| “Any mobile device, anywhere, anytime!” UK’s #GCHQ slogan!

GCHQ Used Fake LinkedIn Pages to Target Engineers ~ SPIEGEL Staff, SPIEGEL ONLINE.

Elite GCHQ teams targeted employees of mobile communications companies and billing companies to gain access to their company networks. The spies used fake copies of LinkedIn profiles as one of their tools.

The Belgacom employees probably thought nothing was amiss when they pulled up their profiles on LinkedIn, the professional networking site. The pages looked the way they always did, and they didn’t take any longer than usual to load.

DPA

Officials at LinkedIn say they “would not authorize such activity for any purpose”.

The victims didn’t notice that what they were looking at wasn’t the original site but a fake profile with one invisible added feature: a small piece of malware that turned their computers into tools for Britain’s GCHQ intelligence service.

The British intelligence workers had already thoroughly researched the engineers. According to a “top secret” GCHQ presentation disclosed by NSA whistleblower Edward Snowden, they began by identifying employees who worked in network maintenance and security for the partly government-owned Belgian telecommunications company Belgacom.

Then they determined which of the potential targets used LinkedIn or Slashdot.org, a popular news website in the IT community.

‘Quantum Insert’

The computers of these “candidates” were then infected with computer malware that had been placed using infiltration technology the intelligence agency refers to as “Quantum Insert,” which enabled the GCHQ spies to deeply infiltrate the Belgacom internal network and that of its subsidiary BICS, which operates a so-called GRX router system. This type of router is required when users make calls or go online with their mobile phones while abroad.

SPIEGEL’s initial reporting on “Operation Socialist,” a GCHQ program that targeted Belgacom, triggered an investigation by Belgian public prosecutors. In addition, two committees of the European Parliament are investigating an attack by a European Union country on the leading telecommunications provider in another EU member state.

The operation is not an isolated case, but in fact is only one of the signature projects of an elite British Internet intelligence hacking unit working under the auspices of a group called MyNOC, or “My Network Operations Centre.” MyNOCs bring together employees from various GCHQ divisions to cooperate on especially tricky operations. In essence, a MyNOC is a unit that specializes in infiltrating foreign networks. Call it Her Majesty’s hacking service, if you like.

When GCHQ Director Iain Lobban appeared before the British parliament last Thursday, he made an effort to reassure lawmakers alarmed by recent revelations. British intelligence couldn’t exactly stand back and watch the United Kingdom be targeted for industrial espionage, Lobban said. But, he noted, only those whose activities pose a threat to the national or economic security of the United Kingdom could in fact be monitored by his agency.

A Visit from Charles and Camilla

Even members of the royal family occasionally stop by to see what British intelligence is up to. In one photo that appears in a secret document, Charles, the Prince of Wales, and his wife Camilla, the Duchess of Cornwall, are shown listening to a presentation at a MyNOC workstation called “A Space”. The tongue-in-cheek caption reads “Interlopers in A Space.”

The presentation does not indicate the extent to which the royal family is kept abreast of current espionage operations. Their last visit was reportedly about Afghanistan, not Belgium. But the visit had been to the same location where what the secret document described as the “very successful” operation against Belgacom as well as “Operation Wylekey,” also run by a MyNOC unit, had been conducted.

This also relates to an issue that the British have made a focal point of their intelligence-gathering activities: the most comprehensive access possible to worldwide mobile networks, the critical infrastructures for the digital age.

Mobile networks are a blessing and a curse for spies worldwide. Because each major wireless communications company operates its own networks, tapping into them becomes more complex. On the other hand, the mobile multi-use devices in our pockets are a blessing, because they often reveal more personal information than stationary computers, such as the user’s lifestyle habits and location. They can also be transformed into bugging devices that can be activated remotely at any time to listen in on the user’s conversations.

Mobile Phones Become Monitoring Tools

“We can locate, collect, exploit (in real time where appropriate) high value mobile devices & services in a fully converged target centric manner,” a GCHQ document from 2011 states. For years, the British spies have aspired to potentially transform every mobile phone on the planet into a monitoring tool that could be activated at any time.

