“The Perfect Storm of Risks to Privacy”
Feel free to freak out:
Newly exposed Snowden documents reveal the NSA’s in-depth plan to “map the entire Internet — any device, anywhere, all the time.
So summarises Hackread, referring to recent revelations by Germany’s der Spiegel that NSA and GCHQ have hacked Germany’s main telecommunications provider Deutsche Telekom and several others. Amongst them, satellite companies like “Stellar, Cetel and IABG. Such providers offer satellite Internet connections to remote regions of the world.”
Apparently, the NSA and the GCHQ were able to obtain passwords for central servers of important Stellar customers (one of them was identified by Stellar employees from the documents Der Spiegel journalists showed them) which means that Stellar “and some of its customers, have been penetrated by the U.S. National Security Agency and British spy agency GCHQ.”
Just to stress how important this news is:
The significance of the theft is immense…. The information…. could allow the agencies to cut off Internet access to customers in, for example, Africa. It could also allow them to manipulate links and emails (emphasis added).
Granted, neither this, nor Treasure Map is exactly news.
In March, SPIEGEL reported on the large-scale attack by the British agency GCHQ on German satellite teleport operators Stellar, Cetel and IABG.
And the New York Times first reported on Treasure Map in November 2013, mentioning the “300,000 foot view of the Internet” the map apparently provides. That, in itself, is scary enough but looking at it in more detail should give anyone a sinking feeling.
The plan, it seems, is to “map routers, smartphones, fondleslabs and computers” which effectively, according to der Spiegel, means the agencies are building “a kind of Google Earth for global data traffic, a bird’s eye view of the planet’s digital arteries.”
The NSA’s presentation on Treasure Map, published online by The Intercept, reveals the grandiose intention behind the programme. It describes Treasure Map as a “massive internet mapping, exploration and analysis machine” and also simply says “It’s huge.”
[T]he map has close to real-time tracking abilities, allowing intelligence agencies belonging to the so-called “Five Eyes,” the U.S., the U.K., Canada, Australia and New Zealand, unprecedented access to devices that consumers take with them every day.
Now, wait just a minute! Does that mean that just like users of Google Earth can zoom in on every place on the planet and have a snoop around, the spooks could zoom in on any of our devices for a good nosey? Er, yes. According to der Spiegel by tapping into Deutsche Telekom and “smaller German carrier Netcologne [NSA and GCHQ have] – by extension – [also tapped into] the end devices of those companies’ subscribers,” aka us.
Greg Nojeim, Senior Counsel and Director of the Project on Freedom, Security & Technology at the Center for Democracy & Technology, calls it “the perfect storm of risks to privacy,” warning that it “seems that almost no computer is secure from it.”
And yes, this absolutely includes you or, as the NSA documents put it, “anyone, anytime, anywhere,” despite what the NSA has previously said about using Treasure Map only “to map foreign and U.S. Department of Defense networks in an effort to better understand computer networks.”
Importantly, the NSA “is [also] hacking into corporate servers and attacking global ISPs” and “lacing under surveillance the CEOs and other employees at telecom companies it considers vital to the infrastructure of the Internet”.
The infrastructure of the internet, i.e. the very groundwork of it – that’s what the agencies have got access to. And we already know, of course, that they have also undermined critical internet infrastructure by weakening encryption.
It gets even scarier when taking into account that, as der Spiegel writes: “Treasure Map can also help with “Computer Attack/Exploit Planning. As such, the program offers a kind of battlefield map for cyber warfare.”
Great, so after building SkyNet, which may launch the virtual equivalent of a missile without human intervention, and their own Google search engine, which makes information about us conveniently available to everyone with access (i.e. far too many people), the NSA and friends are now also building a Google Maps that allows them to see every device on the planet and plan cyber warfare. I cannot be the only one to whom this sounds a tad imperialistic?
I have previously commented on mapping and why it was such a big thing in colonial times: essentially to map a space is to assert control, to establish hegemony. Which, essentially, is what this is about. Again, this isn’t news. It’s not like they haven’t done this before: As der Spiegel reported on in the summer of 2013, “the GCHQ Network Analysis department [previously] penetrated deeply into the… network [of Belgian bank Belcacom] and that of its subsidiary BICS by way of hacked employee computers. They then prepared routers for cyber-attacks.”
But it having happened before makes it more rather than less concerning.
Foxtrot Uniform Charlie Kilo!
In fact, “Fuck!” as Stellar’s CEO Christian Steffen exclaimed, seems to be the appropriate response to the “scope of…Treasure Map”. The Intercept in its article features a short video documenting the reactions of Stellar employees when confronted with Snowden’s documents – seriously, look at their faces when they realise that they are being surveilled.
Steffen… said he considers the documents to constitute proof that his company’s systems were breached illegally. “The hacked server has always stood behind our company’s own firewall…The only way of accessing it is if you first successfully break into our network.”
Illegally being the term of note here, of course.
What is also interesting about the Intercept video is what Stellar’s people say about how in regions where you cannot lay cable, internet access is via satellite. Sounds as if, after intercepting traffic from transatlantic cables, the agencies are now intercepting traffic from their satellite equivalents as well. After all, in addition to GCHQ tapping undersea cables in the UK, “includ[ing] transatlantic cables that carry internet traffic between the US and Europe,” it was revealed last week that New Zealand’s GCSB – a Five Eyes partner – has been tapping New Zealand’s
main undersea cable link, the Southern Cross cable. This cable carries the vast majority of internet traffic between New Zealand and the rest of the world, and mass collection from it would mark the greatest expansion of GCSB spying activities in decades.
(More on New Zealand and Edward Snowden’s appearance at “Moment of Truth” in a separate post once I have time to watch the full video.)
Ironically, the Deutsche Telekom story comes after Germany cancelled its contract with Verizon earlier this year to allow the Telekom to pick up where Verizon left off, spy-free. Clearly, this constitutes what the Twitter community would refer to as an #epicfail.
Finally, Treasure Map not only “allows for the creation of an “interactive map of the global Internet” in “near real-time”, but
[e]mployees of the so-called “FiveEyes” intelligence agencies from Great Britain, Canada, Australia and New Zealand, which cooperate closely with the American agency NSA, can install and use the program on their own computers (emphasis added).
So basically, with Treasure Map, the NSA and the GCHQ are building an all-encompassing Google Maps of the Internet, enabling them to see all our devices, everywhere all the time, their employees can play around with it on their home computers – and they have potentially obtained some of the information they need for that by illegal means.
Instil confidence? No, not in me either.
As befits pirates, I suppose. And pirates, it seems, is what the Treasure Map inventors fancy themselves to be. Once again, the NSA’s demonstrates its flair for drama when it comes to naming its programmes – and designing logos: “a skull superimposed onto a compass, the eye holes glowing in demonic red.” To complement that they also have programmes called BLACKPEARL and JOLLYROGER – what more do you need to know?