New documents from former National Security Agency contractor Edward Snowden reveal how the British intelligence agency GCHQ had received legal sanction to “reverse engineer” and hack into softwares commonly used to run web forums, and website administration tools, and even hardware that allowed them unprecedented access to almost every user in Pakistan at least before 2008. This information is based on 22 new documents made public by Edward Snowden that were never released before.
GCHQ targeted various encryption and security software, anti-viruses, online forum software, hosting software, email server software, routers and other hardware that were reversed engineered to hack into network systems that granted the agency unprecedented access to masses.
Infected software include Exlade’s CrypticDisk, Acer’s eDataSecurity, vBulletin, Invision Power Board, cPanel, PostfixAdmin, Kaspersky anti-viruses, CISCO routers and other critical hardware.
Report claims that GCHQ’s reverse engineering of Cisco routers had enabled the agency not only to access almost any user of the internet inside the entire Pakistan but also to re-route selective traffic across international links toward GCHQ’s passive collection systems.
CISCO has said that it doesn’t work with any government, including the U.K. Government.
GCHQ’s Secret document published by Edward Snoden mentions:
“GCHQ’s CNE operations against in-country communications switches (routers) have also benefited from SRE.Capability against Cisco routers developed by this means has allowed a CNE presence on the Pakistan Internet Exchange which affords access to almost any user of the internet inside Pakistan.Our presence on routers likewise allows us to re-route selected traffic across nternational links towards GCHQ’s passive collection systems.”
If put in simpler words, GCHQ had/has access to each and every page that we visit, every attachment we upload, email that we send or literally anything that we do on internet. This kind of mass-interception might not seem a critical thing for a commoner but country’s top brass, or those whose data is sensitive is also prone to foreign agencies should raise serious concerns.
This is first of its kind revelation where such mass-scale intrusion into Pakistani internet users and their privacy has surfaced. We have come across various reports in the past where Pakistani phone users were targeted, however, such mass-scale internet interception has come to light only for the first time.
GCHQ had access to each and every page that we visit, every attachment we upload, email that we send or literally anything that we do on internet.
Digital Rights Foundation, a non-profit organization that advocates privacy and rights of internet users, has said that this hacking operation, at a scale never previously seen before from the British intelligence agency, seriously undermines the right to privacy of all users of the internet in Pakistan.
“By targeting a key point in Pakistan’s communications infrastructure, GCHQ have put at risk the security and integrity of a significant portion of Pakistan’s communications infrastructure”, said a statement issued by the foundation.
It is still unclear if Pakistani government or security agencies are/were aware of these attacks by GCHQ, however, Digital Rights Foundation of Pakistan — in a press statement — has emphasised that Pakistan government has an obligation to protect Pakistanis right to privacy and this level of intrusion onto critical national infrastructure undermines that obligation.
There’s no way of remaining safe from GCHQ or NSA when essential and core technology equipment that we import from abroad is infected. However, Government should question these equipment makers or the British government that why such incidents had to happen.
It is of paramount importance that the government does all it can to account for this intrusion and to take meaningful steps to ensure the right to privacy in Pakistan and prevent it from being brazenly interfered with by foreign intelligence agencies, the rights organization stressed.
After these incidents, UK or even EU’s morality is prone to questions. Most prestigious law abiding governments and bodies doing such mass-scale violations expose west’s dual-standards and time has come when world should actually start seeing them as law breakers.