Tinker, tailor, cyber spy: On modern surveillance technologies

What's on the market?

Documents relating to the vast array of products and services available and the companies providing them have been released recently by WikiLeaks in conjunction with Bugged Planet, Privacy International and media organisations from six countries.[1] This article analyses some of the data contained in these documents and profiles some of the companies behind them. The services provided by these companies can be grouped under five main areas: hacking, interception, data analysis, web scraping and anonymity.

Hacking

Hacking enables agents to break into computers and mobile phones, log keystrokes and access data. Companies developing these techniques often use 'malware' (software used to illegally steal people's personal or financial details). These 'trojans' “hijack individual computers and phones (including iPhones, Blackberries and Androids), take over the device, record its every use, movement, and even the sights and sounds of the room it is in.”[2] As offensive-security manager at HackingTeam SLR Marco Valleri puts it, the goal is to overcome the fact that most surveillance techniques are “useless against encryption and can't reach information that never leaves the device... We can defeat that.”[3]

One of the most notorious companies using such techniques is the UK's Gamma International, which has developed a range of products to grant clients access to personal computers, email, chats, Skype communications, social networking sites and mobile devices. The products work on most operating systems (Windows, Mac OSX and Linux) and bypass 40 regularly tested anti-virus programmes. All that needs to happen is to secretly infect a computer or device with this software, for which Gamma has developed a variety of methods, including falsifying updates of popular software in order to trick people into installing its programmes, or setting up fake websites which silently install the programmes onto visitors' computers. Links to these websites can be sent to a particular 'target' via a discussion board, for example, which would have been designed to catch their interest through previous profiling.

Another method, designed with intelligence agencies in mind, integrates Gamma's hacking tools within the Internet Service Provider itself, allowing Gamma to remotely infect particular websites, thereby installing the programmes on the computers of all those who visit the sites. Such websites can be selected according to specific criteria, for example those deemed 'government-offensive' or popular ones in certain communities. Once installed, the remote monitoring software can grant the client access to data about everything that the user is doing on the internet, including emails, web surfing, communications and even document transfers.[4]

Such methods can be employed not only against individuals but also on a mass scale. HackingTeam advertises its Remote Control System on the grounds that it “can monitor from a few and up to hundreds of thousands of targets” and that the “whole system can be managed by a single easy to use interface that simplifies day by day investigation activities.”[5]

Of course, websites try to develop defences against such malicious malware. However, companies like Vupen Security SA of France employ teams of researchers dedicated to finding 'unpatched vulnerabilities', i.e. security holes that the manufactures are not yet aware of in software created by Microsoft, Adobe, Sun, Apple, Oracle, Novell and others. Vupen's marketing documents note that it is meeting law enforcement agencies' need for “the most advanced IT intrusion research and the most reliable attack tools to covertly and remotely gain access to computer systems.”[6]

With such fast-developing technology, it seems very little is safe from the rather innocuously named 'IT intrusion', i.e. cyberspace spying. The capabilities of these technologies is truly chilling. In the words of David Vincenzetti, chief executive of HackingTeam, “You can infect anybody on the Internet... When the infection has taken place, you get full control... and that means you can extract any information from that device.”[7]

Interception

Interception has developed into taking all the traffic from the internet and mobile phones, and sending it through devices that inspect packets of data, determine their content, detect patterns, and select what to copy for law enforcement agencies. As Brian McCann, the CEO of New Jersey-based OnPath Technologies Inc, says, “We can take a copy of everything coming through our switch and dump it off to the FBI.”[8]

Such devices are becoming smaller and smaller, including ones that can fit inside a rucksack, yet can still masquerade as legitimate mobile phone base stations, and therefore enable the interception and decryption of SMS messages and phone calls within a radius of several hundred metres.[9] According to Eric King from Privacy International, such devices are marketed as “perfect tools during public order situations – allowing law enforcement agencies to unmask protesters without them even knowing.”[10] Such technology also allows authorities “to track phone users’ movements in real-time, without having to request location data from a mobile phone carrier.”[11] Location tracking has long been used by law enforcement agencies, usually relying on triangulation to locate the phone, by which the strength of signals between phones and nearby mobile phone towers are evaluated and the phone's location determined.

