GCSB and Five Eyes-What we know
What we've learned from weeks of disclosure about the GCSB and global spying
Over the past two weeks, journalists Nicky Hager and Ryan Gallagher have been publishing stories about the GCSB. This is a summary of what we've learned so far.
Ironsand: The name of the GCSB facility at Waihopai. It contains two large satellite dishes, along with many smaller ones.
Intercepted data collected at the Waihopai site is being shared through an NSA surveillance system called XKEYSCORE.
XKeyscore is used to analyze vast amounts of emails, internet browsing sessions and online chats that are intercepted from some 150 different locations worldwide. GCSB is providing information for XKeyscore that the other four ‘eyes’ can access, and is able to access information from XKeyscore, such as the World Trade Organisation candidates that were digitally spied on.
The Guardian newspaper reported: “training materials for XKeyscore detail how analysts can use it and other systems to mine enormous agency databases by filling in a simple on-screen form giving only a broad justification for the search. The request is not reviewed by a court or any NSA personnel before it is processed.” It is unclear what, if any, warrant or approval process is used by the GCSB when accessing XKeyscore.
Project Speargun is a cyber surveillance system listed as “underway” in classified documents from New Zealand’s GCSB spy agency in March 2012. In early 2013, an NSA document listed the first phase of the project as having been achieved. It noted that the second phase — which would entail inserting covert “metadata probes” — was scheduled to begin later the same year following the passing of a new surveillance law. That law was approved in August 2013. John Key said that Speargun project was not finalised. What he claims is that the project was instead eventually replaced by a narrower initiative called Cortex.
Project Cortex enables access to large streams of data under the auspices of conducting cybersecurity. To function, the Cortex project must have some degree of access to New Zealand’s internet cables. The monitoring that was enabled by this system also, by design, has to filter through private communications to identify malware in the first place.
Cortex “technology can be used to separate personal communications from other data, so that privacy issues associated with GCSB activities to be proportionate to cyber threats.” In the United States, the cybersecurity bill CISPA was opposed by privacy advocates and eventually killed because of widespread concerns associated with the type of activity Cortex appears to enable.
WarriorPride is a platform used to hack into computers and smartphones, infect them with a bug, and then steal data. New Zealand has used this to gain information about Vietnam.
New Zealand targets:
-candidates vying to be director general of the World Trade Organization
-an anti-corruption campaigner in the Solomon Islands along with the Prime Minister’s advisers there.
-the diplomatic communications of Pakistan, Brazil, North Korea, South Korea, Iran, Japan, China, India, Vietnam and other South American countries
-all digital communications to and from Tuvalu, Nauru, Kiribati, Samoa, Vanuatu, the Solomon Islands, Fiji, Tonga and France’s overseas territories New Caledonia and French Polynesia
-the Antarctic research bases of 20 countries
How does NZ spy:
-Using the Waihopai satellite interception base.
-Accessing nations' internal communication networks from covert listening posts hidden in New Zealand embassy and high commission buildings.
-By GCSB staff helping to translate and analyse communications intercepted by other Five Eyes agencies.