News Column

Internet service providers lodge complaints against GCHQ

July 3, 2014

Owen Bowcott



Internet service providers from around the world are lodging formal complaints against the UK government's monitoring service, GCHQ, alleging it uses malicious software to break into their networks.

The claims from seven organisations based in six countries - the UK, Netherlands, the US, South Korea, Germany and Zimbabwe - will add to international pressure on the government after Edward Snowden's revelations about mass surveillance of the internet by UK and US intelligence agencies.

The claims are being filed with the investigatory powers tribunal (IPT), the court in London that assesses complaints about the agencies' activities and misuse of surveillance by government organisations. Most of its hearings are held at least partly in secret.

The IPT is already considering a number of related submissions. Later this month it will investigate complaints by human rights groups about the way social media sites have been targeted by GCHQ.

The government has defended the security services, pointing out that online searches are often routed overseas and those deemed "external communications" can be monitored without the need for an individual warrant. Critics say that such a legal interpretation sidesteps the need for traditional safeguards.

The latest claim is against both GCHQ, located near Cheltenham, and the Foreign Office. It is based on articles published this year in the German magazine Der Spiegel, which alleged that GCHQ had carried out an attack codenamed Operation Socialist on the Belgian telecoms group Belgacom, targeting individual employees with malicious software.

One technique was a "man in the middle" attack, which, according to the documents filed at the IPT, bypasses encryption software and "operates by interposing the attacker [GCHQ] between two computers that believe that they are securely communicating with each other. In fact, each is communicating with GCHQ, who collect the communications, as well as relaying them in the hope that the interference will be undetected."

The complaint alleges that the attacks were a breach of the Computer Misuse Act 1990 and an interference with the privacy rights of the employees under the European convention of human rights.

The organisations targeted, the submission states, were all "responsible and professional internet service providers". The claimants are GreenNet Ltd, based in the UK, Riseup Networks in Seattle, Mango Email Service in Zimbabwe, Jinbonet in South Korea, Greenhost in the Netherlands, May First/People Link in New York and the Chaos Computer Club in Hamburg.

Their complaint follows articles about mass surveillance in the Guardian based on material released by Snowden.

Among the programs said to have been operating were Turbine, which automates the injection of data and can infect millions of machines and Warrior Pride, which enables microphones on iPhones and Android devices to be remotely activated.


For more stories covering the world of technology, please see HispanicBusiness' Tech Channel



Source: Guardian (UK)


Story Tools






HispanicBusiness.com Facebook Linkedin Twitter RSS Feed Email Alerts & Newsletters