Interception technologies have also developed to overcome people's use of encrypted communication. For instance, PacketForensics has developed 'man in the middle' programmes, in which the attacker is placed between two computers communicating, enabling the attacker to monitor or alter communications, insert malicious software into the data transmissions, or gain access to any security passwords they may be using. In this way, the difficult task of decryption seems to be unnecessary and, as PacketForensics boasts, “Your investigative staff will likely collect its best evidence while users are lulled into a false sense of security.”[12]

Companies are also developing so-called 'massive intercept' technology, at country level, which can capture vast amounts of data extremely quickly. UK-based Telesoft Technologies Ltd boasts that its “highest density optical passive probe” can provide “targeted or mass capture of 10s of thousands of simultaneous conversations from fixed or cellular networks for law enforcement or intelligence purposes.”[13] Telesoft would either “hand off 100% of the data to law enforcement agencies” or, helpfully, “filter the data by target information to any level as required.” As Eric King notes, technology to tap the undersea cables that convey all the data and phone traffic between continents enables the “mass surveillance of entire populations”.[14] US-based Glimmerglass Network is one of the pioneers in this field, specialising in monitoring the internet and telecommunications data passed via fibre-optic cables, including the massive amounts of data and phone traffic passing through international gateways and submarine cable landing stations. In addition, the company offers sophisticated technology to draw ties between people who are communicating with each other and even get details of their chats.[15]

Data analysis

All these massive amounts of data require sophisticated data analysis technology in order for it to be useful. Corporations have been quick to exploit this 'need', developing powerful software to filter, store and analyse data. For instance, S8 has developed a programme to analyse data gleaned from social networking sites, called Social Network Analysis (SNA). This enables it to detect patterns, and thereby provide intelligence, about “the structure of the network and the importance of individuals within the network.” As the company's brochure notes, “Investigators are typically buried in volumes of data – SNA helps them put a structure around this turning it into useful information... investigators need new tools to both understand the patterns and relationships in the intercepted communications and to drill down and isolate individual communications relevant to the case.”[16]

Triangulating information from a variety of sources is used to build a fuller picture of a particular target or targets. Companies have even stepped in to facilitate high-tech and fast linguistic analysis. For instance, Italy-based Expert Systems has developed a specific programme, called Cognito, which “comprehends the meaning of information and finds hidden relationships, unlike traditional technologies that can only guess something using keywords.” As well as handling various different languages, the programme is able to differentiate between identical words but whose meaning changes according to context. Indeed, the programme is promoted for its being uncannily 'human' in its cognitive abilities: “Cognito understands the meanings of words – just as people do when they read.”[17]

Web scraping

Companies are also engaged in providing their clients with sophisticated technology for trawling publicly available sources on the internet, including government records, media reports, social-networking sites and other user-generated web content. This is called Open-Source Intelligence (OSINT) and is a crucial field to mine for information. In the words of Kapow Katalyst, “Mission critical data can reside in blogs, in news feeds, in social media.” Its software apparently enables clients to 'Harvest text in any language, images, audio, video from websites, blogs and social media,” while remaining “secure and non-attributable.”[18]

Technology is also available to trawl the 'Deep Web' or 'Invisible Web', that is, content on the internet that is not indexed by search engines and therefore much harder to find. Developed with governments in mind, this technology is now being marketed for commercial interests. BrightPlanet proudly notes it is “bringing its patented Deep Web harvesting technology to the commercial and research community through multiple service solutions,” including by trawling through the Deep Web, 'Proprietary Data sources', 'Customers' Internalem>Private Data sources' as well as 'the conventional Surface Web.”[19]

Whilst not hacking or intercepting private or classified information, this still yields a huge amount of personal information very quickly and is, therefore, of great use for companies, both for marketing purposes and to detect and spy upon anyone challenging their interests. Companies known to use such technology to profile anti-corporate activists include Agenda Security Services, Global Open, C2i, Inkerman Group and InQuire, among others.[20]

