Wednesday, July 29, 2015

Pakistan Boosts Electronic Surveillance to Fight Terror

Pakistan is building digital surveillance capacity to rival America's NSA with broad public support in the country, according to a report by London-based Privacy International.

"Attacks against civilian targets in Pakistan’s cities have also fed popular support for communications surveillance and other efforts to register and monitor the civilian population, including national databases and mandatory SIM card registration", says the report. Pakistan requires universal SIM card registration by fingerprint, and maintains a national biometric ID database.

Pakistan has seen nearly 60,000 of its citizens die in incidents of terrorism since the US invasion of Afghanistan in 2002, according to data reported by South Asia Terrorism Portal (SATP). What is happening in the country now follows a familiar pattern seen elsewhere in the world: Faced with growing terror threat, people are willing to trade privacy for security.

Like the US National Security Agency (NSA) surveillance program, the Pakistani effort includes both voice and data communications. Over 70 per cent of the country's population uses mobile phones, and an estimated 11 per cent of the population has internet access, the report says. This makes surveillance in Pakistan advanced and comprehensive as there are currently 50 operational internet providers and five mobile phone operators. Pakistan government has acquired technology and purchased equipment for surveillance from local as well as some foreign companies such as Ericsson, Alcatel, Huawei, SS8 and Utimaco. Here's an excerpt from the report:

"In June 2013, the Inter-Services Intelligence (ISI), Pakistan’s best known intelligence agency, sought to develop a mass surveillance system by directly tapping the main fibreoptic cables entering Pakistan that carried most of the nation’s network communication data. The confidential request for proposals outlines a “Targeted IP Monitoring System and COE [Common Operations Environments]” that aimed to capture and store approximately 660 gigabits of internet protocol (IP) traffic per second under ISI control. This system would make available virtually all of the nation’s domestic and international communications data for scrutiny, the most significant expansion of the government’s capacity to conduct mass surveillance to date. The total intake of data every second sought by Pakistan in the proposal document would rival some of the world’s most powerful surveillance programmes, including the UK’s ‘Tempora’ and US’ ‘Upstream’ programmes. What the ISI wanted to build, according to the request for proposals, was a complete surveillance system that would capture mobile communications data, including Wi-Fi, all broadband internet traffic, and any data transmitted over 3G. According to the documents, the interception activities were to be “seamless” and “must not be detectable or visible to the subscriber”.

Source: South Asia Terrorism Portal

Pakistan has seen a significant decline in terror-related deaths in the last two years. Civilian death toll has declined from 3001 in 2013 to 1781 in 2014 and 577 so far this year, according to SATP. It's attributed mainly to the launch of Pakistan Army's Operation Zarb e Azb against militants in 2013. It is believed that increased electronic surveillance has probably contributed to at least some of this success in reducing death toll.

Related Links:

Haq's Musings

Pakistan's Biometric Registration Database

Operation Zarb e Azb Launch

Ex Indian Spy Documents RAW's Successes in Pakistan

Intelligence Failures in Preventing Daily Carnage in Pakistan

What If Musharraf Had Said NO to US After 911?

Pakistani Computer Scientist Fights Terror

Pakistani Killer Drones to Support Anti-Terror Campaign

3G 4G Rollout Spurs Data Services Boom in Pakistan

Fiber Optic Connectivity in Pakistan


Syed Qasim Abbas said...

not something to be proud of

Riaz Haq said...

#US #NSA used #malware to spy on #Pakistani civilian, military leadership. #Pakistan #NSAhack #Snowden

The United States' clandestine National Security Agency (NSA) allegedly spied on top civil-military leadership in Pakistan using malware, The Intercept reported.

Malware SECONDDATE allegedly built by the NSA was used by agency hackers to breach "targets in Pakistan’s National Telecommunications Corporation’s (NTC) VIP Division", which contained documents pertaining to "the backbone of Pakistan’s Green Line communications network" used by "civilian and military leadership", according to an April 2013 presentation document obtained by The Intercept.

The file appears to be a 'top secret' presentation originating from the NSA's SigDev division.

SECONDDATE is described as a tool that intercepts web requests and redirects browsers on target computers to an NSA web server. The server then infects the web requests with malware.

The malware server, also known as FOXACID, has been described in earlier leaks made by former NSA contractor Edward Snowden.

SECONDDATE, however, is just one method the NSA allegedly uses to redirect a target's browser to the FOXACID server. Others involve exploiting bugs in commonly used email providers by sending spam or malicious links that lead to the server, The Intercept said.

Another document obtained by The Intercept, an NSA Special Source Operations division newsletter describes how agency software other than SECONDDATE was used to repeatedly direct targets in Pakistan to the FOXACID servers to infect target computers.

The Intercept confirmed the "authenticity" of the SECONDDATE malware by means of a data leak reportedly made by Snowden.

Snowden released a classified top-secret agency draft manual for implanting malware which instructs NSA operators to track their use of a malware programme through a 16-character string ─ the same string which appears in the SECONDDATE code leaked by a group called ShadowBrokers.

ShadowBrokers last week announced that SECONDDATE was part of a group of NSA-built 'cyber weapons' that it was auctioning off.

Although it is unclear how the code for the software leaked and was obtained by ShadowBrokers, The Intercept claims "the malware is covered with NSA's virtual fingerprints and clearly originates from the agency".

The ShadowBrokers auction of SECONDDATE is the first time any full copies of NSA software have been made available to the public.

"The person or persons who stole this information might have used them against us," Johns Hopkins University cryptographer Matthew Green said on the dangers of such software becoming available to the public.

Speaking to The Intercept, Green said that such exploits could be used to target anyone using a vulnerable router. "This is the equivalent of leaving lockpicking tools lying around a high school cafeteria. It’s worse, in fact, because many of these exploits are not available through any other means, so they’re just now coming to the attention of the firewall and router manufacturers that need to fix them, as well as the customers that are vulnerable."

The Intercept has in the past published a number of reports from documents released by Snowden. The site’s editors include Glenn Greenwald, who won a Pulitzer Prize for his work in reporting on the whistleblower’s revelations.