Category Archives: GCHQ

GCHQ continues to use data techniques outlawed in U.S., say campaigners

The Guardian reports: GCHQ, the Cheltenham-based monitoring agency, is collecting “bulk personal datasets” from millions of people’s phone and internet records using techniques now banned in the US, according to Privacy International.

In a fresh legal claim filed at the Investigatory Powers Tribunal (IPT), the campaign group calls for an end to the harvesting of information about those who have no ties to terrorism and are not suspected of any crime.

The IPT is the judicial body that hears complaints about the intelligence services and surveillance by public organisations. The tribunal has received dozens of submissions in the wake of Edward Snowden’s revelations about interception of internet traffic by the US National Security Agency (NSA) and Britain’s GCHQ. [Continue reading…]

Facebooktwittermail

Intelligence officers in UK given immunity from hacking laws, tribunal told

The Guardian reports: GCHQ staff, intelligence officers and police have been given immunity from prosecution for hacking into computers, laptops and mobile phones under legislative changes that were never fully debated by parliament, a tribunal has been told.

The unnoticed rewriting of a key clause of the Computer Misuse Act has exempted law enforcement officials from the prohibition on breaking into other people’s laptops, databases, mobile phones or digital systems. It came into force in May.

The amended clause 10, entitled somewhat misleadingly “Savings”, is designed to prevent officers from committing a crime when they remotely access computers of suspected criminals. It is not known what category of offences are covered.

The act is primarily deployed to provide legal cover for domestic investigations. It is thought that individual warrants are not being obtained to justify each inquiry. Different legislation – section 7 of the Intelligence Services Act, nicknamed the “James Bond clause” – is believed to permit activities abroad that would otherwise be illegal. [Continue reading…]

Facebooktwittermail

GCHQ openly recruiting hackers as British government seeks more surveillance powers

Forbes: Now that the Conservative Party has secured a majority government in the UK, it’s pushing ahead with plans to expand the surveillance state with the Communications Data Bill, also known as Snooper’s Charter, which would require communications providers from BT to Facebook to maintain records of customers’ internet activity, text messages and voice calls for a year. This may have emboldened GCHQ, the British spy agency and chief NSA partner, which has, for the first time, openly called for applicants to fill the role of Computer Network Operations Specialists, also known as nation-state funded hackers.

According to a job ad for a Computer Network Operations Specialist, a student or graduate will have to have, or soon have, “a Bachelor’s or Master’s degree incorporating ethical hacking, digital forensics or information security”.

Facebooktwittermail

In 2008 Mumbai attacks, piles of spy data, but an uncompleted puzzle

Sebastian Rotella, James Glanz and David E. Sanger report: In the fall of 2008, a 30-year-old computer expert named Zarrar Shah roamed from outposts in the northern mountains of Pakistan to safe houses near the Arabian Sea, plotting mayhem in Mumbai, India’s commercial gem.

Mr. Shah, the technology chief of Lashkar-e-Taiba, the Pakistani terror group, and fellow conspirators used Google Earth to show militants the routes to their targets in the city. He set up an Internet phone system to disguise his location by routing his calls through New Jersey. Shortly before an assault that would kill 166 people, including six Americans, Mr. Shah searched online for a Jewish hostel and two luxury hotels, all sites of the eventual carnage.

But he did not know that by September, the British were spying on many of his online activities, tracking his Internet searches and messages, according to former American and Indian officials and classified documents disclosed by Edward J. Snowden, the former National Security Agency contractor.

They were not the only spies watching. Mr. Shah drew similar scrutiny from an Indian intelligence agency, according to a former official who was briefed on the operation. The United States was unaware of the two agencies’ efforts, American officials say, but had picked up signs of a plot through other electronic and human sources, and warned Indian security officials several times in the months before the attack.

What happened next may rank among the most devastating near-misses in the history of spycraft. The intelligence agencies of the three nations did not pull together all the strands gathered by their high-tech surveillance and other tools, which might have allowed them to disrupt a terror strike so scarring that it is often called India’s 9/11.

