Danish military intelligence uses XKEYSCORE to tap cables in co-op with the NSA

Final August, it came out that a whistleblower accused the Danish militia and alerts intelligence provider (Forsvarets Efterretningstjeneste or FE) of illegal activities and deliberately deceptive the intelligence oversight board.

Meanwhile, the Danish press used so as to paint an extremely total and detailed portray of how the FE cooperated with the NSA in cable tapping on Danish soil.

It used to be further printed that the Americans provided Denmark with a worldly contemporary belief gadget which incorporates the NSA’s recordsdata processing gadget XKEYSCORE.

A Danish paper also disclosed that the accusation of illegal sequence came from a young FE employee who reminds of Edward Snowden. A newly established investigation commission now has to elucidate whether he used to be pushed by fears or by info.

The Sandagergård complex of the FE on the island of Amager, the set a brand contemporary

recordsdata center used to be built for its deployment of the XKEYSCORE gadget

Cable tapping

In an intensive part from September 13, the eminent Danish newspaper Berlingske (based in 1749) describes how the FE, in cooperation with the NSA, began to faucet an global telecommunications cable in uncover to gain foreign intelligence.

Within the mid-1990s, the NSA had came upon that someplace below Copenhagen there used to be a backbone cable containing phone calls, e-mails and text messages from and to countries appreciate China and Russia, which used to be of mountainous pastime for the Americans.

Tapping that cable, nonetheless, used to be nearly very unlikely without the reduction of the Danes, so the NSA asked the FE for entry to the cable, however this ask used to be denied, in accordance with Berlingske.

Settlement with the USA

The US authorities didn’t give up, and in a letter despatched straight to the Danish top minister Poul Nyrup Rasmussen, US president Clinton asked his Danish colleague to reconsider the resolution. And Nyrup, who used to be a sworn supporter of a shut relationship with the US, talked about sure.

The cooperation used to be laid down in a myth, which, in accordance with Berlingske, all Danish defense ministers needed to mark “so as that any contemporary minister might maybe furthermore scrutinize that his predecessor – and his predecessors sooner than his predecessors – with their signatures had been a part of this little, genuine circle of folks who knew regarded as among the kingdom’s greatest secrets.”

The code title for this cooperation is no longer identified, however it’s most likely a part of the NSA’s umbrella program RAMPART-A. Below this program, which started in 1992, foreign partners present entry to excessive-ability global fiber-optic cables, while the US offers the tools for transport, processing and prognosis:

Settlement with a cable operator

To make sure that tapping the cable used to be as authorized as most likely, the authorities asked approval of the personal Danish company that operated the cable. The company agreed, however handiest when it used to be current on the finest stage, and so the settlement used to be signed by top minister Rasmussen, minister of defense Hækkerup and head of division Troldborg.

Because the cable contained global telecommunications it used to be regarded as to descend at some level of the FE’s foreign intelligence mandate. The settlement used to be willing in handiest one reproduction, which used to be shown to the company after which locked in a stable on the FE’s headquarters on the Kastellet fortress in Copenhagen, in accordance with Berlingske.

This Danish settlement is extremely an identical to the Transit Settlement between the German foreign intelligence provider BND and Deutsche Telekom, whereby the latter agreed to produce entry to global transit cables at its switching center in Frankfurt am Predominant. The BND then tapped these cables with reduction from the NSA below operation Eikonal (2004-2008).

Processing at Sandagergård

Berlingske reported that the communications recordsdata that occupy been extracted from the backbone cable in Copenhagen occupy been despatched from the Danish company’s technical hub to the Sandagergård complex of the FE on the island of Amager. The US had paid for a cable between the 2 areas.

At Sandagergård, the “NSA made obvious to set up the expertise that made it most likely to enter key phrases and translate the monumental amount of recordsdata, so-called raw recordsdata from the cable tapping, into “readable” recordsdata.”

The filter gadget used to be no longer handiest fed by key phrases from the FE, however the NSA also provided “the FE with a series of key phrases that are relevant to the USA. The FE then opinions them – and checks that there are on the total no Danes among them – after which enters the most principal phrases” in accordance with sources cited by Berlingske.

Moreover this filtering with key phrases and selectors, the FE and the NSA can even occupy feeble the metadata for contact-chaining, which plan reconstructing which phone numbers and electronic mail addresses had been in contact with every so much of, in uncover to create social community graphs – something the sources it sounds as if didn’t wish to uncover to Berlingske.

