Apparently hacking is now legal (if you’re British Intelligence)

The GCHQ HQ - Image: Flickr, UK Ministry of Defence The GCHQ HQ – Image: Flickr, UK Ministry of Defence

In September 2014 the news broke that Belgacom, one of the largest Belgian telecom companies was infiltrated by GCHQ, Britain’s intelligence service and apparently these people were monitoring all traffic flowing through Belgacom’s (now called Proximus) servers. This news came in the wake of the Edward Snowden revelations that the National Security Agency or NSA was and is performing mass data collections on an immense scale. So immense in fact, that they are in the process of building the largest data center in the world in Utah.

The Intercept, a webzine created by journalists Glenn Greenwald and Laura Poitras, is the home of some hard-hitting investigative journalism. They are of course the people who brought us Edward Snowden and their adventures are chronicled in the award-winning documentary Citizenfour.  The articles you read there have a few things in common : they not only purport to tell the truth, their truths are also quite painful if indeed true.

In November 2014 they did an excellent piece on the hacking of Belgacom by GCHQ , in close collaboration with “De Standaard”, one of our main newspapers, and NRC Handelsblad. I urge you to read this fascinating piece. In it, we get to know exactly how it happened and how they were able to conceal it for so long. Until some engineers at Belgacom started seeing strange things happening on their network and a particular mail server was failing inexplicably. They called in outside help and to their astonishment they found evidence of a very sophisticated malware nicknamed “Regin” that apparently had been sitting on the network at least since 2011. Not only desktops and servers were infected, worse is that they found evidence of malware on the highly-guarded Cisco Routers, which are the most valuable pieces of equipment in the network because all information flows through them. In order to install malware on these machines, they have to be intercepted and physically bugged. This according to the documents Edward Snowden revealed. This seems like it’s part of the plot of a Hollywood thriller, but we’re afraid this is real life.

If you want to know more about “Regin” – the extremely sophisticated malware that is according to various sources “state-sponsored”, we urge you to read the page on it on Bruce Schneier’s excellent security blog. We warn you right now: the rabbit hole is extremely deep.

In May 2014 , even before the Belgacom hack, Privacy International had filed a lawsuit against GCHQ , along with seven internet service communications providers from around the world. This lawsuit was about the accessing of data collected by NSA by GCHQ.  Privacy International is a UK charity organisation that is “committed to fighting for the right to privacy across the world” and has made it their goal to investigate the secret world of government surveillance and expose the companies enabling it.

On June 6 2014, just a few weeks after the complaint was filed, the UK government introduced a new legislation under what is called the “Serious Crime Bill” that would allow GCHQ, intelligence officers and the police to hack without criminal liability. There was no public debate and Privacy International found out after the new laws were already in effect.

In February 2015 Privacy International triumphantly declared victory in a press release . The surveillance tribunal had ruled that GCHQ had acted unlawfully in accessing millions of private communications collected by the NSA.

In the wake of the complaint and the subsequent trial GCHQ has indeed admitted to installing spyware and listening in on unsuspecting people in the UK and abroad.

Yesterday , on February 15th 2016 the Investigatory Powers Tribunal, the body that hears complaints about the UK’s intelligence services has ruled that it is legal for GCHQ to hack into systems, both in the UK and abroad, and to install spyware on them.

Privacy International added in a press statement : “We will challenge this undermining of the fundamental right that a warrant should identify a specific property or person” and they declared their ambition to keep fighting the ruling.

Leave a Reply

Your email address will not be published. Required fields are marked *