Home / Cyber / Mass Surveillance methods linked to Intelligence agencies becoming extremely sophisticated, invisible and persistent

Mass Surveillance methods linked to Intelligence agencies becoming extremely sophisticated, invisible and persistent

In the wake of recent terrorism attacks, we have witnessed a significant increase of the level of surveillance conducted by governments around the world. The terms “surveillance” and “spying” as used by NSA  means, “government collection of private and personal information: address books, buddy lists, photos, phone numbers, web history, geolocation data, and more.

 

In 2013, Edward Snowden revealed the NSA collects personal data on every American, as well as many more people worldwide. Snowden had leaked documents that showed details about groundbreaking surveillance technology the NSA agency has developed to infect potentially millions of computers worldwide with malware “implants.” The clandestine initiative enables the NSA to break into targeted computers and to siphon out data from foreign Internet and phone networks.

 

But it’s not only the NSA spying on its own people. Its counterparts at the CIA (Central Intelligence Agency) are also spying on and hacking targets of interest. In March 2017, WikiLeaks published thousands of documents it said revealed hacking tools the CIA developed to break into servers, smartphones, computers and TVs.  “By the end of 2016, the CIA’s hacking division, which formally falls under the agency’s Center for Cyber Intelligence (CCI), had over 5000 registered users and had produced more than a thousand hacking systems, trojans, viruses, and other “weaponized” malware,”  said WikiLeaks founder Julian Assange.

 

According to the 2019 Forrester Global Map of Privacy Rights and Regulations: “Regulations that allow governments to access personal data of citizens are still undermining the overall privacy protections that certain countries offer their citizens.” India has been named as a country with minimal restrictions in terms of data privacy and protection where government surveillance is a matter of caution alongside countries with high-level of government surveillance, such as China.

 

An example is the signal intelligence law approved by the French parliament after the Charlie Hebdo attacks, whereby intelligence agencies can spy on digital and mobile phone communications and emails of anyone linked to a ‘‘terrorist’’ behavior, without prior authorization from a judge.

 

One of the most controversial elements of this law are the so-called ‘‘black boxes’’ which Internet service providers are forced to deploy, and which aim to analyze the meta-data of Internet users in search of potential terrorists. This has sparked protests from human rights groups who claim the law legalizes highly intrusive surveillance methods and amounts to mass surveillance of Web traffic on a disproportionately large scale, without guarantees for individual freedom and privacy.

 

“Government surveillance is a worldwide phenomenon that cuts across geographies, economic development, societal well-being, and institutional design, with alarming levels of government surveillance in countries such as Austria, Colombia, India, Kuwait and the UK,” the report said.

 

However, this is a double-edged sword when it comes to human rights and the violation of privacy and data protection, taking into
consideration that Not only those whom under surveillance are targeted, but also those with whom they are in contact. The additional element is related to the harm caused to individuals by online surveillance- is not limited to their right to privacy. More broadly, the effect produced by such monitoring may harm their general sense of freedom and their freedom of expression.

 

Surveillance technology

Online surveillance or the surveillance of communication networks, is an intelligence activity designed to gather, retain, process, and analyze digital information from electronic communication networks – landline , cellular networks, the internet or data networks. Surveillance starts by intercepting and retrieving information from the web, collection of communication data, and communications service providers or companies, and processing open and hidden information which can include data- mining techniques.

 

In a time in which, massive human communication is conducted via electronic media, controlling modern technology for comprehensive-scale collection, storage and statistical analysis of data can yield more productive and more detailed intelligence information on surveillance targets than ever before.

 

Technology has given security agencies the ability to do way more than just tapping calls or hacking e-mails. Now they can track every movement and hack most form of communication. They can watch you over with satellite imaginary, heat map, facial recognition and gait analysis. The intrusion of technology has taken surveillance beyond imaginations. There is a good reason why Facebook CEO Mark Zuckerberg and even FBI director James Comey, cover their laptops webcam. And it is not about hackers, National Security Agency of your own country may spy through your webcam.

 

Facial biometric is increasingly getting attention of security and surveillance experts. There are substantial reasons why facial recognition is taking the center stage of biometric mass surveillance. Facial features can be captured from a distance without the subject’s knowledge and consent. It is easy to implement and can be done using public surveillance cameras, which are now everywhere.