But the government hackers apparently have to employ workarounds in order to infiltrate the relatively inaccessible mobile phone networks.

According to the presentation, in the case of Belgacom this involved the “exploitation of GRX routers,” from which so-called man-in-the-middle attacks could be launched against the subjects’ smartphones. “This way, an intelligence service could read the entire Internet communications of the target and even track their location or implant spying software on their device,” mobile networks expert Philippe Langlois says of the development. It is an effective approach, Langlois explains, since there are several hundred wireless companies, but only about two dozen GRX providers worldwide.

But this isn’t the only portal into the world of global mobile communications that GCHQ has exploited. Another MyNOC operation, “Wylekey,” targets “international mobile billing clearinghouses.”

These clearinghouses, which are relatively unknown to the general public, process international payment transactions among wireless companies, giving them access to massive amounts of connection data.

The GCHQ presentation, which SPIEGEL was able to view, contains a list of the billing companies that are on the radar of the British. At the top of the list are Comfone, a company based in Bern, Switzerland, and Mach, which has since been split into two companies, one owned by another firm called Syniverse and another called Starhome Mach. Syniverse was also on the list of companies to monitor. Together, these companies dominate the industry worldwide. In the case of Mach, the GCHQ personnel had “identified three network engineers” to target. Once again, the Quantum Insert method was deployed.

The spies first determine who works for a company identified as a target, using open source data like the LinkedIn professional social networking site. IT personnel and network administrators are apparently of particular interest to the GCHQ attackers, because their computers can provide extensive access privileges to protected corporate infrastructures.

Targeting an Innocent Employee

In the case of Mach, for example, the GCHQ spies came across a computer expert working for the company’s branch in India. The top-secret document shows how extensively the British intelligence agents investigated the life of the innocent employee, who is listed as a “target” after that.

 

A complex graph of his digital life depicts the man’s name in red crosshairs and lists his work computers and those he uses privately (“suspected tablet PC”). His Skype username is listed, as are his Gmail account and his profile on a social networking site. The British government hackers even gained access to the cookies on the unsuspecting victim’s computers, as well as identifying the IP addresses he uses to surf the web for work or personal use.

In short, GCHQ knew everything about the man’s digital life, making him an open book for its spies. SPIEGEL has contacted the man, but to protect his privacy is not publishing his name.

But that was only the preparatory stage. After mapping the man’s personal data, now it was time for the attack department to take over. On the basis of this initial information, the spies developed digital attack weapons for six Mach employees, described in the document as “six targeting packs for key individuals,” customized for the victims’ computers.

In an article in Britain’s Guardian newspaper, American IT security expert Bruce Schneier describes in detail how Quantum Insert technology is used to place malware. Apparently, the agencies use high-speed servers located at key Internet switching points. When a target calls up a specific website, such as LinkedIn, these servers are activated. Instead of the desired website, they supply an exact copy, but one that also smuggles the government hackers’ spying code onto the target computers.

According to other secret documents, Quantum is an extremely sophisticated exploitation tool developed by the NSA and comes in various versions. The Quantum Insert method used with Belgacom is especially popular among British and US spies. It was also used by GCHQ to infiltrate the computer network of OPEC’s Vienna headquarters.

The injection attempts are known internally as “shots,” and they have apparently been relatively successful, especially the LinkedIn version. “For LinkedIn the success rate per shot is looking to be greater than 50 percent,” states a 2012 document.

Much like the Belgacom spying operation, Wylekey is considered a great success. According to a summary, it provided GCHQ with detailed information about Mach, its communications infrastructure, its business profile and various key individuals.

Another document indicates that the operation yielded much more than that. In addition to “enhanced knowledge of the various clearinghouses, their customers,” it also provided “knowledge of and access to encrypted links between the clearinghouses and various mobile network operators.”

Interim reports on the course of the Belgacom operation were even more enthusiastic, concluding that the British spies had penetrated “deep into the network” of the Belgian company and were “at the edge of the network.” This enabled the British internal encryption specialists (“Crypt Ops”) to launch their “Operation Socialist II,” so as to crack the encrypted connections, or VPNs.

