Pages

27 November 2014

More Details on How UK Telecom Cable & Wireless Helped GCHQ Access Undersea Fiber-Optic Cables November 26, 2014


Frederik Obermaier, Henrik Moltke, Laura Poitras and Jan Strozyk

Süddeutsche Zeitung, November 24, 2014

Previously unpublished documents show how the UK telecom firm Cable & Wireless, acquired by Vodafone in 2012, played a key role in establishing one of the Government Communications Headquarters’ (GCHQ) most controversial surveillance programs.

A joint investigation by NDR, WDR, Süddeutsche Zeitung and Channel 4 based on documents leaked by whistleblower Edward Snowden, reveals that Cable & Wireless actively shaped and provided the most data to GCHQ mass surveillance programs, and received millions of pounds in compensation. The documents also suggest that Cable & Wireless assisted GCHQ in breaking into a competitor’s network.

In response to these allegations, Vodafone said that an internal investigation found no evidence of unlawful conduct, but the company would not deny it happened.

"What we have in the UK is a system based on warrants, where we receive a lawful instruction from an agency or authority to allow them to have access to communications data on our network. We have to comply with that warrant and we do and there are processes for us to do that which we’re not allowed to talk about because the law constrains us from revealing these things. We don’t go beyond what the law requires” a Vodafone spokesperson told Channel 4.

In August 2013 Süddeutsche Zeitung and NDR first named Vodafone as one of the companies assisting the GCHQ. Reports that Vodafone secretly provided customer data to intelligence agencies damaged the company’s relation to German customers. Few months later Der Spiegel reported that the NSA had spied on Chancellor Angela Merkel, whose cell phone was on a Vodafone contract.

This could be a coincidence. No evidence suggests that Vodafone was involved in the “Merkelphone” scandal. But unlike Facebook, Yahoo, or other companies forced to cooperate with the intelligence services, Vodafone has yet to challenge the GCHQ publicly. Konstantin von Notz, a German member of the Bundestag for the Green Party, urges Vodafone to take legal action: „A company such as Vodafone, which has responsibility for so many customers, has to take a clear stand against these data grabs.“

Similarly, Vodafone has provided no explanation as to why GCHQ discussed “potential new deployment risks identified by GERONTIC” in June 2008. According to the Snowden-documents “GERONTIC” was the GCHQ codename for Cable & Wireless, and after acquisition in 2012 (at least for a while) presumably for Vodafone.


The documents show regular “Joint Project Team” meetings between june 2008 until at least february 2012 and that a GCHQ employee worked full-time within Cable & Wireless.


GCHQ did not return commentary, quoting: “longstanding policy”, but stated that it works “in accordance with a strict legal and policy framework”. Vodafone said that it went through the records and found no evidence that Cable & Wireless had broken German, UK or European Union laws before the takeover.

Vodafone however wrote in the same statement that a “small number” of employees currently “process demands” from intelligence agencies, but that “such demands are processed ‘blind’ with no information whatsoever about the context”.

German authorities alerted

Shortly after the Snowden revelations the German Federal Office for Information Security (BSI) requested information from telecoms firms in order to determine whether German citizens’ data was shared outside Germany. The BSI found all the companies’ replies satisfactory - except for Vodafone.

A classified letter from 2013 seen by SZ, WDR and NDR found that Vodafone did “not address whether mobile communications information from Germany - including metadata (billing information, etc.) and text messages - is shared outside the country”. The BSI informed the Ministry of Internal Affairs which, however, did not alert other federal authorities with Vodafone contracts for “competitive reasons”.

Green party member Konstantin von Notz, who is also a member of the NSA enquiry commission of the German Bundestag, had no knowledge of the BSI findings. He says that if the government has doubts about a provider’s data security, “consequences must be drawn, otherwise there’s no reason to conduct an investigation in the first place. The consequence would be to immediately suspend or cancel the contracts.”

Millions per month

The leaked Snowden documents also contain numerous references to payments from GCHQ to Cable & Wireless in return for access to cables and infrastructure, some of is which listed as active well after Vodafone’s takeover.


In February 2009 some £6 million was paid to Cable & Wireless, now Vodafone, and a 2010 budget references a £20.3 million expense.

After seeing part of the documentation, IT security expert Dr. Sandro Gaycken of Freie Universität Berlin, said: “The company was probably forced to cooperate and then thought it might as well make a business out of it.” A Vodafone spokesperson denied the allegation, stating it does not “make a profit from law enforcement assistance”, without providing details about payments or how costs are determined.

A July 2009 document shows that Cable & Wireless either owned or leased 29 out of 63 cables to which GCHQ had access to via partnerships, providing almost 70% of the total data accessible to GCHQ from the cables. 


One access, codenamed NIGELLA, is particularly interesting. It refers to the Fiber-Optic Link Around the Globe (FLAG) cable network which interconnects at the Skewjack landing station in Cornwall. According to the documents, GCHQ accessed the FLAG cables through GERONTIC as “Landing Partner”, even though FLAG was owned by the Indian company Reliance Globalcom, now called Global Cloud Xchange.


The documents detail how GCHQ targeted the FLAG cable system and gained access to the non-partner network through a Computer Network Exploitation (CNE) operation. The data feeds into INCENSER, a system defined as “a special source collection system” and a “GERONTIC delivery from the NIGELLA access”. The documents suggest that mainly the Flag Europe Asia (FEA) cable was targeted.


Through NIGELLA, the document suggests, GCHQ could also see so-called performance statistics and obtain “weekly automated pulls of flag router monitoring webpages”. Simply put: since GCHQ did not have a partnership with the owner, it hacked its way in and used Cable & Wireless to send data back to the GCHQ processing centre.


The latest mention of INCENSER is dated April 25th 2013 - well after Vodafone had acquired Cable & Wireless. Vodafone says it has no indication “that there is network access to the infrastructure of any other company” and that it had no knowledge about the operation. It did not return comments on whether Vodafone collected metadata from competitors. Nor did Global Cloud Xchange reply to questions about the operation, or whether it had been served with a warrant.

The documents are avaliable as a zip-file here.

(Translated by Candice Novak, photo by Getty Images)

No comments:

Post a Comment