The 30th Chaos Communications Congress held at the end of December in Hamburg, Germany was an apt way to conclude 2013, a year filled with revelations of invasive US surveillance practices. With a record attendance of almost 8,000 hackers and activists, the Congress provided an inside look into the surveillance technology used by the National Security Agency (NSA), as well as other foreign governments, to spy on and monitor their people.
Jake Appelbaum, an Internet privacy activist and journalist, was a featured speaker at the conference and gave detailed information about how the NSA conducts its “truly scary” surveillance practices around the world.
One of the programs that Appelbaum expressed great concern about is called TURMOIL. It’s a new technology that spans the entire planet intercepting any electronic data that flows past it. Essentially, it’s a dragnet surveillance system that is used by the NSA in compliment with TURBINE, another program of questionable merit used to compromise Internet routers and localize cyber attacks.
In addition to this type of mass data collection, Appelbaum reports that the NSA engages in grossly unethical targeted data collection such as “close access operations”. These operations involve breaking into a target’s home and inserting monitoring hardware into their computer. This attack is undetectable by the user and can allow for monitoring as far as 8 miles away. Additionally, there are “off-net” operations that involve tampering with a target’s hardware while it is being shipped. Otherwise known as interdiction, this practice allows officials to attach hardware to the computer that is also virtually undetectable.
“There was a time in the past, where surveillance meant looking at anything at all,” said Appelbaum. “Now the NSA tries to say that it’s only surveillance if - after they collect it, record it to a database and analyze it with machines.”
According to security researchers Claudio Guarnieri and Morgan Marquis-Boire, who also presented at the conference, the US is not the only government to engage in these insidious surveillance practices. After being contacted by a Bahrain Watch activist who received a suspicious email, the pair found she was being targeted with Finfisher spying malware from the Gamma Corporation, a traditional government IT provider. Following this, they conducted research and scanned the Internet to find other Finfisher spying servers in 36 different countries. These servers were not simply malware either. Several servers involved entire surveillance programs that provided a multitude of spying capabilities, including converting a phone device into a microphone.
Guarnieri and Marquis-Boire presented other cases of foreign governments spying on human rights activists and journalists in such countries as Ethiopia, Malaysia, and Morocco. There has even been evidence of surveillance devices from American companies in Iran despite the multiple active sanctions on the country imposed by the US.
These examples expose an increasingly militarized Internet that is being used by governments against their people. It is not only the United States and it is not only the NSA. Invasive surveillance practices have become a human rights issue on an international scale.
“Fundamentally, when we talk about things like Internet freedom, tactical surveillance and strategic surveillance, we’re talking about control of people through the machinery they use,” Appelbaum said. “We can change this. We can turn this around by exposing it.”