Anonymity

All this covert surveillance does not usually go down too well. For some investigations, secrecy is required, and a niche market has therefore developed for technology that hides the internet protocol (IP) addresses, allowing users to visit websites or build online profiles without disclosing their locations. Ironically, Ntrepid ION markets its software as a defensive measure against 'target websites' that employ surveillance techniques on government agencies: “Organizations that do not protect themselves are enabling criminals to uncover organizational affiliations, track online movement, and successfully counterattack based solely on the identification of the analyst's IP address.”[21]

The clients

So who uses these technologies? Most of this surveillance software is sold to governments – often called, rather euphemistically, 'law enforcement agencies' in company documents. But while much of the outrage focuses on its usage by commonly acknowledged repressive regimes, such as those of Egypt, Syria and Iran,[22] most of this technology is sold within so-called democratic states, such as the US and Western European countries, where the technology is first developed.

For instance, in 2011 it was revealed that London's Metropolitan Police had purchased new software made by Geotime that can track every movement a 'suspect' and their associates make in the digital world, displaying the results on a three-dimensional map.[23] The spying software, which is already used by the US military, gathers information from various sources including financial transactions, IP logs (internet usage), social networking sites, mobile phones and satellite navigation equipment.

The current UK coalition government, under pressure from the police and security services, has been pursuing this path further and is currently drafting legislation, originally penned by Labour in 2009 and dubbed as a 'snooping charter', to allow for the tracking of emails, text messages, Facebook and other internet use.[24] This seems an attempt to return to the days when we all used BT-owned landlines to communicate, allowing the police ready access to almost all communication in Britain. Now, “in the era of Google, Facebook and Twitter,” to quote Eric King, “the authorities have been cut off from significant chunks of people’s communications and a lot of data resides on foreign servers.”[25]

King describes this as “the kind of mass surveillance system favoured by Al-Assad, Mubarak and Gaddafi.”[26] The UK authorities are clearly emboldened by the use of social media tracking to facilitate convictions following the August riots, after which telecommunication companies such as Research in Motion (RIM), the makers of the BlackBerry, volunteered to 'help' the government identify their clients.[27] RIM has also negotiated to share BlackBerry Messenger data with the governments of India, Lebanon, Saudi Arabi and the United Arab Emirates.[28] This only goes to show how few scruples private companies have in relinquishing customer data to the state, and how much they can reveal even before using any high-tech surveillance technology.

However, companies often do not need to relinquish their information if technology is available to access it secretly. Skype has long been seen by activists as a secure way of communicating, as its powerful encryption technology makes it impervious to traditional wiretaps.[29] However, when Egyptian activists raided the headquarters of the state security agency in Cairo, they uncovered a secret memo about a trial taking place between August and December 2010 of a “high-level security system” made by Gamma, which reported “success in hacking personal accounts on Skype” and “recording voice and video conversations over the Internet”, as well as breaking into email accounts, tracking the location of a targeted computer and copying all of its contents.[30] The trial boasted of achieving “the successful penetration of their online organizational meetings... via encrypted Skype.” For the security forces, access to Skype calls was crucial because, as the memo states, it “counts as a safe and encrypted internet communication system to which most extremist groups have resorted to communicate with each other.” One activist, Basem Fathi, found files describing his love life which had been gleaned from intercepted emails and phone calls. Another, Israa Abdel Fattah, found in the agency file copies of her emails, transcripts of phone calls and text messages, and a list of companies where she had applied for jobs.

This was far from the only instance of multinational companies' meeting the spying needs of highly repressive regimes. In January 2011, shortly after the Egyptian uprising erupted, a report by Free Press revealed that Deep Packet Inspection (DPI) technology was sold to Egypt's main, state-owned telecommunications company by California-based company Narus.[31] Narus is best known for creating NarusInsight, a supercomputer system used by many governments and large corporations to perform mass surveillance and monitoring of public and commercial communications in real time. The technology, sometimes known as Semantic Traffic Analysis, is known for its ability to sift through vast quantities of information at very high speeds, identifying information packets 'of interest', with the ability to target customers by application (webmail, chat, e-mail client, Skype and so on) or by phone number, web address (URL), e-mail address, login account or keyword.[32] In 2006, the company's vice president for marketing, Steve Bannerman, told Wired magazine: “Anything that comes through [an IP network], we can record. We can reconstruct all of their e-mails along with attachments, see what web pages they clicked on, we can reconstruct their [Skype] calls.”[33]

