ISPs across the world take legal action against GCHQ over snooping attacks

2 Jul 2014

Internet service providers in the US, UK, Netherlands and South Korea are to take legal action over alleged attacks on their network infrastructure by UK spy agency GCHQ.

The ISPs are taking action following the allegationss made by former NSA contractor Edward Snowden and reported in a series of articles in Der Spiegel and Intercept.

The ISPs are joining forces with campaigners Privacy International to take GCHQ to task over the alleged attacks.

The ISPs involved in the action are UK-based GreenNet, Riseup (US), Greenhost (Netherlands), Mango (Zimbabwe), Jinbonet (South Korea), May First/People Link (US)and the Chaos Computer Club (Germany).

“These widespread attacks on providers and collectives undermine the trust we all place on the internet and greatly endangers the world’s most powerful tool for democracy and free expression,” explained Eric King, deputy director of Privacy International.

Among the allegations are claims that employees of Belgacom were targeted by GCHQ and infected with malware to gain access to network infrastructure.

They say that GCHQ and the US National Security Agency, where Snowden worked, had a range of network exploitation and intrusion capabilities, including a “man-on-the-side” technique that covertly injects data into existing data streams to create connections that will enable the targeted infection of users.

The ISPs alleged that the intelligence agencies used an automated system code-named Turbine to scale-up network implants.

German internet exchange points were also believed to have been targeted, allowing the agencies to spy on internet traffic passing through the nodes.

While the ISPs taking the action were not directly named in the leaked Snowden documents, Privacy International claims that “the type of surveillance being carried out allows them to challenge the practices… because they and their users are at threat of being targeted.”

Tempora, Prism and Upstream

Privacy International has previously filed two other cases – the first against alleged mass surveillance programmes Tempora, Prism and Upstream, and the second against the deployment by GCHQ of computer intrusion capabilities and spyware.

CHQ maintains that all its work is conducted “in accordance with a strict legal and policy framework which ensures that our activities are authorised, necessary and proportionate”.

However, Cedric Knight of ISP GreenNet said GCHQ’s actions were undemocratic.

“Snowden’s revelations have exposed GCHQ’s view that independent operators like GreenNet are legitimate targets for internet surveillance, so we could be unknowingly used to collect data on our users. We say this is unlawful and utterly unacceptable in a democracy,” Knight said.

Cyber spy image via Shutterstock

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years