Where governments get their cyber weapons

Documents obtained by The Wall Street Journal open a rare window into a new global market for the off-the-shelf surveillance technology that has arisen in the decade since the terrorist attacks of Sept. 11, 2001.

The techniques described in the trove of 200-plus marketing documents include hacking tools that enable governments to break into people’s computers and cellphones, and “massive intercept” gear that can gather all Internet communications in a country.

The documents—the highlights of which are cataloged and searchable here—were obtained from attendees of a secretive surveillance conference held near Washington, D.C.

hacking-team-remote-control-system-p3-normal

cyber weapons

Several companies offer tools that use techniques commonly associated with “black-hat hacking” and “malware” — methods and software that often are used to steal data such as financial information. Here, a company called HackingTeam is emphasizing that its tools can be used to target very large numbers of people — “hundreds of thousands.”

merged-finfly-web-p2-normal

FinFisher documentation says the product can infect computers by falsifying websites or updates of popular software and getting the user to download its software. This remote monitoring software can then monitor what the user is doing on the Internet — including emails, Web surfing and even transfer of sensitive documents.

FinFisher documentation says its tools can be used to break into systems by companies such as Microsoft Corp. and Apple Inc. An Apple spokeswoman told the Journal that the company “actively works to find and fix any issues that could compromise their systems.” Microsoft declined to comment.

To infect target computers, Vupen says it seeks vulnerabilities in some of the most popular software in the world, including software that typically runs on servers as well as personal computers. The company says it has restrictions on where it sells its products and that its research must be used for national-security purposes only.

documents-266211-onpath-technologies-lawful-p2-normal

As the Internet has grown to handle more data, monitoring companies have had to keep up. Interception now can mean taking all the traffic from the Internet backbone and funneling it through devices that inspect the packets of data, determine what is inside them, and make decisions about whether to copy them for law enforcement.

berkeley-varitronics-systems-cellphone-detection-p1-normal

Other tools can find cellphones by detecting the signal themselves and finding the phones’ location.

eti-group-communications-intelligence-p4-normal

The large amount of data being collected through surveillance and other methods now means that powerful software is required to sort, store and analyze all the information. Data analysis companies often emphasize their ability to sift data from a variety of sources and put it together to make a complete picture of suspects or find patterns that might not be noticeable from just one set of data.

Linguistic analysis is a hot area in national security, where agents must comb through mountains of documents from online and elsewhere. Among the challenges: automatically parsing the meaning of identical words depending on context, and handling a variety of languages.

Social network analysis is key in finding new suspects and relationships in complicated groups. This type of analysis doesn’t necessarily involve Facebook or other sites that many people think of as a “social network.” In fact, a social network can be determined by analyzing things like emails or other communications as well.

When wiretaps are done at a massive scale, computers are required to sift through the voices and determine what is being discussed. Software makers advertise their programs’ ability to decipher speech in different languages and determine the specific words being said, as well as the general topic being discussed and in some cases who is talking.

OSINT, or open source intelligence, involves gathering and analyzing data from publicly available sources, such as government records, media, and social-networking and user-generated Web content.

Web scrapers must gather massive amounts of information, store it and sort it so it can be used by analysts. Among the most important types of data: social networking sites.

Anonymity products are a niche market in the surveillance field; The Wall Street Journal saw only one company focusing on this type of software at a recent industry conference. But it’s important for some investigations. This type of software allows investigators to view websites or develop online profiles without disclosing their locations. Instead, investigators will appear to come from somewhere else — enabling them to more easily monitor their targets.

One of the roles of anonymity software is to disguise Internet Protocol (IP) addresses. These addresses are unique numbers assigned to devices that connect to the Internet, and they can identify where a user is coming from. In this example, IP addresses show that the person is logging in from Department of Homeland Security customs and border protection — a location that investigators might not want to reveal.

Via – http://projects.wsj.com/surveillance-catalog/#/