‘LinkedIn Would Not Authorize Such Activity’

When contacted, LinkedIn stated that the company takes the privacy and security of its members “very seriously” and “does not sanction the creation or use of fake LinkedIn profiles or the exploitation of its platform for the purposes alleged in this report.” “To be clear,” the company continued, “LinkedIn would not authorize such activity for any purpose.” The company stated it “was not notified of the alleged activity.”

A spokesman for Starhome Mach said his company is “with immediate effect undertaking a full security audit to ensure that our infrastructure is secure” and that its platform had recently switched to a completely new configuration with mainly new hardware. Officials at Comfone said: “We have no knowledge of the British intelligence service infiltrating our systems.” Syniverse also stated “there have been no known breaches of the Syniverse or MACH data centers by any government agency.”

GCHQ did not comment on questions posed by SPIEGEL.

‘Any Mobile Device, Anywhere, Anytime!’

For the British, all of this was apparently only an intermediate step on the path to a greater goal. In addition to the conventional Internet, GCHQ now wants to turn the mobile web into an all-seeing surveillance machine.

This is how the GCHQ spies described their “vision” in 2011: “Any mobile device, anywhere, anytime!”

In this context, the attacks on Belgacom and the clearinghouses merely serve as door openers. Once the telecommunications companies’ actual mobile phone networks have been infiltrated, completely new monitoring possibilities present themselves to the spies. A briefing dating from 2011 stated the agency wanted to “increase operational capability to remotely deploy implants when we only know the MSISDN.” In other words, GCHQ’s phone hackers would ideally like to repurpose every mobile phone in the world into a bugging device, merely on the basis of the phone number. “That would be game changing,” the document reads.

REPORTED BY LAURA POITRAS, MARCEL ROSENBACH, CHRISTOPH SCHEUERMANN, HOLGER STARK AND CHRISTIAN STÖCKER

_________________________________________________________________________

 

Related articles

• Quantum Spying: GCHQ Targeted Engineers with Fake LinkedIn Pages (spiegel.de)
• GCHQ Hacked into Global Mobile Traffic Exchange Through Fake LinkedIn Site (news.softpedia.com)
• Here’s how British intelligence used LinkedIn and Slashdot to dupe telecoms workers (gigaom.com)
• GCHQ used ‘Quantum Insert’ technique to set up fake LinkedIn pages and spy on mobile phone giants (independent.co.uk)
• How GCHQ faked LinkedIn and Slashdot to hack Belgacom, OPEC & others (siliconangle.com)
• Latest Snowden Revelation: GCHQ Used Fake LinkedIn Profiles to Access Foreign Telecom Company Computer Networks (matthewaid.com)
• GCHQ set up fake LinkedIn pages to spy on mobile phone giants using using ‘Quantum Insert’ technique (belfasttelegraph.co.uk)
• British intelligence reportedly intercepted LinkedIn and Slashdot traffic to plant malware (theverge.com)
• British intelligence reportedly intercepted LinkedIn and Slashdot traffic to plant malware (terminalx.org)
• “The Belgacom employees probably thought nothing was amiss when they pulled up their profiles on…” (internet-of-dreams.tumblr.com)

| Snowden: UK government now leaking documents about itself!

Snowden: UK government now leaking documents about itself ~ Glenn Greenwald, theguardian.com.

The NSA whistleblower says: ‘I have never spoken with, worked with, or provided any journalistic materials to the Independent.’

GCHQ‘s headquarters on the outskirts of Cheltenham. Photograph: Barry Batchelor/PA

(Updated below)

The Independent this morning published an article – which it repeatedly claims comes from “documents obtained from the NSA by Edward Snowden” – disclosing that “Britain runs a secret internet-monitoring station in the Middle East to intercept and process vast quantities of emails, telephone calls and web traffic on behalf of Western intelligence agencies.” This is the first time the Independent has published any revelations purportedly from the NSA documents, and it’s the type of disclosure which journalists working directly with NSA whistleblower Edward Snowden have thus far avoided.

