Tag Archives: Government Communications Headquarters (GCHQ)

Drone Strikes: How to Deal with Surgically Implanted Explosive Devices

Menwith Hill  a Royal Air Force station near Harrogate, North Yorkshire, England has been described as the largest electronic monitoring station in the world.

The documents, provided to the Guardian by NSA whistleblower Edward Snowden and reported in partnership with the New York Times, discuss how a joint US, UK and Australian programme codenamed Overhead supported the strike in Yemen in 2012….

British officials and ministers follow a strict policy of refusing to confirm or deny any support to the targeted killing programme, and evidence has been so scant that legal challenges have been launched on the basis of single paragraphs in news stories.

The new documents include a regular series of newsletters – titled Comet News – which are used to update GCHQ personnel on the work of Overhead, an operation based on satellite, radio and some phone collection of intelligence. Overhead began as a US operation but has operated for decades as a partnership with GCHQ and, more recently, Australian intelligence.

The GCHQ memos, which span a two-year period, set out how Yemen became a surveillance priority for Overhead in 2010, in part at the urging of the NSA, shortly after the failed 2009 Christmas Day bomb plot in which Umar Farouk Abdulmutallab attempted to detonate explosives hidden in his underpants on a transatlantic flight.  Ten months later a sophisticated plot to smuggle explosives on to aircraft concealed in printer cartridges was foiled at East Midlands airport. Both plots were the work of al-Qaida in the Arabian Peninsula (AQAP), the Yemen-based al-Qaida offshoot.

One Comet News update reveals how Overhead’s surveillance networks supported an air strike in Yemen that killed two men on 30 March 2012. The men are both described as AQAP members.  In the memo, one of the dead men is identified as Khalid Usama – who has never before been publicly named – a “doctor who pioneered using surgically implanted explosives”. The other is not identified…

US officials confirmed to Reuters in 2012 that there had been a single drone strike in Yemen on 30 March of that year. According to a database of drone strikes maintained by the not-for-profit Bureau of Investigative Journalism, the only incident in Yemen on that date targeted AQAP militants, causing between six and nine civilian casualties, including six children wounded by shrapnel.  Asked whether the strike described in the GCHQ documents was the same one as recorded in the Bureau’s database, GCHQ declined to comment.

The incident is one of more than 500 covert drone strikes and other attacks launched by the CIA and US special forces since 2002 in Pakistan, Yemen and Somalia – which are not internationally recognised battlefields.  The GCHQ documents also suggest the UK was working to build similar location-tracking capabilities in Pakistan, the country that has seen the majority of covert strikes, to support military operations “in-theatre”.

A June 2009 document indicates that GCHQ appeared to accept the expanded US definition of combat zones, referring to the agency’s ability to provide “tactical and strategic SIGINT [signals intelligence] support to military operations in-theatre, notably Iraq and Afghanistan, but increasingly Pakistan”. The document adds that in Pakistan, “new requirements are yet to be confirmed, but are both imminent and high priority”….

By this point NSA and GCHQ staff working within the UK had already prioritised surveillance of Pakistan’s tribal areas, where the majority of US covert drone strikes have been carried out. A 2008 memo lists surveillance of two specific sites and an overview of satellite-phone communications of the Federally Administered Tribal Areas, in which nearly all Pakistan drone strikes have taken place, among its key projects.

British intelligence-gathering in Pakistan is likely to have taken place for a number of reasons, not least because UK troops in Afghanistan were based in Helmand, on the Pakistani border.One of the teams involved in the geo-location of surveillance targets was codenamed “Widowmaker”, whose task was to “discover communications intelligence gaps in support of the global war on terror”, a note explains.

Illustrating the close links between the UK, US and Australian intelligence services, Widowmaker personnel are based at Menwith Hill RAF base in Yorkshire, in the north of England, in Denver, Colorado, and in Alice Springs in Australia’s Northern Territory.

Other Snowden documents discuss the difficult legal issues raised by intelligence sharing with the US….The UK has faced previous legal challenges over the issue. In 2012, the family of a tribal elder killed in Pakistan, Noor Khan, launched a court case in England in which barristers claimed GCHQ agents who shared targeting intelligence for covert strikes could be “accessory to murder”. Judges twice refused to rule on the issue on the grounds it could harm the UK’s international relations.

Excerpts from Alice Ross and James Ball,  GCHQ documents raise fresh questions over UK complicity in US drone strikes,  Guardian, June 24, 2015

Man-in-the Middle Attack: UK against Belgium

man-in-the-middle attack

According to Spiegel, documents from the archive of whistleblower Edward Snowden indicate that Britain’s GCHQ intelligence service was behind a cyber attack against Belgacom, a partly state-owned Belgian telecoms company. A “top secret” Government Communications Headquarters (GCHQ) presentation seen by SPIEGEL indicate that the goal of project, conducted under the codename “Operation Socialist,” was “to enable better exploitation of Belgacom” and to improve understanding of the provider’s infrastructure.

The presentation is undated, but another document indicates that access has been possible since 2010. The document shows that the Belgacom subsidiary Bics, a joint venture between Swisscom and South Africa’s MTN, was on the radar of the British spies.  Belgacom, whose major customers include institutions like the European Commission, the European Council and the European Parliament, ordered an internal investigation following the recent revelations about spying by the United States’ National Security Agency (NSA) and determined it had been the subject of an attack. The company then referred the incident to Belgian prosecutors. Last week, Belgian Prime Minister Elio di Rupo spoke of a “violation of the public firm’s integrity.”

When news first emerged of the cyber attack, suspicions in Belgium were initially directed at the NSA. But the presentation suggests that it was Belgium’s own European Union partner Britain that is behind “Operation Socialist,” even though the presentation indicates that the British used spying technology for the operation that the NSA had developed.  According to the slides in the GCHQ presentation, the attack was directed at several Belgacom employees and involved the planting of a highly developed attack technology referred to as a “Quantum Insert” (“QI”). It appears to be a method with which the person being targeted, without their knowledge, is redirected to websites that then plant malware on their computers that can then manipulate them. Some of the employees whose computers were infiltrated had “good access” to important parts of Belgacom’s infrastructure, and this seemed to please the British spies, according to the slides.

The documents also suggest that GCHQ continued to probe the areas of infrastructure to which the targeted employees had access. The undated presentation states that they were on the verge of accessing the Belgians’ central roaming router. The router is used to process international traffic. According to the presentation, the British wanted to use this access for complex attacks (“Man in the Middle” attacks)* on smartphone users. The head of GCHQ’s Network Analysis Centre (NAC) described Operation Socialist in the presentation as a “success.”

From Wikipedia: The man-in-the-middle attack (often abbreviated MITM, MitM, MIM, MiM, MITMA) in cryptography and computer security is a form of active eavesdropping in which the attacker makes independent connections with the victims and relays messages between them, making them believe that they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker

Belgacom Attack: Britain’s GCHQ Hacked Belgian Telecoms Firm, Der Spiegel, Sept. 20, 2013