 

Modern facial recognition systems are able to recognize subjects with or without facial hair or with other temporary cosmetic changes. People keep taking digital photos so they do not have any immediate privacy concerns when it comes to facial scan, which is also done with the digital camera looking device, but may have additional ability scan a 3D map of the face. Owing to these benefits, facial recognition is becoming a preferred method for both identity authentication as well as mass surveillance.

 

Surveillance cameras are now everywhere, so there is no need for special equipments or setup except back-end facial recognition ability that takes feed from these cameras. Mobile devices are also increasingly adding facial recognition ability for unlocking phones or authenticating identity in transactions.

 

As consumers use more and more devices that have CPUs and are constantly connected to the Internet (IoT – Internet of Things), they are exposing themselves to more and more risks that they don’t even know about, nor do they have any proven means to stop it and protect themselves. Samsung TVs are caught listening to consumers conversations in their homes without their consent or even knowledge. Most smartphones are listening constantly too, so Siri (iPhone) and OK, Google (Android) .

 

Third party trackers installed on websites for mass surveillance. When javascript is installed directly on the webpage, it can track user interactions with the page such as page scrolling, mouse movement, and keystrokes. That means when users are logging in to a website, those trackers can record usernames and passwords. The prevalence of 3rd party ad-tech trackers across large numbers of sites means that mass surveillance, privacy-violating actions, and cybersecurity risks are widely possible as well. Some of these scripts were found to “record your keystrokes, mouse movements, and scrolling behavior, along with the entire contents of the pages you visit, and send them to third-party servers. Unlike typical analytics services that provide aggregate statistics, these scripts are intended for the recording and playback of individual browsing sessions,

 

 

 

 

USA

Attacks of 9/11 became the turning point for United States’ mass surveillance and security programs and the government started pushing them so hard that they crossed the constitutional boundaries and privacy rights of its citizens. From terrorist organizations to criminals and even law abiding citizens, everyone came under the radar of mass surveillance. Having the home grown technological advantage, the country used all possible means to surveil people within the national boundaries and beyond. Data collection out of people’s online activities, phone calls, mobile phone location tracking, monitoring of financial payments, satellite surveillance, heat maps, and whatnot. Biometric recognition methods like speech and speaker recognition to scan mobile networks, facial recognition, etc. are also extensively used by the country for both domestic as well as international mass surveillance programs, writes Danny Thakkar in Biometric.

 

CIA

The CIA secretly bought a Swiss company that sold encrypted devices and rigged them to spy on clients, according to confidential documents published by The Washington Post and ZDF in feb 2020. The company, Crypto AG, sold gadgets and software to spies, diplomats, military ocials, and private companies for decades. The Swiss firm made millions of dollars selling equipment to more than 120 countries well into the 21st century. Its clients included Iran, military juntas in Latin America, nuclear rivals India and Pakistan, and even the Vatican. CIA agents secretly listened in on all communications that used the company’s devices, and the CIA’s leaked report called it “the intelligence coup of the century.” Crypto AG was dissolved in 2018, and the two companies that bought its assets deny any involvement with the CIA.

 

The program had limits. America’s main adversaries, including the Soviet Union and China, were never Crypto customers. Their well-founded suspicions of the company’s ties to the West shielded them from exposure, although the CIA history suggests that U.S. spies learned a great deal by monitoring other countries’ interactions with Moscow and Beijing.

 

https://www.youtube.com/watch?v=6FICTy-ZMCc

NSA surveillance

The NSA is the U.S. National Security Agency designed to protect U.S. citizens and interests, the truth is that the NSA monitors every American and the people of many allied countries—all with the backing of the U.S. government.

 

Police State USA compiled a list of powers and tricks used by the NSA, NSA can crack all types of sophisticated computer encryption and access personal email, chat, and web browsing history; set up fake social networking profiles on LinkedIn, set up fake Internet cafes to spy on unsuspecting users; it can identify individuals’ friends, companions, and social networks.

