Lebanese spy agency used Android app to spy on thousands, say researchers

GDGS EFF LookoutThe spy agency of Lebanon used a virus designed for the Android mobile operating system to compromise the cell phones of thousands of people in at least 20 countries, according to a new mobile security report. The 50-page report was published on Thursday by a team of researchers from Lookout, a mobile security company, and the Electronic Frontier Foundation in Washington, DC. In an accompanying press release, the researchers said that the virus, which they named Dark Caracal, has been in existence for at least six years. They added that it was traced to a building in Beirut belonging to the General Directorate of General Security (GDGS), Lebanon’s primary external intelligence agency.

According to the Lookout/EFF research team, the trojanized phone application was camouflaged as a secure messaging service, resembling popular applications like Signal or WhatsApp. However, once an Android user downloaded it, it gave remote users access to the compromised phone’s cameras and microphone, thus turning it into a bugging device. The virus also stole email and text messages, pins and passwords, lists of contacts, call logs, photographs, as well as video and audio recordings stored on the compromised device. The report states that compromised devices were found in over 20 countries, including Lebanon, France, Canada, the United States and Germany. The majority of those targeted by the virus were civilian and military officials of foreign governments, defense contractors, and employees of manufacturing companies, financial institutions and utility providers.

On Thursday, Reuters contacted Major General Abbas Ibrahim, who serves as director general of GDGS. He insisted that the GDGS is known for collecting intelligence using human sources, not cyber technologies. “General Security does not have these type[s] of capabilities. We wish we had these capabilities”, General Ibrahim told the news agency.

Author: Joseph Fitsanakis | Date: 19 January 2018 | Permalink

Advertisements

Pristine Cold War-era wiretapping rooms uncovered in Slovenian hotel

Hotel JamaFour hidden communications-surveillance compartments which are believed to date back to the Cold War, have been found in one of the most prestigious hotels of the former Yugoslavia. The discovery was made during an extensive renovation project that was recently completed in the Hotel Jama. The hotel is located in the southeastern Slovenian city of Postojnska, near the Italian border. For over a century, Postojnska has been famous for its network of limestone caves, which are among the largest in the world. Eager to cater to Italian, Austrian and other Western tourists, the government of Yugoslavia began construction on Hotel Jama in 1969. The hotel opened its doors in 1971, amidst much publicity and fanfare. It eventually became known as one of the most luxurious hotels in the communist world.

As the hotel’s reputation soared, the government of Yugoslavia began hosting foreign dignitaries there. Though socialist, the government of Yugoslavia never became an integral member of the communist bloc, preferring a policy of nonalignment. Because of that, it was courted by both East and West, with many Western leaders and other officials visiting the country regularly. On many occasions, they would use Hotel Jama as a retreat. Numerous world leaders stayed there with their entourage, escorted by Yugoslavia’s longtime communist leader Josip Broz, known commonly as Tito.

Today the hotel is situated on the territory of Slovenia, a small mountainous state of two million people, which declared its independence from Yugoslavia in 1991. The regional instability caused by the Yugoslav Wars of the 1990s nearly demolished Slovenia’s tourism industry, and Hotel Jama was forced to declare bankruptcy. In 2010, under new ownership, the hotel underwent major renovations. These were completed in 2016, when the hotel opened its doors to the public once again. It was during these renovations that construction crews discovered the surveillance rooms. The four compartmented rooms were found behind a large door made of steel at the back of the hotel, and are adjacent to a network of limestone caves, for which the area is famous.

News reports said the four rooms feature 1970s-era wiretapping equipment, most of which appears to be in pristine condition. There is a thick layer of dust over all the surfaces, which indicates that the rooms have not been used in several decades. The construction crews also found sets of cables that run from the surveillance compartments to several guest rooms in the hotel’s original wing that dates to the early 1970s.

