NEW documents from Edward Snowden published in the United States show how Britain’s GCHQ has been involved in developing spyware that can take over an individual computer or mobile phone and spy on its owner.
While separate revelations from Vodafone last week that spooks and police have an active “listening pipe” into its communications were chilling, papers from the US National Security Agency reveal how Britain’s eavesdroppers have moved on from intercepting outbound communications to actively developing “implants” – pieces of malware which infect a targeted computer or phone and take anything from it the spying services want.
These implants then “own” the target’s hardware and can read email, turn on a computer’s microphone as a transportable bug or the webcam to take photos, as well as download huge amounts of data. For the individual who is targeted, it is like having a live bugging operation about their person or in their home. Such widespread snooping could be done on millions of computers, according to the NSA, which describes it as “aggressive”.
The implants infect a computer without the user’s knowledge via spam email or by redirecting the user’s browser to a fake Facebook server. The NSA documents revealed by Snowden show that GCHQ, via its listening station at Menwith Hill in Yorkshire, took the lead in ensuring that anyone who had visited Yahoo or Hotmail could be infected with an implant. The potential for such all-encompassing snooping prompted GCHQ to remark in a document dated April 2013 that its involvement in such practices “may be in jeopardy due to British legal/policy restrictions”.
Meanwhile, a profitable industry has sprung up in the UK selling the same sort of spying know-how pioneered at GCHQ – often to some very dubious regimes.
Gamma TSE, for example, is a UK company owned by the mysterious and somewhat elusive Louthean John Nelson, a 53-year-old security consultant resident in Lebanon who does not appear on the UK electoral role, and Derek Alan Myers, a 53-year-old security consultant resident in Surrey. Their several businesses operate from their accountant’s offices in Winchester.
It was a subsidiary of Gamma TSE, Finfisher Limited, owned by Nelson, that sold the FinSpy software which also uses implants to take control of computers and mobile phones, and which came to the UK government’s attention in 2012. It is not known if the technology was a spin off from GCHQ; but business secretary Vince Cable told the company it needed a military export licence to sell its wares outside the EU. As a result Finfisher wound itself up in the UK, and Gamma opened a sales company in Switzerland.
A commercial offer for Finfisher spyware was found in the looted buildings of the Egyptian secret police before the revolution, at a cost of €333,607 for just two “workstations”. An installation and commissioning document has also been found for Turkmenistan, a country whose former president ordered gold statues to be made of himself and who made North Korea look sane.
The only regulation the UK has of this complex area is via retired high court judge Sir Anthony May, who serves as the “interception of communications commissioner” and occasionally tells police and security services to cut the number of wiretaps they use. So that’s all right, then.