>From - Sat Mar 02 00:57:15 2024
Received: by 10.52.35.206 with SMTP id k14mr8834563vdj.5.1321684081478;
Fri, 18 Nov 2011 22:28:01 -0800 (PST)
X-BeenThere: tscm-l2006_at_googlegroups.com
Received: by 10.220.149.142 with SMTP id t14ls793288vcv.2.canary; Fri, 18 Nov
2011 22:27:54 -0800 (PST)
Received: by 10.52.35.206 with SMTP id k14mr8834231vdj.5.1321684074894;
Fri, 18 Nov 2011 22:27:54 -0800 (PST)
Received: by 10.52.35.206 with SMTP id k14mr8834228vdj.5.1321684074885;
Fri, 18 Nov 2011 22:27:54 -0800 (PST)
Return-Path: <ber..._at_netaxs.com>
Received: from newmx2.fast.net (newmx2.fast.net. [209.92.1.32])
by gmr-mx.google.com with SMTP id b8si1528341vdu.2.2011.11.18.22.27.54;
Fri, 18 Nov 2011 22:27:54 -0800 (PST)
Received-SPF: neutral (google.com: 209.92.1.32 is neither permitted nor denied by best guess record for domain of ber..._at_netaxs.com) client-ip=209.92.1.32;
Authentication-Results: gmr-mx.google.com; spf=neutral (google.com: 209.92.1.32 is neither permitted nor denied by best guess record for domain of ber..._at_netaxs.com) smtp.mail=ber..._at_netaxs.com
Message-Id: <4ec74c6a.2845340a.4170.7a55SMTPIN_ADDED_at_gmr-mx.google.com>
Received: (qmail 12564 invoked from network); 19 Nov 2011 06:27:52 -0000
Received: from unknown (HELO NTR71408.netaxs.com) ([71.23.209.207]) (envelope-sender <ber..._at_netaxs.com>)
by newmx2.fast.net (qmail-ldap-1.03) with SMTP
for <tscm-..._at_googlegroups.com>; 19 Nov 2011 06:27:52 -0000
X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9
Date: Sat, 19 Nov 2011 01:27:49 -0500
To: TSCM-l2006_at_googlegroups.com
From: bernieS <ber..._at_netaxs.com>
Subject: Global market soars for electronic communications surveillance
products
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"; format=flowed
Content-Transfer-Encoding: quoted-printable
X-Antivirus: avast! (VPS 111118-1, 11/18/2011), Outbound message
X-Antivirus-Status: Clean
The Wall Street Journal's online article provides=20
a link to an online catalog of these companies'=20
marketing materials, which may interest TSCM-L=20
list members. My guess is that ISS World will=20
ban reporters from their future conferences. Why=20
would the public need to know how their governments are spying on them?
http://online.wsj.com/article/SB10001424052970203611404577044192607407780.h=
tml
Document Trove Exposes Surveillance Methods
November 19, 2011
The Wall Street Journal
By JENNIFER VALENTINO-DEVRIES, JULIA ANGWIN and STEVE STECKLOW
Documents obtained by The Wall Street Journal open a rare window into a
new global market for the off-the-shelf surveillance technology that has
arisen in the decade since the terrorist attacks of Sept. 11, 2001.
The techniques described in the trove of 200-plus marketing documents,
spanning 36 companies, include hacking tools that enable governments to
break into people's computers and cellphones, and "massive intercept"
gear that can gather all Internet communications in a country. The
papers were obtained from attendees of a secretive surveillance
conference held near Washington, D.C., last month.
Intelligence agencies in the U.S. and abroad have long conducted their
own surveillance. But in recent years, a retail market for surveillance
tools has sprung up from "nearly zero" in 2001 to about $5 billion a
year, said Jerry Lucas, president of TeleStrategies Inc., the show's
operator.
Critics say the market represents a new sort of arms trade supplying
Western governments and repressive nations alike. "The Arab Spring
countries all had more sophisticated surveillance capabilities than I
would have guessed," said Andrew McLaughlin, who recently left his post
as deputy chief technology officer in the White House, referring to the
Middle Eastern and African nations racked by violent crackdowns on dissent.
The Journal this year uncovered an Internet surveillance center
installed by a French firm in Libya and reported that software made by
Britain's Gamma International UK Ltd., had been used in Egypt to
intercept dissidents' Skype conversations. In October, a U.S. company
that makes Internet-filtering gear acknowledged to the Journal that its
devices were being used in Syria.
Companies making and selling this gear say it is intended to catch
criminals and is available only to governments and law enforcement. They
say they obey export laws and aren't responsible for how the tools are used=
.
Trade-show organizer Mr. Lucas added that his event isn't political. "We
don't really get into asking, 'Is this in the public interest?'" he said.
TeleStrategies holds ISS World conferences world-wide. The one near
Washington, D.C., caters mainly to U.S., Canadian, Caribbean and Latin
American authorities. The annual conference in Dubai has long served as
a chance for Middle Eastern nations to meet companies hawking
surveillance gear.
Many technologies at the Washington-area show related to "massive
intercept" monitoring, which can capture vast amounts of data. Telesoft
Technologies Ltd. of the U.K. touted its device in its documents as
offering "targeted or mass capture of 10s of thousands of simultaneous
conversations from fixed or cellular networks." Telesoft declined to
comment.
