It turns out those pesky conspiracy theorists were actually onto something.

Classified documents provided by the whistleblower Edward Snowden show clearly that the NSA worked feverishly to target bitcoin users around the globe — and wielded one perpplexing source of info to help track down the senders and recipients of Bitcoin(s), according to a top-secret passage in an internal National Security Agency report dating to the month of March 2013.

This data source appears to have leveraged the National Security Agency’s ability to harvest raw, international internet traffic while at the same time exploiting an unknown software program that seemingly offered anonymity to consumers.

 BitCoin Users

Though the National Security Agency was interested in surveillance of some other competing cryptocurrencies, “Bitcoin is priority number one.” a March 14, 2013 internal National Security Agency report said.

These documents suggest that actually “hunting down” particular bitcoin users went beyond examining bitcoin’s public transaction ledger, known as a Blockchain, where users are generally referred to through anonymous identifiers.

The tracking may also have involved gathering specific details about these users’ computers.

The National Security Agency collected some bitcoin users’ password info, internet activity, and a type of unique device ID number known as a MAC address, as per a March 28th, 2013 NSA memo. In the very same document, analysts also discussed tracking internet users’ internet addresses(IP), timestamps, and network ports to identify “BTC Targets.”

The National Security Agency appears to have wanted even more info: The March 29th memorandum posed the question of whether the data source validated its users, suggesting the agency retained bitcoin information in a file called “Provider user full.csv.”

It further suggested notable search capabilities against bitcoin targets, even hinting that the National Security Agency may have been using its XKeyScore searching system, where the bitcoin info and broad scope of other NSA data was cataloged, in order to enhance its information on bitcoin users. A National Security Agency reference doc suggested that the data source provided “Internet Protocol addresses.” With this sort of info, putting an actual name to a particular bitcoin participant would be a piece of cake.

The National Security Agency’s burgeoning bitcoin spy op seems to have been enabled by its unequaled ability to siphon off traffic from the actual physical cable connections that form the internet. As of 2012, the National Security Agency’s BTC tracking was achieved through program code-named OAKSTAR, which was/is a collection of secret corporate partnerships enabling the agency to monitor communications, including by harvesting internet data as it traveled along fiber optic cables.

In particular, the National Security Agency targeted bitcoin through “MONKEYROCKET”, a sub-program of OAKSTAR, which then tapped network equipment to gather info from  Europe, the Middle East, South America, and Asia. As of the year 2013, MONKEYROCKET was “the sole source of SIGDEV for BITCOIN Targets,” the March 29, 2013 National Security Agency report said, thus using the term for signals intelligence development, “SIGDEV,” to indicate the agency had no other way to spy on  bitcoin users.

The information obtained through MONKEYROCKET is described in the docs as “full take” surveillance, in other words the entirety of data passing through a network was examined and at least a few entire data sessions were stored for further and additional later analysis.

MONKEYROCKET is also described in the documents as “A non-Western Internet anonymization service” with a “significant customer base” in countries like China and Iran, with the program being brought online in summer 2012.

It appears that it was promoted online under false pretenses: The National Security Agency notes that part of its “long-term strategy” for MONKEYROCKET was to “attract targets engaging in terrorism, [which were including] Al Qaida” toward using the “browsing product,” which “the N.S.A can then exploit.”

The general scope of the targeting would then expand beyond only terrorists. Whatever this piece of software was, it functioned as a clever privacy bait and switch, tricking bitcoin users into using a tool they thought would provide anonymity online but was actually funneling information directly to the National Security Agency.

The National Security Agency declined to comment to CryptoBuzz News Network for this article.

The Bitcoin Foundation, a nonprofit advocacy organization, could not immediately comment, either.

Olé Crypto,


Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.