Meanwhile, spyware containing a 'remote access tool' to remotely eavesdrop on calls and capture keystrokes was found to be distributed via a website named after the date the Libyan protests began. Other countries, such as Oman, Egypt, Iran and the United Arab Emirates block or partially block the use of Skype. And western companies, such as Narus and Bitek International Inc., both based in California, and German firm Ipoque GmbH, help out by providing them with products to detect and block any Skype usage. Bitek even admits it can capture Skype traffic and turn it over to governments for analysis. Similarly, Gamma, DigiTask GmbH, Hacking Team SLR and Switzerland's ERA IT Solutions AG have developed tools to eavesdrop on Skype calls, with Gamma and HackingTeam both marketing their software to governments outside Europe, including the Middle East. However, in Egypt at least, the dissenters seem to have won out for now. The documents found in the raid stated that the Interior Ministry had decided to go ahead with the purchase of the Gamma system in December 2010, but that the deal had never gone through because, as Mr Kadry, Gamma's reseller, put it, Egypt's revolution derailed it.[34]

Popular pressure can have an impact in other ways too. For instance, when it emerged that French company Amesys had been selling spyware to Gadhafi, it was forced to sell off its internet-interception equipment business after the Libyan revolution suddenly made this collaboration in repression a PR disaster for the company. As Ameys admitted, “The contract was concluded at a time when the international community was in the process of diplomatic rapprochement with Libya.”

But companies are not always required to take such scruples in who they sell their spyware to. Firms wishing to export surveillance technologies from Europe or the US do not currently require any sort of export licence. And when restrictions are in place, such as on exports to Syria, which is subject to strict trade sanctions, these can be overcome by selling to a re-seller company, in somewhere like Dubai, where an annual ISS World conference has “long served as a chance for Middle East nations to meet companies hawking surveillance gear.”[35]

Although the US government requires re-export licences for controlled devices, these rules seem to be rarely enforced, and companies claim not to track where their technology goes after an initial, legal sale.[36] This seems to be how equipment made by US company BlueCoat, which provides internet-blocking technology, found its way to Syria and was used to block sites such as the Muslim Brotherhood website and the-syrian.com, a website dedicated to news about the uprising. BlueCoat claims its devices were destined for the Iraqi government and is not aware of how they got to Syria. To quote Eric King again, “the complex network of supply chains and subsidiaries involved in this trade allows one after the other to continually pass the buck and abdicate responsibility.” Jerry Lucas, president of TeleStrategies Inc and organiser of the surveillance conference in Washington D.C. in October 2011, is particularly candid: “We don't really get into asking, 'Is this in the public interest?'”[37]

What can be done?

The result of all this explosion in surveillance technologies is effectively the militarisation of the Internet and mobile phone communications. In the words of Peter Fain, member of the hacktivist group TeleComix, which first exposed BlueCoat technology in Syria, “State surveillance using these devices has real world consequences... these machines can be as dangerous as a club or gun.”[38]

Still, it is important to note that such technologies are not invincible. As Eric King writes, “The surveillance systems used are very sophisticated, but they're not perfect. For example, creating multiple email addresses using different pseudonyms, and using online anonymity tools like Tor, will significantly enhance your security and privacy, while leaving your mobile phone at home when you attend protests or meetings will help prevent the automated tracking of your location.”

 

 

Company Profiles

 

Gamma Group Fellows House, 46 Royce Close, West Portway Industrial Estate, Andover, Hants, SP10 3TX, UK.

Sells: trojans/intrusive software, internet monitoring/mass surveillance, SMS monitoring, speech analysis/voice recognition.

The company's primary surveillance product is called FinFisher IT Intrusion. When inserted into a target's computer, this can grant access to its files and activities, and can even activate the computer's webcam and microphone to watch their target. It boasts that this can allow “a government agency to... take control of the target.” The technology was found to be used by Mubarak's regime in Egypt, though the company denies selling it directly to the Egyptian government.

