1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
|
title: UK government claims power for broad, suspicionless hacking of computers and phones
date: 2015-03-17 21:18:00
updated: 2015-03-17 23:57:51
author: vollkorn
tags: update, pressemitteilung
The British Government has admitted its intelligence services have the broad power to hack into personal phones, computers, and communications networks, and claims they are legally justified to hack anyone, anywhere in the world, even if the target is not a threat to national security nor suspected of any crime.
<!-- TEASER_END -->
These startling admissions come from a government court document
published today by [Privacy
International](https://www.privacyinternational.org/). \[1\] The
document was filed by the government in response to two court cases
initiated last year against GCHQ that challenge the invasive
state-sponsored hacking revealed by Edward Snowden. \[2\] In the
document, the Government outlines its broad authority to infiltrate
personal devices and the networks we use everyday.
Buried deep within the document, Government lawyers claim that while the
intelligence services require authorisation to hack into the computer
and mobile phones of "intelligence targets", GCHQ is equally permitted
to break into computers anywhere in the world even if they are not
connected to a crime or a threat to national security.
Such powers are a massive invasion of privacy. Hacking is the modern
equivalent of entering someone's house, searching through her filing
cabinets, diaries and correspondence, and planting devices to permit
constant surveillance in future. If mobile devices are involved, the
government can obtain historical information including every location
visited in the past year and the ongoing surveillance will capture the
affected individual wherever they go.
Additionally, the intelligence services assert the right to exploit
communications networks in covert manoeuvres that severely undermine the
security of the entire internet. The deployment of such powers is
confirmed by recent news stories detailing how GCHQ hacked into Belgacom
using the malware Regin, and targeted Gemalto, the world's largest maker
of SIM cards used in countries around the world.
The court document relies heavily on a draft code on "equipment
interference", which was quietly released to the public on the same day
that the Investigatory Powers Tribunal (IPT) found that GCHQ had
previously engaged in unlawful information sharing with the United
States' National Security Agency.
For the past decade, GCHQ have been involved in state-sponsored hacking,
or "Computer Network Exploitation", without this code being available to
the public. This lack of transparency is a violation of the requirement
that the intelligence services act in accordance with law. The draft
code has not yet been approved by Parliament, and is open for public
comment until 20 March 2015.
Last week's ISC report admits for the first time that GCHQ relies on
security vulnerabilities, including, zero-day vulnerabilities, for its
CNE operations, but redacts the exact number of vulnerabilities
disclosed.
Privacy International assisted in filing two separate complaints to the
IPT challenging GCHQ's widespread hacking. The first, in which Privacy
International is the claimant, centres around GCHQ and the NSA's
reported power to infect potentially millions of computer and mobile
devices around the world with malicious software that gives them the
ability to sweep up reams of content, switch on users' microphones or
cameras, listen to their phone calls and track their locations. It is
the first UK legal challenge to the use of hacking tools by intelligence
services.
The second complaint was filed by seven internet service and
communications providers from around the world, who are calling for an
end to GCHQ's exploitation of network infrastructure in order to
unlawfully gain access to potentially millions of people's private
communications. The complaint, filed by Riseup (US), GreenNet (UK),
Greenhost (Netherlands), Mango (Zimbabwe), Jinbonet (Korea), May
First/People Link (US), and the Chaos Computer Club (Germany), is the
first time that internet and communication providers have taken
collective action against GCHQ's targeting, attacking and exploitation
of network communications infrastructure.
Cedric Knight of GreenNet said:
"Our joint action has already resulted in the intelligence services
publishing their interpretation of UK law. Unfortunately what has been
revealed is not pretty. There is nothing in GCHQ's response to reassure
us that they are not targeting our staff or equipment. We remain
extremely concerned that Ed Snowden was right about GCHQ having the most
intrusive capabilities of any security agency, and about exactly how
widespread their computer network exploitation may be, and the risks to
network security and the privacy, freedom and safety of internet users
around the world."
Jan Girlich, spokesperson for the Chaos Computer Club, Germany, said:
"It is apparent that GCHQ feels it has unlimited powers and does not
care to work within its legal framework. Hacking of network
infrastructure and people’s phones and devices for claimed national
security reasons is actually undermining the IT security on a structural
level. It leaves our infrastructure vulnerable and the people’s personal
information in the hands of a secret service not bound to the law,
wielding massive power over everybody they wish. Declaring infiltration
and hacking of arbitrary computers worldwide legal by publishing the
rules under which these activities happen, does not make it right. Mass
surveillance and hacking is still wrong and must be stopped."
May First/People Link said:
"The Internet is a technology that breaks through the destructive
barriers of national borders by providing each of us access to the
thinking and experiences of the rest of humanity but some governments
use this borderless state to abuse rights and effectively pervert the
concept of access to experience. May First joins with our colleagues in
combating that perversion."
Korean Progressive Network Jinbonet said:
"It's really surprising that the British Government claims that they can
lawfully hack anyone in the world even without any suspicion.
Intelligence agencies of each country including GCHQ and National
Intelligence service of Korea seem to forget for whom and for what they
have to serve. National security which is not based on rule of law and
human rights would serve only the interest of the powerful."
Links:
- \[1\] [Open response in GCHQ
complaint](/system/uploads/174/original/Privacy_Greennet_Open_Response_6_Feb_2015.pdf)
(pdf)
- \[2\] [Chaos Computer Club files complaint against
GCHQ](http://ccc.de/en/updates/2014/chaos-computer-club-klagt-gegen-gchq)
- \[3\] [Global surveillance and hacking
disclosures](http://en.wikipedia.org/wiki/Global_surveillance_disclosures_%282013%E2%80%93present%29)
(2013–present)
|