California-based Net Optics Inc., whose tools make monitoring gear more
efficient, presented at the show and offers a case study on its website
that describes helping a "major mobile operator in China" conduct
"real-time monitoring" of cellphone Internet content. The goal was to
help "analyze criminal activity" as well as "detect and filter
undesirable content," the case study says.
Net Optics' CEO, Bob Shaw, said his company follows "to the letter of
the law" U.S. export regulations. "We make sure we're not shipping to
any countries that are forbidden or on the embargo list," he said in an
interview.
Among the most controversial technologies on display at the conference
were essentially computer-hacking tools to enable government agents to
break into people's computers and cellphones, log their keystrokes and
access their data. Although hacking techniques are generally illegal in
the U.S., law enforcement can use them with an appropriate warrant, said
Orin Kerr, a professor at George Washington University Law School and
former computer-crime attorney at the Justice Department.
The documents show that at least three companies=97Vupen Security SA of
France, HackingTeam SRL of Italy and Gamma's FinFisher=97marketed their
skill at the kinds of techniques often used in "malware," the software
used by criminals trying to steal people's financial or personal
details. The goal is to overcome the fact that most surveillance
techniques are "useless against encryption and can't reach information
that never leaves the device," Marco Valleri, offensive-security manager
at HackingTeam, said in an interview. "We can defeat that."
Representatives of HackingTeam said they tailor their products to the
laws of the country where they are being sold. The firm's products
include an auditing system that aims to prevent misuse by officials. "An
officer cannot use our product to spy on his wife, for example," Mr.
Valleri said.
Mr. Valleri said HackingTeam asks government customers to sign a license
in which they agree not to provide the technology to unauthorized countries=
.
Vupen, which gave a presentation at the conference on "exploiting
computer and mobile vulnerabilities for electronic surveillance," said
its tools take advantage of security holes in computers or cellphones
that manufacturers aren't yet aware of. Vupen's marketing documents
describe its researchers as "dedicated" to finding "unpatched
vulnerabilities" in software created by Microsoft Corp., Apple Inc. and
others. On its website, the company offered attendees a "free Vupen
exploit sample" that relied on an already-patched security hole.
Vupen says it restricts its sales to Australia, New Zealand, members and
partners of the North Atlantic Treaty Organization and the Association
of Southeast Asian Nations. The company says it won't sell to countries
subject to international embargoes, and that its research must be used
for national-security purposes only and in accordance with ethical
practices and applicable laws.
The documents for FinFisher, a Gamma product, say it works by "sending
fake software updates for popular software." In one example, FinFisher
says intelligence agents deployed its products "within the main Internet
service provider of their country" and infected people's computers by
"covertly injecting" FinFisher code on websites that people then visited.
The company also claims to have allowed an intelligence agency to trick
users into downloading its software onto BlackBerry mobile phones "to
monitor all communications, including [texts], email and BlackBerry
Messenger." Its marketing documents say its programs enable spying using
devices and software from Apple, Microsoft, and Google Inc., among
others. FinFisher documents at the conference were offered in English,
Arabic and other languages.
A Google spokesman declined to comment on FinFisher specifically, adding
that Google doesn't "tolerate abuse of our services."
An Apple spokeswoman said the company works "to find and fix any issues
that could compromise [users'] systems." Apple on Monday introduced a
security update to iTunes that could stop an attack similar to the type
FinFisher claims to use, namely offering bogus software updates that
install spyware.
Microsoft and Research In Motion Ltd., which makes BlackBerry devices,
declined to comment.
The documents discovered in Egypt earlier this year indicated that
Gamma's Egyptian reseller was offering FinFisher systems there for about
$560,000. Gamma's lawyer told the Journal in April that it never sold
the products to Egypt's government.
Gamma didn't respond to requests for comment for this article. Like most
companies interviewed, Gamma declined to disclose its buyers, citing
confidentiality agreements.
Privacy advocates say manufacturers should be more transparent about
their activities. Eric King of the U.K. nonprofit Privacy International
said "the complex network of supply chains and subsidiaries involved in
this trade allows one after the other to continually pass the buck and
abdicate responsibility." Mr. King routinely attends
surveillance-industry events to gather information on the trade.
At the Washington and Dubai trade conferences this year, which are
generally closed to the public, Journal reporters were prevented by
organizers from attending sessions or entering the exhibition halls.
February's Dubai conference took place at a time of widespread unrest
elsewhere in the region. Nearly 900 people showed up, down slightly
because of the regional turmoil, according to an organizer.
Presentations in Dubai included how to intercept wireless Internet
traffic, monitor social networks and track cellphone users. "All of the
companies involved in lawful intercept are trying to sell to the Middle
East," said Simone Benvenuti, of RCS SpA, an Italian company that sells
monitoring centers and other "interception solutions," mostly to
governments. He declined to identify any clients in the region.
In interviews in Dubai, executives at several companies said they were
aware their products could be abused by authoritarian regimes but they
can't control their use after a sale. "This is the dilemma," said Klaus
Mochalski, co-founder of ipoque, a German company specializing in
deep-packet inspection, a powerful technology that analyzes Internet
traffic. "It's like a knife. You can always cut vegetables but you can
also kill your neighbor." He referred to it as "a constant moral,
ethical dilemma we have."
Received on Sat Mar 02 2024 - 00:57:15 CST