 
Telesoft Technologies Ltd

Observatory House, Blandford, Dorset, DT11 9LQ, UK.

Sells: Internet monitoring/mass surveillance, SMS monitoring.

Telesoft Technologies specialises in 'massive intercept' monitoring, boasting that it can offer “targeted or mass capture of tens of thousands of simultaneous conversations from fixed or cellular networks.”

 
QinetiQ

QinetiQ Cody Technology Park, Ively Road, Farnborough, Hampshire, GU14 0LX, UK.

Sells: Internet monitoring/mass surveillance.

QinetiQ manufactures cyber surveillance products, claiming it provides “commercial organisations, national infrastructure utilities and government agencies” with tools to “protect themselves against crime, insider threats, terrorism and espionage.” Formerly part of the Ministry of Defence, the company has close government connections and, in February 2011, it was part of a trade delegation to Kuwait led by David Cameron and defence contractors BAE Systems and Thales UK.

 
Cobham Plc

Brook Road, Wimborne, Dorset, BH21 2BJ, UK.

Sells: SMS monitoring.

Cobham offers a system to identify and track a target through their mobile phone signal. In 2009 it won a Queen's Award for Enterprise for International Trade after trebling the size of its overseas exports in three years. The company has four divisions employing over 12,000 people on five continents, with customers and partners in more than 100 countries and annual revenue of £1.4bn. Its advanced surveillance technologies allow an agent to lock onto a target’s mobile phone and activate a “silent” call to keep the device “under their control”, or continually under supervision.

 
Detica

Surrey Research Park, Guildford, Surrey, GU2 7YP, UK.

Sells: Analytics.

Deica is part of Britain’s largest defence contractor, BAE Systems, and is “leading specialist in data collection and analytics, situational awareness and decision-support, and secure communication.” Its analysis product, NetReveal, enables the '‘rapid analysis of significant volumes of unstructured or semi-structured documents.” It was also behind the UK government's 2008 initiative Intercept Modernisatio Program (IMP), which aimed to expand the government's capability for interception and storage of communication data. The programme was dropped by the Labour government but has since been revived by the Con-Dem coalition government. The proposal includes the collection of data on phone calls, emails, web browsing and chatroom discussions. Detical also came under fire when questioned in parliament whether its equipment was being sold in Tunisia. Baroness Wilcox, under-secretary for the Department of Business, Innovation and Skills replied that Detica did not need permission to export this kind of equipment under the current UK export control regime and “the Government therefore have no information on what has been sold to the Government of Tunisia by Detica.”

 
Datong 1 Low Hall Business Park, Low Hall Road, Leeds, LS18 4EG, UK.

Sells: SMS monitoring

Datong provides mobile intelligence and signals intelligence abroad, including ‘IMSI catchers’ – a technology to remotely track mobile phones. In October 2011 it emerged that the Metropolitan Police had paid Datong £143,455 for equipment to track and intercept thousands of mobile phones in a targeted area via masquerading as a mobile phone network. The company already sells its technology to the US government and lists partners in Bangladesh, Colombia, Indonesia, Malaysia, Mexico, Thailand and Vietnam.

 
Sophos Plc

The Pentagon, Abingdon Science Park, Abingdon, OX14 3YP, UK.

Sells: Internet monitoring/mass surveillance.

Trumpeted by the UK Trade & Investment (UKTI) as one of Britain's “leading technology companies”, Sophos is a major player in the UK's computer security industry. It produces IT security such as antivirus systems, encryption and web and spam filtering, all of which could double as web-blocking software. For instance, hardware produced by German computer-security company Utimaco, which Sophos bought in 2009, was found to be used by the Assad regime to crack down on Syrian dissidents.

 

 

References

[1] ARD in Germany, The Bureau of Investigative Journalism in the UK, The Hindu in India, :'Espresso in Italy, OWNI in France and the Washington Post in the US. See here for all the documents: http://wikileaks.org/The-Spyfiles.html. In addition, in November 2011 the Wall Street Journal published documents from a corporate surveillance conference held near Washington D.C. see here: http://projects.wsj.com/surveillance-catalog/).

