Leaked Documents Show New Zealand Company's Connection To GCHQ's Internet Dragnet

from the build-a-better-data-scoop-and-the-world's-government-will-beat-a-path-to-you dept

Another stack of documents has been leaked to The Intercept, these ones detailing a little-known New Zealand company's facilitation of worldwide surveillance.

Dozens of internal documents and emails from Endace, obtained by The Intercept and reported in cooperation with Television New Zealand, reveal the firm’s key role helping governments across the world harvest vast amounts of information on people’s private emails, online chats, social media conversations, and internet browsing histories.

Endace -- like almost every other company in the literal spyware business -- also seems willing to sell to the highest bidder, no matter where they sit on their home nation's friends/enemies lists.

The leaked files, which were provided by a source through SecureDrop, show that Endace listed a Moroccan security agency implicated in torture as one of its customers. They also indicate that the company sold its surveillance gear to more than half a dozen other government agencies, including in the United States, Israel, Denmark, Australia, Canada, Spain, and India.

The documents now in The Intercept's hands detail Endace's work for GCHQ, assisting it in its quest to pull as much data and communications as it can from underseas cables which conveniently route about one-fourth of the world's internet traffic into the waiting arms of the spy agency. These leaked documents were cross-referenced with The Intercept's Snowden stash to confirm their legitimacy.

The documents show GCHQ asked Endace for several modifications of the stock product it originally presented to the agency. These alterations served one purpose: to build haystacks faster.

A November 2010 company document said that “FGA” ["friendly government agency"] had an order of 20 systems scheduled for delivery in March 2011. Each system was equipped with two “data acquisition” cards capable of intercepting 20Gs of internet traffic. The total capacity of the order would enable GCHQ to monitor a massive amount of data — the equivalent of being able to download 3,750 high-definition movies every minute, or 2.5 billion average-sized emails an hour.

Other info in the documents shows Endace and GCHQ were (are?) aiming for deployment of 300-500 of these systems, allowing the agency to pull in a large percentage of the traffic traveling through tapped underseas cables. There are also hints that suggest some data is more useful to the GCHQ than others, with WhatsApp, Facebook, Gmail, and Hotmail being specifically named. Also of importance to GCHQ: the ability to track targets by MAC address.

When Endace isn't selling to "friendly" government surveillance agencies (and "friendly" governments with decades of human rights abuses under their belts), it's also selling its interception technology to telcos to better assist them in complying with law enforcement requests.

Perhaps the most darkly comic aspect of all of this is that UK and New Zealand taxpayers are likely being double-dipped for surveillance efforts that encompass their own data and communications. Not only are they paying for the tech and ongoing collection efforts, but Endace was also awarded $11.1 million in government grants to defray 50% of the cost of "substantial product developments." Endace isn't saying which products were developed using these grants, and the New Zealand government says the company isn't obligated to reveal how this money was spent.

Filed Under: gchq, new zealand, surveillance
Companies: endace


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    That One Guy (profile), 25 Oct 2016 @ 1:38am

    "We're not saying it was for spying but..."

    but Endace was also awarded $11.1 million in government grants to defray 50% of the cost of "substantial product developments." Endace isn't saying which products were developed using these grants, and the New Zealand government says the company isn't obligated to reveal how this money was spent.

    The company says nothing and the government, after handing out a grant to the tune of eleven million says the company doesn't have to say... yeah, I'd say the default assumption should be that the 'product developments' were focused around spying until the company provides evidence to the contrary.

    reply to this | link to this | view in chronology ]

  • icon
    That Anonymous Coward (profile), 25 Oct 2016 @ 3:47am

    Its clear the governments will not be satisfied until they can either put an all seeing monitor in everyones homes or a chip in their brain.

    How much longer will citizens stand for this sort of crap?

