Wikileaks details how NZ spies will work

17:00, Sep 07 2013

Confidential new security industry documents released by Wikileaks reveal details of the kinds of surveillance systems that will be used in New Zealand under the controversial GCSB act.

The documents include operating manuals, promotional material and invoices from companies specialising in internet and telecommunications spying equipment.

This includes equipment for "mass monitoring", "tactical internet monitoring", "deep packet inspection" and "data warehousing". British, German and Swiss companies promised to "fulfil the customer's needs" for "massive data interception and retention".

Special off-the-shelf systems also provide governments with speech identification, facial recognition and number plate recognition technology.

The Government Communications Security Bureau Act passed in Parliament by 61 votes to 59 two weeks ago after months of controversy including mass public protests.

The laws were drafted in the wake of a succession of blunders by the GCSB, New Zealand's foreign intelligence agency, which included illegally spying on German internet entrepreneur Kim Dotcom.


The new legislation gives it the power to spy on New Zealanders.

The documents outlining just how that spying will be conducted are now publicly accessible on the Wikileaks website. The US government tried to close Wikileaks after its massive leak of US embassy cables and military reports in 2010. However, the whistle-blowing website continues to operate and this is the fourth major leak since then.

The latest leaks reinforce the Edward Snowden revelations about US mass surveillance systems. Wikileaks has been supporting and cooperating with Snowden.

The Sunday Star-Times is one of a small number of global media organisations given advance access to the documents by Wikileaks.

Julian Assange said in a press release that the leak is part of Wikileaks' "ongoing commitment to shining a light on the secretive mass surveillance industry". He said the sensitive sales brochures and presentations were being "used to woo state intelligence agencies into buying mass surveillance services and technologies".

The focus of the documents is internet spying technologies, but the documents also detail bulk interception methods for voice, SMS, MMS, email, fax and satellite phone communications, "the ability to analyse web and mobile interceptions in real-time".

One of the specialty services revealed in the documents is called "intrusion solutions". These are computer systems that allow a government to hack into private computers.

For instance, a company called Dreamlab Technologies produces a system called "Finfly iProxy", which is like a computer virus or "trojan" used to enter people's computers when they are downloading information off the internet.

One system, which was designed to cover two internet exchanges in the Gulf state of Oman, was "used to infect binaries [non-text files] downloaded from the internet by the configured target".

The system also had an "update infection mode", entering people's computers when their computers searched for updates to iTunes and other software. Once the computer is hacked, it will automatically send back the users' information to the government agencies.

Finfly was found by human rights activists during a search of an Egyptian intelligence agency after the 2011 overthrow of Mubarak. It was also discovered in Bahrain where it was apparently being used to target political opponents.

The internet monitoring equipment falls into three main types. First, there are "probes" that tap into and and automatically search the major trunk lines of the internet, many of which pass over US and British territory.

Second is what the documents call "LI" operations (Lawful Interception), which are systems like Prism for tapping into private Internet companies. Third is the state-organised computer hacking.

New Zealand's electronic spy agency, GCSB, has legal powers to conduct all three of these types of operations.

Sunday Star Times