“No one put together the whole picture,” said Shivshankar Menon, who was India’s foreign secretary at the time of the attacks and later became the national security adviser. “Not the Americans, not the Brits, not the Indians.” [Continue reading…]

Facebooktwittermail

INCENSER, or how NSA and GCHQ are tapping internet cables

Peter Koop writes: Documents recently disclosed by Edward Snowden show that the NSA’s fourth-largest cable tapping program, codenamed INCENSER, pulls its data from just one single source: a submarine fiber optic cable linking Asia with Europe.

Until now, it was only known that INCENSER was a sub-program of WINDSTOP and that it collected some 14 billion pieces of internet data a month. The latest revelations now say that these data are collected with the help of the British company Cable & Wireless (codenamed GERONTIC, now part of Vodafone) at a location in Cornwall in the UK, codenamed NIGELLA.

For the first time, this gives us a view on the whole interception chain, from the parent program all the way down to the physical interception facility. Here we will piece together what is known about these different stages and programs from recent and earlier publications. [Continue reading…]

Facebooktwittermail

UK inquiry criticizes U.S. tech companies for failing to engage in counter-terrorism surveilance

Wired reports: GCHQ has direct access to “major internet cables” and has systems to monitor communications as they “traverse the internet” an official government report has revealed. The spy agency, which has been heavily criticised in the wake of the Snowden leaks, also admits that it has more data than it can handle. Despite these capabilities the government is being urged to massively expand its surveillance powers.

The details come from the Intelligence Security Committee’s inquiry (PDF) into the murder of the fusilier Lee Rigby by Michael Adebolajo and Michael Adebowale in Woolwich, London in 2013. While crucial details have been redacted for security reasons, the report still reveals the scale of the surveillance powers at GCHQ’s disposal.

Detailing GCHQ’s capabilities it notes that the spy agency has access to around “*** percent of global internet traffic and approximately *** percent of internet traffic entering or leaving the UK”. Despite the redactions the report does reveal that GCHQ is currently overwhelmed by the amount of data it has to process:

“The resources required to process the vast quantity of data involved mean that, at any one time, GCHQ can only process approximately *** of what they can access.”

The inquiry, which was set up to investigate what could have prevented Rigby’s murder, clears both M15 and M16 of any fault. It reveals that both Adebolajo and Adebowale were known to British security agencies, but that no action was taken. As both men were seen as low priority targets they were not subject to any specialist surveillance by GCHQ or any other agency.

The committee was far more damning in its assessment of an as-yet-unnamed US internet company. In December 2012 an exchange between Adebowale and an individual overseas revealed his intention to murder a soldier. The exchange was not seen by UK security services until after the attack. The report intimates that all overseas internet companies risk becoming a “safe haven for terrorists”.

“This company does not appear to regard itself as under any obligation to ensure that its systems identify such exchanges, or to take action or notify the authorities when its communications services appear to be used by terrorists.”

The Guardian identifies this company as Facebook.

The Wired report continues: “When the intelligence services are gathering data about everyone of us but failing to act on intelligence about individuals, they need to get back to basics, and look at the way they conduct targeted investigations,” said Jim Killock, executive director of online privacy advocates the Open Rights Group.

“The committee is particularly misleading when it implies that US companies do not cooperate, and it is quite extraordinary to demand that companies pro-actively monitor email content for suspicious material. Internet companies cannot and must not become an arm of the surveillance state.”

Facebooktwittermail

Want to avoid government malware? Ask a former NSA hacker

The Guardian reports: Many of the brightest minds from the National Security Agency and GCHQ staff tire themselves out from long years of service, moving out into the comfort of the private sector.

Unsurprisingly, the security industry welcomes them with open arms. After all, who better to hand out advice than alumni of two of the most sophisticated intelligence agencies on the planet?

A young British company called Darktrace, whose technology was spawned in the classrooms and bedrooms of Cambridge University, can now boast a covey of former spies among their executive ranks. Jim Penrose, who spent 17 years at the NSA and was involved in the much-feared Tailored Access Operations group (TAO), is one of Darktrace’s latest hires.