Device of the present backbone cables spherical the Danish capital Copenhagen
and the Sandagergård complex of the FE on the island of Amager
(source: Infrapedia – click to originate bigger)

Depended on partners

Portion of the settlement between the US and Denmark used to be that “the USA doesn’t exercise the gadget against Danish voters and corporations. And the so much of formula spherical”. Same phrases might maybe furthermore furthermore be screen in an NSA presentation from 2011: “No US sequence by Accomplice and No Host Country sequence by US” – even even supposing that is adopted by “there ARE exceptions!”

The latter comment might maybe furthermore occupy inspired Edward Snowden to accuse the NSA of abusing these cooperations with foreign partner companies to belief on European voters, however as a source knowledgeable Berlingske:

“I’m able to in no plan have confidence in my creativeness that the NSA would betray that belief. I rob into consideration it entirely and fully unlikely. If the NSA had a desire to maintain info about Danish voters or corporations, the USA would merely flip to [the domestic security service] PET, which would then present the principal authorized basis.”

The source also talked about that “the NSA wished to soar and elope for Denmark. The agency did all the pieces Denmark asked for, without dialogue. The NSA repeatedly helped Denmark – due to the this cable entry. […] Denmark used to be a no doubt, very shut and valued partner.”

This shut and friendly cooperation used to be it sounds as if regarded as among the reasons for the consult with of president Invoice Clinton to Denmark in July 1997, in accordance with Berlingske.

Danish top minister Poul Nyrup Rasmussen and US president Invoice Clinton
at some level of his consult with to Denmark in July 1997 (portray: Linda Kastrup)

A brand contemporary belief gadget

Within the wake of the FE scandal even extra contemporary developments occupy been printed: a explain by the Danish broadcaster DR from September 24, 2020 offers attention-grabbing particulars about how the Americans provided Denmark with a worldly contemporary “belief gadget”.

After the FE got a brand contemporary head of procurement in 2008, NSA workers most regularly traveled to Denmark for pretty a while to make the principal hardware and set up the desired tool for the contemporary gadget, which DR News describes as extraordinarily evolved. It also has a undeniable internal code title, which the broadcaster determined no longer to publish. It’s some distance on the total this contemporary gadget whereby the alleged illegal sequence of Danish recordsdata took space.

Essentially based on DR News, the NSA technicians occupy been also thinking referring to the arrangement of a brand contemporary recordsdata center on the FE’s Sandagergård complex on Amager that used to be specifically built to condominium the contemporary belief gadget, which used to be taken into exercise someplace between 2012 and 2014. The cooperation between the FE and the NSA on this particular gadget used to be primarily based entirely upon a Memorandum of Knowing (MoU) signed by then FE chief Thomas Ahrenkiel.

Filter methods

The DR News explain also goes into extra component referring to the interception process. It says that first, the intelligence provider identifies an recordsdata scurry that will be attention-grabbing, after which they “replicate” the gentle that passes thru the teach fiber-optic cables. On this plan, they reproduction every metadata and bellow material, appreciate text messages, chat conversations, phone calls and e-mails, and send them to the FE’s recordsdata center at Sandagergård.

Essentially based on DR News, the FE tried to originate so much of filters to make certain recordsdata from Danish voters and corporations is sorted out and no longer made searchable by the contemporary belief gadget. The feeble Danish minister of defense Claus Hjort Frederiksen recently talked about that there used to be certainly an are trying and originate such filters, however on the identical time he admitted that there might maybe furthermore furthermore be no vow that no Danish recordsdata will hobble thru.


DR News also reported that the heart of the contemporary belief gadget is formed by XKEYSCORE, which used to be developed by the NSA and the existence of which used to be first printed by The Guardian in June 2013.

The NSA’s British counterpart GCHQ integrated XKEYSCORE in its dangle gadget for processing bulk web recordsdata codenamed TEMPORA and it will furthermore furthermore be assumed that the so much of Second Occasion partners (also identified as the Five Eyes) also exercise this gadget, whether or no longer below a undeniable codename.

From the Snowden documents all of us know that the NSA also provided XKEYSCORE to a pair of its Third Occasion partners: the German foreign intelligence provider BND and domestic safety provider BfV, the Swedish alerts intelligence provider FRA and the Eastern Directorate for SIGINT. It’s contemporary even supposing that the Danish militia intelligence provider FE makes exercise of the gadget too.

