The lid has been lifted on US firms that deal monitoring and surveillance technology after a Wall Street Journal article provided details of companies and their dealings in Asia and the Middle East, and other parts of the world.
The report, which also includes a list of “off-the-shelf surveillance technology” products, paints a worrying picture of a number of companies — some of which are based out of the US — that provide tracking and hacking technology to governments and distributors with no cast-iron guarantee that they might be used in underhand ways, such as monitoring citizens or carrying out cyber espionage activity.
The data was all gleaned from information provided at two surveillance industry conferences held in Washington and Dubai, during which one company CEO described the global industry as being worth $5 billion every year.
One example cited is Net Optics, a California-based company that enables monitor equipment to operate more efficiently. The company website includes details of its work with one of China’s leading telecom companies:
A case study on its website that describes helping a “major mobile operator in China” conduct “real-time monitoring” of cellphone Internet content. The goal was to help “analyze criminal activity” as well as “detect and filter undesirable content,” the case study says.
The company CEO denied that Net Optics is acting illegally when he told the WSJ that the firm follows American export regulation “to the letter of the law”, adding that “we make sure we’re not shipping to any countries that are forbidden or on the embargo list”.
While equally malware technology was also on show:
At least three companies — Vupen Security SA of France, HackingTeam SRL of Italy and Gamma’s FinFisher — marketed their skill at the kinds of techniques often used in “malware,” the software used by criminals trying to steal people’s financial or personal details. The goal is to overcome the fact that most surveillance techniques are “useless against encryption and can’t reach information that never leaves the device,” Marco Valleri, offensive-security manager at HackingTeam, said in an interview. “We can defeat that.”
However a number of the companies did issue statements to claim that they are responsible in the distribution of their technology, including Vupen, which — like Net Optics — claim that it doesn’t sell its products to countries that are subject to international embargo, while it stipulated that usage is for “national-security purposes only”
FinFisher is particularly disturbing example, the program tricks BlackBerry owners into installing it on their device where it is then able to “to monitor all communications, including [texts], email and BlackBerry Messenger”. There are also products for Apple and Google devices, although the former has subsequently released updates to provide security against it.
The vast majority of companies featured by the WSJ — which split firms by hacking, interception, data analysis, web scraping and anonymity — declined to comment for the article. However, one, Klaus Mochalski, co-founder of web traffic analyser ipoque, admitted to there being a difficulty when ensuring that technology does not fall into the wrong hands:
This is the dilemma. It’s like a knife. You can always cut vegetables but you can also kill your neighbor.
While the US government is currently investigating Chinese telecom firms Huawei and ZTE over the potential threat that their growing presence in the American market poses the country at large, perhaps it should look into its own firms too?
It is clear from the Wall Street Journal‘s report that, though most firms avoid embargoed international markets, China — which is thought to be a source of recent cyber attacks — is a major market for many of the products.
There is no doubt that Internet surveillance is an important part of the world today and that these solutions are need for legitimate purposes — such as cracking down on fraud and criminal activity — however the sale, distribution and usage in certain parts of the world is concerning.
➤ Surveillance catalog | Projects, Wall Street Journal