Leaked Documents Show New Zealand Company's Connection To GCHQ's Internet Dragnet
from the build-a-better-data-scoop-and-the-world's-government-will-beat-a-path-to-you dept
Another stack of documents has been leaked to The Intercept, these ones detailing a little-known New Zealand company's facilitation of worldwide surveillance.
Dozens of internal documents and emails from Endace, obtained by The Intercept and reported in cooperation with Television New Zealand, reveal the firm’s key role helping governments across the world harvest vast amounts of information on people’s private emails, online chats, social media conversations, and internet browsing histories.
Endace -- like almost every other company in the literal spyware business -- also seems willing to sell to the highest bidder, no matter where they sit on their home nation's friends/enemies lists.
The leaked files, which were provided by a source through SecureDrop, show that Endace listed a Moroccan security agency implicated in torture as one of its customers. They also indicate that the company sold its surveillance gear to more than half a dozen other government agencies, including in the United States, Israel, Denmark, Australia, Canada, Spain, and India.
The documents now in The Intercept's hands detail Endace's work for GCHQ, assisting it in its quest to pull as much data and communications as it can from underseas cables which conveniently route about one-fourth of the world's internet traffic into the waiting arms of the spy agency. These leaked documents were cross-referenced with The Intercept's Snowden stash to confirm their legitimacy.
The documents show GCHQ asked Endace for several modifications of the stock product it originally presented to the agency. These alterations served one purpose: to build haystacks faster.
A November 2010 company document said that “FGA” ["friendly government agency"] had an order of 20 systems scheduled for delivery in March 2011. Each system was equipped with two “data acquisition” cards capable of intercepting 20Gs of internet traffic. The total capacity of the order would enable GCHQ to monitor a massive amount of data — the equivalent of being able to download 3,750 high-definition movies every minute, or 2.5 billion average-sized emails an hour.
Other info in the documents shows Endace and GCHQ were (are?) aiming for deployment of 300-500 of these systems, allowing the agency to pull in a large percentage of the traffic traveling through tapped underseas cables. There are also hints that suggest some data is more useful to the GCHQ than others, with WhatsApp, Facebook, Gmail, and Hotmail being specifically named. Also of importance to GCHQ: the ability to track targets by MAC address.
When Endace isn't selling to "friendly" government surveillance agencies (and "friendly" governments with decades of human rights abuses under their belts), it's also selling its interception technology to telcos to better assist them in complying with law enforcement requests.
Perhaps the most darkly comic aspect of all of this is that UK and New Zealand taxpayers are likely being double-dipped for surveillance efforts that encompass their own data and communications. Not only are they paying for the tech and ongoing collection efforts, but Endace was also awarded $11.1 million in government grants to defray 50% of the cost of "substantial product developments." Endace isn't saying which products were developed using these grants, and the New Zealand government says the company isn't obligated to reveal how this money was spent.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: gchq, new zealand, surveillance
Companies: endace
Reader Comments
Subscribe: RSS
View by: Time | Thread
"We're not saying it was for spying but..."
but Endace was also awarded $11.1 million in government grants to defray 50% of the cost of "substantial product developments." Endace isn't saying which products were developed using these grants, and the New Zealand government says the company isn't obligated to reveal how this money was spent.
The company says nothing and the government, after handing out a grant to the tune of eleven million says the company doesn't have to say... yeah, I'd say the default assumption should be that the 'product developments' were focused around spying until the company provides evidence to the contrary.
[ link to this | view in chronology ]
How much longer will citizens stand for this sort of crap?
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Britons are demoted from "Citizen" to "Subject" in her mind.
Once it passes [if it does] her tyrant's dream becomes reality.
[ link to this | view in chronology ]
d'Oh! Typo
Elizabeth May is Canadian. Green Party. Theresa May is the wannabe tyrant.
[ link to this | view in chronology ]
2.5 billion average-sized emails an hour
99,9% of it being innocuous communication and teens sexting.
Which would be less of an issue (from intel point of view) if they could precisely pinpoint whatever they wanted (they can't). But that's not the idea. When everybody is seen as a potential enemy (terrorist, activist, you name it) then it makes total sense.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
journalists and social activists are the real, intentional targets.
That's what haystacks are for.
It allows them to build a mass dossier on everyone at once, without
being accountable for individual dossiers on any one person until
they need it for leverage.
[ link to this | view in chronology ]
$11.1 million
[ link to this | view in chronology ]
pinpoint whatever they wanted
everybody is seen as a potential enemy
i think you are right. .this has nothing to do with outlaws and terrorists other than using said for justification. .they have met the enemy, and we are they: ordinary people living ordinary lives.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
"separate MAC insertion by IP type"
tracking via MAC. Tracking via MAC
requires the MAC to leak across
routers which tells me that they
are attacking tunneling VPNs and
that the encryption is broken.
And why would you need to insert
a MAC anyway? If you are doing
traffic injection into a connection
stream that is being transported
via a VPN (that is already pwned),
is a case that comes to mind.
Example: inserting malicious
javascript to do something like
rowhammer.js to get root.
[ link to this | view in chronology ]
"Despite the impact of Snowden's disclosures, some experts in the intelligence community believe that no amount of global concern or outrage will affect the Five Eyes relationship, which to this day remains one of the most comprehensive known espionage alliances in history."
Source: Wikipedia
[ link to this | view in chronology ]