[2] http://wikileaks.org/the-spyfiles.html

[3] Quoted in http://online.wsj.com/article/SB10001424052970203611404577044192607407780.html

[4] See http://wikileaks.org/spyfiles/files/0/296_GAMMA-201110-FinFly_Web.pdf and http://wikileaks.org/spyfiles/files/0/289_GAMMA-201110-FinSpy.pdf

[5] See http://wikileaks.org/spyfiles/files/0/296_GAMMA-201110-FinFly_Web.pdf and http://wikileaks.org/spyfiles/files/0/289_GAMMA-201110-FinSpy.pdf

[6] http://projects.wsj.com/surveillance-catalog/documents/267761-documents-265202-vupen-exploits/#document/p1/a38929

[7] Quoted in http://online.wsj.com/article/SB10001424052702304520804576345970862420038.html

[8] http://projects.wsj.com/surveillance-catalog/documents/267794-documents-266211-onpath-technologies-lawful/#document/p1/a39169

[9] http://blog.soros.org/2012/02/the-spy-files-an-interview-with-eric-king/

[10] Ibid

[11] www.thebureauinvestigates.com/2011/12/01/surveillance-debunked-a-guide-to-the-jargon/

[12] http://wikileaks.org/spyfiles/files/0/276_PACKETFORENSICS-2009.pdf

[13] http://projects.wsj.com/surveillance-catalog/documents/267027-telesoft-technologies-hinton-5000-interceptor/

[14] http://blog.soros.org/2012/02/the-spy-files-an-interview-with-eric-king/

[15] http://projects.wsj.com/surveillance-catalog/documents/266923-track-1-thursday-glimmerglass-networks/

[16] http://wikileaks.org/spyfiles/files/0/207_SS8-SOCIALNETANALYS-201110.pdf

[17] http://projects.wsj.com/surveillance-catalog/documents/266173-expert-system-semantic-intelligence/#document/p1/a38606

[18] http://projects.wsj.com/surveillance-catalog/documents/266252-kapow-katalyst-for-osint/#document/p1/a39036

[19] http://projects.wsj.com/surveillance-catalog/documents/266243-brightplanet-the-deep-web/#document/p1/a38911

[20] www.corporatewatch.org/?lid=3869

[21] http://projects.wsj.com/surveillance-catalog/documents/267021-ntrepid-ion-mission-research-and-targeting/#document/p2/a39038

[22] See, for example, www.thebureauinvestigates.com/2011/11/30/uks-top-spies-approved-export-of-surveillance-technology-to-iran/

[23] www.guardian.co.uk/uk/2011/may/11/police-software-maps-digital-movements/print

[24] www.guardian.co.uk/world/2012/may/09/snoopers-charter-crime-bill-facebook

[25] www.thebureauinvestigates.com/2012/04/02/analysis-the-british-governments-new-plans-for-mass-surveillance/

[26] www.thebureauinvestigates.com/2012/04/02/analysis-the-british-governments-new-plans-for-mass-surveillance/

[27] http://blog.soros.org/2012/02/the-spy-files-an-interview-with-eric-king/

[28] Ibid

[29] http://online.wsj.com/article/SB10001424052702304520804576345970862420038.html

[30] Ibid

[31] www.freepress.net/press-release/2011/1/28/questions-raised-about-us-firms-role-egypt-internet-crackdown

[32] For more one the company and its products, see www.corporatewatch.org/?lid=3880

[33] www.wired.com/science/discoveries/news/2006/05/70914

[34] Ibid

[35] http://online.wsj.com/article/SB10001424052970203611404577044192607407780.html

[36] http://blog.soros.org/2012/02/the-spy-files-an-interview-with-eric-king/

[37] Quoted in http://online.wsj.com/article/SB10001424052970203611404577044192607407780.html

[38] www.thebureauinvestigates.com/2011/10/23/us-technology-used-to-censor-the-internet-in-syria/ * Information based on http://bigbrotherinc.org/v1/United%20Kingdom/ and www.thebureauinvestigates.com/2012/04/02/analysis-the-british-governments-new-plans-for-mass-surveillance/.