UK Intelligence Using NSA Techniques To Spy On Citizens: Snowden
November 12, 2013

UK Intelligence Using NSA Techniques To Spy On Citizens: Snowden

Alan McStravick for - Your Universe Online

There can be no doubt the NSA has been, from a public trust and public relations point-of-view, marred by Edward Snowden and his slow and steady release of information to select media outlets. Now the intelligence agency emerging with a blackened eye is the UK's Government Communications Headquarters (GCHQ).

This latest revelation has been published in the German magazine Der Spiegel.

It all goes back to September. It was then that Belgian telecommunications firm Belgacom announced it believed its systems had been hacked by an intelligence agency. This assertion was made when it discovered a previously unidentified virus working its way through the system. And then only a month later, Belgacom revealed there had been unauthorized changes to one if its servers.

These would be interesting but far less relevant occurrences were it not for two important facts: Belgacom is responsible for supplying Internet and telecom connectivity to major European Union (EU) institutions that are based in Brussels and Belgacom operates a global roaming exchange (GRX), which is a hub for connections between different mobile networks.

Worldwide there are fewer than two dozen GRXs, making them very attractive hacking targets for intelligence and security operations. Belgacom, for instance, was singled out by GCHQ for its massive amount of data about mobile voice and data connections across Europe. While not yet confirmed, this latest revelation might further the explanation of how the NSA was able to tap into European leaders' personal mobile phones.

GCHQ, it was learned, was able to gain access via a technique known as Quantum Insert. This method was used by the NSA previously to attack users of the Tor anonymous-browsing network.

Internationally renowned security technologist, Bruce Schneier explained that the trick behind Quantum Insert's working relies upon the NSA's widely discussed but still shadowy “secret partnerships with US telecom companies.”

Schneier also says, “[Quantum Inserts] are hard for any organization other than the NSA to reliably execute, because they require the attacker to have a privileged position on the Internet backbone and exploit a ‘race condition’ between the NSA server and the legitimate website.”

It is this revelation that has many questioning whether GCHQ developed its own Quantum Insert abilities or if it worked in tandem with the NSA to pull off this feat.

Once the Quantum Insert is achieved, the intelligence agency creates a spoof server meant to respond faster than the server hosting the legitimate site it is mimicking. These spoof servers have been code-named “Fox Acid.” After an individual has been selected as a target and tries to access a specific site -- in this instance LinkedIn and Slashdot -- the spoof server serves up a dummy site that places malware on the target computer.

A separate GCHQ operation, code-named Wylekey, was designed to target companies tasked with performing mobile billing and administration for mobile operators. This technique is usually performed, and successfully so, by cyber criminals trying to obtain a user’s personal mobile connection data and access to encrypted links between these billing-clearinghouse companies and the mobile network operators they serve.

Schneier puts the entirety of the operations into perspective, saying, “Quantum, in turn, is part of a larger NSA spying program called Turmoil. The GCHQ Quantum Inserts are notable in that they rely on servers faster – and more strategically placed – than the popular websites they impersonate. Speed is of the essence.” He continued, “The reason the GCHQ targeted employees of GRX providers is that GRXs handle an incredible amount of global Internet traffic. [GRXs] therefore represent an efficient application of institutional resources. If spy agencies can get a hold of key GRX provider employees’ computers, they can use that as leverage (presumably through some combination of silent surveillance, compensation or blackmail) into the larger GRX infrastructure for more spying.”

And if you weren’t creeped out yet, the last bombshell in the Der Spiegel story quotes a GCHQ internal briefing document. In it the agency stated it hoped to use mobile phones’ unique identifiers to infect them with “implants.” The Der Spiegel article explained "implants" basically means they want to turn your phone into a bugging device.