Experts suggest that the rooms were built in the early stages of the hotel’s construction in the late 1960s. The equipment was probably operated by the State Security Service (SDB), Yugoslavia’s internal security police. It is believed that the surveillance facilities were used to facilitate the systematic wiretapping of foreign dignitaries and delegations that frequented the hotel during the Cold War. Hotel Jama’s administration said on Wednesday that there are plans to turn the surveillance rooms into part of an exhibit on the Cold War history of the establishment.

Author: Joseph Fitsanakis | Date: 13 April 2017 | Permalink

Did domestic snooping by Canadian spy agency increase 26-fold in a year?

CSE Canada - IAThe volume of domestic communications that were intercepted by Canada’s spy agency increased 26 times between 2014 and 2015, according to a recently released report by a government watchdog. The same report states that intercepted information about Canadian citizens, which is given to Canada’s spy agency by the intelligence organizations of other Western countries, has increased so much that it now requires an elaborate mechanism to analyze it. When asked to explain the reasons for these increases, Canadian government officials said they could not do so without divulging secrets of national importance.

Information about these increases is contained in the latest annual report by the Office of the Commissioner of the Communications Security Establishment. The body was set up in 1996 to review the operations of the Communications Security Establishment (CSE). Founded in 1946, CSE is Canada’s primary signals intelligence agency. It is responsible for interception foreign communications while at the same time securing the communications of the Canadian government. The Office of the Commissioner monitors CSE’s activities and ensures that they conform with Canadian law. It also investigates complaints against the CSE’s conduct of and its officers.

Canadian law forbids the CSE from intercepting communications in which at least one of the parties participating in the exchange is located in Canada. If that happens, the message exchange is termed “private communication” and CSE is not allowed to intercept it, unless it gets written permission from Canada’s National Defense minister. Such permission is usually given only if the interception is deemed essential to protect Canadian national security or national defense. If a “private communication” is inadvertently intercepted, CSE is required to take “satisfactory measures” to protect the personal privacy of the participant in the exchange that is located inside Canada.

According to the CSE commissioner’s report for 2015, which was released in July, but was only recently made available to the media, CSE intercepted 342 “private communications” in 2014-2015. The year before, the spy agency had intercepted just 13 such exchanges. The report states that all 342 instances of interception during 2014-2015 were either unintentional or critical for the protection of Canada’s security. It further states that the reason for the huge increase is to be found in “the technical characteristics of a particular communications technology and of the manner in which private communications are counted”.

Canadian newspaper The Ottawa Citizen asked the CSE commissioner, Jean-Pierre Plouffe, to explain what he meant by “technical characteristics of a particular communications technology” in his report. His office responded that the commissioner could not explain the subject in more detail, because doing so would “reveal CSE operational capabilities” and thus hurt Canada’s national security. The newspaper also contacted CSE, but was given a similar answer. Some telecommunications security experts speculate that the increase in intercepted “private communications” may be due to exchanges in social media, whereby each message is counted separately.

Author: Ian Allen | Date: 25 August 2016 | Permalink

German spy agency tapped Finnish phone lines in early 2000s

FinlandGerman intelligence, possibly with the collaboration of the United States, monitored communications lines connecting Finland with at least five countries in the early 2000s, according to leaked documents. The documents, aired this week by Yle Uutiset, the main news program of the Finnish Broadcasting Company (Yle), is based on information contained in “leaked German intelligence documents” that were first made public in May 2015. As intelNews reported at the time, the intelligence collection was described as a secret collaboration between Germany’s BND (Bundesnachrichtendienst) and America’s National Security Agency (NSA). According to Austrian politician Peter Pilz, who made the initial allegations, the BND-NSA collaboration was codenamed EIKONAL and was active from 2005 to 2008. Pilz said at the time that many European phone carriers and Internet service providers were targeted by the two agencies. Belgium and Switzerland have already launched investigations into EIKONAL.

