OWNI.eu

Taking as a starting point brochures and internal documents made public last week by WikiLeaks, OWNI guides you through an average day spent under surveillance. This realistic account provides a non-exhaustive overview of the types of technology sold by surveillance weapons dealers, a global market worth five billion dollars a year.

07:15 – Awoken by your smartphone’s alarm clock. Enter your pincode and switch it on. It’s now the perfect spy. Hacking Team, an Italian company, offers to remotely install software compatible with most operating systems (iPhone, BlackBerry, Windows Phone). Remotely activated, this software can take control of the phone without the user having any idea (see video below from the Bureau of Investigative Journalism).

Katrin Verclas, co-founder of MobileActive.org, a network for activists who make use of smartphones as part of their projects, explains:

There are numerous vendors who supply ‘spyware’ that, when installed directly or remotely on a person’s mobile device can (…) even remotely activate a mobile’s microphone to act as a clandestine listening device..

8:30 – Head to the office with your mobile phone in your pocket, the perfect spot to keep track of you. Without using a physical device, a smartphone can also be made to record a route or specify a precise geographical position, a service offered by Hacking Team.

SPEI, a German company, has created Sleuth-Hound Software, which allows a person to “remotely control and view the GPS position of one or more GPS tracking device.” Routes can be viewed on “Google Earth, Microsoft MapPoint, Navigator 7…” all on “an easy to use interface.”

Incoming and outgoing calls, whether they last a few seconds or several minutes, provide a wealth of information. First, they can be intercepted. Shoghi Communications in India offer systems for the “total surveillance of traffic, including SMS and calls from the target phone.” Next, the vocal spectrum can be analyzed, allowing for identification of specific callers. The Czech company Phonexia are capable of determining both the gender and the age of the caller. They achieve this by detecting keywords in the dialogue. But their system barely scratches the surface of current possibilities, according to Simon Davies, managing director of the NGO Privacy International:

Newer systems being marketed to security agencies employ characteristics such as rhythm, speed, modulation and intonation, based on personality type and parental influence; and semantics, idiolects, pronunciations and idiosyncrasies related to birthplace, socioeconomic status, and education level.

See what users are seeing

9:30 – At the office, on your desktop or laptop computer, connected to the Internet. Once again you’re a target for surveillance weapons dealers. The US company SS8 boasts of having developed methods to “see what [users] are seeing in real time.”

Log on to your social networks. SS8’s Intellego device uses Social Network Analysis (SNA) model which is capable of analysing “the number of connections between different individuals or groups, the proximity of different individuals or groups to one another, the intensity of these connections, the degree of influence a person might have on his or her community, or the manner in which behaviors and ideas propagate across a network,” according to Solon Barocas, a PhD student at NYU. Intellego formats and reorganizes the data intercepted from social networks:

Intellego automates the process of generating the social network analysis and graph. Each individual, website, email address or target is represented as a node. Each communication event that connects two nodes is represented as an edge.

DigiTask, a German company, has created a WiFi Catcher which can intercept all traffic passing through a network. Adapted for mobile use, Wifi Catcher can be “used discreetly on public hotspots simply by placing a small receiver unit close to the target (…) or remotely with large directional antennas.” And many manufacturers offer it for ADSL networks. Such as the Israeli company Trace Span and their DSL Phantom, which they describe as “completely non-intrusive, allowing the agencies responsible for security to monitor information without being detected.”

Mass surveillance system

The French company Amesys sold Eagle, an “extensive system designed to meet the needs of interception and monitoring on a national level [and] capable of aggregating any type of information [and] analyzing it, in real time, [creating] a national data feed, from a few terabytes to may tens of petabytes.” Entire networks can be affected by DPI, Deep Packet Inspection, a dual-use technology used to measure the quality of a network, or to filter and censor it. This technology is available from the French company Qosmos or the German company Ipoque.

Even supposedly secure connections, those protected by the famous SSL protocol which reassures us when we’re making a payment online, can be infiltrated. Packet Forensics, headquartered in Arizona, has developed “Man-in-the-middle”. Its particular strength is intercepting any communication “within Secure Socket Layer (SSL) or Transport Layer Security (TLS) sessions.”

19:00 – Before leaving the office, carry out a software update. This is one of the ways that DigiTask found to “overcome encryption, handle nomadic targets, monitor activity”. The software surreptitiously developed by “the German market leader” can be installed via “software updates”.

Disconnect from the Internet, and switch off the computer. Digital forensics can bring them back to life: deleted files, web browsing history, etc. Cellebrite, an Israeli company, offers Ufed Logical, the same service adapted for smartphones.

23:30 – Leave your smartphone on standby. Even in this state, it can still record the conversations going on around it.

Off to sleep, with someone watching over you.

Read more about the Spy Files on Owni.eu.