That leads to the obvious question: who is the source for this disclosure? Snowden this morning said he wants it to be clear that he was not the source for the Independent, stating:

I have never spoken with, worked with, or provided any journalistic materials to the Independent. The journalists I have worked with have, at my request, been judicious and careful in ensuring that the only things disclosed are what the public should know but that does not place any person in danger. People at all levels of society up to and including the President of the United States have recognized the contribution of these careful disclosures to a necessary public debate, and we are proud of this record.

“It appears that the UK government is now seeking to create an appearance that the Guardian and Washington Post’s disclosures are harmful, and they are doing so by intentionally leaking harmful information to The Independent and attributing it to others. The UK government should explain the reasoning behind this decision to disclose information that, were it released by a private citizen, they would argue is a criminal act.”

In other words: right as there is a major scandal over the UK’s abusive and lawless exploitation of its Terrorism Act – with public opinion against the use of the Terrorism law to detain David Miranda – and right as the UK government is trying to tell a court that there are serious dangers to the public safety from these documents, there suddenly appears exactly the type of disclosure the UK government wants but that has never happened before. That is why Snowden is making clear: despite the Independent’s attempt to make it appears that it is so, he is not their source for that disclosure. Who, then, is?

The US government itself has constantly used this tactic: aggressively targeting those who disclose embarrassing or incriminating information about the government in the name of protecting the sanctity of classified information, while simultaneously leaking classified information prolifically when doing so advances their political interests.

One other matter about the Independent article: it strongly suggests that there is some agreement in place to restrict the Guardian’s ongoing reporting about the NSA documents. Speaking for myself, let me make one thing clear: I’m not aware of, nor subject to, any agreement that imposes any limitations of any kind on the reporting that I am doing on these documents. I would never agree to any such limitations. As I’ve made repeatedly clear, bullying tactics of the kind we saw this week will not deter my reporting or the reporting of those I’m working with in any way. I’m working hard on numerous new and significant NSA stories and intend to publish them the moment they are ready.

Related question

For those in the media and elsewhere arguing that the possession and transport of classified information is a crime: does that mean you believe that not only Daniel Ellsberg committed a felony, but also the New York Times reporters and editors did when they received, possessed, copied, transported and published the thousands of pages of top-secret documents known as the Pentagon Papers?

Do you also believe the Washington Post committed felonies when receiving and then publishing top secret information that the Bush administration was maintaining a network for CIA black sites around the world, or when the New York Times revealed in 2005 the top secret program whereby the NSA had created a warrantlesss eavesdropping program aimed at US citizens?

Or is this some newly created standard of criminality that applies only to our NSA reporting? Do media figures who are advocating that possessing or transmitting classified information is a crime really not comprehend the precedent they are setting for investigative journalism?

UPDATE

The Independent’s Oliver Wright just tweeted the following:

“For the record: The Independent was not leaked or ‘duped’ into publishing today’s front page story by the Government.”

Leaving aside the fact that the Independent article quotes an anonymous “senior Whitehall source”, nobody said they were “duped” into publishing anything. The question is: who provided them this document or the information in it? It clearly did not come from Snowden or any of the journalists with whom he has directly worked. The Independent provided no source information whatsoever for their rather significant disclosure of top secret information. Did they see any such documents, and if so, who, generally, provided it to them? I don’t mean, obviously, that they should identify their specific source, but at least some information about their basis for these claims, given how significant they are, would be warranted. One would think that they would not have published something like this without either seeing the documents or getting confirmation from someone who has: the class of people who qualify is very small, and includes, most prominently and obviously, the UK government itself.

