Inside Menwith Hill

The narrow roads are quiet and winding, surrounded by rolling green fields and few visible signs of life beyond the occasional herd of sheep. But on the horizon, massive white golf ball-like domes protrude from the earth, protected behind a perimeter fence that is topped with piercing razor wire. Here, in the heart of the tranquil English countryside, is the National Security Agency’s largest overseas spying base.

Once known only by the code name Field Station 8613, the secret base — now called Menwith Hill Station — is located about nine miles west of the small town of Harrogate in North Yorkshire. Originally used to monitor Soviet communications through the Cold War, its focus has since dramatically shifted, and today it is a vital part of the NSA’s sprawling global surveillance network.

For years, journalists and researchers have speculated about what really goes on inside Menwith Hill, while human rights groups and some politicians have campaigned for more transparency about its activities. Yet the British government has steadfastly refused to comment, citing a longstanding policy not to discuss matters related to national security.

Now, however, top-secret documents obtained by The Intercept offer an unprecedented glimpse behind Menwith Hill’s razor wire fence. The files reveal for the first time how the NSA has used the British base to aid “a significant number of capture-kill operations” across the Middle East and North Africa, fueled by powerful eavesdropping technology that can harvest data from more than 300 million emails and phone calls a day.

Over the past decade, the documents show, the NSA has pioneered groundbreaking new spying programs at Menwith Hill to pinpoint the locations of suspected terrorists accessing the internet in remote parts of the world. The programs — with names such as GHOSTHUNTER and GHOSTWOLF — have provided support for conventional British and American military operations in Iraq and Afghanistan. But they have also aided covert missions in countries where the U.S. has not declared war. NSA employees at Menwith Hill have collaborated on a project to help “eliminate” terrorism targets in Yemen, for example, where the U.S. has waged a controversial drone bombing campaign that has resulted in dozens of civilian deaths.

The disclosures about Menwith Hill raise new questions about the extent of British complicity in U.S. drone strikes and other so-called targeted killing missions, which may in some cases have violated international laws or constituted war crimes. Successive U.K. governments have publicly stated that all activities at the base are carried out with the “full knowledge and consent” of British officials.

The revelations are “yet another example of the unacceptable level of secrecy that surrounds U.K. involvement in the U.S. ‘targeted killing’ program,” Kat Craig, legal director of London-based human rights group Reprieve, told The Intercept.

“It is now imperative that the prime minister comes clean about U.K. involvement in targeted killing,” Craig said, “to ensure that British personnel and resources are not implicated in illegal and immoral activities.”

Operation Socialist

When the incoming emails stopped arriving, it seemed innocuous at first. But it would eventually become clear that this was no routine technical problem. Inside a row of gray office buildings in Brussels, a major hacking attack was in progress. And the perpetrators were British government spies.

It was in the summer of 2012 that the anomalies were initially detected by employees at Belgium’s largest telecommunications provider, Belgacom. But it wasn’t until a year later, in June 2013, that the company’s security experts were able to figure out what was going on. The computer systems of Belgacom had been infected with a highly sophisticated malware, and it was disguising itself as legitimate Microsoft software while quietly stealing data.

Last year, documents from National Security Agency whistleblower Edward Snowden confirmed that British surveillance agency Government Communications Headquarters was behind the attack, codenamed Operation Socialist. And in November, The Intercept revealed that the malware found on Belgacom’s systems was one of the most advanced spy tools ever identified by security researchers, who named it “Regin.”

The full story about GCHQ’s infiltration of Belgacom, however, has never been told. Key details about the attack have remained shrouded in mystery—and the scope of the attack unclear.

Now, in partnership with Dutch and Belgian newspapers NRC Handelsblad and De Standaard, The Intercept has pieced together the first full reconstruction of events that took place before, during, and after the secret GCHQ hacking operation.

Based on new documents from the Snowden archive and interviews with sources familiar with the malware investigation at Belgacom, The Intercept and its partners have established that the attack on Belgacom was more aggressive and far-reaching than previously thought. It occurred in stages between 2010 and 2011, each time penetrating deeper into Belgacom’s systems, eventually compromising the very core of the company’s networks.