 

The scope of the National Security Agency’s spying abilities has increased dramatically in the last few of years. Russia-based security firm Kaspersky recently released a report about a mysterious and sophisticated malware distributor, dubbed Equation group, which might be linked to the U.S. National Security Agency (NSA). “The Equation group is probably one of the most sophisticated cyber attack groups in the world,” and may have been operating undetected for almost two decades, Kaspersky said in an advisory

The campaign infected possibly tens of thousands of Windows computers in telecommunications providers, governments, militaries, utilities, and mass media organisations among others in more than 30 countries. According to Reuters sources, the agency would sometimes pose as software developers to trick manufacturers into supplying source code, or could simply keep a copy of the data when the agency did official code audits on behalf of the Pentagon.

 

Hacking  Foreign telecommunication networks

When you move around your town, cell phone towers can calculate your exact position. Though the NSA claims it no longer collects this bulk data itself, cell phone providers are still required to do so, and they, in turn, must surrender those records to the NSA when ordered by a court. It can crack cellphone encryption codes and monitor the data in smartphone applications; tracks the numbers of both parties on phone calls, their locations, as well as time and duration of the call, can intercepts troves of personal webcam video. It monitors financial transactions and credit card purchases. The NSA can intercept phone calls by setting up fake mobile telephony base stations. It undermines secure networks by diverting users to non-secure channels. They can install a fake SIM card in a cell phone to secretly control it.

 

In Brazil, Germany and other countries, the NSA has broken into the internal networks of major telecommunications providers, intercepting the data they gather and weakening the security of their systems. It collects every email and phone call it can. US and British intelligence agencies illegally hacked into a major manufacturer of Sim cards Gemalto to steal codes and facilitate eavesdropping on mobiles, a US news website Intercept says that gave US and British surveillance agencies “the potential to secretly monitor a large portion of the world’s cellular communications, including both voice and data”. The NSA spies on foreign leaders’ cell phones, intercepts meeting notes from foreign dignitaries, spy on ambassadors within embassies among many others.

 

In 2017, the NSA acquired data from over 534 million phone calls and text messages. Unbelievably, this tally is over triple the amount collected in 2015, when the USA Freedom Act supposedly limited NSA access to data from communication companies. In 2018, the NSA acquired data from over 600 million phone calls and text messages.

 

Hacking Internet

The internet connects different continents via undersea fiber optic cables that carry staggering amounts of data. In some places, the NSA has deals with local intelligence agencies to tap into these cables; in others, it does so on its own. The NSA even uses submarines to attach snooping bugs to wires deep beneath in the ocean.

 

 

 

https://www.youtube.com/watch?v=pYrxmKTD4B0

 

 

Hardware Malware

The most powerful tool in the Equation group’s arsenal are modules which allow reprogramming of the hard drive firmware of more than a dozen of the popular HDD brands including Western Digital, Seagate, Samsung, Hitachi and Toshiba. By reprogramming the hard drive firmware (i.e. rewriting the hard drive’s operating system), the malware achieves an extreme level of persistence that helps to survive disk formatting and OS reinstallation. It may prevent the deletion of a certain disk sector or substitute it with a malicious one during system boot.

 

Existing antivirus products and most security protocols are also incapable of removing the said malware. “Another dangerous thing is that once the hard drive gets infected with this malicious payload, it is impossible to scan its firmware. For most hard drives there are functions to write into the hardware firmware area, but there are no functions to read it back. “It means that we are practically blind, and cannot detect hard drives that have been infected by this malware” – warns Costin Raiu, Director of the Global Research and Analysis Team at Kaspersky Lab. By taking over the firmware, the attackers can insert further malware into the operating system itself, creating a range of exploits that can be customized for individual machines, says Ben Johnson, chief evangelist at Bit9+Carbon Black.

 

The agency also spread its spy tools by intercepting and infecting removable media including CDs. Kaspersky described one case where participants of a scientific conference were sent with the material of the conference. But these optical discs were tampered by the vicious group as they had added two zero-day exploits with the disk.

 

The internet connects different continents via undersea fiber optic cables that carry staggering amounts of data. In some places, the NSA has deals with local intelligence agencies to tap into these cables; in others, it does so on its own. The NSA even uses submarines to attach snooping bugs to wires deep beneath in the ocean.

 

Hacking radio waves

The NSA can use radio waves to hack computers that aren’t connected to the internet, makes a USB thumb drive that provides a wireless backdoor into the host computer and can remotely access computers by setting up a fake wireless connection. It also appears to use radio-frequency devices implanted in various computer-system components to transmit information and exfiltrate data.