Some press reports seem to counsel that these partner companies “gain entry to XKEYSCORE” as if it would enable them to join to a giant global mass surveillance gadget. The latter stands out as the case for the NSA’s Second Occasion partners, however the Third Occasion partners are the exercise of XKEYSCORE handiest to process and analyze recordsdata from their dangle tapping components and are no longer able to entry recordsdata from Five Eyes sequence platforms.

Likewise, NSA analysts the exercise of XKEYSCORE set no longer need declare entry to, on this case, Danish sequence methods, handiest to recordsdata that the Danes agreed to part with the US as “third occasion sequence”.


Glenn Greenwald provided XKEYSCORE as the NSA’s “widest-reaching” tool to gain “nearly all the pieces a person does on the web”. Right here’s deceptive, due to the it’s extra about quality than about quantity: the gadget no doubt helps analysts to “downsize their sizable shrimping nets [of traditional collection methods] to little goldfish-sized nets and merely dip them into the oceans of recordsdata, working smarter and scooping out exactly what they need”.

The NSA has XKEYSCORE installed at some 150 recordsdata sequence web sites all over the enviornment. There, it creates a rolling buffer of three to 5 days of bellow material and spherical 30 days of metadata, which is able to be remotely searched by analysts. They’ll exercise faded selectors appreciate phone numbers and electronic mail addresses to buy recordsdata of pastime, however that is the conventional formula and the absolute top plan so much of companies gain bulk sequence.

Filtering phone numbers and electronic mail addresses grew to changed into less life like due to the targets know that this occurs and shifted to anonymous ways to keep in touch over the web. The novelty of XKEYSCORE is that it permits analysts to search out exactly those anonymous communications. For that cause it reassembles IP packets into their fashioned layout (“sessionizing”), appreciate Be aware documents, spreadsheets, chat messages, etc.

Design showing the dataflow for the DeepDive model of XKEYSCORE

Once restored, these files might maybe furthermore furthermore be looked for traits that are related to sure targets or target groups, appreciate exercise of encryption, the exercise of the TOR community, the exercise of a undeniable language than the set somebody is found, and heaps of combinations thereof. On this plan, analysts can glimpse contemporary targets after which delivery up monitoring them extra carefully.

XKEYSCORE used to be also talked about in a classified file from the German BND, which consists of a scheme that reveals the variation between XKEYSCORE and faded sequence methods: within the faded self-discipline-up, IP packets from an recordsdata scurry occupy been reassembled after which went thru a filter to bewitch handiest those of pastime, that occupy been forwarded for further prognosis. XKEYSCORE might maybe furthermore enact all that at the moment:

Unlawful sequence?

Now that the so much of disclosures by the Danish press provided pretty some insight into the FE’s cable tapping activities, how referring to the abuses it’s accused of?

Essentially based on DR News, it used to be the newly installed belief gadget whereby the alleged illegal sequence of Danish recordsdata took space. Within the necessary space we can rob that the filters weren’t able to block the total communications related to Danish voters, residents or corporations, however that is of a technical nature and no longer intentional.

An different option is that the FE itself, or the NSA fed the gadget with selectors (appreciate phone numbers and electronic mail addresses) that might maybe well lead to the sequence of Danish recordsdata. The NSA might maybe furthermore soundless no longer occupy been allowed to enact that below the settlement with the Danes, while for the FE this would be against the law.

Essentially based on a source cited within the aforementioned Berlingske newspaper article, there used to be one case whereby “the NSA despatched a ask to seem for a company in a nation in Asia, however when the FE checked the selector, it found that the company used to be Danish-owned, whereupon the ask used to be rejected”.

This reveals that, precise appreciate it used to be the case in Germany, the NSA’s pastime used to be pretty “sizable”, however that the FE did its simplest to provide protection to Danish subject issues and blocked such requests the set most likely.

A third option is that the illegal sequence took space thru the further recordsdata search capabilities of the XKEYSCORE gadget, which is that you just would be capable to evaluate of due to the here the hunt criteria are applied to traits of the bellow material of the communications, as an different of the oldsters who’re concerned.

Essentially based on Berlingske, the whistleblower who knowledgeable the intelligence oversight board “feared that the administration of the Protection Intelligence Provider used to be doing US business by leaving its particular gadget with technical vulnerabilities that allowed the Nationwide Safety Company to abuse it.”

