Share/E-mail This Story

Email This

This feature is only available to registered users. Register or sign in to use it.



New Leaks Show NSA, GCHQ Infiltrating Private German Companies

from the tapping-the-world dept

Der Spiegel and The Intercept have just released more leaked NSA documents, this time covering the surveillance of foreign officials. This is the sort of thing we expect the NSA to be doing, although perhaps without targeting our allies. (Germany's Angela Merkel is on the list, something that will come as no surprise to anyone.)

Here's Der Spiegel's screencap of part of the list, showing Merkel's name along with several others. (122 officials are targeted altogether.)


Perhaps the most notable thing about the list is that it's sorted alphabetically by first name, which seems to fly in the face of logical filing systems. It's also not solely limited to intercepted phone calls. Der Spiegel notes that the information gathered also includes faxes and computer-to-computer communications.

While some may steer away criticism by nothing this is the expected behavior of a national intelligence agency (or paint it as worthless "espionage porn"), it's worth noting that those in affected, "friendly" countries aren't going to find the "public interest" angle of these revelations quite limited as the NSA's defenders will. There's a lot of subjective territory out there once you get past the "US only" mindset.

What's more troubling is the remainder of the Der Spiegel report, which details the NSA's and GCHQ's infiltration of German private companies in order to turn their products into surveillance tools.
One top-secret GCHQ paper claims the agency sought "development of in-depth knowledge of key satellite IP service providers in Germany."

The document, which is undated, states that the goal of the effort was developing wider knowledge of Internet traffic flowing through Germany. The 26-page document explicitly names three of the German companies targeted for surveillance: Stellar, Cetel and IABG…

Intelligence workers in Bude also appear to have succeeded in infiltrating competitor Cetel. The document states that workers came across four "servers of interest" and were able to create a comprehensive list of customers…

The firm IABG in Ottobrunn appears to have been of particular interest to the intelligence service -- at least going by a short notation that only appears next to the Bavarian company's name. It notes, "this may have already been looked at by NSA NAC," a reference to the NSA's network analysis center.
IABG is a private company that performs contract work for the German government, including the military. GCHQ apparently hacked one of its ground satellite stations in order to gain access to communications. The British spy agency has delivered its usual "strict legal and policy framework" response to the leaked documents, which appear to show more corporate espionage being performed under the color of "national security."

That the NSA and GCHQ would subvert foreign companies in order to access communications is also, sadly, unsurprising. Whether or not this can truly be considered economic espionage remains to be seen, although one German federal prosecutor seems willing to examine that angle.
"I am currently reviewing whether reasonable suspicion even exists for an actionable criminal offense," [Harald Range] told the newspaper. "Only if I can affirm that can I then address the question of whether a judiciary inquiry would run contrary to the general public interest -- a review required for any espionage-related crime" in Germany.
What can be gleaned from this is fact that not buying American means nothing when it comes to NSA/GCHQ-proofing your network. Combined with the recent revelations about the NSA's infiltration of Huawei, it appears there are few communications companies these two agencies haven't subverted. Not buying US tech may keep the NSA away momentarily, but the ongoing cooperation of various national intelligence services means it's only a matter of time.


Reader Comments (rss)

(Flattened / Threaded)

  1.  
    icon
    Jay (profile), Mar 31st, 2014 @ 3:10pm

    Old sayings...

    Well, with friends like this...

     

    reply to this | link to this | view in thread ]

  2.  
    identicon
    Anonymous Anonymous Coward, Mar 31st, 2014 @ 3:19pm

    What's it gonna take?

    It appears they compromised software, but does that include firmware? Does everyone need to do a ground up build of their software, firmware, or both? What's that gonna cost those companies, and therefore their customers?

    Is there a way other than open source to certify something as not 'built NSA tough'?*

    *Sorry Ford.

     

    reply to this | link to this | view in thread ]

  3.  
    identicon
    Anonymous Coward, Mar 31st, 2014 @ 3:22pm

    Is this NSA a public company? For the sake of their shareholders they should be charging for the industrial intelligence they produce.

     

    reply to this | link to this | view in thread ]

  4.  
    identicon
    zip, Mar 31st, 2014 @ 3:45pm

    Greenwald intimidation?

    I find it interesting that Glenn Greenwald's new site was quick to comment on Der Spiegel's article, even though Greenwald has all those same documents himself and could have written about it long ago if he wanted to.

     

    reply to this | link to this | view in thread ]

  5.  
    icon
    Mike Masnick (profile), Mar 31st, 2014 @ 3:51pm

    Re: Greenwald intimidation?

    I find it interesting that Glenn Greenwald's new site was quick to comment on Der Spiegel's article, even though Greenwald has all those same documents himself and could have written about it long ago if he wanted to.

    Doubtful at best. Greenwald and others have noted, many times, that going through all of the documents, understanding what they mean and doing thorough reporting on them before releasing them is a time-intensive process.

    That's why they shared the documents with so many others.

     

    reply to this | link to this | view in thread ]

  6.  
    identicon
    Anonymous Coward, Mar 31st, 2014 @ 4:31pm

    I wonder if sorting alphabetically by first name PROVES that there is no oversight, or that sorting alphabetically by first name IS the oversight.