Though he declined to confirm or deny any of the claims made about TAO’s operations, including Edward Snowden leaks that showed it had hacked into between 85,000 and 100,000 machines around the world, Penrose spoke with the Guardian about how people might want to defend themselves from government-sponsored cyber attacks. [Continue reading…]

Facebooktwittermail

Yes, ISIS exploits technology. But that’s no reason to compromise our privacy

John Naughton writes: A headline caught my eye last Tuesday morning. “Privacy not an absolute right, says GCHQ chief”, it read. Given that GCHQ bosses are normally sensibly taciturn types, it looked puzzling. But it turns out that Sir Iain Lobban has retired from GCHQ to spend more time with his pension, to be followed no doubt, after a discreet interval, with some lucrative non-exec directorships. His successor is a Foreign Office smoothie, name of Robert Hannigan, who obviously decided that the best form of defence against the Snowden revelations is attack, which he mounted via an op-ed piece in the Financial Times, in the course of which he wrote some very puzzling things.

Much of his piece is a rehearsal of how good Isis has become at exploiting social media. Its members “use messaging and social media services such as Twitter, Facebook and WhatsApp, and a language their peers understand. The videos they post of themselves attacking towns, firing weapons or detonating explosives have a self-conscious online gaming quality. Their use of the World Cup and Ebola hashtags to insert the Isis message into a wider news feed, and their ability to send 40,000 tweets a day during the advance on Mosul without triggering spam controls, illustrates their ease with new media. There is no need for today’s would-be jihadis to seek out restricted websites with secret passwords: they can follow other young people posting their adventures in Syria as they would anywhere else.”

All of which is spot-on. From the very beginning, Isis fanatics have been up to speed on this stuff. Which raises an interesting question: how come that GCHQ and the other intelligence agencies failed to notice the rise of the Isis menace until it was upon us? Were they so busy hoovering metadata and tapping submarine cables and “mastering the internet” (as the code name of one of their projects puts it) that they didn’t have time to see what every impressionable Muslim 14-year-old in the world with an internet connection could see? [Continue reading…]

Facebooktwittermail

New GCHQ chief spouts fiery rhetoric but spying agenda is same as before

James Ball reports: The new chief of GCHQ, Robert Hannigan, had two options when taking his post. As a relative outsider, joining the organisation from the Foreign Office, he could choose to strike a new, conciliatory tack in the post-Snowden surveillance debate – or he could defend the agency’s practices.

Barely six days into the job, Hannigan has signalled he will go with the latter. In a Financial Times opinion piece, he went much further than his predecessor’s valedictory address in pushing the traditional spy agency pro-surveillance agenda.

US technology giants, he said, have become “the command-and-control networks of choice for terrorists and criminals”. Privacy “has never been an absolute right”. Even principles of free speech are terror aids: Isis are “capitalising on western freedom of expression”, he stated.

By the usually moribund rhetorical standards of senior UK intelligence officials, this is fiery stuff. But the agenda behind it is very much business as usual. The UK’s intelligence agencies take the approach that they will get little credit for protecting civil liberties, but would be on the receiving end of huge opprobrium were they to fail prevent an attack. As a result, they lobby successive governments every year for ever-more powers, a small step at a time. [Continue reading…]

Facebooktwittermail

Edward Snowden condemns Britain’s emergency surveillance bill

The Guardian reports: The NSA whistleblower Edward Snowden has condemned the new surveillance bill being pushed through the UK’s parliament this week, expressing concern about the speed at which it is being done, lack of public debate, fear-mongering and what he described as increased powers of intrusion.

In an exclusive interview with the Guardian in Moscow, Snowden said it was very unusual for a public body to pass an emergency law such as this in circumstances other than a time of total war. “I mean we don’t have bombs falling. We don’t have U-boats in the harbour.”

Suddenly it is a priority, he said, after the government had ignored it for an entire year. “It defies belief.”

