Snowden leak: How UK spies attacked delegations to the 2009 G20

On the eve of the G8 summit (taking place in a specially prepared Potemkin village in N. Ireland), the Guardian has published another Edward Snowden leak, this one describing how the UK spying agency GCHQ aggressively spied upon delegates to the G20 summit in 2009. According to the documents, UK spies attacked foreign delegates by "reading their email before they do" intercepting their BlackBerry messages and calls in real-time; capturing logins at special Internet cafes so as to spy on delegations after the event; getting NSA reports on attempts to crack Russian PM Dmitry Medvedev's satellite calls; and continuously logging and analyzing who was calling whom.

The report suggests that British delegation was briefed throughout, and that the operation was "sanctioned in principle at a senior level in the government of the then prime minister, Gordon Brown.

A briefing paper dated 20 January 2009 records advice given by GCHQ officials to their director, Sir Iain Lobban, who was planning to meet the then foreign secretary, David Miliband. The officials summarised Brown's aims for the meeting of G20 heads of state due to begin on 2 April, which was attempting to deal with the economic aftermath of the 2008 banking crisis. The briefing paper added: "The GCHQ intent is to ensure that intelligence relevant to HMG's desired outcomes for its presidency of the G20 reaches customers at the right time and in a form which allows them to make full use of it." Two documents explicitly refer to the intelligence product being passed to "ministers".

According to the material seen by the Guardian, GCHQ generated this product by attacking both the computers and the telephones of delegates.

One document refers to a tactic which was "used a lot in recent UK conference, eg G20". The tactic, which is identified by an internal codeword which the Guardian is not revealing, is defined in an internal glossary as "active collection against an email account that acquires mail messages without removing them from the remote server". A PowerPoint slide explains that this means "reading people's email before/as they do".

The same document also refers to GCHQ, MI6 and others setting up internet cafes which "were able to extract key logging info, providing creds for delegates, meaning we have sustained intelligence options against them even after conference has finished". This appears to be a reference to acquiring delegates' online login details.

Another document summarises a sustained campaign to penetrate South African computers, recording that they gained access to the network of their foreign ministry, "investigated phone lines used by High Commission in London" and "retrieved documents including briefings for South African delegates to G20 and G8 meetings". (South Africa is a member of the G20 group and has observer status at G8 meetings.)

I love that BlackBerrys are singled out as especially easy to intercept, something that is widely rumored. The entire piece is amazing, with specific revelations of spying. I'd love to know what the G8 delegations are making of all this as they head to NI. Perhaps GCHQ could tell us?

GCHQ intercepted foreign politicians' communications at G20 summits [Ewen MacAskill, Nick Davies, Nick Hopkins, Julian Borger and James Ball/The Guardian]


      1. Same reason anything ends up on slides… You’ve got to report to top management at one point or another!

        1. I’d always thought spies would communicate sitting on benches pretending to look at ducks in St James Park.

      2. Powerpoint is the primary medium of communication for office workers. I’ve seen all sorts.

        I don’t think it’s any more strange to see shocking truths than it is a single screenshot in a ppt file.

  1. Well, shit…this is what our spies are supposed to do, right? Spy on OTHER COUNTRIES? If nothing else, keeps the damn spies out of OUR hair for a bit, no? 

    1. Well, yes, but the excuse for spending so much money and political capital on doing it is always “it makes us safe from der Bad Peeplez”, not “actually we like reading our allies’ emails while we negotiate”.  The latter is much more honest – but not the official story, so they should be called on it.

      (This is why better HumInt is important.  It’s not only much better on the ground, it’s also much harder to abuse for this kind of crap.  Unfortunately it’s also expensive and hard work, so guess what happens…)

    2. If you agree with this, you agree the other side? Other Countries spies on yours? Otherwise, your logic is flawed

      1. I wouldn’t go so far as to say I’d be happy with the other guys spying on our diplomats, but I fully expect they are or are at least attempting to. Not spying on diplomats if you can get away with it would be stupid. Of course, in this case, the UK didn’t exactly get away with it… 

        1. France in particular is notorious for conducting industrial espionage on allies.  According to one WikiLeaks cable “French espionage is so widespread that the damages (it causes) the German economy are larger as a whole than those caused by China or Russia,” 

  2. And so… all this spying is only ever use to fight terrorism right? No one would ever think to use it for private financial gain, would they? Huh?