 

Exploiting Vulnerabilities

When the NSA finds a security hole in a popular consumer device, it does not fix the security hole, but instead exploits it. The NSA’s hacking unit, Tailored Access Operations, has developed a whole range of hacking exploits. These enable the NSA to break into consumer electronics devices and IT systems as it sees fit. The NSA has made the job of hacking security devices easier for itself by coercing many manufacturers to build vulnerabilities into products. That leaves virtually every device vulnerable to hackers.

 

Implanting Backdoors

The NSA has made the job of hacking security devices easier for itself, by coercing many manufacturers into building vulnerabilities into products. If that isn’t enough, the NSA is known to intercept shipments of computers and phones to put “backdoors” on them. The backdoor circumvents security measures of the device, allowing the NSA to spy on the end user. Through agreements and hacking, the NSA can access credit card networks, payment gateways, and wire transfer facilities around the world. This monetary surveillance allows The NSA to follow every cent of your money, where it comes from, and what you spend it on.

 

“The arguments that the illegal interception of information and data aims at protecting nations against terrorism cannot be sustained,” according to Brazilian President Dilma Rousseff. Martin Scheinin, European University, Institute Professor of Public International Law, wrote, “Electronic mass surveillance – including the mass trawling of both metadata and content by the U.S. National Security Agency – fails drastically in striking the correct balance between security and privacy that American officials and other proponents of surveillance insist they are maintaining.

 

Facebook, Google, Apple

Internet advertising and analytics technology companies are increasingly trying to find ways to link behavior across the various devices consumers own. This cross-device tracking can provide a more complete view into a consumer’s behavior and can be valuable for a range of purposes, including ad targeting, research, and conversion attribution. Based on this bulk data collection, even though PII (“personally identifiable information”) is not explicitly collected, the personal information of individual people can be easily identified by correlating data from other known data sets such as Acxiom, Experian and others.

 

Facebook, Google, Apple, and six other leading online services have all gone on record as having given their customers’ data to the NSA, as legally required by the “PRISM” program. Data shared includes emails, messages, and documents. Hackers were able to remotely install surveillance software on phones and other devices using a major vulnerability in messaging app WhatsApp, it has been confirmed. WhatsApp, which is owned by Facebook, said the attack targeted a “select number” of users and was orchestrated by “an advanced cyber-actor”. A fix was rolled out on in May 2019.

 

WhatsApp told the BBC its security team was the first to identify the flaw. It shared that information with human rights groups, selected security vendors and the US Department of Justice earlier this month. “The attack has all the hallmarks of a private company reportedly that works with governments to deliver spyware that takes over the functions of mobile phone operating systems,” the company said on Monday in a briefing document note for journalists.

 

The firm also published an advisory to security specialists, in which it described the flaw as: “A buffer overflow vulnerability in WhatsApp VOIP [voice over internet protocol] stack allowed remote code execution via specially crafted series of SRTCP [secure real-time transport protocol] packets sent to a target phone number.”

 

Prof Alan Woodward from the University of Surrey said it was a “pretty old-fashioned” method of attack. “A buffer overflow is where a program runs into memory it should not have access to. It overflows the memory it should have and hence has access to memory in which malicious code can potentially be run,” he explained. “If you are able to pass some code through the app, you can run your own code in that area. “In VOIP there is an initial process that dials up and establishes the call, and the flaw was in that bit. Consequently you did not need to answer the call for the attack to work.”

 

The NSO Group is an Israeli company that has been referred to in the past as a “cyber-arms dealer”. NSO’s flagship software, Pegasus, has the ability to collect intimate data from a target device, including capturing data through the microphone and camera, and gathering location data. In a statement, the group said: “NSO’s technology is licensed to authorised government agencies for the sole purpose of fighting crime and terror.

 

Amnesty International, which said it had been targeted by tools created by the NSO Group in the past, said this attack was one human rights groups had long feared was possible. “They’re able to infect your phone without you actually taking an action,” said Danna Ingleton, deputy programme director for Amnesty Tech. She said there was mounting evidence that the tools were being used by regimes to keep prominent activists and journalists under surveillance.