Snowden told The Intercept that the latest revelations amounted to unprecedented “smoking-gun attribution for a governmental cyber attack against critical infrastructure.”

The Belgacom hack, he said, is the “first documented example to show one EU member state mounting a cyber attack on another…a breathtaking example of the scale of the state-sponsored hacking problem.”

Publicly, Belgacom has played down the extent of the compromise, insisting that only its internal systems were breached and that customers’ data was never found to have been at risk. But secret GCHQ documents show the agency gained access far beyond Belgacom’s internal employee computers and was able to grab encrypted and unencrypted streams of private communications handled by the company.

Belgacom invested several million dollars in its efforts to clean-up its systems and beef-up its security after the attack. However, The Intercept has learned that sources familiar with the malware investigation at the company are uncomfortable with how the clean-up operation was handled—and they believe parts of the GCHQ malware were never fully removed.

The revelations about the scope of the hacking operation will likely alarm Belgacom’s customers across the world. The company operates a large number of data links internationally (see interactive map below), and it serves millions of people across Europe as well as officials from top institutions including the European Commission, the European Parliament, and the European Council. The new details will also be closely scrutinized by a federal prosecutor in Belgium, who is currently carrying out a criminal investigation into the attack on the company.

Sophia in ’t Veld, a Dutch politician who chaired the European Parliament’s recent inquiry into mass surveillance exposed by Snowden, told The Intercept that she believes the British government should face sanctions if the latest disclosures are proven.

“Compensating Belgacom should be the very least it should do,” in ’t Veld said. “But I am more concerned about accountability for breaking the law, violating fundamental rights, and eroding our democratic systems.”
Other similarly sophisticated state-sponsored malware attacks believed to have been perpetrated by Western countries have involved Stuxnet, a bug used to sabotage Iranian nuclear systems, and Flame, a spy malware that was found collecting data from systems predominantly in the Middle East.

What sets the secret British infiltration of Belgacom apart is that it was perpetrated against a close ally—and is backed up by a series of top-secret documents, which The Intercept is now publishing.
GCHQ declined to comment for this story, and insisted that its actions are “necessary legal, and proportionate.”

Menwith Hill

Situated awkwardly in the heart of rolling green English countryside is the United States’ largest overseas intelligence station. Surrounded by farmland and sheep, hundreds of National Security Agency staff go to work every day at RAF Menwith Hill, where they eavesdrop on communications intercepted by satellite dishes contained in about 30 huge golf ball-like domes.

Used by the NSA since the 1960s, Menwith Hill is an important spy center. But there is growing disquiet in Britain over whether intelligence gathered at the base is being used to help with the CIA’s controversial clandestine drone strikes. And the government is keeping mum.

Earlier this month, Ken Macdonald, former chief prosecutor for England and Wales, spoke out on the subject in an interview with the London Times. He told the newspaper he believed there was compelling evidence that Britain was providing the United States with information subsequently used to help with drone attacks in countries like Pakistan. Because the United Nations says that the CIA’s covert drone campaign possibly violates international law, the allegation was politically explosive. The implication is that the British government could itself be complicit in unlawful drone bombings, which in Pakistan alone since 2004 have killed up to an estimated 3,337 people, among them hundreds of civilians.

Prior to Macdonald thrusting the issue into the spotlight, it had been simmering for some time. In May, a Pakistani student whose father was killed in a suspected U.S. drone attack launched legal action against the British government in a bid to expose whether it hands over intelligence for drone attacks on terrorist suspects. And a study published in March claimed the Menwith Hill base was being expanded to “support 'real-time' U.S. military actions, including drone attacks and those carried out by special operations forces.”

What goes on inside the Menwith station is impossible to know for sure. However, according to a 2001 European Parliament report, it is part of a surveillance network called ECHELON, situated to intercept communications routed over the Indian and Atlantic oceans. Former NSA employee Margaret Newsham, who worked at Menwith Hill 20 years ago, told CBS it monitored Russian and Chinese communications (but on one occasion spied on U.S. Sen. Strom Thurmond). And the Federation of American Scientists has claimed it is capable of intercepting an astonishing two million communications an hour.

