US Agencies Are Buying Your Private Internet Data

~6 min read | Published on 2022-09-24, tagged General-News using 1280 words.

US Law enforcement agencies and military have been buying “petabytes” of American citizens’ internet data, according to a letter to the Office of the Inspector General.
According to a letter from Senator Ron Wyden (D-Oregon) to the Office of the Inspector General (OIG), the U.S. military and law enforcement agencies are buying up to ‘93% of the internet’ from the data broker Team Cymru.
The letter from Senator Wyden’s office:
I write to request that you investigate the Departments of Homeland Security (DHS), Defense (DOD) and Justice’s (DOJ) warrantless purchase and use of records revealing the websites Americans have accessed online.

For several years, I have been investigating the government’s purchase of Americans’ data, including location records and web browsing records. This investigation has confirmed that ‘multiple government agencies are purchasing Americans’ data without judicial authorization, including the Defense Intelligence Agency and Customs and Border Protection (CBP)–the latter of which is now being investigated for this practice by the DHS Inspector General.

While I have been able to make public important details about government agencies’ purchase of location data, my efforts to probe and shed light on the government’s purchase of internet browsing records have been frustrated by the Pentagon. On May 31, 2021, I wrote to the. Secretary of Defense to request that DOD provide me — without any restrictions on public release — written answers to questions regarding DOD’s purchase of Americans’ data. DOD had previously provided answers to my questions, which it marked Controlled Unclassified Information (CUI), on March 13, 2021. On August 2, 2021, the Under Secretary of Defense for Intelligence and Security responded to my written request, declining to remove the CUI restrictions on DOD’s answers to my question about intenet browsing records.

After DOD refused to release this information without restrictions, my staff learned that public contract information had been posted online, showing that multiple DoD agencies purchased data from data brokers that reveal internet browsing history: The Defense Counterintelligence and Security Agency spent more than $2 million purchasing access to netflow data, and the Defense Intelligence Agency purchased Domain Name System data. My office asked DOD to re-review their decision to maintain the CUI restrictions on the written answers DOD had previously provided, in light of these public contracts. DOD yet again refused, on May 25, 2022.

In addition, my office was recently contacted by a whistleblower who described a series of formal complaints they filed up and down their chain of command, as well as to the DOD Inspector General and the Defense Intelligence Agency, regarding the warrantless purchase and use of netflow data by the Naval Criminal Investigative Service (NCIS). According to the ‘whistleblower, NCIS is purchasing access to data, which includes netflow records and some ‘communications content, from Team Cymru,a data broker whose data sales I have previously investigated. Public contracting records also corroborate that NCIS has a contract for Augury, ‘which is the name of a subscription service offered by Team Cymru, which includes access to netflow data.

Public contracting records confirm that the Augury tool provides access to “petabytes” of network data “from over 550 collection points worldwide” and “is updated with at least 100 billion new records each day.” The contracting records also confirm that Augury provides access to email data (“IMAP/POP/SMTP peap data”) and data about web browser activity (“cookie usage,” “UserAgent data” and “URLs accessed”).

Contracting records state that the government contractor, Argonne Ridge Group, is the “only known source”of this data. Public records confirm that Team Cymru and Argonne Ridge Group have the same corporate address and have overlapping corporate officers. Government contracting records also confirm that in addition to NCIS, Argonne Ridge Group has contracts with U.S. Cyber Command, the Army, the Federal Bureau of Investigation and the U.S. Secret Service.

‘The whistleblower has informed my office that their complaint was forwarded by the DOD Inspector General to the Navy Inspector General. However, it appears from public contracting records that the government’s purchase of internet metadata, from just one data broker, goes far beyond the Navy. To that end, I request that your offices investigate the warrantless purchase and use of Americans’ internet browsing records by the agencies under your jurisdictions. Your independent oversight must ensure that the government’s surveillance activities are consistent with the Supreme Court’s Carpenter decision and safeguard Americans’ Fourth Amendment rights.

Here is the description of Augury included in the U.S. government procurement record:
The NAVSUP Fleet Logistics Center (FLC) Norfolk, Philadelphia Office intends to acquire, on an other than full and open competitive basis from Argonne Ridge Group, Inc., a subscription to Augury for fifteen (15) individually assigned accounts and data collection for 20 signatures in support of the Naval Criminal Investigative Service (NCIS), Quantico, VA. The subscription will provide for web-based access to an online repository of petabytes of current and historical network data to include BGP Origin ASN/BGP Peer ASN/BGP Prefix, DNS, NMAP scans, Pastebin archives, Botnet data, IMAP, POP, and STMP pcap data, RDP/FTP pcap data, and x509 Certs. The network data includes data from over 550 collection points worldwide, to include collection points in Europe, the Middle East, North/South America, Africa and Asia, and is updated with at least 100 billion new records each day. All IP addresses are geo-located with its domain and IP address ownership identified.

The service includes mapping IPv4 IP addresses to BGP prefixes and ASNs and is based on feeds from at least fifty BGP peers updated hourly. The tool provides the ability to identify a specific IP, an ASN (or ASNs), or an entire country to evaluate what routes have been announced or withdrawn, and by whom. Results are exportable in JSON, Excel, XML, and CSV file formats. The service also identifies compromised devices and botnet families based on network scanning activity and track malware infestations.

