ICWATCH Database Gathers the CV’s of 27,000 Intelligence Employees

6e1cd6f7-4552-438a-8824-97f5eeea5105.png

Network graph generated with Transparency Toolkit

Surveillance is usually a one-way street. As the NSA and its partners monitor Internet traffic, read peoples’ emails, and analyse phone metadata, the public rarely gets an insight into the people who actually carry out this work. Now one project is trying to change that, with the release of a database containing the LinkedIn profiles of over 27,000 people working in the intelligence community.

The “ICWATCH” database—a play on the NSA data-sharing program ICREACH—was developed by Transparency Toolkit, a group focused on working with open data, and was presented at the tech and policy festival Republica in Berlin. The purpose of collecting all of these profiles, according to the project website, is so “that people can use them to better understand mass surveillance programs and research trends in the intelligence community.”

The database can be searched by company, location, industry and a host of other parameters, and plenty of results also include a portrait photo of the intelligence community member. The Transparency Toolkit collects and analyses all sorts of open data, such as online resumes, job listings, and social media—“and we use that to understand surveillance programmes, primarily, and also human rights abuses,” MC McGrath, who worked on ICWATCH with Brennan Novak and Kevin Gallagher, told me over an encrypted phone call.

But for this particular intelligence community-focused project, they focused mostly on LinkedIn.
Shortly after whistleblower Edward Snowden’s revelations, it became apparent that many people within the intelligence community were listing the code names of top secret surveillance programmes on their LinkedIn profiles. As publicly available data, these were easily discoverable by a basic Google search. McGrath, after successfully finding some profiles himself, thought about automating this process and seeing what it would reveal.

The tool his team developed searches for code names, intelligence agencies and departments, and various technical terms. Some of those keywords are already well-known, such as XKEYSCORE, the name of an NSA system that purportedly collates data such as emails and browsing histories. Some journalists also told McGrath what terms they would like to search for.

The search returned a mountain of results, and even picked up on people who allegedly work for Tailored Access Operations (TAO), the elite hacking unit of the NSA suspected of hacking into systems all over the world.
But, “Most of the people posting on these profiles are not in the NSA themselves,” McGrath pointed out. Instead, they work for contractors, such as Booz Allen Hamilton, where Snowden previously worked, or Lockheed Martin. Some profiles provided more information about specific surveillance programmes. One, codenamed “PENNANTRACE”, was found on the profile of a Senior SIGINT operator (SIGINT means “signals intelligence”, which is the monitoring of communications or signals). Based on what he found, McGrath thinks PENNANTRACE is connected to the use of surveillance drones, he told me. One job description found on LinkedIn described PENNANTRACE as an “airborne collection platform”.

“There are lots of things openly available in job listings and social media about this, but there’s not anything publicly released,” he said.
McGrath also came across a series of trends to do with employment in the intelligence community. The number of people claiming to work with SIGINT databases, for instance, has increased dramatically over the years since 2008, with just a small decline starting in 2013.
“It’s interesting to watch the trends of when people start working on certain programs, or when the intelligence community grows, based on LinkedIn data,” he said.
And then there’s the human element: This research has shown who is actually working within the intelligence community, something that is naturally shrouded in secrecy.
“I think they’re, for the most part, pretty normal people,” McGrath said. “They had Facebook profiles, they had various pictures, funny pictures.”

In his presentation, McGrath displayed a series of photos found through his automated search of LinkedIn. Some of the more personal photos—a family holiday snap, for instance—were taken manually from Facebook profiles that McGrath tracked down himself. “I’m yet to automate that part, but maybe eventually I’ll have something that matches up Facebook profiles with people on LinkedIn,” he said.
McGrath told me that before embarking on this project he did consult with a number of lawyers.
The point of all this was to better “understand the intelligence community,” McGrath said, but also to draw attention to “some of the individuals involved.”

When asked whether anybody on this newly created database had contacted him, McGrath replied, “I haven’t heard from any of them yet, but it’s possible that I will.”
Motherboard: http://bit.ly/1J0GAyj
Transparency Toolkit:  http://bit.ly/1LSFLh9

« Cyber Security in China: New Challenges to the West
Why Police Agencies Can't Communicate in a Crisis »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Hillstone Networks

Hillstone Networks

Hillstone Networks offers a broad range of security solutions for enterprises and data center networks – whether physical, virtual, or in the cloud.

sic[!]sec

sic[!]sec

sic[!]sec provide products and services for web application security.

Security Brokers

Security Brokers

Security Brokers focus services and solutions with a focus on strategic ICT Security and Cyber Defense issues.

Auth0

Auth0

Auth0 is a cloud service that provides a set of unified APIs and tools that instantly enables single sign-on and user management for any application, API or IoT device.

Fox-IT

Fox-IT

Fox-IT prevents, solves and mitigates the most serious cyber threats with smart solutions for governmental bodies, defense, law enforcement, critical infrastructure, banking and large enterprises.

CyberSeek

CyberSeek

CyberSeek provides detailed, actionable data about supply and demand in the cybersecurity job market.

Wüpper Management Consulting (WMC)

Wüpper Management Consulting (WMC)

Specialized in compliance, risk management and holistic information security WMC GmbH has longtime implementation experience in global projects.

AlAnsari Technical Solutions (ATS)

AlAnsari Technical Solutions (ATS)

ATS is a Kuwait based company specialised in delivering hardware/software, Virtualisation, IP Telephony / Unified Communication, Networking and professional IT services and solutions.

Philippine National Police Anti-Cybercrime Group (PNP-ACG)

Philippine National Police Anti-Cybercrime Group (PNP-ACG)

The mission of the PNP Anti-Cybercrime Group is to implement and enforce pertinent laws on cybercrime and other cyber related crimes and pursue an effective anti-cybercrime campaign.

3Elos

3Elos

3Elos operates in the Information Technology market with a focus on research, development, consulting, marketing and implementation of Information Security solutions.

CyberFortress

CyberFortress

CyberFortress is an insuretech startup offering a new kind of online business interruption policy designed for small business.

Singular Security

Singular Security

Singular Security help public and private organizations minimize cybersecurity risk and pass their IT compliance audit.

MainNerve

MainNerve

MainNerve helps secure networks, applications, people, and facilities… enabling businesses to reduce risk and increase their cybersecurity posture.

QEDIT

QEDIT

QEDIT is leading the standardization of Zero-Knowledge Proofs through the ZKProof.org Workshops, and builds production-grade ZKP systems for blockchain.

Wattlecorp Cybersecurity Labs

Wattlecorp Cybersecurity Labs

Wattlecorp Cybersecurity Labs are a group of IT security specialists, ethical hackers, and researchers driven to identify security flaws before cyber threat actors does.