He found the urgency with which the British government was moving extraordinary and said it mirrored a similar move in the US in 2007 when the Bush administration was forced to introduce legislation, the Protect America Act, citing the same concerns about terrorist threats and the NSA losing cooperation from telecom and internet companies. [Continue reading…]

Facebooktwittermail

GCHQ’s Middle East spy hub revealed

Wired.co.uk reports: It’s been alleged that GCHQ’s Middle East base, where it extracts communications information from regional undersea cables, is located in Seeb, a coastal village northeast of Muscat, Oman. This information has been concealed since August 2013, when details of the strategic operation were originally released by the Independent. The news surfaced around about the same time the UK government was piling the pressure on the Guardian over its Snowden leaks, pressure that culminated in the destruction of the paper’s hard drives storing that information. When Wired.co.uk asked Duncan Campbell — the investigative journalist behind the Register article revealing the Oman location — if he too had copies proving the allegations, he responded: “I won’t answer that question — given the conduct of the authorities.”

“I was able to look at some of the material provided in Britain to the Guardian by Edward Snowden last year,” Campbell, who is a forensic expert witness on communications data, tells us.

The timing of the release is obviously of note. The Register decided to detail the information on the one-year anniversary of Snowden’s initial revelations. This is despite “some media organisations” seemingly caving to government pressure and refusing to publish the Oman information. [Continue reading…]

Business Insider reports: Glenn Greenwald, who published the first stories based on Snowden’s documents in The Guardian, told Business Insider on Tuesday that Snowden has “no source relationship” with Campbell.

“Snowden has no source relationship with Duncan (who is a great journalist), and never provided documents to him directly or indirectly, as Snowden has made clear,” Greenwald said in an email. “I can engage in informed speculation about how Duncan got this document — it’s certainly a document that several people in the Guardian UK possessed — but how he got it is something only he can answer.”

Facebooktwittermail

GCHQ’s secret Middle East cable tapping base

At The Register, Duncan Campbell reports: Above-top-secret details of Britain’s covert surveillance programme – including the location of a clandestine British base tapping undersea cables in the Middle East – have so far remained secret, despite being leaked by fugitive NSA sysadmin Edward Snowden. Government pressure has meant that some media organisations, despite being in possession of these facts, have declined to reveal them. Today, however, the Register publishes them in full. [Continue reading…]

Since the information in this article has apparently not been reported by the Intercept and as yet there is no explanation why, once again we are left guessing how Glenn Greenwald and his colleagues determine what they will and will not report from the Snowden leaks.

Facebooktwittermail

GCHQ and NSA targeted private German companies

Der Spiegel reports: Documents show that Britain’s GCHQ intelligence service infiltrated German Internet firms and America’s NSA obtained a court order to spy on Germany and collected information about the chancellor in a special database. Is it time for the country to open a formal espionage investigation?

The headquarters of Stellar, a company based in the town of Hürth near Cologne, are visible from a distance. Seventy-five white antennas dominate the landscape. The biggest are 16 meters (52 feet) tall and kept in place by steel anchors. It is an impressive sight and serves as a popular backdrop for scenes in TV shows, including the German action series “Cobra 11.”

Stellar operates a satellite ground station in Hürth, a so-called “teleport.” Its services are used by companies and institutions; Stellar’s customers include Internet providers, telecommunications companies and even a few governments. “The world is our market,” is the high-tech company’s slogan.

Using their ground stations and leased capacities from satellites, firms like Stellar — or competitors like Cetel in the nearby village of Ruppichteroth or IABG, which is headquartered in Ottobrunn near Munich — can provide Internet and telephone services in even the most remote areas. They provide communications links to places like oil drilling platforms, diamond mines, refugee camps and foreign outposts of multinational corporations and international organizations.

Super high-speed Internet connections are required at the ground stations in Germany in order to ensure the highest levels of service possible. Most are connected to major European Internet backbones that offer particularly high bandwidth.

