Inside the shadow world of commercialised spook spyware
'We'll penetrate commsats, undersea cables, Skype ...'
Exclusive Western and Chinese high-tech companies are competing aggressively to sell, install and manage intrusive and dangerous internet surveillance and communications control equipment for the world’s most brutal regimes, a six-month investigation has found.
During 2011, investigators from Privacy International, a London-based NGO, infiltrated a circuit of closed international surveillance equipment marketing conferences, obtaining private briefings and technical product specifications from contract-hungry sales executives. The group will publish its data and document haul on the net today, in conjunction with other campaigners.
The scale and audacity of the proposals in many of the companies’ documents and hand-out DVDs is breathtaking. They describe and offer for unrestricted sale technologies which were in existence a decade ago, but which were held in utmost secrecy by major intelligence agencies such as the US National Security Agency (NSA) and Britain’s GCHQ.
Over 150 international companies now trading in this sector have been identified during the research. The majority of them did not exist or were not offering electronic surveillance products, even in the early noughties.
Companies exhibiting at the shows now openly offer to target and break specific international commercial communications satellites, including Thuraya (covering the Middle East), Iridium satellite phones, and Marlink’s VSAT. Commercial satellite intercept was previously the almost exclusive turf of GCHQ and NSA’s Echelon satellite interception network.
Other companies offer routinely to install malware on phones and PCs, to break SSL encryption on web connections and A5 crypto on mobile phones, or to break into high-capacity optical fibre networks.
Glimmerglass Networks Inc from Silicon Valley presented in Washington last month on “optical cyber solutions”. These include splicing into optical fibres at “submarine cable landing stations”, “international gateways” and POP or peering points. The techniques used for these operations were developed secretly by the NSA in the 1990s, and have hitherto been a closely guarded secret.
Pushing their “Intelligent Optical System” surveillance system last month, Glimmerglass claimed that its customer intelligence agencies “gain rapid access, not just to signals, but to individual wavelengths on those signals. An LEA [Law Enforcement Agency] operator can quickly and easily select any signal from hundreds, send that signal to a de-multiplexer for access to one of the many wavelengths inside, and then distribute the desired wavelengths as needed. The IOS can make perfect photonic copies of optical signals for simultaneous distribution to grooming equipment and probes for comprehensive analysis”.
Their show included “probes and sniffers” that started with “photonic copies” and ended up with huge personal network displays, including personal connectivity analysis from web logs, webmail and Facebook.
To monitor all of everyone’s communications traffic, the company has claimed, “you need to do much of it optically ... You can pick some off cell phones. But the top of the [intelligence gathering] funnel is coming through optically ... you need to manage that.”
Glimmerglass was formed in 2000. In the same year, long before 9/11 and on the opposite bank of San Francisco Bay, AT&T engineers working for NSA were installing optical fibre taps inside a major San Francisco city internet exchange, tapping into US west coast peering points and switches for the global internet.
In European and US shows over the last six months, Hacking Team of Milan and Gamma International, a controversial British company, have offered customers including police and intelligence agencies explicit hacking attacks including “stealth spyware for infecting and monitoring computers and smartphones” and lectures on “applied hacking techniques used by government agencies”.
Next week at the latest ISSWorld show in Kuala Lumpur, Hacking Team will be pushing its “Remote Control System 7 – the ultimate cyber-intelligence solution for covertly monitoring computers and smartphones”. They have also provided “in-depth, live demonstration(s) of infection vectors and attack techniques”.
RCS7 is claimed to be “invisible to most protection systems”, “resistant to system restoration technologies” and “proven” to be able to intercept mail and web traffic including Skype and PGP.
In Britain in January, at a government invitation-only Farnborough show, Security and Policing 2012, organised by the Home Office’s Centre for Applied Science and Technology (CAST), Gamma Group are billed as presenting their “unique” “FinFisher IT Intrusion products”, which they claim “contain the most comprehensive online research and infection functionality found in any other solution [sic]".
FinFisher also claim that their “superior training at Gamma’s IT Intrusion Training Institute" differentiates Gamma International as the leading company in the field of cyber surveillance and counter surveillance. In fact, the company appears to be operating from a tiny trading estate warehouse in Andover (Google Earth document).
A little warehouse in Hampshire... Investigators have pinpointed the location of FinFisher's HQ (Google Earth document).
Since the PI investigation was planned a year ago, equipment, plans and manufacturers’ braggadocio about the power of their kit has have been recovered by Arab insurgents who have toppled governments in Cairo, Tripoli and elsewhere. More revelations are expected as the Arab Spring progresses.
After the collapse of the Mubarak regime in Egypt in April, insurgents broke into the State Security Investigations (SSI) branch. Among the batons and torture equipment recovered was a €250,000 proposal from Finfisher to install its “Finspy” hacker kit.