Leaked Documents Show New Zealand Company's Connection To GCHQ's Internet Dragnet
from the build-a-better-data-scoop-and-the-world's-government-will-beat-a-path-to-you dept
Another stack of documents has been leaked to The Intercept, these ones detailing a little-known New Zealand company’s facilitation of worldwide surveillance.
Dozens of internal documents and emails from Endace, obtained by The Intercept and reported in cooperation with Television New Zealand, reveal the firm’s key role helping governments across the world harvest vast amounts of information on people’s private emails, online chats, social media conversations, and internet browsing histories.
Endace — like almost every other company in the literal spyware business — also seems willing to sell to the highest bidder, no matter where they sit on their home nation’s friends/enemies lists.
The leaked files, which were provided by a source through SecureDrop, show that Endace listed a Moroccan security agency implicated in torture as one of its customers. They also indicate that the company sold its surveillance gear to more than half a dozen other government agencies, including in the United States, Israel, Denmark, Australia, Canada, Spain, and India.
The documents now in The Intercept’s hands detail Endace’s work for GCHQ, assisting it in its quest to pull as much data and communications as it can from underseas cables which conveniently route about one-fourth of the world’s internet traffic into the waiting arms of the spy agency. These leaked documents were cross-referenced with The Intercept’s Snowden stash to confirm their legitimacy.
The documents show GCHQ asked Endace for several modifications of the stock product it originally presented to the agency. These alterations served one purpose: to build haystacks faster.
A November 2010 company document said that “FGA” [“friendly government agency”] had an order of 20 systems scheduled for delivery in March 2011. Each system was equipped with two “data acquisition” cards capable of intercepting 20Gs of internet traffic. The total capacity of the order would enable GCHQ to monitor a massive amount of data — the equivalent of being able to download 3,750 high-definition movies every minute, or 2.5 billion average-sized emails an hour.
Other info in the documents shows Endace and GCHQ were (are?) aiming for deployment of 300-500 of these systems, allowing the agency to pull in a large percentage of the traffic traveling through tapped underseas cables. There are also hints that suggest some data is more useful to the GCHQ than others, with WhatsApp, Facebook, Gmail, and Hotmail being specifically named. Also of importance to GCHQ: the ability to track targets by MAC address.
When Endace isn’t selling to “friendly” government surveillance agencies (and “friendly” governments with decades of human rights abuses under their belts), it’s also selling its interception technology to telcos to better assist them in complying with law enforcement requests.
Perhaps the most darkly comic aspect of all of this is that UK and New Zealand taxpayers are likely being double-dipped for surveillance efforts that encompass their own data and communications. Not only are they paying for the tech and ongoing collection efforts, but Endace was also awarded $11.1 million in government grants to defray 50% of the cost of “substantial product developments.” Endace isn’t saying which products were developed using these grants, and the New Zealand government says the company isn’t obligated to reveal how this money was spent.
Filed Under: gchq, new zealand, surveillance
Companies: endace
Comments on “Leaked Documents Show New Zealand Company's Connection To GCHQ's Internet Dragnet”
"We're not saying it was for spying but..."
but Endace was also awarded $11.1 million in government grants to defray 50% of the cost of "substantial product developments." Endace isn’t saying which products were developed using these grants, and the New Zealand government says the company isn’t obligated to reveal how this money was spent.
The company says nothing and the government, after handing out a grant to the tune of eleven million says the company doesn’t have to say… yeah, I’d say the default assumption should be that the ‘product developments’ were focused around spying until the company provides evidence to the contrary.
Its clear the governments will not be satisfied until they can either put an all seeing monitor in everyones homes or a chip in their brain.
How much longer will citizens stand for this sort of crap?
Re: Re:
Untill “encryption-by-design” becomes the standard for both computer software and network software. I don’t think the military complex has a real long-term ability to sustain the current pressure on private companies, since other countries in the world have been very definitive in their defence of encryption. They have been trying to capitalize on the Snowden revelations and has used it as their “only” demand in the negotiations on further openness. When they can’t even swing that now, I don’t think later will be possible either as the population is very slowly becoming more tech-savy than currently.
Re: Re:
long after they realize they let slave collars be shackled around their necks for the illusion of safety.
Re:
PM Elizabeth May’s Snooper’s Charter makes it clear that all
Britons are demoted from “Citizen” to “Subject” in her mind.
Once it passes [if it does] her tyrant’s dream becomes reality.
Re: Re: d'Oh! Typo
Elizabeth May is Canadian. Green Party.
Theresa May is the wannabe tyrant.
2.5 billion average-sized emails an hour
99,9% of it being innocuous communication and teens sexting.
Which would be less of an issue (from intel point of view) if they could precisely pinpoint whatever they wanted (they can’t). But that’s not the idea. When everybody is seen as a potential enemy (terrorist, activist, you name it) then it makes total sense.
Re: Re:
That should be 99.9% spam, 0.0999% innocuous and 0.0001% of interest to the security services.
Re:
Current terrorists are the explicit target today, but future politicians,
journalists and social activists are the real, intentional targets.
That’s what haystacks are for.
It allows them to build a mass dossier on everyone at once, without
being accountable for individual dossiers on any one person until
they need it for leverage.
$11.1 million
What a gift. I wish the government would just give *me* that kind of money.
pinpoint whatever they wanted
everybody is seen as a potential enemy
i think you are right. .this has nothing to do with outlaws and terrorists other than using said for justification. .they have met the enemy, and we are they: ordinary people living ordinary lives.
I never understood the habit of reporters to analogize the amount of data being downloaded to high-definition movies rather than a guesstimate at the number of people being surveiled. Associating surveillance to movies makes it more difficult to get laypersons to understand the severity of all this.
and we’re the pirates, the infringers and the thieves? i think the names need to be reallocated, dont you!
Honestly, the 20Gbit card is right there listed on the website: 10X4-P IE two ports for ingress and 2 port for egress traffic. I own a couple of their cards and they are pretty good with IDS systems (Security Onion/AlienVault), troubling shooting layer2-7 issues on the network. Rule of thumb is try to use SSL, VPNs, and anyother type of encryption before sending any data across the internet.
"separate MAC insertion by IP type"
This tells me they are not just
tracking via MAC. Tracking via MAC
requires the MAC to leak across
routers which tells me that they
are attacking tunneling VPNs and
that the encryption is broken.
And why would you need to insert
a MAC anyway? If you are doing
traffic injection into a connection
stream that is being transported
via a VPN (that is already pwned),
is a case that comes to mind.
Example: inserting malicious
javascript to do something like
rowhammer.js to get root.
New Zealand is part of the Five Eyes, “often abbreviated as FVEY, is an intelligence alliance comprising Australia, Canada, New Zealand, the United Kingdom and the United States. These countries are bound by the multilateral UKUSA Agreement, a treaty for joint cooperation in signals intelligence.”
“Despite the impact of Snowden’s disclosures, some experts in the intelligence community believe that no amount of global concern or outrage will affect the Five Eyes relationship, which to this day remains one of the most comprehensive known espionage alliances in history.”
Source: Wikipedia