New revelations made by Edward Snowden suggest that GCHQ, British Spy Agency, had manipulated CISCO routers installed at central internet gateway of Pakistan (also known as Pakistan Internet Exchange or PIE) to gain access to almost any internet user and its data in Pakistan.
According to details published by Intercept, GCHQ had gained questionable warrants from government to reverse engineer various technology tools and equipment to gain access to users’ data across continents. This reverse engineering technique, which is otherwise liable to legal action as it is termed as an hacking attempt, was particularly warranted for the purpose of spying into users’ data.
This information is based on 22 new documents made public by Edward Snowden that were never released before.
GCHQ targeted various encryption and security software, anti-viruses, online forum software, hosting software, email server software, routers and other hardware that were reversed engineered to hack into network systems that granted the agency unprecedented access to masses.
Infected software include Exlade’s CrypticDisk, Acer’s eDataSecurity, vBulletin, Invision Power Board, cPanel, PostfixAdmin, Kaspersky anti-viruses, CISCO routers and other critical hardware.
Report claims that GCHQ’s reverse engineering of Cisco routers had enabled the agency not only to access almost any user of the internet inside the entire Pakistan but also to re-route selective traffic across international links toward GCHQ’s passive collection systems.
CISCO has said that it doesn’t work with any government, including the U.K. Government.
GCHQ’s Secret document published by Edward Snoden mentions:
GCHQ’s CNE operations against in-country communications switches (routers) have also benefited from SRE.
Capability against Cisco routers developed by this means has allowed a CNE presence on the Pakistan Internet Exchange which affords access to almost any user of the internet inside Pakistan.
Our presence on routers likewise allows us to re-route selected traffic across nternational links towards GCHQ’s passive collection systems.
If put in simpler words, GCHQ had/has access to each and every page that we visit, every attachment we upload, email that we send or literally anything that we do on internet. This kind of mass-interception might not seem a critical thing for a commoner but country’s top brass, or those whose data is sensitive is also prone to foreign agencies should raise serious concerns.
This is first of its kind revelation where such mass-scale intrusion into Pakistani internet users and their privacy has surfaced. We have come across various reports in the past where Pakistani phone users were targeted, however, such mass-scale internet interception has come to light only for the first time.
GCHQ had access to each and every page that we visit, every attachment we upload, email that we send or literally anything that we do on internet
Digital Rights Foundation, a non-profit organization that advocates privacy and rights of internet users, has said that this hacking operation, at a scale never previously seen before from the British intelligence agency, seriously undermines the right to privacy of all users of the internet in Pakistan.
“By targeting a key point in Pakistan’s communications infrastructure, GCHQ have put at risk the security and integrity of a significant portion of Pakistan’s communications infrastructure”, said a statement issued by the foundation.
It is still unclear if Pakistani government or security agencies are/were aware of these attacks by GCHQ, however, Digital Rights Foundation of Pakistan — in a press statement — has emphasised that Pakistan government has an obligation to protect Pakistanis right to privacy and this level of intrusion onto critical national infrastructure undermines that obligation.
There’s no way of remaining safe from GCHQ or NSA when essential and core technology equipment that we import from abroad is infected. However, Government should question these equipment makers or the British government that why such incidents had to happen.
It is of paramount importance that the government does all it can to account for this intrusion and to take meaningful steps to ensure the right to privacy in Pakistan and prevent it from being brazenly interfered with by foreign intelligence agencies, the rights organization stressed.
An ISP, while speaking with ProPakistani, said that there is not much that internet companies or even Pakistani government can do about stopping these hacking attempts. It said that only way of avoiding these intruders is to start manufacturing our own equipment, otherwise there’s no way of remaining safe when essential and core-equipment that we import from abroad is infected.
After these incidents, UK or even EU’s morality is prone to questions. Most prestigious law abiding governments and bodies doing such mass-scale violations expose west’s dual-standards and time has come when world should actually start seeing them as law breakers.