The source code for XKeyscore—the National Security Agency’s most pervasive, contentious, and powerful internet surveillance tool—had been the subject of endless congressional hearings and presidential committees. But the hearings dealt in abstractions: "metadata," "collection," "foreign intelligence." They dealt with the idea of the tool.
The directory structure was deceptively boring. /nsa/xks/core/ . It looked like any other corporate enterprise software. But as I opened the primary C++ header files and Python scripts, the sheer scale of the architecture began to materialize. xkeyscore source code exclusive
I sat in a rented apartment in Hamburg. The air was stale, the curtains drawn. On the table in front of me sat a generic black laptop, air-gapped and running a stripped-down version of Linux. I plugged in the USB drive Virgil had couriered through a labyrinth of dead drops. /nsa/xks/core/
The system uses "micro-programs" or scripts to identify and extract specific types of data from the raw traffic stream. Genesis (The Parser): I sat in a rented apartment in Hamburg
XKeyscore is not a single application but a massive, distributed data processing system. It is designed to capture and index "nearly everything a typical user does on the internet." Distributed Sensors:
As XKeyscore is a classified tool, I couldn't find any information on an "exclusive" source code. It's likely that the source code is only accessible to authorized personnel within the NSA and potentially some of its international partners.
This suggests that the core infrastructure is running modified versions of FreeBSD 8.3—a 13-year-old operating system. The security implications are staggering. The NSA is likely aware of over 150 unpatched kernel exploits in that version, but cannot reboot the server for fear of losing active session data.