State-sponsored hackers offer offensive capabilities
Government agents recently congregated with surveillance and telecommunications firms to purchase high-tech hacking tools at a secretive spy conference:
In a luxury Washington, DC, hotel last month, governments from around the world gathered to discuss surveillance technology they would rather you did not know about. The annual Intelligence Support Systems (ISS) World Americas conference is a mecca for representatives from intelligence agencies and law enforcement. But to the media or members of the public, it is strictly off limits.
Gone are the days when mere telephone wiretaps satisfied authorities' intelligence needs. Behind the cloak of secrecy at the ISS World conference, tips are shared about the latest advanced "lawful interception" methods used to spy on citizens – computer hacking, covert bugging and GPS tracking. Smartphones, email, instant message services and free chat services such as Skype have revolutionised communication. This has been matched by the development of increasingly sophisticated surveillance technology. [...]
The use of such methods is more commonly associated with criminal hacking groups, who have used spyware and trojan viruses to infect computers and steal bank details or passwords. But as the internet has grown, intelligence agencies and law enforcement have adopted similar techniques.
Last month, a scandal was uncovered in Germany where authorities were found to have deployed “Trojan horse” software:
On Saturday, the CCC announced that it had been given hard drives containing a "state spying software" which had allegedly been used by German investigators to carry out surveillance of Internet communication. The organization had analyzed the software and found it to be full of defects. They also found that it transmitted information via a server located in the US. As well as its surveillance functions, it could be used to plant files on an individual's computer. It was also not sufficiently protected, so that third parties with the necessary technical skills could hijack the Trojan horse's functions for their own ends. The software possibly violated German law, the organization said.
So-called Trojan horse software can be surreptitiously delivered by a harmless-looking e-mail and installed on a user's computer without their knowledge, where it can be used to, for example, scan the contents of a hard drive. […]
If the CCC's claims are true, then the software has functions which were expressly forbidden by Germany's highest court, the Federal Constitutional Court, in a landmark 2008 ruling which significantly restricted what was allowed in terms of online surveillance. The court also specified that online spying was only permissible if there was concrete evidence of danger to individuals or society.
In 2009, it was reported that a U.S. firm sold a telecom company spyware which was embedded in a routine software update to customers:
An update pushed out to BlackBerry users on the Etisalat network in the United Arab Emirates appears to contain remotely-triggered spyware that allows the interception of messages and emails, as well as crippling battery life.
Sent out as a WAP Push message, the update installs a Java file that one curious customer decided to take a closer look at, only to discover an application intended to intercept both email and text messages, sending a copy to an Etisalat server without the user being aware of anything beyond a slightly excessive battery drain.
Of course, this is all old hat for the U.S. government which in the 1980s not only deployed automated spying software but modified and sold it on the black market, allowing none other than Oliver North to track political opponents:
Lt. Col. Oliver North also may have been using the program. According to several intelligence community sources, PROMIS was in use at a 6,100-square-foot command center built on the sixth floor of the Justice Department. According to both a contractor who helped design the center and information disclosed during the Iran-Contra hearings, Oliver North had a similar, but smaller, White House operations room that was connected by computer link to the DOJ's command center.
Using the computers in his command center, North tracked dissidents and potential troublemakers within the United States as part of a domestic emergency preparedness program, commissioned under Reagan's Federal Emergency Management Agency (FEMA), according to sources and published reports. Using PROMIS, sources point out, North could have drawn up lists of anyone ever arrested for a political protest, for example, or anyone who had ever refused to pay their taxes. Compared to PROMIS, Richard Nixon's enemies list or Sen. Joe McCarthy's blacklist look downright crude. This operation was so sensitive that when Rep. Jack Brooks asked North about it during the Iran-Contra hearings, the hearing was immediately suspended pending an executive (secret) conference. When the hearings were reconvened, the issue of North's FEMA dealings was dropped.
By 2005, the Bush administration had expanded their list of undesirables to 8 million people:
While Comey, who left the Department of Justice in 2005, has steadfastly refused to comment further on the matter, a number of former government employees and intelligence sources with independent knowledge of domestic surveillance operations claim the program that caused the flap between Comey and the White House was related to a database of Americans who might be considered potential threats in the event of a national emergency. Sources familiar with the program say that the government’s data gathering has been overzealous and probably conducted in violation of federal law and the protection from unreasonable search and seizure guaranteed by the Fourth Amendment.
According to a senior government official who served with high-level security clearances in five administrations, “There exists a database of Americans, who, often for the slightest and most trivial reason, are considered unfriendly, and who, in a time of panic, might be incarcerated. The database can identify and locate perceived ‘enemies of the state’ almost instantaneously.” He and other sources tell Radar that the database is sometimes referred to by the code name Main Core. One knowledgeable source claims that 8 million Americans are now listed in Main Core as potentially suspect. In the event of a national emergency, these people could be subject to everything from heightened surveillance and tracking to direct questioning and possibly even detention.