In the summer of 2010, a Middle Eastern businessman wanted to transfer a large sum of money from one country in the region to another. He wanted to send at least $50,000 (€37,500), and he had a very clear idea of how it should be done. The transaction could not be conducted via the United States, and the name of his bank would have to be kept secret -- those were his conditions.
Though the transfer was carried out precisely according to his instructions, it did not go unobserved. The transaction is listed in classified documents compiled by the US intelligence agency NSA that SPIEGEL has seen and that deal with the activities of the United States in the international financial sector. The documents show how comprehensively and effectively the intelligence agency can track global flows of money and store the information in a powerful database developed for this purpose.
"Follow the Money" is the name of the NSA branch that handles these matters. The name is reminiscent of the famous catchphrase by former FBI Associate Director Mark Felt, the whistleblower known as "Deep Throat" who offered the information to Bob Woodward and Carl Bernstein, the Washington Post reporters investigating the Watergate scandal in 1972.
Financial transfers are the "Achilles' heel" of terrorists, as NSA analysts note in an internal report. Additional fields of activity for their "financial intelligence" include tracking down illegal arms deliveries and keeping tabs on the increasingly lucrative domain of cybercrime. Tracing international flows of money could help reveal political crimes, expose acts of genocide and monitor whether sanctions are being respected.
Data Access vs. International Laws
"Money is the root of all evil," joke the intelligence agents. According to the classified documents, the spies' activities primarily focus on regions like Africa and the Middle East -- and their efforts often focus on targets that fall within their legal intelligence-gathering mandate. However, in the financial sector, just as in other areas, the NSA also relies on maximum data collection -- an approach that apparently leads to conflicts with national laws and international agreements.
Some members of the intelligence community even view spying in the global financial system with a certain amount of concern, as revealed by a document from the NSA's British counterpart -- the Government Communications Headquarters (GCHQ) -- that deals with "financial data" from a legal perspective and examines the organization's own collaboration with the NSA. According to the document, the collection, storage and sharing of "politically sensitive" data is a highly invasive measure since it includes "bulk data -- rich personal information. A lot of it is not about our targets."
Indeed, secret documents reveal that the main NSA financial database Tracfin, which collects the "Follow the Money" surveillance results on bank transfers, credit card transactions and money transfers, already had 180 million datasets by 2011. The corresponding figure in 2008 was merely 20 million. According to these documents, most Tracfin data is stored for five years.
The classified documents show that the intelligence agency has several means of accessing the internal data traffic of the Society for Worldwide Interbank Financial Telecommunication (SWIFT), a cooperative used by more than 8,000 banks worldwide for their international transactions. The NSA specifically targets other institutes on an individual basis. Furthermore, the agency apparently has in-depth knowledge of the internal processes of credit card companies like Visa and MasterCard. What's more, even new, alternative currencies, as well as presumably anonymous means of payment like the Internet currency Bitcoin, rank among the targets of the American spies.
The collected information often provides a complete picture of individuals, including their movements, contacts and communication behavior. The success stories mentioned by the intelligence agency include operations that resulted in banks in the Arab world being placed on the US Treasury's blacklist.
In one case, the NSA provided proof that a bank was involved in illegal arms trading -- in another case, a financial institution was providing support to an authoritarian African regime.
The most politically explosive revelations, though, concern the agency's secret access to the SWIFT networks. Following extensive debates, in 2010 the European Union signed the so-called SWIFT agreement with the US. From its headquarters in Belgium, SWIFT handles international transactions for banks and other financial institutions. For many years following the 9/11 terrorist attacks, the US lobbied for access to this international financial data, which SWIFT virtually monopolizes worldwide.
An initial agreement failed in early 2010 after it was vetoed by the European Parliament. A few months later, a slightly watered-down SWIFT agreement was signed with the express approval of the German government.
EU Compromise Violated by US
NSA documents from the archive of whistleblower Edward Snowden now show that the compromise reached with the EU is apparently being circumvented by the US. A document from the year 2011 clearly designates the SWIFT computer network as a "target." The secret data collection also involves the NSA department for "tailored access operations."
According to the documents, one of the various means of accessing the SWIFT information has existed since 2006. Since then, it has been possible to read the "SWIFT printer traffic from numerous banks."
