Turkmenistan and Oman may have installed active intrusion espionage systems in 2010, according to documents leaked by whistleblowing organisation Wikileaks in part 3 of its Spy Files.
Documents leaked on September 4 include a presentation deck made to Turkmenistan authorities by a company called Dreamlabs plugging FinFisher, a solution that includes both active infection and monitoring to both the country’s fixed-line (dial-up and ADSL) Turkmen Telecom and cellular TM Cell networks.
A subsequent quotation to fit both networks with infection nodes, monitoring equipment and support and training came out at exactly 847,819.70 Swiss Francs ($905,000).
The documents suggest that FinFisher goes beyond just passive monitoring of network traffic and includes tools to remotely infect target PCs over the LAN or via an infected USB drive as well as tools to break Windows password protection.
A leaked purchase order showed another similar project with two infection nodes sold to Oman for 408,743.55 Francs ($436,000) back in June, 2010.
Dreamlabs FinFisher tactical intrusion solutions start at €25,200 ($33,000). Remote infection tools cost another €25,000 for LAN-based intrusion or just €3,500 for five USB dongles, presumingly loaded with trojans to infiltrate a PC.
The Spy Files are, in the words of Wikileaks publisher Julian Assange, “detailing and explaining how secretive state intelligence agencies are merging with the corporate world in their bid to harvest all human electronic communication.”
Documents in Spy Files 3 include sensitive sales brochures and presentations used to woo state intelligence agencies into buying mass surveillance services and technologies. Spy Files 3 also includes contracts and deployment documents, detailing specifics on how certain systems are installed and operated.
Internet spying technologies now being sold on the intelligence market include detecting encrypted and obfuscated internet usage such as Skype, BitTorrent, VPN, SSH and SSL. The documents reveal how contractors work with intelligence and policing agencies to obtain decryption keys.
The documents also detail bulk interception methods for voice, SMS, MMS, email, fax and satellite phone communications. The released documents also show intelligence contractors selling the ability to analyse web and mobile interceptions in real-time.
Among the documents are many from a company called NetOptics selling a range of tapping equipment for copper and fiber. Its regeneration taps monitor network traffic without themselves using an IP address and with zero power loss to the tapped Ethernet cable, making them impossible to detect.
Even big names like HP and Ericsson were not spared in this round of leaks, though these companies solutions were clearly aimed at more proper uses.
HP had a big-data analytics solution called TimeBox Event Visualization that allowed events to be viewed in the context of a timeline, map or both. One example screenshot clearly said, “Militant captured by coalition (NATO)” suggesting its field of use.
Troubled HP subsidiary Autonomy was also showcased for its big data analysis tools aimed at everything from monitoring roads and airports to providing insight in crime investigations by analysing communication logs.
Ericsson had a slide deck leaked for its Cellnet Drop 2 interception system. The system allows for calls to be routed through a separate network where law enforcement can monitor. However many pages of the training material were related to warrant management, with the system unable to continue monitoring a call after an interception warrant was revoked or had expired.