Now new information provided by Yle seems to show that the secret BND-NSA collaboration targeted Finnish communications as well, focusing on at least six separate communications transit lines. The lines are believed to carry telephone call and possibly Internet traffic from Finnish capital Helsinki to a number of cities in France, Belgium, Hungary, Luxemburg, and China, said Yle Uutiset. Although the targeted lines are known to carry telephone and Internet traffic, it is unknown at this time whether EIKONAL targeted both kinds. But Yle said the interception lasted for most of the first part of the 2000s and involved large amounts of communications data.

The station contacted Tuomas Portaankorva, Inspector General of SUPO, the Finnish Security Intelligence Service. He told Yle that, speaking broadly, he was not surprised to be told that Finnish telecommunications lines had been monitored by foreign intelligence agencies, Western or otherwise. He went on to caution that, even though Finnish lines had been targeted, it was not possible to conclude that Finland was indeed the target of the surveillance operation. Yle also spoke to Vesa Häkkinen, spokesman for the from Finland’s Ministry of Foreign Affairs, who told the station that SUPO, and not the ministry, was the proper official body to be consulted about EIKONAL. “If there is reason to suspect that these actions were directed at the Finnish state”, said Häkkinen, “we would undertake appropriate action”.

Author: Ian Allen| Date: 20 January 2016 | Permalink | News tip: Matthew Aid

Dutch technical experts helped US bug foreign embassies in Cold War

Great Seal bugA tightly knit group of Dutch technical experts helped American spies bug foreign embassies at the height of the Cold War, new research has shown. The research, carried out by Dutch intelligence expert Cees Wiebes and journalist Maurits Martijn, has brought to light a previously unknown operation, codenamed EASY CHAIR. Initiated in secret in 1952, the operation was a collaboration between the United States Central Intelligence Agency and a small Dutch technology company called the Nederlands Radar Proefstation (Dutch Radar Research Station).

According to Dutch website De Correspondent, which published a summary of the research, the secret collaboration was initiated by the CIA. The American intelligence agency reached out to the Dutch technical experts after interception countermeasures specialists discovered a Soviet-made bug inside the US embassy in Moscow. The bug, known as ‘the Thing’, had been hidden inside a carved wooden ornament in the shape of the Great Seal of the United States. It had been presented as a gift to US Ambassador W. Averell Harriman by the Young Pioneer organization of the Soviet Union in 1945, in recognition of the US-Soviet alliance against Nazi Germany in World War II. But in 1952, the ornament, which had been hanging in the ambassador’s office in Moscow for seven years, was found to contain a cleverly designed listening device. The bug had gone undetected for years because it contained no battery and no electronic components. Instead it used what are known as ‘passive techniques’ to emit audio signals using electromagnetic energy fed from an outside source to activate its mechanism.

Wiebes and Martijn say the CIA reached out to the Dutch in 1952, soon after the discovery of ‘the Thing’, in fear that “the Soviets were streets ahead of the Americans when it came to eavesdropping technology”. According to the authors, the approach was facilitated by the BVD, the Cold War predecessor of the AIVD, Holland’s present-day intelligence agency. In the following years, technical specialists in the Netherlands produced the West’s answer to ‘the Thing’ —a device which, like its Soviet equivalent, used ‘passive techniques’ to emit audio signals. Moreover, the Americans are believed to have used the Dutch-made device to but at least two foreign embassies in The Hague, the Soviet Union’s and China’s, in the late 1950s and early 1960s.

The work by Wiebes and Martijn was initially published in Dutch by De Correspondent in September of last year. An English-language version of the article, which was published in December, can be read here.

Author: Joseph Fitsanakis | Date: 06 January 2016 | Permalink

Secret program gave CIA ‘unfiltered access’ to German communications

CIAThe United States Central Intelligence Agency had direct and unfiltered access to telecommunications data exchanged between German citizens, according to a new document that has surfaced in the German press. The program, codenamed GLOTAIC, was a collaboration between the CIA and Germany’s Federal Intelligence Service, known as BND. According to German newsmagazine Der Spiegel, which revealed the existence of the program last week, it lasted from 2004 to 2006. During those years, the CIA was given access to telephone and fax data carried by US telecommunications provider MCI Communications, which is owned by Verizon. The US-headquartered company owns a network switching facility in the German city of Hilden, located 10 miles east of Düsseldorf near the country’s border with Holland.

