaper than satellites and could transmit data across the
world much faster than ever before, at almost the speed of light. For this
reason, according to the NSA’s documents, in the mid-1990s the U.S.
intelligence community was convinced that satellite communications would soon
become obsolete, to be fully replaced by fiber-optic cable networks.
But the prediction proved to be wrong.
And millions of phone calls are still beamed between satellites today,
alongside troves of internet data, which the NSA has readily exploited at
Menwith Hill.
“The commercial satellite
communication business is alive and well and bursting at the seams with
increasingly sophisticated bulk DNI (Digital Network Intelligence) traffic that
is largely unencrypted,” the NSA reported in a 2006 document. “This data source alone provides more data for
Menwith Hill analysts to sift through than our entire enterprise had to deal
with in the not-so-distant past.”
The U.S. and U.K. governments have
actively misled the public for years through a “cover story.”
As of 2009, Menwith Hill’s foreign
satellite surveillance mission, code-named MOONPENNY, was monitoring 163
different satellite data links. The intercepted communications were funneled
into a variety of different repositories storing phone calls, text messages, emails,
internet browsing histories, and other data.
It is not clear precisely how many
communications Menwith Hill is capable of tapping into at any one time, but the
NSA’s documents indicate the number is extremely large. In a single
12-hour period in May 2011, for instance, its surveillance systems logged more
than 335 million metadata records, which reveal information such as the sender
and recipient of an email, or the phone numbers someone called and at what
time.
To keep information about Menwith
Hill’s surveillance role secret, the U.S. and U.K. governments have actively
misled the public for years through a “cover story” portraying the base as a
facility used to provide “rapid radio relay and conduct communications
research.” A classified U.S. document, dated from 2005, cautioned spy agency employees against revealing the
truth. “It is important to know the established cover story for MHS [Menwith
Hill Station] and to protect the fact that MHS is an intelligence collection
facility,” the document stated. “Any reference to satellites being operated or
any connection to intelligence gathering is strictly prohibited.”
Menwith Hill Station on March 11,
2014.
Photo: Trevor Paglen
THE OUTPOST WAS built in the 1950s as part of a deal made by the
British and American governments to house U.S. personnel and surveillance
equipment. In its early days, Menwith Hill’s technology was much more
primitive. According to Kenneth Bird, who worked at the base in the 1960s
during the Cold War, it was focused then on monitoring telephone communications
in Eastern Europe. Intercepted conversations were recorded on Ampex tape
recorders, Bird noted in his published 1997 account, with some calls
transcribed by analysts in real-time using typewriters.
The modern Menwith Hill is a very
different place. Now, not only are its spying systems capable of vacuuming up
far more communications, but they also have a far broader geographic reach. In
addition, the targets of the surveillance have drastically changed, as have the
purposes for which the eavesdropping is carried out.
The documents obtained by The
Intercept reveal that spy satellites operated at Menwith Hill
today can target communications in China and Latin America, and also provide
“continuous coverage of the majority of the Eurasian landmass,” where they
intercept “tactical military, scientific, political, and economic
communications signals.” But perhaps the most significant role the base has
played in recent years has been in the Middle East and North Africa.
Especially in remote parts of the
world where there are no fiber-optic cable links, it is common for internet
connections and phone calls to be routed over satellite. Consequently, Menwith
Hill became a vital asset in the U.S. government’s counterterrorism campaign
after the 9/11 attacks. Since then, the base has been used extensively to tap
into communications in otherwise hard-to-reach areas where Islamic extremist
groups such as al Qaeda and al Shabaab have been known to operate — for
example, in the Afghanistan-Pakistan border region, Somalia, and Yemen.
An aerial image captured by a U.S.
satellite in support of a covert GHOSTHUNTER operation.
Crucially, however, Menwith Hill has
been used for more than just gathering intelligence on people and governments
across countries in the Middle East and North Africa. Surveillance tools such
as the GHOSTHUNTER system were developed to directly aid military operations,
pinpointing the locations of targeted people or groups so that they could then
be captured or killed.
The NSA’s documents describe
GHOSTHUNTER as a means “to locate targets when they log onto the internet.” It
was first developed in 2006 as “the only capability of its kind” and it enabled “a significant number of capture-kill
operations” against alleged terrorists. Only a few specific examples are given,
but those cases give a remarkable insight into the extraordinary power of the
technology.
