Leaked Documents Show New Zealand Company's Connection To GCHQ's Internet Dragnet

from the build-a-better-data-scoop-and-the-world's-government-will-beat-a-path-to-you dept

Another stack of documents has been leaked to The Intercept, these ones detailing a little-known New Zealand company’s facilitation of worldwide surveillance.

Dozens of internal documents and emails from Endace, obtained by The Intercept and reported in cooperation with Television New Zealand, reveal the firm’s key role helping governments across the world harvest vast amounts of information on people’s private emails, online chats, social media conversations, and internet browsing histories.

Endace — like almost every other company in the literal spyware business — also seems willing to sell to the highest bidder, no matter where they sit on their home nation’s friends/enemies lists.

The leaked files, which were provided by a source through SecureDrop, show that Endace listed a Moroccan security agency implicated in torture as one of its customers. They also indicate that the company sold its surveillance gear to more than half a dozen other government agencies, including in the United States, Israel, Denmark, Australia, Canada, Spain, and India.

The documents now in The Intercept’s hands detail Endace’s work for GCHQ, assisting it in its quest to pull as much data and communications as it can from underseas cables which conveniently route about one-fourth of the world’s internet traffic into the waiting arms of the spy agency. These leaked documents were cross-referenced with The Intercept’s Snowden stash to confirm their legitimacy.

The documents show GCHQ asked Endace for several modifications of the stock product it originally presented to the agency. These alterations served one purpose: to build haystacks faster.

A November 2010 company document said that “FGA” [“friendly government agency”] had an order of 20 systems scheduled for delivery in March 2011. Each system was equipped with two “data acquisition” cards capable of intercepting 20Gs of internet traffic. The total capacity of the order would enable GCHQ to monitor a massive amount of data — the equivalent of being able to download 3,750 high-definition movies every minute, or 2.5 billion average-sized emails an hour.

Other info in the documents shows Endace and GCHQ were (are?) aiming for deployment of 300-500 of these systems, allowing the agency to pull in a large percentage of the traffic traveling through tapped underseas cables. There are also hints that suggest some data is more useful to the GCHQ than others, with WhatsApp, Facebook, Gmail, and Hotmail being specifically named. Also of importance to GCHQ: the ability to track targets by MAC address.

When Endace isn’t selling to “friendly” government surveillance agencies (and “friendly” governments with decades of human rights abuses under their belts), it’s also selling its interception technology to telcos to better assist them in complying with law enforcement requests.

Perhaps the most darkly comic aspect of all of this is that UK and New Zealand taxpayers are likely being double-dipped for surveillance efforts that encompass their own data and communications. Not only are they paying for the tech and ongoing collection efforts, but Endace was also awarded $11.1 million in government grants to defray 50% of the cost of “substantial product developments.” Endace isn’t saying which products were developed using these grants, and the New Zealand government says the company isn’t obligated to reveal how this money was spent.

Filed Under: , ,
Companies: endace

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Leaked Documents Show New Zealand Company's Connection To GCHQ's Internet Dragnet”

Subscribe: RSS Leave a comment
That One Guy (profile) says:

"We're not saying it was for spying but..."

but Endace was also awarded $11.1 million in government grants to defray 50% of the cost of "substantial product developments." Endace isn’t saying which products were developed using these grants, and the New Zealand government says the company isn’t obligated to reveal how this money was spent.

The company says nothing and the government, after handing out a grant to the tune of eleven million says the company doesn’t have to say… yeah, I’d say the default assumption should be that the ‘product developments’ were focused around spying until the company provides evidence to the contrary.

Anonymous Coward says:

Re: Re:

Untill “encryption-by-design” becomes the standard for both computer software and network software. I don’t think the military complex has a real long-term ability to sustain the current pressure on private companies, since other countries in the world have been very definitive in their defence of encryption. They have been trying to capitalize on the Snowden revelations and has used it as their “only” demand in the negotiations on further openness. When they can’t even swing that now, I don’t think later will be possible either as the population is very slowly becoming more tech-savy than currently.

Ninja (profile) says:

2.5 billion average-sized emails an hour

99,9% of it being innocuous communication and teens sexting.

Which would be less of an issue (from intel point of view) if they could precisely pinpoint whatever they wanted (they can’t). But that’s not the idea. When everybody is seen as a potential enemy (terrorist, activist, you name it) then it makes total sense.

Aaron Walkhouse (profile) says:


Current terrorists are the explicit target today, but future politicians,
journalists and social activists are the real, intentional targets. ‌

That’s what haystacks are for.

It allows them to build a mass dossier on everyone at once, without
being accountable for individual dossiers on any one person until
they need it for leverage. ‌

Anonymous Coward says:

Honestly, the 20Gbit card is right there listed on the website: 10X4-P IE two ports for ingress and 2 port for egress traffic. I own a couple of their cards and they are pretty good with IDS systems (Security Onion/AlienVault), troubling shooting layer2-7 issues on the network. Rule of thumb is try to use SSL, VPNs, and anyother type of encryption before sending any data across the internet.

Anonymous Coward says:

"separate MAC insertion by IP type"

This tells me they are not just
tracking via MAC. Tracking via MAC
requires the MAC to leak across
routers which tells me that they
are attacking tunneling VPNs and
that the encryption is broken.

And why would you need to insert
a MAC anyway? If you are doing
traffic injection into a connection
stream that is being transported
via a VPN (that is already pwned),
is a case that comes to mind.

Example: inserting malicious
javascript to do something like
rowhammer.js to get root.

Anonymous Coward says:

New Zealand is part of the Five Eyes, “often abbreviated as FVEY, is an intelligence alliance comprising Australia, Canada, New Zealand, the United Kingdom and the United States. These countries are bound by the multilateral UKUSA Agreement, a treaty for joint cooperation in signals intelligence.”

“Despite the impact of Snowden’s disclosures, some experts in the intelligence community believe that no amount of global concern or outrage will affect the Five Eyes relationship, which to this day remains one of the most comprehensive known espionage alliances in history.”

Source: Wikipedia

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...