Documents obtained by The Wall Street Journal open a rare window into a new global market for the off-the-shelf surveillance technology that has arisen in the decade since the terrorist attacks of Sept. 11, 2001.
The techniques described in the trove of 200-plus marketing documents include hacking tools that enable governments to break into people’s computers and cellphones, and “massive intercept” gear that can gather all Internet communications in a country.
The documents—the highlights of which are cataloged and searchable here—were obtained from attendees of a secretive surveillance conference held near Washington, D.C.
Several companies offer tools that use techniques commonly associated with “black-hat hacking” and “malware” — methods and software that often are used to steal data such as financial information. Here, a company called HackingTeam is emphasizing that its tools can be used to target very large numbers of people — “hundreds of thousands.”
FinFisher documentation says the product can infect computers by falsifying websites or updates of popular software and getting the user to download its software. This remote monitoring software can then monitor what the user is doing on the Internet — including emails, Web surfing and even transfer of sensitive documents.
FinFisher documentation says its tools can be used to break into systems by companies such as Microsoft Corp. and Apple Inc. An Apple spokeswoman told the Journal that the company “actively works to find and fix any issues that could compromise their systems.” Microsoft declined to comment.
To infect target computers, Vupen says it seeks vulnerabilities in some of the most popular software in the world, including software that typically runs on servers as well as personal computers. The company says it has restrictions on where it sells its products and that its research must be used for national-security purposes only.
As the Internet has grown to handle more data, monitoring companies have had to keep up. Interception now can mean taking all the traffic from the Internet backbone and funneling it through devices that inspect the packets of data, determine what is inside them, and make decisions about whether to copy them for law enforcement.
Other tools can find cellphones by detecting the signal themselves and finding the phones’ location.