A system called TREASUREMAP was reportedly used to spy on German network operators
The US National Security Agency (NSA) and its British counterpart GCHQ have been accused of breaking into the networks run by German Internet Service Providers (ISPs), in an effort to map the entire Internet.
A system codenamed ‘TREASUREMAP’, first described by the New York Times in November, has been attempting to collect information about all the servers, routers and end-user devices accessible online, and make it available in “near real-time”.
According to the German daily Der Spiegel, TREASUREMAP managed to compromise the networks of several major ISPs including Deutche Telecom – a former state monopoly. This information was hidden in the documents released by former US intelligence contractor Edward Snowden.
X marks the spot
According to the NSA slides, TREASUREMAP attempts to map out the entirety of Internet – “any device, anywhere, all the time” – from the data centre floor to the smartphone in your pocket.
Der Spiegel reports that the system is available to any member of the ‘Five Eyes’ – not just the US and the UK, but also Australia, New Zealand and Canada. The documents state that TREASUREMAP can be used not only as intelligence tool, but also for attack and exploit planning.
Even though the existence of the system has been known for a while, Der Spiegel found new evidence of potentially illegal activity after reviewing the Snowden files related to Germany.
The journalists noticed that Deutsche Telekom AG and Netcologne were marked in red on the TREASUREMAP documents. According to the legend, red markings denote access points for signals intelligence collection – in other words, networks that have been accessed by the Five Eyes intelligence staff in the past.
Deutche Telecom is a major telecommunications company that operates in the US and Europe, serving 60 million customers in Germany alone. It is part-owned by the German state and has a 50 percent stake in the UK’s largest mobile network operator, EE.
Meanwhile, NetCologne is a regional Internet Service Provider (ISP) owned by the city of Cologne that serves more than 500,000 customers.
If the information on the slides is to be believed, the NSA managed to compromise the networks of German ISPs, giving it the ability to track traffic all the way to end-user devices. However, after being contacted by Der Spiegel, the operators failed to find any suspicious equipment or data slurping activity in their networks.
“The accessing of our network by foreign intelligence agencies would be completely unacceptable,” a spokesman for Deutche Telecom told the newspaper.
“This is just the tip of the iceberg,” commented Mike Janke, CEO and co-founder of Silent Circle. “The ability to map every device, every router, every cell tower connection on a giant telecom’s network would enable you to know where every single person and device is within a Telecoms system, what they are accessing and even push down targeted malware for surveillance to a specific device at the push of a button.
“It’s total information awareness. If the Five-Eyes intelligence agencies can do this, I guarantee you that criminal gangs, hacker groups and many of the 70 or so other nation states can do it as well.”
Not so Stellar
The report in Der Spiegel goes on to describe Stellar, a small satellite communications business from Hürth which is featured heavily on the slides that appear to originate from GCHQ. According to these documents, the British agency compromised ten employee computers, including that of the CEO Christian Steffen.
The Stellar staff had no idea they were under surveillance, and were shocked to discover that GCHQ had mapped out their entire infrastructure, and had lists of customers served by each satellite transponder, as well as server passwords.
Stellar staff said this information could be used to manipulate links and emails, or make the Internet inaccessible in certain regions. “The hacked server stood behind our company’s own firewall,” Steffen said. “The only way of accessing it is if you first successfully break into our network.”
“A cyber-attack of this nature is a clear criminal offence under German law,” he added. Six weeks ago, Steffen wrote a letter to the British government asking for an explanation, but received no reply.
There were a total of 11 non-German ISPs marked in red on the Treasure Map slides, including Telstra – Australia’s largest telecommunications company.
The news are unlikely to ease the tensions over electronic surveillance between the US and Britain on one side, and Germany on the other. The German federal prosecutors are already investigating the claims that the NSA was taping the personal phone of chancellor Angela Merkel.
What do you know about Edward Snowden and the NSA? Take our quiz!