June 23, 2015 - Comments Off on Press Release: British intelligence agency hacked into Pakistan Internet Exchange
Digital Rights Foundation is seriously concerned by revelations of the infiltration of Pakistan's Internet Exchange by Britain's GCHQ intelligence agency. We urge the government of Pakistan to take action to protect the right to privacy of Pakistani citizens, and to condemn the actions of GCHQ.
From documentation published by The Intercept, it was revealed that Britain's intelligence agency GCHQ as a result of its Computer Network Exploitation (hacking) operations had gained presence on the Pakistan Internet Exchange prior to 2008. This gave GCHQ according to the document published “access to almost any user of the internet inside Pakistan” and the ability “to re-route selected traffic across international links towards GCHQ's passive collection systems.”
This hacking operation, at a scale never previously seen before from the British intelligence agency, seriously undermines the right to privacy of all users of the internet in Pakistan. By targeting a key point in Pakistan's communications infrastructure, GCHQ have put at risk the security and integrity of a significant portion of Pakistan's communications infrastructure.
The Pakistan Internet Exchange is a core part of the communications infrastructure in Pakistan. It is a common point of transfer for a significant portion of Pakistanis' communications. This makes the intrusion all the more concerning. Any vulnerability that allows British intelligence to access the exchange is also available to any other malicious actor.
The operation from GCHQ targeted Cisco routers. Cisco routers have previously been caught up in intelligence agencies cross-border spy games. It was revealed that America's National Security Agency had been intercepting Cisco routers and installing firmware onto them before they were delivered to customers. Steps should be taken immediately by Cisco to fix any vulnerabilities discovered in their routers to protect their customers right to privacy.
This is not the first time that Pakistan has been involved in the mass surveillance programmes from intelligence agencies of a “friendly” nation. Earlier this year it was reported that the NSA had determined that Al-Jazeera's Islamabad bureau chief was a person of interest, via metadata collected from 55 million Pakistani mobile phone records, and entered in SKYNET, a computer programme designed to analyse metadata.
It is unclear whether the Pakistan government knew of these operations. The Pakistan government has an obligation to protect Pakistanis right to privacy and this level of intrusion onto critical national infrastructure undermines that obligation. It is of paramount importance that the government does all it can to account for this intrusion and to take meaningful steps to ensure the right to privacy in Pakistan and prevent it from being brazenly interfered with by foreign intelligence agencies.
Nighat Dad, Executive Director of Digital Rights Foundation:
"The GCHQ operation highlights the growing mission creep on the part of intelligence agencies and other state actors, who frequently request more sweeping surveillance powers and authority, and who bristle at any attempts to enforce effective oversight upon them. This hacking not only does not protect ordinary people, but leaves them more vulnerable to malicious actors that can exploit the same vulnerabilities that GCHQ has infiltrated. ”
“When ostensibly democratic nations carry out such draconian and unethical actions against the citizens of nations they are 'allies' of, it sets a troubling precedent. The government of Pakistan could point to the actions of the US or the UK as justification for passing greater surveillance measures against its own people."
Original story here:
Document can be found here:
National Security Agency interdiction of Cisco routers:
Al-Jazeera's Bureau Chief designated as “member of Al Qaeda” and the SKYNET programme