 

CIA  malware targeted  iPhone, Windows, OSx, Android,  Smart TVs  Linux, routers

CIA malware and hacking tools were built by EDG (Engineering Development Group), a software development group within CCI (Center for Cyber Intelligence), a department belonging to the CIA’s DDI (Directorate for Digital Innovation). The DDI is one of the five major directorates of the CIA.

 

One file described a program known as Weeping Angel that purportedly could take over a Samsung smart television, making it appear it was off when in fact it was recording conversations in the room. Other documents described ways to hack into Apple iPhones, devices running Google’s Android software and other gadgets in a way that could observe communications before they are protected by end-to-end encryption offered by messaging apps like Signal or WhatsApp.

 

As of October 2014 the CIA was also looking at infecting the vehicle control systems used by modern cars and trucks. The purpose of such control is not specified, but it would permit the CIA to engage in nearly undetectable assassinations.

 

The CIA’s Mobile Devices Branch (MDB) developed numerous attacks to remotely hack and control popular smart phones. Infected phones can be instructed to send the CIA the user’s geolocation, audio and text communications as well as covertly activate the phone’s camera and microphone.

CIA also runs a very substantial effort to infect and control Microsoft Windows users with its malware. This includes multiple local and remote weaponized “zero days”, air gap jumping viruses such as “Hammer Drill” which infects software distributed on CD/DVDs, infectors for removable media such as USBs, systems to hide data in images or in covert disk areas ( “Brutal Kangaroo”) and to keep its malware infestations going.

 

Unlike bullets, bombs or missiles, most CIA malware is designed to live for days or even years after it has reached its ‘target’. CIA malware does not “explode on impact” but rather permanently infests its target. In order to infect target’s device, copies of the malware must be placed on the target’s devices, giving physical possession of the malware to the target. To exfiltrate data back to the CIA or to await further instructions the malware must communicate with CIA Command & Control (C2) systems placed on internet connected servers

 

Elite CIA unit that developed hacking tools failed to secure its own systems, allowing massive leak

Subsequently the CIA lost control of the majority of its hacking arsenal including malware, viruses, trojans, weaponized “zero day” exploits, malware remote control systems and associated documentation. This extraordinary collection, which amounts to more than several hundred million lines of code, gives its possessor the entire hacking capacity of the CIA. The archive appears to have been circulated among former U.S. government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive, WikiLeaks claims.

 

A Chinese group of hackers managed to get hold of cyber weapons from the U.S. National Security Agency’s arsenal of digital weapons and were using them as far back as 2016. Researchers at American cybersecurity giant Symantec claimed in a report released in May 2019 that a group dubbed Buckeye had used a pair of tools called “Bemstour” and “DoublePulsar,” which exploited weaknesses in Microsoft Windows, back in March 2016. Symantec didn’t name Buckeye as a Chinese espionage unit, but U.S. government and private industry have previously tied the group to China’s intelligence apparatus.

 

The theft of top-secret computer hacking tools from the CIA in 2016 was the result of a workplace culture in which the agency’s elite computer hackers “prioritized building cyber weapons at the expense of securing their own systems,” according to an internal report prepared for then-director Mike Pompeo as well as his deputy, Gina Haspel, now the director. The breach — allegedly committed by a CIA employee — was discovered a year after it happened, when the information was published by WikiLeaks in March 2017. The anti-secrecy group dubbed the release “Vault 7,” and U.S. officials have said it was the biggest unauthorized disclosure of classified information in the CIA’s history, causing the agency to shut down some intelligence operations and alerting foreign adversaries to the spy agency’s techniques.

 

The October 2017 report by the CIA’s WikiLeaks Task Force, several pages of which were missing or redacted, portrays an agency more concerned with bulking up its cyber arsenal than keeping those tools secure. Security procedures were “woefully lax” within the special unit that designed and built the tools, the report said. “CIA has moved too slowly to put in place the safeguards that we knew were necessary given successive breaches to other U.S. Government agencies,” the report said, finding that “most of our sensitive cyber weapons were not compartmented, users shared systems administrator-level passwords, there were no effective removable media [thumb drive] controls, and historical data was available to users indefinitely.”

 

The hacking tools were developed by the CIA’s Center for Cyber Intelligence, where the agency’s most-sophisticated hackers devised ways to gain access to hard-to-penetrate networks, for instance, to secretly activate the camera and microphone on a foreign target’s tablet, or steal the design plans for a foreign adversary’s advanced weapons systems.