If these reported capabilities are correct, it seems highly plausible that the base’s satellites are today intercepting at least some communications from the Middle East — which could help how the CIA picks its targets for drone strikes in countries such as Pakistan, Yemen and Somalia.

It’s also plausible that any intercepts gathered at Menwith play a crucial — not just contributory — role. In April, the Washington Post revealed that the White House had approved drone strikes in Yemen based solely on intelligence signatures. These are defined, according to the Post, as patterns of behavior indicative of a plot against U.S. interests “detected through signals intercepts, human sources and aerial surveillance.”

This brand of intelligence-led warfare has already led Germany to limit information it shares with the United States. The British government, however, does not take the same position — and is contributing to the secrecy that surrounds drone operations.

Fabian Hamilton, a member of the British Parliament, asked the government earlier this month whether Menwith Hill plays a role in the planning and deployment of drones in Afghanistan, Pakistan, Yemen, and Somalia. The response? He was not permitted to know. “For operational and security reasons we do not comment on the specific activities carried out at RAF Menwith Hill,” said Andrew Robathan, minister of state for the armed forces.

The secrecy is a problem, for basic democratic reasons if nothing else. It’s obvious that the British government wants to protect Menwith Hill’s activities on national security grounds, which might be justifiable to some extent. But if a foreign military is using a base in the English countryside to help conduct covert wars in far-flung lands, that’s a different matter altogether — and surely the British public has a right to know about it.

This article first appeared at Slate.com

Secret Justice

Alarming links between British spy agencies and torture, unlawful abductions and dealings with dictators have been exposed in recent years, prompting investigations and major court cases. But now, in a historic move that could erode centuries-old principles of open justice, the government wants to limit sensitive material being disclosed publicly – enabling complicity in human rights abuses to be kept secret.

The controversial plans are set to be included in the Justice and Security Bill, formally announced earlier this month in the Queen’s Speech. The Ministry of Justice says “common-sense” change is needed to protect national security and better equip courts to pass judgment in cases involving classified information. Because the new legislation would enable the government to present evidence to a judge without having to disclose it to the whole court, however, there are major concerns it could lead to cover-ups and put the government and other public bodies above the law.

“The simple fact is that closed courts are inherently unfair,” says Clare Algar, executive director of human rights group Reprieve. “What the government is proposing is a system in which they can use whatever evidence they like against the citizen, but the citizen is unable to challenge or even to see that evidence. This is unacceptable in any circumstances.

"Our current system is working well, and judges have always been extremely deferential to the government on matters of national security. Yet it appears that our security services are attempting to undermine our justice system because they are unwilling to be held accountable in a court of law."

Justice secretary Ken Clarke argues that the government will have to reveal “damaging” secret security information or settle out of court unless ministers can order some cases to be conducted behind closed doors. Clarke says that Britain’s intelligence-sharing relationship with America was dented after a ruling in 2010 forcing ministers to reveal a document showing British complicity in the torture of West London resident Binyam Mohamed, who was held at US-run prison Guantanamo Bay over alleged links to terror groups.

But last month the government’s claims that US authorities have withdrawn or reduced the amount of intelligence it shares with Britain were attacked by the joint parliamentary committee on human rights as being based on “spurious assertions”. And former officers from the US Central Intelligence Agency told the Daily Mail the US would “never hold back” information from British spies if it was “important to their domestic security.”

Prominent critics argue that the reform, far from being motivated by a desire to protect national security, has more to do with preventing politically damaging details from being made public.

“We should not sacrifice Britain’s open and transparent justice system simply to protect politicians and their officials from embarrassment,” said former director of public prosecutions Ken MacDonald in February. “After a decade in which we have seen our politicians and officials caught up in the woeful abuses of the War on Terror, the last thing the government should be seeking is to sweep all of this under the carpet. However, that is exactly what their disastrous secret justice proposals are likely to do.”