The whistleblower

Berlingske used to be also able to title the whistleblower as a younger employee of the FE, working as an IT specialist – a inserting similarity to Edward Snowden. The paper says that in 2013 he grew to changed into increasingly extra concerned, however it’s no longer clear whether this might maybe furthermore occupy been triggered by the Snowden revelations, which started in June of that year and integrated reports about XKEYSCORE, the gadget that had precise been installed on the FE.

Because the IT specialist insisted on his criticism, then head of the FE Thomas Ahrenkiel determined – without informing the Americans – to self-discipline up a technical working neighborhood to undergo the gadget on the lookout for to search out vulnerabilities or indicators of abuse by NSA. As reported by Berlingske, the IT specialist himself, with the goal of reassuring him, also participated within the working neighborhood, which in 2014 concluded that there occupy been no indicators of illegal intrusion.

For the FE the case used to be closed, however, as reported by Berlingske, the IT specialist used to be no longer cheerful and “he made a drastic resolution and smuggled a recorder into his office, organized conferences with colleagues and bosses for quite a bit of months and recorded them in secret” – as soon as more a roughly persistance very an identical to how Snowden operated. However now not like Snowden, the Danish whistleblower didn’t contact the press, however eventually knowledgeable the intelligence oversight board.

Danish defense minister Trine Bramsen (left) and her predecessor
Claus Hjort Frederiksen (portray: Linda Kastrup/Scanpix)


Berlingske reported that the recordings provided “hours of covert photographs with workers of the provider, just a few of which […] occupy expressed themselves in a formula that confirms the suspicion that the FE might maybe furthermore occupy acted illegally and no longer intervened adequately to forestall recordsdata on Danes from being disclosed.” In November 2019 they occupy been handed over to the intelligence oversight board, which in December knowledgeable defense minister Trine Bramsen.

Now not like her predecessor, Bramsen it sounds as if took these roughly accusations very significantly and knowledgeable the oversight board to conduct an investigation, which on August 24, 2020 resulted within the sudden suspension of the head of the FE and just a few so much of officials (meanwhile they’ve returned as soon as more, however in so much of positions).

On October 5, the Danish authorities determined to put up a invoice to place a undeniable commission that has to develop an neutral and neutral investigation into the accusations against the FE, which has to unique a explain internal a year.


In 2013, a young IT specialist on the FE grew to changed into anxious that this intelligence provider might maybe furthermore occupy illegally spied on Danish voters. This used to be no longer handiest in accordance with Snowden’s (unsubstantiated) narrative, however also a terror that had lived in Denmark since its domestic safety provider PET had been accused of monitoring long-established Danes in 1998.

Meanwhile it has turned out that Snowden used to be pushed extra by fears than by info – might maybe furthermore that even occupy been the case with the FE whistleblower? Essentially based on what has been published to this level, he it sounds as if tried to search out proof even after an internal investigation concluded that the NSA wasn’t abusing the FE’s sequence gadget.

In contemporary years, the NSA and the German BND occupy also been accused of huge illegal domestic spying. Thorough investigations occupy shown that used to be no longer the case, even even supposing their workers occupy been most regularly careless and it used to be technically no longer frequently most likely to enact what used to be legally required.

Became this also the order on the Danish militia intelligence provider? The recently established investigation commission will demonstrate.

Hyperlinks & sources

– Berlingske: Særlig undersøgelseskommission skal kulegrave FE-sagen (Oct. 5, 2020)
– Politiken: Debat om kabelaflytning gav tårer i Sverige og folkeafstemning i Holland (Oct. 1, 2020)
– DR News: Ny afsløring: FE masseindsamler oplysninger om danskere gennem avanceret spionsystem (Sept. 24, 2020)
– Berlingske: Et pengeskab på Kastellet har i årtier gemt på et dybt fortroligt dokument. Nu er hemmeligheden brudt (Sept. 13, 2020)
– The Native: Danish intelligence scandal related recordsdata sharing with US agency, in accordance with media (August 28, 2020)
– The Register: The Viking Snowden: Denmark belief chief ‘relieved of accountability’ after whistleblower reveals illegal snooping on voters (August 25, 2020)
– BBC: Danish militia intelligence head Lars Findsen suspended (August 24, 2020)

Read More

Similar Products:

Recent Content