New documents from former National Security Agency contractor Edward Snowden reveal how the British intelligence agency GCHQ had received legal sanction to “reverse engineer” and hack into softwares commonly used to run web forums, and website administration tools, and even hardware that allowed them unprecedented access to almost every user in Pakistan at least before 2008.
According to The Intercept, the GCHQ had managed to receive warrants, a 2008 memo of which described how it could reverse engineer commercial software under a section of British intelligence law that does not explicitly authorise — and had apparently never been used to authorise — a kind of copyright infringement that the GCHQ believed was necessary to infiltrate systems without detection.
The electronic spy agency, according the newly published documents, targeted anti-virus programmes – which could potentially detect GCHQ’s attempts to exploit computer networks (CNE).
The other end of the GCHQ’s activity was hacking hardware components such as network routers in order to gain access to networks and or users on such networks, who the GCHQ was targeting.
A 2012 NSA document boasted how hacking routers, made by US technology company Cisco, was “good business for us [GCHQ] and our 5-eyes partners for some time now.”
Such was the GCHQ’s hacking capability against Cisco that its operations against “in-country communications switches (routers) have also benefited from SRE (software reverse engineering.” This enabled the agency to have access to “almost any user of the internet” inside the entire country of Pakistan – but aslo “to re-route selective traffic across international links toward GCHQ’s passive collection systems.”
Cisco did not comment specifically on the warrant document, saying in a written statement only that its products are securely developed and tested, that the company has a “robust” process for handling vulnerabilities, and that “Cisco does not work with any government, including the UK Government, to weaken or compromise our products.”
Rights group outraged over PIE hacking
A digital rights group has voiced serious concerns regarding the latest revelations from NSA documents.
Digital Rights Foundation said that the infiltration of Pakistan’s Internet Exchange (PIE) by the GCHQ seriously undermines the right to privacy of all users of the internet in Pakistan.
“By targeting a key point in Pakistan’s communications infrastructure, GCHQ have put at risk the security and integrity of a significant portion of Pakistan’s communications infrastructure,” it said in a statement.
“We urge the government of Pakistan to take action to protect the right to privacy of Pakistani citizens, and to condemn the actions of GCHQ.”
While noting that it was unclear whether the Pakistan government knew of these intrusions in PIE, it noted that the government did have an obligation to protect right to privacy of its citizens and to plug vulnerabilities.
“It is of paramount importance that the government does all it can to account for this intrusion and to take meaningful steps to ensure the right to privacy in Pakistan and prevent it from being brazenly interfered with by foreign intelligence agencies.”