______________________________________________________________________

Related articles

• Snowden: UK government now leaking documents about itself | Glenn Greenwald | Comment is free | theguardian.com (theguardian.com)
• Edward Snowden Accuses The UK Government Of Leaking Secrets Under His Own Name (businessinsider.com)
• Snowden accuses UK government of leaking documents about itself in smear campaign (theverge.com)
• Exclusive: UK’s secret Middle East internet surveillance base revealed in Edward Snowden leaks – UK Politics – UK – The Independent (independent.co.uk)
• More useful intelligence-gathering operations ruined by Snowden leaks: http://t.co/5edONlhX8f (rt.com)
• ‘Sending a message’: what the US and UK are attempting to do | Glenn Greenwald (theguardian.com)
• Snowden leaks: UK has secret Middle-East web surveillance base collecting emails, phone calls and web traffic (belfasttelegraph.co.uk)
• Court: UK govt can eye items taken in Snowden case (news.yahoo.com)
• This Is How the NSA’s Desperation Explains Obama’s Lies and the Guardian Bullying (news.softpedia.com)
• UK government destroyed Guardian hard drives over Snowden story (smh.com.au)

| PRISM UK: MoD serves news outlets with D notice over surveillance leaks!

MoD serves news outlets with D notice over surveillance leaks ~

• Josh Halliday, The Guardian.

  BBC and other media groups issued with D notice to limit publication of information that could ‘jeopardise national security.’

  

  It is not clear what impact the censorship warning has had on media coverage of Snowden’s revelations relating to British intelligence. Photograph: Handout/Reuters

  Defence officials issued a confidential D notice to the BBC and other media groups in an attempt to censor coverage of surveillance tactics employed by intelligence agencies in the UK and US.

  Editors were asked not to publish information that may “jeopardise both national security and possibly UK personnel” in the warning issued on 7 June, a day after the Guardian first revealed details of the National Security Agency’s (NSA) secret Prism programme.

  The D notice, which was marked “private and confidential: not for publication, broadcast or use on social media”, was made public on the Westminster gossip blog, Guido Fawkes. Although only advisory for editors, the self-censorship system is intended to prevent the media from making “inadvertent public disclosure of information that would compromise UK military and intelligence operations and methods”.

  The warning was issued by defence officials in the UK as the BBC, ITN, Sky News and other newspapers and broadcasters around the world covered the surveillance revelations disclosed by the NSA whistleblower Edward Snowden. The leaks, reported extensively in the Guardian and also the Washington Post, have made headlines on both sides of the Atlantic for more than a week.

  However, it is not clear what impact the warning has had on media coverage of Snowden’s revelations relating to British intelligence. William Hague, the foreign secretary, who is reponsible for GCHQ, was not asked when he appeared on Monday’s BBC Radio 4 Today programme about reports that the spy agency was involved in monitoring communications made by foreign delegates at the G20 summit in London 2009. Instead the subject was discussed in an item aired towards the end of the programme at 8.45am.

  A BBC spokeswoman declined to comment on the D notice, but pointed out that the broadcaster did cover the G20 surveillance story on its radio news bulletins. She said the BBC believed it had “afforded the story” what the broadcaster described as “the appropriate level of coverage” among other significant news items, “including the ongoing G8 summit, the sentencing of Stuart Hall, the Co-op Bank bailout and the Ian Brady hearing”.

  According to the Guido Fawkes website, the warning said: “There have been a number of articles recently in connection with some of the ways in which the UK intelligence services obtain information from foreign sources.

  “Although none of these recent articles has contravened any of the guidelines contained within the defence advisory notice system, the intelligence services are concerned that further developments of this same theme may begin to jeopardise both national security and possibly UK personnel.”

  __________________________________________________________________

Related articles

• UK Government issues a ‘D’ notice to UK media outlets. (politics.ie)
• U.K. government tried to censor coverage of its PRISM involvement (dailydot.com)
• Cisco’s business in China set to suffer from Prism revelations (wantchinatimes.com)
• NSA’s PRISM Program Reveals The Partnership Between US-UK Intelligence Services (warnewsupdates.blogspot.com)
• Hague Defends GCHQ Over Prism Spying Claims (news.sky.com)
• British Media Threatened with Prosecution for Revealing NSA Leak (darkgovernment.com)
• Paratrooper Paul Biddiss and disabled son kicked out of home by heartless MoD bosses (mirror.co.uk)
• RT: US spied on Russian President Medvedev at 2009 G20 summit – NSA leaks (jhaines6.wordpress.com)
• Prism: GCHQ ‘penetrated BlackBerry security’ to spy on G20 attendees (itproportal.com)
• Joe A. Wolverton, II ~ Facebook Gives Gov’t Access to Nearly 20,000 User Accounts (shiftfrequency.com)

 

| GCHQ intercepted foreign politicians’ communications at G20 summits!