     

    reply to this | link to this | view in thread ]

  7.  
    identicon
    zip, Mar 31st, 2014 @ 5:10pm

    Re: Re: Greenwald intimidation?

    There's also safety in numbers. While he might deny being intimidated, I'm sure the pressure is taking a toll in some fashion, and I'd be surprised if Greenwald isn't extremely glad to see other news media report these leaks. Not for beating him to the "scoop" - but by making him a smaller target (as I'm sure he'd like to travel outside of Brazil someday without fear of arrest).

    I don't quite buy the "time-intensive process" argument. It's not as if a newspaper -like any business- can't assign extra people to an important project to speed things up. Even Wikileaks (which is unburdened by the time demands of investigative reporting) separates and spreads out their releases so they will get more individual attention in the press, and as a whole, stay in the public eye much longer than if they were all released together as one massive dump. Had Snowden given his stash to Wikileaks, I don't know if the overall timetable of 'NSA hijinks' revelations becoming public knowledge would be drastically different.

     

    reply to this | link to this | view in thread ]

  8.  
    identicon
    Anonymous Coward, Mar 31st, 2014 @ 7:21pm

    Not buying US will certainly make to money go to companies which have an active interest in keeping their security updated from any intrusion attacks, as opposed to the bootloader level access built into the hardware by american manufacturers I guess. I think this a nice platform for non american manufacturers to exploit, "We don't build hardware for the NSA"

     

    reply to this | link to this | view in thread ]

  9.  
    identicon
    Anonymous Coward, Mar 31st, 2014 @ 8:23pm

    Say what? Sorted by first names? WTF, no wonder they missed whole Crimea stuff.

     

    reply to this | link to this | view in thread ]

  10.  
    identicon
    Anonymous Coward, Mar 31st, 2014 @ 11:33pm

    Re: Old sayings...

    ...Who needs anemones?

     

    reply to this | link to this | view in thread ]

  11.  
    identicon
    Anonymous Coward, Mar 31st, 2014 @ 11:36pm

    Re: Re: Re: Greenwald intimidation?

    The largest question here is - 'who do you trust?' This is the problem that Snowden initially faced upon reporting to his superiors, that Greenwald and others have faced in these leaks the whole time.

    The NSA have not only seriously weakened cryptographic prevention systems, but have also decided to turn to criminality in order to progress the cause of collecting all of the blackmail material available

     

    reply to this | link to this | view in thread ]

  12.  
    identicon
    Anonymous Coward, Apr 1st, 2014 @ 12:56am

    "trust us, we will use it only to fight terrorism."

     

    reply to this | link to this | view in thread ]

  13.  
    icon
    Julian (profile), Apr 1st, 2014 @ 1:31am

    Espionage Porn?

    Not so much Espionage Porn as Espionage Popcorn. Please send some more as I'm running out.

     

    reply to this | link to this | view in thread ]

  14.  
    identicon
    Anonymous Coward, Apr 1st, 2014 @ 3:46am

    Sorting

    I never understood the point of sorting by the last name. Sorting by the first name (actually by the whole name as written) makes much more sense than arbitrarily reordering parts of the name so the last name comes first and then sorting.

    If my name is "Joćo Silva", nobody calls me "Silva, Joćo". Everybody calls me just "Joćo" unless there is a need to disambiguate (in that case they call me "Joćo Silva"). Sorting by "Joćo" first then "Silva" makes much more sense.

     

    reply to this | link to this | view in thread ]

  15.  
    identicon
    Anonymous Coward, Apr 1st, 2014 @ 6:44am

    Re: Sorting

    Or you live in parts of the world were the name order is the other way around e.g. korea,...

     

    reply to this | link to this | view in thread ]

  16.  
    identicon
    Anonymous Coward, Apr 1st, 2014 @ 7:06am

    Angela Merkel this woman seriously can't catch a break.

     

    reply to this | link to this | view in thread ]

  17.  
    icon
    John Fenderson (profile), Apr 1st, 2014 @ 8:12am

    Re: Sorting

    It's more a custom than anything else, but there is a practical side. I sort the address book in my phone by last name because last names are more distinctive and it makes it easier to find the person I'm looking for. If I'm looking for "Joe Schmoe", there's probably only one "Schmoe" but multiple "Joe"s to look through.

     

    reply to this | link to this | view in thread ]

  18.  
    identicon
    Anonymous Coward, Apr 1st, 2014 @ 10:23pm

    Re: What's it gonna take?

    "Is there a way other than open source"

    Nope. If you want to trust a commercial company, then you have to find one that is knowledgeable about computer security, plus has strong morals. Good luck with that.

    Corporate sociopaths are everywhere. If you want to deal with decent people, then open source is it. Most open source programmers are devoted followers of RMS and are not in it for the money.

     

    reply to this | link to this | view in thread ]

  19.  
    identicon
    Pragmatic, Apr 3rd, 2014 @ 5:59am

    Re:

    Voted funny.

     

    reply to this | link to this | view in thread ]

  20.  
    identicon
    Anonymous Coward, Apr 3rd, 2014 @ 1:21pm

    B-b-b-b-b-b-b-ut nazis!

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
Advertisement
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
Advertisement
Recent Stories
Advertisement
Support Techdirt - Get Great Stuff!

Close

Email This

This feature is only available to registered users. Register or sign in to use it.