Data available includes:
  • DNS history (forward and reverse)
  • Operating system fingerprinting
  • IRC keyword analysi
  • NMAP scans
  • Pastebin archived data
  • Banners on networked devices
  • Beaconing activity
  • Cookie usage
  • UserAgent data
  • Extracted file information
  • IMAP/POP/SMTP pcap data
  • RDP/FTP pcap data
  • URLs accessed
  • x509 Certs
  • Senator Wyden found that U.S. law enforcement agencies are also buying access to Team Cymru’s tool. The FBI, the Secret Service, Border Patrol, etc. Enjoy your protection from unconstitutional search and seizure, lmao.
    This site,, used to describe the tool. The description has been replaced with “AUGURY HAS BEEN REPLACED BY PURE SIGNAL™ RECON Please note that Team Cymru Augury has been replaced by Team Cymru Pure Signal™ Recon.” However, an archived version of the website describes the tool.
    Team Cymru’s [em]Augury[/em] is a data analyst’s portal, providing an intuitive query tool for direct access to 50+ different categories of insight, including passive DNS, network traffic, and observed attacks.

    This is the same tool that Team Cymru’s own analysts have developed for their attributive investigations, including selective filtering and post processing. It also allows API access to batch and schedule searches, with email notification. Typical use cases are network defence, cyber threat intelligence, digital forensics, and cyber analytics.
    Augury provides access to our unparalleled insight, spanning data categories such as:
  • Internet Traffic Intelligence
  • Botnet and Controller Intelligence
  • Malware Intelligence
  • Miscreant Communications
  • DNS/SMTP/Web Intelligence
  • Indicators of Compromise (IOC)
  • Device Intelligence and Behaviors
  • Darkweb Activity
  • And also:

    In a Motherboard article, Joseph Cox wrote:
    The Augury platform makes a wide array of different types of internet data available to its users, according to online procurement records. These types of data include packet capture data (PCAP) related to email, remote desktop, and file sharing protocols. PCAP generally refers to a full capture of data, and encompasses very detailed information about network activity. PCAP data includes the request sent from one server to another, and the response from that server too.

    How is this company getting PCAP data?

    Comments (23)

    David G.2022-09-24

    Snowden psyop normalized this. Also forget the 5-14-109 eye agreements, the US is cooperating with China and Russia. Also reported the URL slug to the ADL. Enjoy, you antisemite.


    I will pray for your salvation


    @1a039536 if someone said some negative fact about some race, he is a racist. but if someone did the same think about the jews, he is an antisemite! ayo semites! aren't you a race? are you humans? reptiles? what are you? the chosen people.

    My concerns2022-09-24

    Answer me this, DNL. If you hate mass surveillance, and the Jews so much, why does every comment made on the .onion go through Cloudflared clearnet site, hmm?


    I do not have hate in my heart for anyone.

    David G.2022-09-24

    TO: 233901a0 I'll contact my boys at the ADL to have this misunderstanding sorted out ASAP. So why do comments made on the .onion go through the Cloudflared clearnet website? I'm sure my comment, exit node and user agent will go straight into Team Cymru's collection to be purchased using my tax dollars.


    to: 7895a7b9 They aren't you dipshit. Besides, your user agent will reveal nothing if you're using the official tor browser like you should be. And unless you're being a dumbfuck surfing clearnet with your TOR browser then you won't have an exit node to speak of tahat visible for anyone.


    to: 466f530e the onion site makes a direct request to the clearnet site in the browser when you comment. you will always have a exit node when using tor. only when you use the clearnet your exit node ip is shown. so cloudflare can see the exit node ip when you comment @dnl you going to fix this?

    fix this2022-09-25

    to: 466f530e 1. Right mouse click -> Inspect -> Network Tab 2. Make a comment. 3. See a POST request go through the (((Cloudflared))) clearnet website. 4. Be identified by the NSA.


    If Team Cymru CEO was a black person, would writing about his engagement in global surveillance to be considered racist instead of antisemitic?


    Tor was developed by the us military, so you can rest assured the theory is sound. Your ISP can see you are using TOR, depending on where you live they may not care or you could also be using a vpn to cover your tor activity. You run the risk of connecting to a compromised node, not necessarily a government one, perhaps hackers too, but ya, the likelihood of connecting to 3 compromised nodes at the same time, controlled by the same entity is obviously very low. You could could get exploited by some crazy zero day that hasn’t been patched or you were to lazy to update your browser and more obvious vulnerability was exploited. Correlation attack or installing compromised browser software. Or my personally favorite, ***knowingly disclosing personal information while using tor***


    6.8 million jews approved this message!


    Which part was plagiarized? Are news an intellectual property?


    OP wrote this shit after reading the story about the same shit from vice, even plagiarized half this article from the vice article


    ***test*** but dude could someone please explain to me the dnl Jewish reference, dnl is Muslim last I checked, so much time wasted over skin pigmentation and religious beliefs that are unverifiable. Personally I’m more concerned with financial things that are verifiable, instead of trivial disputes of race and religion when the ones starting this discussions are likely the folks also showing up above the comments section on here for engaging in what you could call: an exceptional amount of ***tom foolery***, if you know what I’m sigidy-sayin my boy.




    Okay borat, no shitting in the garden in front of ***McDonalds***


    Obviously three-letter agencies around the globe are spying on you, CIA, FSB, MSS, ... They are called spy agencies after all. They keep their operations secret because most of them are immoral / illegal / scandalous. For now, using Tails / Whonix as your main OS seems to offer the best protection. Hopefully, at least it can prevent them from spying on your browsing history. I would assume all information I provided to businesses are in the hand of three-letter agencies. Perhaps the politically-smart move is to use the fear of being spied by foreign spy agencies to advocate for more privacy for all. At least US is a democracy for now. Advocacy is not possible in many countries.


    aw poopdollar


    i am once again asking for your financial support

    lick it2022-09-28

    I like to lick the skin of chickens and horses.


    is updated with at least 100 billion new records each day. All IP addresses are geo-located with its domain and IP address ownership identified. Welp.


    ***dnl is tough on crime***