Monday, March 31, 2014

New Leaks Show NSA, GCHQ Infiltrating Private German Companies

from the tapping-the-world dept

Der Spiegel and The Intercept have just released more leaked NSA documents, this time covering the surveillance of foreign officials. This is the sort of thing we expect the NSA to be doing, although perhaps without targeting our allies. (Germany's Angela Merkel is on the list, something that will come as no surprise to anyone.)

Here's Der Spiegel's screencap of part of the list, showing Merkel's name along with several others. (122 officials are targeted altogether.)


Perhaps the most notable thing about the list is that it's sorted alphabetically by first name, which seems to fly in the face of logical filing systems. It's also not solely limited to intercepted phone calls. Der Spiegel notes that the information gathered also includes faxes and computer-to-computer communications.

While some may steer away criticism by nothing this is the expected behavior of a national intelligence agency (or paint it as worthless "espionage porn"), it's worth noting that those in affected, "friendly" countries aren't going to find the "public interest" angle of these revelations quite limited as the NSA's defenders will. There's a lot of subjective territory out there once you get past the "US only" mindset.

What's more troubling is the remainder of the Der Spiegel report, which details the NSA's and GCHQ's infiltration of German private companies in order to turn their products into surveillance tools.
One top-secret GCHQ paper claims the agency sought "development of in-depth knowledge of key satellite IP service providers in Germany."

The document, which is undated, states that the goal of the effort was developing wider knowledge of Internet traffic flowing through Germany. The 26-page document explicitly names three of the German companies targeted for surveillance: Stellar, Cetel and IABG…

Intelligence workers in Bude also appear to have succeeded in infiltrating competitor Cetel. The document states that workers came across four "servers of interest" and were able to create a comprehensive list of customers…

The firm IABG in Ottobrunn appears to have been of particular interest to the intelligence service -- at least going by a short notation that only appears next to the Bavarian company's name. It notes, "this may have already been looked at by NSA NAC," a reference to the NSA's network analysis center.
IABG is a private company that performs contract work for the German government, including the military. GCHQ apparently hacked one of its ground satellite stations in order to gain access to communications. The British spy agency has delivered its usual "strict legal and policy framework" response to the leaked documents, which appear to show more corporate espionage being performed under the color of "national security."

That the NSA and GCHQ would subvert foreign companies in order to access communications is also, sadly, unsurprising. Whether or not this can truly be considered economic espionage remains to be seen, although one German federal prosecutor seems willing to examine that angle.
"I am currently reviewing whether reasonable suspicion even exists for an actionable criminal offense," [Harald Range] told the newspaper. "Only if I can affirm that can I then address the question of whether a judiciary inquiry would run contrary to the general public interest -- a review required for any espionage-related crime" in Germany.
What can be gleaned from this is fact that not buying American means nothing when it comes to NSA/GCHQ-proofing your network. Combined with the recent revelations about the NSA's infiltration of Huawei, it appears there are few communications companies these two agencies haven't subverted. Not buying US tech may keep the NSA away momentarily, but the ongoing cooperation of various national intelligence services means it's only a matter of time.

No comments:

Post a Comment