In 2007, for instance, analysts at
Menwith Hill used GHOSTHUNTER to help track down a suspected al Qaeda
“facilitator” in Lebanon who was described as “highly actionable,” meaning he
had been deemed a legitimate target to kill or capture. The location of the
target — who was known by several names, including Abu Sumayah — was traced to
within a few hundred meters based on intercepts of his communications. Then a
spy satellite took an aerial photograph of the neighborhood in Sidon, south
Lebanon, in which he was believed to be living, mapping out the surrounding
streets and houses. A top-secret document detailing the surveillance indicates
that the information was to be passed to a secretive special operations unit
known as Task Force 11-9, which would have been equipped to conduct a covert
raid to kill or capture Sumayah. The outcome of the operation, however, is
unclear, as it is not revealed in the document.
In another case in 2007, GHOSTHUNTER
was used to identify an alleged al Qaeda “weapons procurer” in Iraq named Abu
Sayf. The NSA’s surveillance systems spotted Sayf logging into Yahoo email or
messenger accounts at an internet cafe near a mosque in Anah, a town on the
Euphrates River that is about 200 miles northwest of Baghdad. Analysts at
Menwith Hill used GHOSTHUNTER to track down his location and spy satellites
operated from the British base captured aerial images. This information was
passed to U.S. military commanders based in Fallujah to be included as part of
a “targeting plan.”
A few days later, a special
operations unit named Task Force-16 stormed two properties, where they detained
Sayf, his father, two brothers, and five associates.
By 2008, the apparent popularity of
GHOSTHUNTER within the intelligence community meant that it was rolled out at
other surveillance bases where NSA has a presence, including in Ayios Nikolaos,
Cyprus, and Misawa, Japan. The expansion of the capability to the other bases
meant that it now had “near-global coverage.” But Menwith Hill remained its
most important surveillance site. “[Menwith Hill] still supplies about 99% of
the FORNSAT data used in GHOSTHUNTER geolocations,” noted a January 2008 document about the program.
A 2009 document added that GHOSTHUNTER’s focus was at that time “on
geolocation of internet cafés in the Middle East/North Africa region in support
of U.S. military operations” and said that it had to date “successfully
geolocated over 5,000 VSAT terminals in Iraq, Afghanistan, Syria, Lebanon, and
Iran.” VSAT, or Very Small Aperture Terminal, is a satellite system commonly
used by internet cafés and foreign governments in the Middle East to send and
receive communications and data. GHOSTHUNTER could also home in on VSATs in
Pakistan, Somalia, Algeria, the Philippines, Mali, Kenya, and Sudan, the
documents indicate.
Menwith Hill’s unique ability to
track down satellite devices across the world at times placed it on the front
line of conflicts thousands of miles away. In Afghanistan, for instance,
analysts at the base used the VSAT surveillance to help track down suspected
members of the Taliban, which led to “approximately 30 enemy killed” during one
series of attacks that werementioned in a top-secret July 2011 report. In early 2012,
Menwith Hill’s analysts were again called upon to track down a VSAT: this time,
to assist British special forces in Afghanistan’s Helmand Province. The
terminal was swiftly located, and within an hour an MQ-9 Reaper drone was
dispatched to the area, presumably to launch an airstrike.
But the lethal use of the
surveillance data does not appear to have been restricted to conventional war
zones such as Afghanistan or Iraq. The NSA developed similar methods at Menwith
Hill to track down terror suspects in Yemen, where the U.S. has waged a covert
drone war against militants associated with al Qaeda in the Northern Peninsula.
In early 2010, the agency revealed in
an internal report that it had launched a new technique at the
British base to identify many targets “at almost 40 different geolocated
internet cafés” in Yemen’s Shabwah province and in the country’s capital,
Sanaa. The technique, the document revealed, was linked to a broader classified
initiative called GHOSTWOLF, described as a project to “capture or eliminate
key nodes in terrorist networks” by focusing primarily on “providing actionable
geolocation intelligence derived from [surveillance] to customers and their
operational components.”
The description of GHOSTWOLF ties
Menwith Hill to lethal operations in Yemen, providing the first documentary
evidence that directly implicates the U.K. in covert actions in the country.
Menwith Hill, March 13, 2013.
Photo: Trevor Paglen
MENWITH HILL’S PREVIOUSLY undisclosed role aiding the so-called targeted
killing of terror suspects highlights the extent of the British government’s
apparent complicity in controversial U.S. attacks — and raises questions about
the legality of the secret operations carried out from the base.