 

China

China monitors its citizens through Internet and camera surveillance as well as through a social credit system and other digital technologies. Mass surveillance in China has significantly increased since Xi Jinping became the General Secretary of the Communist Party of China (paramount leader) in 2012.  Mass surveillance in China is closely related to its Social Credit System, and has significantly expanded under the China Internet Security Law and with the help of local companies like Tencent, Dahua Technology, Hikvision, SenseTime, ByteDance, Megvii, Huawei and ZTE, among many others. In 2019, Comparitech reported that 8 out of 10 most monitored cities in the world are in China.

 

Beijing  uses the latest technology to collect and analyze information gathered about Muslims in Xinjiang. Some Xinjiang checkpoints are equipped with special machines called “data doors” that—unbeknown to the people passing through them—vacuum up identifying information from their mobile phones and other electronic devices. Machine-readable QR codes are engraved on knives and posted on people’s front doors (and officials are equipped with mobile apps to scan them), allowing the authorities to quickly link individuals to their homes and possessions. To track, monitor, and profile Turkic Muslims, agents also rely on artificial intelligence, including facial and number-plate recognition, which have been connected with surveillance cameras that blanket both the region and other parts of the country. In addition, the authorities collect biometric data—including voice samples, iris scans, and DNA—and store them in searchable databases.

 

The use of mass surveillance is not limited to Xinjiang. The Chinese police are researching and putting similar mass surveillance systems in operation throughout the country. For example, Human Rights Watch has documented the use of a big-data policing platform called Police Cloud, which collects and integrates people’s personal data—from their supermarket memberships to their health records.

 

China is taking the biometric facial recognition route to implement mass surveillance network across the nation. The country is on its way to build world’s largest camera surveillance network. It has already installed more than 170 million surveillance cameras across the country, which is set to grow more than threefold with 400 million more set to be installed by 2020. These surveillance cameras will be connected with each other and leverage AI to identify and locate a subject under surveillance within a matter of minutes. In a drill in 2017, it took mere seven minutes to identify and locate a BBC reporter who volunteered to test China’s facial recognition mass surveillance system’s ability.

 

The Chinese government has been strengthening its tight control over the Internet and digital communication. There are more than 750 million Internet users in China, and their online actions are strictly regulated.  In 2017, the Cyberspace Administration of China (CAC) released a new regulation, which imposed restrictions on the production and distribution of online news. The regulation required all platforms, such as online blogs, forums, websites, and social media apps to be managed by party-sanctioned editorial staff. These staff must obtain approval from the national or local government Internet and information offices and be trained by the central government.

 

BLU phones had pre-installed (firmware) backdoor sending users’ data to China. “Over 700 Million Android smartphones contain a secret ‘backdoor’ that surreptitiously sends all your text messages, call log, contact list, location history, and app data to China every 72 hours. Security researchers from Kryptowire discovered the alleged backdoor hidden in the firmware of many budget Android smartphones sold in the United States. First reported on by the New York Times, the backdoored firmware software is developed by China-based company Shanghai AdUps Technology. AdUps provides its software to much larger handset manufacturers, such as ZTE and Huawei, which sell their Android phones worldwide, across over 150 countries and regions. Besides sniffing [user data] … AdUps’ software also has the capability to remotely install and update applications on a smartphone.

 

Israel

For years, Israel has been using mass surveillance to monitor Palestinians in the occupied Palestinian territories and in Israel, yet,
since the outbreak of the Coronavirus, Israel has turned its sophisticated technology to track its Jewish citizens openly. It uses surveillance technologies and practices such as  ID cards, CCTV, the gathering of communication data from communication companies, and biometric databases – installed by Israel on Israeli citizens. Neve Gordon, an Israeli scholar who studied the Israeli security industry, draws our attention to the fact that Israel’s surveillance industry stems from the close links between the Israel’s military and the technology sector.

 

In Israel, Pegasus, which is considered among the world’s deadliest spyware tools for smartphones given its zero-click capability, is classified as a weapon, and hence officially transferable only to governments. Consequently, its sale to any country, like all other Israeli materiel exports, requires the Ministry of Defence’s approval.

