Whistleblower Edward Snowden, by spilling the beans on the US National Intelligence Agency’s snooping on the cellphones of 36 foreign leaders, forced would-be investigators like the German federal prosecutor to venture into terra incognita – the arcane world of cyber warfare and defense technology for solutions, says DEBKA Weekly’s cyber expert.
Last Wednesday, June 4, German federal prosecutor Harold Range announced that, after finding “sufficient factual evidence that unknown members of US intelligence services spied on the mobile phone of Chancellor Angela Merkel," he had ordered a formal investigation.
"The operation of a foreign intelligence service's secret agents is a criminal offense in Germany," Range told reporters, whether it is conducted by a friend or some other nation.
The chancellor’s cell phone number had been on a special list of an NSA unit known as the Special Collection Service (SCS) since 2002. Merkel expressed outrage at the time of the discovery and accused Washington of a grave breach of trust.
Federal prosecutor Range will have his work cut out for him, because he can’t expect much cooperation from his own country’s intelligence services, the BFV for internal threats and the BND for external threats, because they, like every other world agency, have their own games of reciprocal espionage to conceal, many played in close rapport with the US. Quite simply, they are all, friends and foes alike, spying on each other.
The key is planted in Germany’s own communications networks
Nonetheless, if the German federal prosecutor is intent on going ahead with his probe, in response to the chancellor’s anger and popular resentment, he is advised by our cyber expert to start digging for the key and core of the NSA system of invasion inside the personal computers of the engineers of the main four cellular communication companies (Deutsche Telecom, Vodaphone, KPN and Telefonica), one of which the Chancellor most likely uses.
He is likely to uncover NSA infiltration capabilities secretly planted in many of those computers, particularly those belonging to engineers with high levels of daily access to the technological systems.
By that device, the invader has turned the engineers’ computers without their knowledge into “bridgeheads” which opened the door for US espionage and intelligence agencies to stroll straight into Germany’s engineering cellular core networks.
Those engineers were in fact recruited willy-nilly as NSA agents – simply by unknowingly replacing hardware components in their networks with parts made in the USA that were secretly pretreated by the US agency for use in eavesdropping.
Or they may have unwittingly opened an email to which an “interesting” link was attached and again, unintentionally, helped the NSA covertly invade the local cellular networks, by planting a malicious program in their cellular system.
A map of Merkel’s connections and full SIGINT picture
As soon as the bridgehead was set up, NSA engineers could make free of Germany’s cellular networks: Snoop on Chancellor Merkel or anyone else’s phone calls on that network; obtain GPS information on a user’s precise whereabouts or, still more radically, plant Malware from afar, by sending a seemingly innocuous SMS to the Chancellor’s cell phone and thus permanently “enslaving” it to the NSA.
Once the hostile takeover of Merkel’s phone was completed, her communications were an open book to NSA engineers spying from afar: Every call could be tapped, every message perused, along with all her emails, transmitted images and their entire browsing history.
The phone’s location and its user could be tracked at all times, providing priceless inside information on whom the Chancellor speaks to, when, and for how long – so as to draw a detailed map of her connections and other personal data.
This information would flow to NSA headquarters instantaneously, ready to be decrcypted, analyzed, recorded and preserved.
By this technological penetration of all four German cellular communications systems, gave the United States total control of all networks (barring military communications) and a complete picture of one of the most critical facets of SIGINT (communications data).
Germany targeted as European communications hub
There are other ways to follow a single cell phone and intercept its content. But interception of the chancellor’s communications, which are protected by high-level state security, was a special challenge. Deep penetration of the German Internet and communications networks was essential for the US to obtain a full SIGINT picture, from the cyber perspective, of the German government and its leaders, its economy and its military.
Germany is a major communications hub and the volume of its Internet traffic is tremendous. Centers in Hamburg, Frankfurt, Cologne and Dusseldorf serve 80 million Germans as well as millions more people over a large swathe of Europe.
The extra-high security of these Internet junctions, as well as their efficiency and high-performance, attracts, in addition to local ISP (Internet Service Providers), many customers from around the world, whether as a substitute for the substandard services in their own countries, or as reliable backup for important and sensitive messaging supplied by a DRP (Disaster Recovery Plan).
This massive computer and communication’s system is stored in vast spaces deep underground and given the tight protection of highly-classified facilities that are kept off-limits to unauthorized entry.
Secret Berlin parliament probe of blanket surveillance
The companies that store and relay the German Internet information (including CETel and IABG which were mentioned in the leaked Snowden document) are connected to the worldwide information highway, as well as to internal German infrastructure, by an extensive network of fiber-optic cables backed up by satellite antennas.
Essentially, all of Germany’s Internet traffic, as well as that of much of Europe, passes through these communications centers, which is why they are a main target for US espionage agencies.
The leaked Snowden document mapped the “access roads” to these Internet and communications junctions and noted the need to recruit engineers and system administrators to unwittingly serve as back door to the heart of the German Internet system under the unseen direction of NSA agents.
Federal prosecutor Range decided against a formal inquiry into the massive surveillance performed from Germany by US and British intelligence, for “lack of proof.” But separately, the German parliament earlier this year launched a secret probe into documents leaked by Snowden about blanket surveillance by America’s "Five Eyes" network — which also includes Britain, Canada, Australia and New Zealand.
Very little of this spying is done with the knowledge and approval of the German government; most is carried out in “darkness.”
The NSA’s Malware catalog of “implants” for “injection”
Another document leaked by Snowden indicated that the NSA’s Office of Tailored Access Operations-TAO, in charge of finding SIGINT solutions for modern intelligence needs, supplied the tools, methods and know-how for this complex intelligence operation.
A top-secret “catalog” is available to select NSA employees for Malware programs (one was called “fox acid” and accompanied by a comical drawing) for “injection” into targeted complex computer systems to enable their takeover by remote control.
The catalog terms these devices “implants” – computer components that have been “pre-treated” in NSA laboratories and then implanted in the network to allow back door access to NSA engineers into the data bases and computer systems at the main German Internet crossroads.
Since most of the hardware used in the IT-Information Technology world is American made – by IBP, HP, Cisco and other companies – it would be relatively easy for US intelligence agencies to gain access to them and install implants.
The TAO’s symbol is actually featured on the front page of its catalog of products: “TAO Inside” (with the logo and graphics “borrowed” from the “Intel Inside” label). The slogan and logo alone attest to US spy agencies’ activities as invaders of entire computer systems.