There are some 2,200 personnel at
Menwith Hill, the majority of whom are Americans. Alongside NSA employees
within the complex, the U.S. National Reconnaissance Office also has a major
presence at the site, running its own “ground station” from which it controls a
number of spy satellites.
But the British government has
publicly asserted as recently as 2014 that operations at the base “have always
been, and continue to be” carried out with its “knowledge and consent.”
Moreover, roughly 600 of the personnel at the facility are from U.K. agencies,
including employees of the NSA’s British counterpart Government Communications
Headquarters, or GCHQ.
For several years, British human
rights campaigners and lawmakers have been pressuring the government to provide
information about whether it has had any role aiding U.S. targeted killing
operations, yet they have been met with silence. In particular, there has been
an attempt to establish whether the U.K. has aided U.S. drone bombings outside
of declared war zones — in countries including Yemen, Pakistan, and
Somalia — which have resulted in the deaths of hundreds of civilians and
are in some cases considered by United Nations officials to possibly constitute
war crimes and violations of international law.
Though the Snowden documents analyzed
by The Intercept state that Menwith Hill has aided “a
significant number” of “capture-kill” operations, they do not reveal specific
details about all of the incidents that resulted in fatalities. What is clear,
however, is that the base has targeted countries such as Yemen, Pakistan, and
Somalia as part of location-tracking programs like GHOSTHUNTER and GHOSTWOLF —
which were created to help pinpoint individuals so they could be captured or
killed — suggesting it has played a part in drone strikes in these countries.
“An individual involved in passing
that information is likely to be an accessory to murder.”
Craig, the legal director at
Reprieve, reviewed the Menwith Hill documents — and said that they indicated
British complicity in covert U.S. drone attacks. “For years, Reprieve and
others have sought clarification from the British government about the role of
U.K. bases in the U.S. covert drone program, which has killed large numbers of
civilians in countries where we are not at war,” she told The Intercept.
“We were palmed off with platitudes and reassured that any U.S. activities on
or involving British bases were fully compliant with domestic and international
legal provisions. It now appears that this was far from the truth.”
Jemima Stratford QC, a leading
British human rights lawyer, told The Interceptthat there were
“serious questions to be asked and serious arguments to be made” about the
legality of the lethal operations aided from Menwith Hill. The operations,
Stratford said, could have violated the European Convention on Human Rights, an international treaty that the U.K. still remains
bound to despite its recent vote to leave the European Union. Article 2 of
the Convention protects the “right to life” and states that “no one shall be
deprived of his life intentionally” except when it is ordered by a court as a
punishment for a crime.
Stratford has previously warned that
if British officials have facilitated covert U.S. drone strikes outside of declared
war zones, they could even be implicated in murder. In 2014, she advised
members of the U.K. Parliament that because the U.S. is not at war with
countries such as Yemen or Pakistan, in the context of English and
international law, the individuals who are targeted by drones in these
countries are not “combatants” and their killers are not entitled to “combatant
immunity.”
“If the U.K. government knows that it
is transferring data that may be used for drone strikes against non-combatants
… that transfer is probably unlawful,” Stratford told the members of Parliament. “An individual
involved in passing that information is likely to be an accessory to murder.”
GCHQ refused to answer questions for
this story, citing a “long standing policy that we do not comment on
intelligence matters.” A spokesperson for the agency issued a generic statement
asserting that “all of GCHQ’s work is carried out in accordance with a strict
legal and policy framework, which ensures that our activities are authorised,
necessary and proportionate, and that there is rigorous oversight.” The
spokesperson insisted that “U.K.’s interception regime is entirely compatible
with the European Convention on Human Rights.”
A Gate at Menwith Hill Station
prohibiting entrance on March 12, 2014.
Photo: Trevor Paglen
IN FEBRUARY 2014, the U.S. Department of Defense announced after a
review that it was planning to reduce personnel at Menwith Hill by 2016, with
about 500 service members and civilians set to be removed from the site. A U.S.
Air Force spokesperson told the military newspaperStars and Stripes that the decision was based on technological
advances, which he declined to discuss, though he mentioned improvements in
“server capacity to the hardware that we’re using; we’re doing more with less.”