The existence of joint collection programs between the BND and American intelligence agencies has been established in the past, and has prompted the creation of a special investigative committee in the German parliament. The Committee of Inquiry into Intelligence Operations was set up in 2014, after files leaked by American defector Edward Snowden revealed that the US had been spying on the telephone communications of German Chancellor Angela Merkel. But it has also been investigating whether the BND’s collaboration with American intelligence agencies violated the rights of German citizens.

The committee had previously been told that all telecommunications data given to the US by German agencies had previously been vetted by BND officers. But the GLOTAIC documents published by Der Spiegel states that audio recordings of intercepted telephone calls were “directly routed to the US” in the interests of technical efficiency. The parliamentary committee had also been told that the data shared with the CIA concerned non-German citizens using German telecommunications networks. But the documents published last week state that a “technical glitch” in the GLOTAIC system allowed “massive German traffic” to be directly accessed by the CIA without having been first filtered by the BND.

Another document published by Spiegel reveals that the BND warned project CLOTAIC supervisors that the agency faced “serious risks” should the secret operation become public, because it had allegedly violated German federal privacy regulations.

Author: Joseph Fitsanakis | Date: 08 September 2015 | Permalink

South Korean spy’s suicide reportedly linked to wiretap controversy

NIS South KoreaA suicide note found next to the body of a South Korean intelligence officer mentions a phone hacking scandal that has caused controversy in the country. The 45-year-old man, identified only as “Lim” by South Korean authorities, worked for the country’s primary intelligence organization, the National Intelligence Service (NIS). He was found dead late on Saturday morning inside his car, which had been parked on a deserted rural road on the outskirts of South Korean capital Seoul. According to local reports, authorities found a metal plate with burnt-out coal inside his car, which had been locked from the inside. Finding no apparent marks on his body, the police have ruled his death a suicide.

The man reportedly left a three-page handwritten note on the passenger seat of his car, which is said to contain his will and a list of the reasons that drove him to kill himself. South Korean media cited a “senior government insider” who said that among the reasons mentioned in the suicide note is a controversial phone tapping scandal that has made national news in recent days. According to the insider, the program is identified in the letter as a wiretapping scheme “of national importance”.

The program appears to refer to the the disclosure made this month by a group of unidentified hackers that exposed the dealings of a surveillance software manufacturer with a markedly poor civil-liberties record. The disclosure, made by British newspaper The Guardian, shows that the Italian company, Hacking Team Ltd, is believed to have sold powerful surveillance software to governments with a history of civil-rights violations, including Nigeria, Ethiopia, Saudi Arabia, Azerbaijan and Uzbekistan. Among the customers, however, are a number of countries with stronger civil-rights protections, including South Korea and Cyprus, which is a member of the European Union. Cyprus’ intelligence chief resigned earlier this month as a result of the disclosure. According to technical experts, the software sold by Hacking Team can intercept data exchanged via cellular phones and other wireless devices. It can also spy on all communications devices connected to the Internet using malware that is undetectable by commonly used antivirus software. Moreover, software supplied by Hacking Team cannot be removed from a compromised cellular device unless it is reset at the factory.

NIS authorities in Seoul issued a press statement last week, claiming that the phone hacking software had been used only against North Korean targets abroad, including agents of Pyongyang operating around the world. But human rights organizations, as well as opposition parties in South Korea, said they believed the software had been used to monitor domestic dissent. Earlier this year, a former director of NIS was jailed for organizing an online propaganda campaign to dissuade citizens to vote for the liberal opposition. The NIS issued a statement last week saying that it would be willing to share the operational details and records of the controversial software with lawmakers in order to dispel rumors that it was used against domestic political activity.

Author: Ian Allen | Date: 20 July 2015 | Permalink: https://intelnews.org/2015/07/20/01-1738/