 

This hugely expensive spyware – estimates for its deployment cost range from $25,000 to $50,000 per target with limits on simultaneous deployment, in addition to hardware and installation costs – is every ‘snooper’s dream. Pegasus gives the attackers who use it total access to targeted smartphones, including their conversations, data, images, photographs, camera and geolocation. Pegasus operators can even activate a target phone’s inbuilt microphone when not in use, enabling its operators to listen in to offline conversations.

 

The Pegasus malware was specifically developed by cyber-arms firm NSO Group Technologies located at Herzliya near Tel Aviv, which takes its name from its three founders – Niv, Shalev and Omri. The NSO trio are former members of Unit 8200 of the Israeli Intelligence Corps, tasked with gathering signals intelligence.

 

UK

British intelligence agency GCHQ (Government Communications Headquarters) is responsible for intelligence gathering and running mass surveillance programs in the country. Being one of the Five Eyes members, the United Kingdom has advantage of technology sharing from other nations of the alliance, including the United States. The country has pioneered in code breaking and signal intelligence during the World War II and now enjoys technological assistance from powerful allies. The UK is has been closely associated with the US in many mass surveillance programs including the infamous PRISM. The country itself has been running various surveillance programs like Karma Police, Tempora, etc. The British law enforcement agencies hold 5.5 million fingerprints and more than 3.4 million DNA samples on the Nation DNA Database.

 

The UK has large numbers of CCTV cameras installed at public and private facilities, however, most of them are owned privately. So far, there has been no evidence that these surveillance cameras are being used for mass surveillance. The government is yet to widely implement facial recognition for security and mass surveillance.

 

Australia

Australian Signal Directorate (ASD), which is a foreign intelligence collection agency under the government of Australia, is known to run mass surveillance programs and share data with other Five Eye member states. The ASD is known to have many secret surveillance facilities in Southeast Asia. The government is also leveraging facial recognition for security and mass surveillance. A report published by CNN suggested that Australian government will be using citizen’s driver’s license photos to create a nationwide facial recognition database. The Australian government seeks to target terrorism with facial recognition.

 

Canada

Being one of the Five Eye states, Canadian government has extensive prowess of mass surveillance technology. Communications Security Establishment Canada (CSEC), the national cryptologic agency of the Canadian government is responsible for protecting government’s communication networks and signal intelligence. Intelligence collection and assessment capabilities are centralized by Canadian Forces Intelligence Command. Edward Snowden revealed that CSEC have been running mass surveillance projects for domestic as well as international levels.

 

India

When it comes to biometric mass surveillance, India cannot be omitted. This country is on its way to establish a biometric national ID database of its more than 1.35 billion citizens. The program is nearing its goal as the country has enrolled more than 99% of total population in the national biometric database called “Aadhar”. Experts had already expressed their concerns on this overly ambitious project and security of biometric data. There have been several incidents of data leaks, in which personal details of enrollees were leaked; it did not contain any biometric data, however.

 

India is planning to set up one of the world’s largest facial recognition systems, potentially a lucrative opportunity for surveillance companies and a nightmare for privacy advocates who fear it will lead to a Chinese-style Orwellian state. Prime Minister Narendra Modi’s government is planning to build a system to centralize facial recognition data captured through surveillance cameras across India. It would link up with databases containing records for everything from passports to fingerprints to help India’s depleted police force identify criminals, missing persons and dead bodies.

 

The government says the move is designed to help one of the world’s most understaffed police forces, which has one officer for every 724 citizens — well below global norms. It also could be a boon for companies: TechSci Research estimates India’s facial recognition market will grow sixfold by 2024 to $4.3 billion, nearly on par with China.

 

Mass Surveillance technologies found useful in Covid pandemic

The mass surveillance technology has also been found useful in recent pandemic Covid. As the COVID-19 pandemic escalated, teams around the world advocated for a new approach to monitoring transmission: tapping into cellphone location data to track infection spread and warn people who may have been exposed.

 

Russia  employed facial-recognition system for fighting coronavirus at massive scale. Moscow police claimed to have caught and fined 200 people who violated quarantine and self-isolation using facial recognition and a 170,000-camera system. According to a Russian media report some of the alleged violators who were fined had been outside for less than half a minute before they were picked up by a camera. The system has also been used to analyze the social networks of those who have or are suspected of having coronavirus. Moscow Mayor Sergey Sobyanin described in his official blog how municipal authorities tracked a Chinese woman who flew to the city from Beijing back in February.