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 25 Oct 2016 @ 4:22am

      Re:

      Untill "encryption-by-design" becomes the standard for both computer software and network software. I don't think the military complex has a real long-term ability to sustain the current pressure on private companies, since other countries in the world have been very definitive in their defence of encryption. They have been trying to capitalize on the Snowden revelations and has used it as their "only" demand in the negotiations on further openness. When they can't even swing that now, I don't think later will be possible either as the population is very slowly becoming more tech-savy than currently.

      reply to this | link to this | view in chronology ]

    • icon
      Padpaw (profile), 25 Oct 2016 @ 7:36am

      Re:

      long after they realize they let slave collars be shackled around their necks for the illusion of safety.

      reply to this | link to this | view in chronology ]

    • icon
      Aaron Walkhouse (profile), 25 Oct 2016 @ 9:24pm

      PM Elizabeth May's Snooper's Charter makes it clear that all
      Britons are demoted from "Citizen" to "Subject" in her mind.

      Once it passes [if it does] her tyrant's dream becomes reality.

      reply to this | link to this | view in chronology ]

  • icon
    Ninja (profile), 25 Oct 2016 @ 6:26am

    2.5 billion average-sized emails an hour

    99,9% of it being innocuous communication and teens sexting.

    Which would be less of an issue (from intel point of view) if they could precisely pinpoint whatever they wanted (they can't). But that's not the idea. When everybody is seen as a potential enemy (terrorist, activist, you name it) then it makes total sense.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 25 Oct 2016 @ 7:01am

      Re:

      That should be 99.9% spam, 0.0999% innocuous and 0.0001% of interest to the security services.

      reply to this | link to this | view in chronology ]

    • icon
      Aaron Walkhouse (profile), 25 Oct 2016 @ 9:39pm

      Current terrorists are the explicit target today, but future politicians,
      journalists and social activists are the real, intentional targets. ‌

      That's what haystacks are for.

      It allows them to build a mass dossier on everyone at once, without
      being accountable for individual dossiers on any one person until
      they need it for leverage. ‌

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 25 Oct 2016 @ 6:28am

    $11.1 million

    What a gift. I wish the government would just give *me* that kind of money.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 25 Oct 2016 @ 6:49am

    pinpoint whatever they wanted

    everybody is seen as a potential enemy

    i think you are right. .this has nothing to do with outlaws and terrorists other than using said for justification. .they have met the enemy, and we are they: ordinary people living ordinary lives.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 25 Oct 2016 @ 7:54am

    I never understood the habit of reporters to analogize the amount of data being downloaded to high-definition movies rather than a guesstimate at the number of people being surveiled. Associating surveillance to movies makes it more difficult to get laypersons to understand the severity of all this.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 25 Oct 2016 @ 8:22am

    and we're the pirates, the infringers and the thieves? i think the names need to be reallocated, dont you!

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 25 Oct 2016 @ 10:27am

    Honestly, the 20Gbit card is right there listed on the website: 10X4-P IE two ports for ingress and 2 port for egress traffic. I own a couple of their cards and they are pretty good with IDS systems (Security Onion/AlienVault), troubling shooting layer2-7 issues on the network. Rule of thumb is try to use SSL, VPNs, and anyother type of encryption before sending any data across the internet.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 25 Oct 2016 @ 11:01am

    "separate MAC insertion by IP type"

    This tells me they are not just
    tracking via MAC. Tracking via MAC
    requires the MAC to leak across
    routers which tells me that they
    are attacking tunneling VPNs and
    that the encryption is broken.

    And why would you need to insert
    a MAC anyway? If you are doing
    traffic injection into a connection
    stream that is being transported
    via a VPN (that is already pwned),
    is a case that comes to mind.

    Example: inserting malicious
    javascript to do something like
    rowhammer.js to get root.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 2 Nov 2016 @ 11:18am

    New Zealand is part of the Five Eyes, "often abbreviated as FVEY, is an intelligence alliance comprising Australia, Canada, New Zealand, the United Kingdom and the United States. These countries are bound by the multilateral UKUSA Agreement, a treaty for joint cooperation in signals intelligence."

    "Despite the impact of Snowden's disclosures, some experts in the intelligence community believe that no amount of global concern or outrage will affect the Five Eyes relationship, which to this day remains one of the most comprehensive known espionage alliances in history."

    Source: Wikipedia

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Close

Add A Reply

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Techdirt Gear
Shop Now: I Invented Email
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.