The documents provided by Snowden
shine light on some of the specific technological changes. Most notably, they
show that there has been significant investment in introducing new and more
sophisticated mass surveillance systems at Menwith Hill in recent years. A
crucial moment came in 2008, when then-NSA Director Keith Alexander introduced
a radical shift in policy. Visiting Menwith Hill in June that year, Alexander
set a challenge for employees at the base. “Why can’t we collect all the
signals, all the time?” he said, according to NSA documents. “Sounds like a good
summer homework project for Menwith.”
As a result, a new “collection
posture” was introduced at the base, the aim being to “collect it all, process
it all, exploit it all.” In other words, it would vacuum up as many
communications within its reach as technologically possible.
Between 2009 and 2012, Menwith Hill
spent more than $40 million on a massive new 95,000-square-foot operations
building — nearly twice the size of an average American football field. A large
chunk of this space — 10,000 square feet — was set aside for a data center that
boasted the ability to store huge troves of intercepted communications. During
the renovations, the NSA shipped in new computer systems and laid 182 miles of
cables, enough to stretch from New York City to the outskirts of Boston. The
agency also had a 200-seat-capacity auditorium constructed to host classified
operations meetings and other events.
“How can Menwith carry out operations
of which there is absolutely no accountability to the public?”
Some of the extensive expansion work
was visible from the road outside the secure complex, which triggered protests
from a local activist group called the Campaign for the Accountability of
American Bases. Since the early 1990s, the group has closely monitored
activities at Menwith Hill. And for the last 16 years, its members have held a
small demonstration every Tuesday outside the base’s main entrance, greeting
NSA employees with flags and colorful homemade banners bearing slogans critical
of U.S. foreign policy and drone strikes.
Fabian Hamilton, a member of
Parliament based in the nearby city of Leeds, has become a supporter of the
campaign’s work, occasionally attending events organized by the group and
advocating for more transparency at Menwith Hill. Hamilton, who represents the
Labour Party, has doggedly attempted to find out basic information about the
base, asking the government at least 40 parliamentary questions since 2010
about its activities. He has sought clarification on a variety of issues, such
as how many U.S. personnel are stationed at the site, whether it is involved in
conducting drone strikes, and whether members of a British parliamentary
oversight committee have been given full access to review its operations. But
his efforts have been repeatedly stonewalled, with British government officials
refusing to provide any details on the grounds of national security.
Hamilton told The Intercept that
he found the secrecy shrouding Menwith Hill to be “offensive.” The revelations
about the role it has played in U.S. killing and capture operations, he said,
showed there needed to be a full review of its operations. “Any nation-state
that uses military means to attack any target, whether it is a terrorist,
whether it is legitimate or not, has to be accountable to its electorate for
what it does,” Hamilton said. “That’s the basis of our Parliament, it’s the
basis of our whole democratic system. How can we say that Menwith can carry out
operations of which there is absolutely no accountability to the public? I
don’t buy this idea that you say the word ‘security’ and nobody can know
anything. We need to know what is being done in our name.”
———
———
Documents published with this article:
- Elegant Chaos: collect it all,
exploit it all
- Elegant Chaos: collect it all,
exploit it all (plus notes)
- Ghosthunter: only capability of
its kind
- Menwith
satellite classification guide
- UK special forces Reaper drone
(Jan-Feb-2012)
- Afghanistan 30 enemy killed
(Jan-Feb 2012)
- Project Sandstorm wifi
geolocation (Jan 2011)
- Yemen backhaul comms collected
(Jan 2011)
- New ops building at Menwith
completed, fit up begins
- New technique geolocates
targets active at Yemeni cafes
- Work is progressing on Menwith
Hill Station’s new operations building
- Ghosthunter and the geolocating
of internet cafes
- Traffic series: is your
collection surveyed or sustained
- APPARITION becomes a reality
new corporate VSAT geolocation capability sees its first deployment
- Ghosthunter
goes global
- Menwith continues successful
counterterrorism survey along Af-Pak border
- SIGINT target package leads to
USMC capture of al Qaeda weapons procurer
- Too much of a good thing?
- Menwith
initiatives maximizing our access
- GSM tower mapping made easier
and more accurate with new tool
- Ghosthunter
future capabilities (2008)
- New tool combines multi agency
databases for complete target snapshot
- GSM
tower geolocation
- Menwith
collection assets
- Menwith databases as of Aug
2008
- Ghosthunter
tasking process
- Apparition/Ghosthunter
tasking info
CONTACT
THE AUTHOR:
Ryan Gallagher✉ryan.gallagher@theintercept.comt@rj_gallagher
No comments:
Post a Comment