The service they offer isn’t just attractive to customers who want to improve their connectivity. It is also of interest to Britain’s GCHQ intelligence service, which has targeted the German companies. Top secret documents from the archive of NSA whistleblower Edward Snowden viewed by SPIEGEL show that the British spies surveilled employees of several German companies, and have also infiltrated their networks. [Continue reading…]

Facebooktwittermail

U.S. listed as enemy of the internet

a13-iconReporters Without Borders: Natalia Radzina of Charter97, a Belarusian news website whose criticism of the government is often censored, was attending an OSCE-organized conference in Vienna on the Internet and media freedom in February 2013 when she ran into someone she would rather not have seen: a member of the Operations and Analysis Centre, a Belarusian government unit that coordinates Internet surveillance and censorship. It is entities like this, little known but often at the heart of surveillance and censorship systems in many countries, that Reporters Without Borders is spotlighting in this year’s Enemies of the Internet report, which it is releasing, as usual, on World Day Against Cyber-Censorship (12 March).

Identifying government units or agencies rather than entire governments as Enemies of the Internet allows us to draw attention to the schizophrenic attitude towards online freedoms that prevails in in some countries. Three of the government bodies designated by Reporters Without Borders as Enemies of the Internet are located in democracies that have traditionally claimed to respect fundamental freedoms: the Centre for Development of Telematics in India, the Government Communications Headquarters (GCHQ) in the United Kingdom, and the National Security Agency (NSA) in the United States.

The NSA and GCHQ have spied on the communications of millions of citizens including many journalists. They have knowingly introduced security flaws into devices and software used to transmit requests on the Internet. And they have hacked into the very heart of the Internet using programmes such as the NSA’s Quantam Insert and GCHQ’s Tempora. The Internet was a collective resource that the NSA and GCHQ turned into a weapon in the service of special interests, in the process flouting freedom of information, freedom of expression and the right to privacy.

The mass surveillance methods employed in these three countries, many of them exposed by NSA whistleblower Edward Snowden, are all the more intolerable because they will be used and indeed are already being used by authoritarians countries such as Iran, China, Turkmenistan, Saudi Arabia and Bahrain to justify their own violations of freedom of information. How will so-called democratic countries will able to press for the protection of journalists if they adopt the very practices they are criticizing authoritarian regimes for? [Continue reading…]

Facebooktwittermail

How the NSA plans to infect ‘millions’ of computers with malware

f13-iconRyan Gallagher and Glenn Greenwald report: Top-secret documents reveal that the National Security Agency is dramatically expanding its ability to covertly hack into computers on a mass scale by using automated systems that reduce the level of human oversight in the process.

The classified files – provided previously by NSA whistleblower Edward Snowden – contain new details about groundbreaking surveillance technology the agency has developed to infect potentially millions of computers worldwide with malware “implants.” The clandestine initiative enables the NSA to break into targeted computers and to siphon out data from foreign Internet and phone networks.

The covert infrastructure that supports the hacking efforts operates from the agency’s headquarters in Fort Meade, Maryland, and from eavesdropping bases in the United Kingdom and Japan. GCHQ, the British intelligence agency, appears to have played an integral role in helping to develop the implants tactic.

In some cases the NSA has masqueraded as a fake Facebook server, using the social media site as a launching pad to infect a target’s computer and exfiltrate files from a hard drive. In others, it has sent out spam emails laced with the malware, which can be tailored to covertly record audio from a computer’s microphone and take snapshots with its webcam. The hacking systems have also enabled the NSA to launch cyberattacks by corrupting and disrupting file downloads or denying access to websites.

The implants being deployed were once reserved for a few hundred hard-to-reach targets, whose communications could not be monitored through traditional wiretaps. But the documents analyzed by The Intercept show how the NSA has aggressively accelerated its hacking initiatives in the past decade by computerizing some processes previously handled by humans. The automated system – codenamed TURBINE – is designed to “allow the current implant network to scale to large size (millions of implants) by creating a system that does automated control implants by groups instead of individually.” [Continue reading…]

Facebooktwittermail