Macdonald’s scathing remarks took on added significance last month, when it emerged spy agency MI6 had tried to avoid having to appear in open court by offering a payment of £1 million to Abdelhakim Belhadj, a Libyan dissident it helped hand over to Muammar Gaddafi’s regime in 2004 as part of America’s extraordinary rendition programme. Belhadj and his pregnant wife were abducted by US authorities in Bangkok after a tip-off from MI6. They were forced on a plane to Libya where they were mistreated by Gaddafi’s secret police – and are now suing Sir Mark Allen, an ex-senior member of MI6, for “complicity in torture" and "misfeasance in public office."

If the Bill were to become law by the time Belhadj’s case makes it to a British courtroom, a government minister could sign off a “closed material procedure” (CMP) certificate vetoing sensitive information about MI6’s role being publicly disclosed. CMPs were first established by Labour in 1997 to be used mainly in a small number of immigration cases concerning the deportation of terror suspects. In 2010, for instance, alleged extremists based in Manchester and Liverpool were accused of having links to al-Qaida – but in subsequent deportation hearings CMPs were applied to keep evidence against them secret.

Crucially, aside from cases involving terror suspects and torture, the newly proposed Bill has far wider ramifications. It would apply across all civil court cases or inquests and could potentially be used not only to protect the security services – but also to halt sensitive information involving the police, the army and other public bodies from being revealed. (The definition of “sensitive” information is broad, encompassing the disclosure of anything deemed contrary to the interests of national security, the international relations of the United Kingdom, or the detection and prevention of crime.)

Inquest, a charity that provides support to bereaved people affected by contentious deaths, such as deaths in custody and police shootings, believes the government’s proposals “seriously undermine fundamental legal principles of natural justice and open justice.” The group, whose members number lawyers involved in high-profile cases including the Hillsborough disaster and the shooting of Jean Charles de Menezes, has warned that the Bill, if legislated, would “fuel fears that the state is attempting to deliberately prevent information about its own culpability in deaths becoming publicly known.”

“It is deeply regrettable that the government is pursuing proposals to extend the use of closed material procedures,” says Helen Shaw, Inquest’s co-director. “It is abundantly clear that there is no need for such sweeping changes to the law.”

But not all elements of the Bill have been subject to such intense criticism. While many argue it would be particularly detrimental to the accountability of the secret services in the courtroom, others point out that at the same time, in stark contrast, it also contains a proposal to enhance their accountability to parliament. Currently spy agencies MI6, MI5 and GCHQ are overseen by the intelligence and security committee (ISC), an executive-appointed group of nine parliamentarians, which reports directly to the prime minister. The government wants to improve the ISC by having it report formally to parliament for the first time.

“I see this as a measure of making them more accountable,” says Anthony Glees, an expert in security and counter-terrorism at the University of Buckingham. “There is a problem with accountability in our secret agencies; too much secrecy fuels speculation and it leads to a lack of responsible behaviour. But we can’t expect that they can’t have full accountability because then they wouldn’t be secret agencies.”

By enhancing parliamentary accountability while simultaneously planning to radically reduce judicial accountability, though, it is ultimately the overall impact that is of most significance, according to Hugh Bochel, professor of public policy at the University of Lincoln.

“The proposals give greater parliamentary oversight but they reduce the amount of judicial oversight and to some extent civil society and the media,” Bochel says, adding that this is a “negative step.”

“What you need is overlap between all those different forms of oversight and that should give you a good view as you can and accountability in all sorts of different ways.”

Campaigners point out that the Ministry of Justice’s own impact assessment of its plans for secret court proceedings warned of a “reduction in confidence in court processes” and a “higher risk of potential security breaches,” costing up to £11 million every year. This was compounded last month by condemnation from the joint parliamentary committee on human rights, chaired by Dr Hywel Francis, which said in a report that the court plans were a “radical departure from our longstanding traditions of open justice” and “inherently unfair.”

“The government has now tested the parliamentary waters and its proposal to expand secret evidence has been condemned as unfair and unjustified,” says Angela Patrick, director of human rights policy at campaign group Justice. “Proceeding in the face of these conclusions would undermine the coalition’s commitment to civil liberties and could damage public confidence in the justice system irreparably.”