GCHQ intercepted foreign politicians’ communications at G20 summits ~

• Ewen MacAskill, Nick Davies, Nick Hopkins, Julian Borger and James Ball, The Guardian.

  Exclusive: phones were monitored and fake internet cafes set up to gather information from allies in London in 2009!

• 
  Documents uncovered by the NSA whistleblower, Edward Snowden, reveal surveillance of G20 delegates’ emails and BlackBerrys. Photograph: Guardian

  Foreign politicians and officials who took part in two G20 summit meetings in London in 2009 had their computers monitored and their phone calls intercepted on the instructions of their British government hosts, according to documents seen by the Guardian. Some delegates were tricked into using internet cafes which had been set up by British intelligence agencies to read their email traffic.

  The revelation comes as Britain prepares to host another summit on Monday – for the G8 nations, all of whom attended the 2009 meetings which were the object of the systematic spying. It is likely to lead to some tension among visiting delegates who will want the prime minister to explain whether they were targets in 2009 and whether the exercise is to be repeated this week.

  The disclosure raises new questions about the boundaries of surveillance byGCHQ and its American sister organisation, the National Security Agency, whose access to phone records and internet data has been defended as necessary in the fight against terrorism and serious crime. The G20 spying appears to have been organised for the more mundane purpose of securing an advantage in meetings. Named targets include long-standing allies such as South Africa and Turkey.

  There have often been rumours of this kind of espionage at international conferences, but it is highly unusual for hard evidence to confirm it and spell out the detail. The evidence is contained in documents – classified as top secret – which were uncovered by the NSA whistleblower Edward Snowden and seen by the Guardian. They reveal that during G20 meetings in April and September 2009 GCHQ used what one document calls “ground-breaking intelligence capabilities” to intercept the communications of visiting delegations.

  This included:

  • Setting up internet cafes where they used an email interception programme and key-logging software to spy on delegates’ use of computers;

  • Penetrating the security on delegates’ BlackBerrys to monitor their email messages and phone calls;

  • Supplying 45 analysts with a live round-the-clock summary of who was phoning who at the summit;

  • Targeting the Turkish finance minister and possibly 15 others in his party;

  • Receiving reports from an NSA attempt to eavesdrop on the Russian leader, Dmitry Medvedev, as his phone calls passed through satellite links to Moscow.

  The documents suggest that the operation was sanctioned in principle at a senior level in the government of the then prime minister, Gordon Brown, and that intelligence, including briefings for visiting delegates, was passed to British ministers.

  A briefing paper dated 20 January 2009 records advice given by GCHQ officials to their director, Sir Iain Lobban, who was planning to meet the then foreign secretary, David Miliband. The officials summarised Brown’s aims for the meeting of G20 heads of state due to begin on 2 April, which was attempting to deal with the economic aftermath of the 2008 banking crisis. The briefing paper added: “The GCHQ intent is to ensure that intelligence relevant to HMG’s desired outcomes for its presidency of the G20 reaches customers at the right time and in a form which allows them to make full use of it.” Two documents explicitly refer to the intelligence product being passed to “ministers”.

  One of the GCHQ documents. Photograph: GuardianAccording to the material seen by the Guardian, GCHQ generated this product by attacking both the computers and the telephones of delegates.

  One document refers to a tactic which was “used a lot in recent UK conference, eg G20”. The tactic, which is identified by an internal codeword which the Guardian is not revealing, is defined in an internal glossary as “active collection against an email account that acquires mail messages without removing them from the remote server”. A PowerPoint slide explains that this means “reading people’s email before/as they do”.

