How safe are your emails and phone calls?
The 21st-century surveillance industry is hi-tech, sophisticated and terrifyingly pervasive, it is revealed in more than 200 brochures, presentations and other marketing materials published by WikiLeaks and Privacy International.
The gear on sale falls into four categories: location tracking of mobile phones and vehicles; hacking into computers and phones to monitor every keystroke; recording and storage of what’s being said on an entire telecommunication networks; and the analysis of vast swathes of data to track individual users.
A popular mobile phone tracking technology is an IMSI catcher, which allows the user to intercept mobile phones. These highly portable devices – which can be as small as a fist – can mask as a cell phone tower and emit a signal that can dupe thousands of mobile phones in a targeted area.
The user of the catcher can then intercept SMS messages, phone calls and phone data, such as unique phone identity codes that would allow them to track phone users’ movements in real-time, without having to request location data from a mobile phone carrier.
The Federal Bureau of Investigation (FBI), which uses these devices to track suspects, says it can do so without a court order. Many police forces around the world have also bought or are considering buying IMSI catchers – including the Metropolitan Police.
Other companies offer ‘passive’ surveillance devices that can be installed at phone exchanges, or even standalone equipment that can vacuum up all the mobile phone signals in an area without anyone knowing.
Specialised gadgets can be attached to a vehicle to track where it goes. While logistics and trucking companies have long used these devices to ensure on-time delivery of goods, Dorset-based Cobham sells ‘Orion Guardian’ covert devices that can be secretly attached to the bottom of a car. Hidden Technology, based in Essex, sells similar devices.
‘For years, there has been a gentleman’s agreement on how these technologies are used. The US and the UK know that the Chinese and the Russians are using IMSI catchers – but so are we,’ says Chris Soghoian, a Washington DC-based fellow at the Center for Applied Cybersecurity Research. ‘Each government believes that the benefit of being able to use it abroad outweighs the risk to their own citizens.
‘But today, anyone – a stalker or a private company – can show up in Chelsea or Tottenham Court Road and listen to everyone else,’ adds Soghoian. ‘It is time to switch to more encrypted systems that keep everyone safe.’
Several companies offer ‘Trojan’ software and phone ‘malware’ that allow the user to take control of a target’s computer or phone.
The software can be installed from a memory stick, or delivered remotely by disguising itself as an an email attachment or software update. Once in place, a user can rifle through a target’s files, log every keystroke a target makes, and even remotely turn on phone and computer microphones and cameras to spy on the target in real-time.
Hacking Team of Italy, Vupen Security in France, Gamma Group in the UK and SS8 in the US each offer such products, which they variously claim can hack the Apple iPhone, BlackBerry, Skype and the Microsoft operating system.
Hacking Team is probably the most public of these companies, advertising its ‘Remote Control System’ which can ‘monitor a hundred thousand targets’.
California-based SS8 claims its Intellego product allows security forces to ‘see what they see, in real time’ including a ‘target’s draft-only emails, attached files, pictures and videos.’
These types of technologies often rely on software vulnerabilities. While major software manufacturers claim to fix these vulnerabilities as soon as they are discovered, at least one company – Vupen – claims to have dedicated researchers in its ‘Offensive Solutions’ division who are constantly looking to exploit new security holes in popular software.
Hacking systems have recently surfaced in countries with repressive governments. A raid in March by democracy activists on the intelligence headquarters of Hosni Mubarak’s regime in Egypt uncovered contract documents for a hacking program called FinFisher that is marketed by Gamma Group, a company based in Hampshire. FinFisher is also marketed by Elaman, a German company with close links to Gamma.
Gamma Group said it did not FinFisher to Egypt.
A brochure from Elaman says governments can use its products to ‘identify an individual’s location, their associates and members of a group, such as political opponents’.
While hacking software is used to target individuals, other companies offer the ability to monitor and censor an entire country’s data or telecommunications network. Massive surveillance of this kind works by capturing everyone’s activities – whether you are a suspect or not – and then sifting through it for valuable information.
For example, US companies Blue Coat Systems and Cisco Systems offer corporate and government buyers the technology to filter out certain websites. This could potentially be utilised for other than commercial reasons, such as as political or cultural repression.
The same technologies can also be used to block social networking websites like Facebook, multimedia services like Flickr and YouTube, and internet phone services like Skype in repressive countries ranging from China to the United Arab Emirates.
An extension of this technology is ‘deep packet inspection’. This allows the user to scan web and email traffic and to search huge volumes of data for keywords or phrases.
Datakom, a German company, sells a product called Poseidon that offers the capability to ‘search and reconstruct… web, mail, instant messaging etc’. The company also claims Poseidon ‘collects, records and analyses VoIP calls’, such as Skype conversations.
Datakom, which offers ‘monitoring of a complete country’, says it has sold two ‘large IP monitoring’ systems to unnamed buyers in the Middle East and North Africa.
South African VASTech sells products including one called Zebra. This gives governments the ability to compress and store billions of hours of phonecalls and petabytes (a billion megabytes) of information for future analysis. In August, the Wall Street Journal reported that some VASTech devices had been installed at Libya’s international phone exchanges.
The ability to capture vast swathes of Internet traffic, the locations of individuals and their phone conversations has also created demand for sophisticated analysis tools by intelligence agencies, the military and the police, to use in criminal investigations and even in the battlefield.
For example, Speech Technology Center, based in Russia, claims to be capable of sifting through these huge quantities of information.
Czech Republic-based Phonexia says it has developed a similar voice-recognition program with the help of the Czech military, while Loquendo, based in Italy, uses ‘voice-prints’ – the unique signature of the human voice – to identify targets and tell you when they are on the phone.
© Copyright The Bureau of Investigative Journalism.
Content licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License.