The NSA has been collecting and analysing nearly 200 million text messages a day from around the world since at least 2008, leaked PRISM documents have revealed.
The Guardian revealed the operation, codenamed Dishfire, when it published slides from its official SMS Text Messages: A Goldmine to Exploit presentation leaked by whistleblower and ex-CIA analyst Edward Snowden.
The documents, which can now be viewed publicly online, show the US government intercepted SMS messages since at least 2008. At its peak in April 2011 the campaign was shown to intercept 194 million messages a day.
While this is a large number, Ovum estimates the daily number of text messages sent is 16.3 billion, so it represents only a fraction of the daily total.
The leaked documents showed the Dishfire campaign collected numerous types of data in its heyday. One slide showed that in a 24-hour period the campaign collected 1,658,025 roaming notification messages, more than 800,000 pieces of financial data and the co-ordinates of more than 76,000 messages.
The Guardian reported that further guidance documents for the UK GCHQ about the campaign revealed that the breadth and depth of information collected and stored during Dishfire forced the NSA to create an automated scanning tool, codenamed Prefer. The tool reportedly allowed the NSA to extract key metadata from the information to “enhance [its] current analytics”.
An NSA spokeswoman attempted to downplay the significance of the snooping to the Guardian, saying the tool was only used against “valid foreign intelligence targets”. At the time of publishing the US Department of Defense and the Department of Homeland Security had not responded to V3‘s request for comment on the report.
British law does not allow law enforcement to monitor text messages without a warrant, however the Guardian reported receiving documents proving that it did use at least some Dishfire data.
A Cabinet Office spokesperson told V3 while it could not comment on the the Guardian’s report directly, if GCHQ officers had used NSA data, they did so legally.
“It is a longstanding policy that we do not comment on intelligence matters. Furthermore, all of GCHQ’s work is carried out in accordance with a strict legal and policy framework which ensures that our activities are authorised, necessary and proportionate, and that there is rigorous oversight,” they said.
It is currently unclear how much UK data was collected by Dishfire and at the time of publishing network carriers Three, EE and Vodafone had not responded to V3‘s request for comment.
Dishfire is the latest in a long line of revelations regarding the NSA’s spy campaigns. Snowden leaked documents earlier in January showing that the NSA hacked over 100,000 computers based in countries around the world as part of its PRISM campaign, installing malicious code to turn them into covert cyber spying tools.