 

Pakistan’s intelligence services deployed secretive surveillance technology used to locate terrorists to track coronavirus patients and the people they come into contact with. Details about the project have not been released, but two officials told AFP that intelligence services are using geofencing and phone-monitoring systems that ordinarily are employed to hunt high-value targets including homegrown and foreign terrorists. Geofencing, a discreet tracking system that alerts authorities when someone leaves a specific geographic area, has helped officials monitor neighborhoods on lockdown. Authorities are also listening in to the calls of Covid-19 patients to monitor whether their contacts are talking about having symptoms. “The trace-and-track system basically helps us track the mobile phones of corona patients as well as anyone they get in touch with before or after their disappearance,” an intelligence official said.

 

Israel  implemented ‘digital epidemiological investigation’ to track down potential contacts of infected individuals. The mission was assigned to Israel’s domestic security agency, the Israel Security Agency (ISA). Usually, the ISA’s primary mission is to thwart terrorism and espionage. However, the agency’s advanced digital surveillance capabilities have been redirected to allow comprehensive epidemiological investigation and the digital identification of people who have come into contact with infected people. Decision-makers explained this unprecedented step by citing the acute need to conduct hundreds of investigations in a short period to allow quarantine of possibly infected but asymptomatic people and prevent further contagion.

 

Owing to the rapid spread of the virus, along with the limitations of human memory (such as recall bias) and the inability to identify interactions with people that one does not know, it is impossible to monitor with high accuracy the contacts of an infected person. Hence, applying intelligence technologies to collect data on the civilian population could be a useful measure for lessening the spread of the disease. Nevertheless, the implications of such a move for personal privacy are far-reaching and might last long after the COVID-19 pandemic subsides.

 

In countries with strict data privacy laws, one option for collecting data is to ask telecommunications companies to share anonymous, aggregated information they have already gathered. Mobile carriers in Germany and Italy have started to share mobile-phone-location data with health officials in an aggregated, anonymized format. Even though individual users are not identified, these data could reveal general trends about where and when people are congregating and risking the spread of infection. Another attractive alternative is a contact-tracing app that allows device users to opt in and consent to the use of their data, with transparency about how those data will be used, stored and shared.

 

Conclusion

In Oct 2020, The European Court of Justice (ECJ), the EU’s highest legal authority, ruled  that member states cannot collect mass mobile and internet data on citizens. Forcing internet and phone operators to carry out the “general and indiscriminate transmission or retention of traffic data and location data” is against EU law, the court explained in its ruling. “However, in situations where a member state is facing a serious threat to national security that proves to be genuine and present or foreseeable, that member state may derogate from the obligation to ensure the confidentiality of data relating to electronic communications,” it continues.

 

Despite the privacy advocate and media outcry, governments do not seem to compromise with security and major economies like the United States, the United Kingdom, Australia, New Zealand, Canada and China are increasingly implementing mass surveillance programs. Developing countries like India, Argentina, etc. are also expected to put similar efforts as they have biometric data of their citizens out of their national ID programs.

 

 

References and Resources also include:

http://www.reuters.com/article/us-cia-wikileaks-assange-idUSKBN16G27Y

http://www.usatoday.com/story/news/world/2017/03/09/wikileaks-provide-tech-firms-access-cia-hacking-tools-assange/98946128/

https://wikileaks.org/ciav7p1/

https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=8443344

https://www.bbc.com/news/technology-48262681

https://www.thehindubusinessline.com/info-tech/government-surveillance-at-alarming-levels/article28138407.ece

https://www.expressvpn.com/blog/8-ways-the-nsa-spies-on-you/

https://www.washingtonpost.com/national-security/elite-cia-unit-that-developed-hacking-tools-failed-to-secure-its-own-systems-allowing-massive-leak-an-internal-report-found/2020/06/15/502e3456-ae9d-11ea-8f56-63f38c990077_story.html

About Rajesh Uppal

Check Also

Navigating the Metaverse: Unveiling Terrorist Threats and Challenges

Introduction The concept of the metaverse has captured the collective imagination of tech enthusiasts, futurists, …

error: Content is protected !!