Security vendors help covert agencies spy on their own citizens: WikiLeaks

Documents show partnerships between developers and intelligence agencies

Yesterday WikiLeaks released 287 documents in what it calls The Spy Files, which describes as descriptions of the relationship between national intelligence agencies and the commercial software, security and surveillance companies they hired to provide technology that allows them to secretly listen in on cell phone conversations, text messages, email and other Internet traffic and location data.

Some even use voice-recognition technology to help identify the voices in conversations on which they eavesdrop, sometimes while looking for the opportunity to end some conversations by firing a missile to kill one of the participants.

Nearly all governments spy on their own citizens and on foreigners using surreptitious spyware on computers, cell phones, GPS devices and other modern electronic devices according to WikiLeaks founder Julian Assange said during a panel on espionage and digital security at a conference yesterday in London.

WikiLeaks has released 287 files documenting the relationships among intelligence agencies and monitoring-software developers whose products have been deployed surreptitiously but very, very widely in smartphones and computers, Assange said.

"Who here has a BlackBerry? Who here uses Gmail? Well you are all screwed!" Assange said. "The reality is intelligence contractors are selling right to countries around the world mass surveillance systems for all of those products."

The recently overthrown autocratic Kaddafi regime in Libya was the first government Assange cited, claiming Libya's secret police were able to keep tabs on dissidents living as far away as the U.S., Britain and Finland via spyware.

Democratic countries, wholesale domestic spying

Western governments are at least as accomplished as totalitarian regimes, however he said. British intelligence service MI5 uses voice recognition software in cell phones to identify who is at each end of a call, he charged.

Sypware from other agencies allows them to access location data from cell phones without making special requests to carriers, take secret photos of users and their surroundings, record or change the text of messages and record every keystroke on a particular phone, Assange said Monday at a conference held by the Bureau of Investigative Journalism held at the City University in London.

The 287 documents described covert activity by 160 security and surveillance companies in 25 countries. Most of the spyware is active even when the phones are in standby mode and can run on Android, iOS, Blackberry and Windows Mobile operating systems.

University of Cambridge researcher Steven Murdoch charged that intelligence agencies are spying on their own citizens not out of any suspicion that individuals among them are up to no good, but as a wholesale strategy to collect information on the assumption it may eventually be useful.

"We're seeing increasingly wholesale monitoring of entire populations with no suspicion of wrongdoing," Murdoch said during the panel session. Without controls on this industry, the threat that surveillance poses to freedom of expression and human rights in general is only going to increase."

The information comes mainly from a 2011 investigation by British non-governmental organization Privacy International, whose investigators gathered information about government-sponsored domestic digital espionage by posing as buyers to get private briefings, confidential background information, technical specifications and other data from many of the security and surveillance companies cited in the WikiLeaks revelations, according to TheRegister.

Privacy International's announcement of the report Big Brother Incorporated said investigators were shocked not only by the scope of the surveillance, but how open they were in talking about their work with secret government agencies and handing out documentation backing up their claims.

Agencies whose contracts are documented in the WikiLeaks release include the U.S. National Security Agency and England's Government Communications Headquarters.

I'm stunned you're killing people with my software that doesn't work

According to information released as The Spy Files at WikiLeaks, the NSA and CIA are among the most eager collectors of secret cell-phone and computer monitoring data. In January, the NSA began building a $1.5 billion facility in Utah to store "terabytes of domestic and foreign intelligence data forever and process it for years to come," according to the WikiLeaks announcement.

The CIA, for example, bought the right to use location-based analytics software called the Geospatial Toolkit from Intelligence Integration Systems, Inc. (IISI) in Massachusetts, according to WikiLeaks' documents.

The CIA also bought a version of the same software that had been reverse-engineered and hacked by former IISI business partner Netezza, Inc. The hacked version was designed to work while installed in remote-piloted drone aircraft such as the U.S. Air Force's Predator, which the CIA has consistently used to track and kill members of al-Queda and other terrorist groups in Pakistan and Afghanistan.

IISI's conclusion, stated in a lawsuit it lodged to stop Netezza from selling the hacked software, was that the CIA was using IISI's software to listen in to cell phone conversations being picked up by remote-piloted drones in the hope of locating specific terrorist targets and killing them using the Hellfire missiles carried by the drones.

The problem, according to testimony from IISI founder Rich Zimmerman, was that the Geospatial Toolkit could locate the source of each end of a conversation, but only within about 40 feet – far from the pinpoint accuracy that would allow an intelligence agency to kill one target with a reasonable expectation of not either missing or of killing bystanders.

Zimmerman's "reaction was one of stun, amazement that they (CIA) want to kill people with my software that doesn’t work."

Phone makers step up to help the government – any government

Another bit of convolution and conflict-of-interest inherent in the mesh of relationships described in The Spy Files is the complex relationship of phone manufacturers – most of which are multinational corporations – with various governments.

Most make the relationships as simple as possible: Phone manufacturers "are forthcoming when it comes to disclosing information to the authorities – no matter what the country."

Research in Motion, for example made offers to help identify users of its phones to the governments of India, Lebanon, Saudi Arabia, the United Arab Emirates as well as major Western countries.

The range of spyware, malware and monitoring of various governments is so broad in both technological and geographic scope that WikiLeaks presented the data not only in documents, but as a map that allows readers to scan which vendors were involved in which kinds of monitoring in which countries.

Cisco Systems, for example, is listed as helping with both computer and cell-phone monitoring. Nuance Technology – maker of Dragon Naturally Speaking speech recognition software – is listed as helping with cell-phone and speech analysis.

Of the six categories of monitoring – Internet, cell phone, trojan/malware-based, speech analysis, SMS and GPS tracking – the U.S. is one of very few companies represented in all but one.

The single method of monitoring the U.S. has not been documented to have used? Trojan/Malware-based spyware – a technique that lists only good, solid, democratic Western countries among its documented users: France, Germany, Italy, Ireland, The Netherlands and the U.K.

All this is, to say the least, disturbing. It's a clear betrayal of our trust in government, in our own vendors and the assumption of even the most cynical that if a government will spy on citizens no matter what is done to prevent it, at least the spying should be done on those suspected of wrongdoing.

If nothing else, that would be more efficient than just scooping up every byte of data they can reach and hope to find something useful in it later.

That's just a waste of resources.

However, neither the gross betrayal of intelligence agencies spying on their own citizens or the gross inefficiency of doing so without narrowing the target list to actual suspects may get the kind of attention and criticism they deserve today.

Given other revelations about security vulnerabilities in smartphones – ineffective security and privacy protections, purposeful monitoring by carriers and the complete lack of impact any of the dire revelations have had on sales of smartphones – widespread government spying on the innocent may have to stand in line behind a lot of other issues before anyone will have enough time to give it the amount of outrage it deserves.

This story, "Security vendors help covert agencies spy on their own citizens: WikiLeaks" was originally published by ITworld.

Copyright © 2011 IDG Communications, Inc.

It’s time to break the ChatGPT habit
Shop Tech Products at Amazon