In the wake of revelations that the NSA bugged the EU embassies in New York and Washington, the attack on SWIFT could be the next major stress test for relations between the US government and the European Union. The NSA failed to comment on the latest allegations before SPIEGEL's printing deadline on Friday.
Late last week, EU Commissioner for Home Affairs Cecilia Malmström said that the Americans should "immediately and precisely tell us what has happened, and put all the cards on the table." If it's true "that they share information with other agencies for purposes other than those outlined in the agreement … we will have to consider ending the agreement," the Swede said after Brazilian broadcaster TV Globo first reported on the attack on SWIFT on Sept. 8.
Jan Philipp Albrecht, a Green Party representative in the European Parliament, spoke of an "open breach of law." Four out of seven factions in the European Parliament have joined the growing number of calls to suspend the agreement.
The conflict is also particularly sensitive because the documents reveal the close involvement of the US Treasury in selecting the program's spying targets. Indeed, according to the documents, there is an exchange of personnel in which NSA analysts are transferred for a number of months to the relevant department in the US Treasury.
Spying on Banks and Credit Card Firms
The revelations of spying on credit card transactions are also incendiary. Under the codename "Dishfire," the intelligence agency collects information on credit card transactions from some 70 banks worldwide, most of them in crisis-ridden countries, including banks in Italy, Spain and Greece. The Americans also take advantage of the fact that many banks use text messages to inform their customers of transactions. The Dishfire program has been running since spring 2009.
The documents also show that the intelligence agency targets large credit card companies, such as the US company Visa. At an internal conference in 2010, for instance, NSA analysts provided an extensive and detailed description of how they searched for possible points of access in the complex network that Visa uses to process its transactions -- and were allegedly successful in penetrating the company's network.
During the presentation, the analysts said that the target was the transactions of Visa customers in Europe, the Middle East and Africa, adding that the idea was to "collect, parse and ingest transactional data for priority credit card associations." One slide depicts in detail how the authorization process for each transaction works, starting with a credit card reader in a store, continuing via the bank and a data processor, and finally reaching the credit card company itself. A subsequent chart points to possible "collection access points."
When contacted by SPIEGEL, a spokeswoman for Visa responded, "Visa Inc. does not have a processing facility in the Middle East or the UK." In addition, she stated, "We are not aware of any unauthorized access into our network. Visa takes data security seriously and, in response to any attemption intrusion, we would pursue all available remedies to the fullest extent of the law. Further, it's Visa's policy to only provide transaction information in response to a subpoena or other valid legal process."
Nevertheless, Visa data from the Middle East apparently ends up in the NSA database. The XKeyscore spying program is used to skim regional data from the Visa network, according to a document.
A Wide Range of Credit Card Companies
The agency's snooping efforts now focus on more than one provider. According to another document, transaction data from a wide range of credit card companies flows into the NSA financial database Tracfin. This allegedly includes data from payment authorization processes by Visa and MasterCard. All in all, "credit card data" and related text messages made up 84 percent of the datasets within Tracfin in September 2011.
MasterCard did not comment by SPIEGEL's printing deadline.
In order to find their way through the jungle of information, Tracfin analysts even have their own manual for "credit card tap search tips." On top of that, the intelligence agents have their own electronic tool that allows them to independently and very rapidly verify the authenticity of credit cards.
By all appearances, the NSA collects everything that it can in the sensitive financial sector -- at least that's the message of a presentation from April. The agency sets out to access "bulk global financial data," which is then fed into the Tracfin database, the presenter noted. Furthermore, the author concluded, thanks to network analyses and the use of the XKeyscore spying program, NSA analysts had stumbled across the encrypted traffic of a large financial network operator in the Middle East.
According to the presentation, the NSA was previously only able to decrypt payment transactions by bank customers, but now they have access to the internal encrypted communication of the company's branch offices. This "provides a new stream of financial data and potentially encrypted internal communications" from the financial service provider, the analysts concluded with satisfaction. This bank data comes from countries that are of "high interest." It's interesting to note that the targeted company is also one of the many SWIFT service partners.
The documents reveal how short-lived intelligence agencies' access to the financial world can be, as well as the fact that encryption actually can present problems, at least temporary ones, for the spies. According to one document, the agency had access to data from Western Union, a company that manages money transfers in over 200 countries, for quite some time. But in 2008 Western Union began to protect its data with high-grade encryption. This made access virtually impossible, as NSA staff members complain in one paper.