  The same document also refers to GCHQ, MI6 and others setting up internet cafes which “were able to extract key logging info, providing creds for delegates, meaning we have sustained intelligence options against them even after conference has finished”. This appears to be a reference to acquiring delegates’ online login details.

  Another document summarises a sustained campaign to penetrate South African computers, recording that they gained access to the network of their foreign ministry, “investigated phone lines used by High Commission in London” and “retrieved documents including briefings for South African delegates to G20 and G8 meetings”. (South Africa is a member of the G20 group and has observer status at G8 meetings.)

  Another excerpt from the GCHQ documents. Photograph: GuardianA detailed report records the efforts of the NSA’s intercept specialists at Menwith Hill in North Yorkshire to target and decode encrypted phone calls from London to Moscow which were made by the Russian president, Dmitry Medvedev, and other Russian delegates.

  Other documents record apparently successful efforts to penetrate the security of BlackBerry smartphones: “New converged events capabilities against BlackBerry provided advance copies of G20 briefings to ministers … Diplomatic targets from all nations have an MO of using smartphones. Exploited this use at the G20 meetings last year.”

  The operation appears to have run for at least six months. One document records that in March 2009 – the month before the heads of state meeting – GCHQ was working on an official requirement to “deliver a live dynamically updating graph of telephony call records for target G20 delegates … and continuing until G20 (2 April).”

  Another document records that when G20 finance ministers met in London in September, GCHQ again took advantage of the occasion to spy on delegates, identifying the Turkish finance minister, Mehmet Simsek, as a target and listing 15 other junior ministers and officials in his delegation as “possible targets”. As with the other G20 spying, there is no suggestion that Simsek and his party were involved in any kind of criminal offence. The document explicitly records a political objective – “to establish Turkey’s position on agreements from the April London summit” and their “willingness (or not) to co-operate with the rest of the G20 nations”.

  The September meeting of finance ministers was also the subject of a new technique to provide a live report on any telephone call made by delegates and to display all of the activity on a graphic which was projected on to the 15-sq-metre video wall of GCHQ’s operations centre as well as on to the screens of 45 specialist analysts who were monitoring the delegates.

  “For the first time, analysts had a live picture of who was talking to who that updated constantly and automatically,” according to an internal review.

  A second review implies that the analysts’ findings were being relayed rapidly to British representatives in the G20 meetings, a negotiating advantage of which their allies and opposite numbers may not have been aware: “In a live situation such as this, intelligence received may be used to influence events on the ground taking place just minutes or hours later. This means that it is not sufficient to mine call records afterwards – real-time tip-off is essential.”

  In the week after the September meeting, a group of analysts sent an internal message to the GCHQ section which had organised this live monitoring: “Thank you very much for getting the application ready for the G20 finance meeting last weekend … The call records activity pilot was very successful and was well received as a current indicator of delegate activity …

  “It proved useful to note which nation delegation was active during the moments before, during and after the summit. All in all, a very successful weekend with the delegation telephony plot.”

  _____________________________________________________________________

  

Related articles

• Wanna bet that CESG was using Man-in-the-Middle SSL with a fake cert/CA? (dropsafe.crypticide.com)
• UK Spied on Foreign Politicians at G20 Summit: Leaked Docs (newser.com)
• BREAKING: Snowden Reveals British Government Spied On Officials’ Phone Calls, Emails During G20 Summit (mediaite.com)
• GCHQ intercepted foreign politicians’ communications at G20 summits / phones were monitored and fake internet cafes set up to gather information from allies in London in 2009 (engineeringevil.com)
• US spied on Russian President Medvedev at 2009 G20 summit – NSA leaks (rt.com)
• BREAKING: Snowden Reveals British Government Spied On Foreign Officials’ Emails, Web Browsing, Phone Calls During G20 Summit (patdollard.com)
• Fake internet cafes and keyloggers: British intelligence reportedly spied on major world leaders during 2009 G20 summit (theverge.com)
• Revealed: how the UK spied on its G20 allies at London summits (oddonion.com)
• UK GCHQ intercepted foreign politicians’ communications at G20 summits (wikileaks-forum.com)