    1. Certainly not a government looking at crippling debt levels in the post-financial crash world

  3. We who need no security use crypto. Why don’t those who do need it use it? Oh, that’s right: escalating crypto wars, in which everybody adopts 4096-bit, and suddenly nobody can intercept useful stuff. Wait, is that why? Gentlemen’s agreement?

    People are stupid.

    1. Diplomats and heads of state are habitually lax on operational security. Each time the spies learn a new trick, it takes a while for the counter-intelligence types to get their own high-ranking officials and their entourages up to speed. Believe me when I say that this is only the middle of the beginning of a new crypto arms race that began back in the 90’s.

      1. It would be more accurate to say “people” are habitually lax on operational security.  Hell, it takes longer to get good at security than most heads of state spend in office.

        1.  I and my pirate comrades would be willing to teach, but then all the email leaks of badguys- like the stratfor or hbgary archive- would never happen again.

          Ah, the tradeoffs.

          … I think it’s time I host another crypto-party.

    2. I’ve personally hacked 1024 encryption in a certain product about 3 or 4 different ways.  Most of the hacks were side-channel attacks where we went around the encryption, but when they fixed those holes, we brute-forced the answer using a dozen machines over a weekend – it was so quick because we exploited their pathetically bad RNG that had much less than 1024 bits of entropy. “Better” encryption isn’t always the answer.

      1. What’s the line? The files are only as secure as you password?

        With larger crypto, longer, more complex passwords are needed. Yeah, I’ll admit it. I use diceware to generate some phrases, throw in some salts, and I hope to god that nobody brute forces it in the next year.

        After that, I really don’t care.

        Crypto won’t be secure forever. Brute-force attacks will eventually make it useless. But for keeping things hidden temporarily? Bring in the crypto.

        1. The US has been spying on UN delegates since the UN was founded.  One of the reasons why the US pushed for locating UN headquarters in New York was to make it easy for the US to spy on everyone.

    1. The NSA are no better than Hitler… that’s Tommy Hitler of Tommy Hitler and Son, the Billesdon sign writer. His use of Comic Sans and Shatter are truly egregious. 

  4. Ah, so they all thought they were part of the ‘boys club’…we’re all buddies, participating in the same sh*t…entitled as we are.
    Time to grow up boys…the rest of us know what goes on…you’re not immune.

  5. One of the stories we were being told during and after the Tottenham riots was that Blackberry BBM was secure and controlling the riots was harder because this was the comms tool of choice for the gangs. How does that square with this story? GCHQ can intercept BBM, but the Police can’t?

    1. I guess that spying on G8 gives you a manageable set of targets, while spying on London is a tad more time consuming.

      1. Plus:

        1. the delegates were probably using email rather than BBM
        2. I imagine GCHQ has *much* more power/technology for comms interception, etc. than the police.

  6. I would say I am exactly like a ship carrying a cargo that will never reach any port. As long as I am alive, that ship will always be at sea, so to speak

  7. Snowden’s got a strategy and this is a part of it:  divide and conquer. is leading with this, and is talking about Prince Philip luckily leaving hospital after 11 days.

  8. At least it’s not newspapers hacking minor celebrities’ voice-mails.  That would be criminal.

  9. United Nations Universal Declaration of Human Rights:

    Article 12.

    No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.

    Article 5.

    No one shall be subjected to torture or to cruel, inhuman or degrading treatment or punishment.

    Article 19.

    Everyone has the right to freedom of opinion and expression; this right includes freedom to hold opinions without interference and to seek, receive and impart information and ideas through any media and regardless of frontiers. (Note: Snowden’s remarks ARE HIS OPINIONS – Snowden has NOT RELEASED ANY PROOF i.e. stolen documents, etc. The U.S. Government is attacking Snowden SOLELY FOR WHAT HE SAID AS HIS OPINION. )

    Article 8.

    Everyone has the right to an effective remedy by the competent national tribunals for acts violating the fundamental rights granted him by the constitution or by law. (Note: That would be the U.S. Constitution which Snowden is DEFENDING and the U.S. Government is attacking.)

    Article 14.

    (1) Everyone has the right to seek and to enjoy in other countries asylum from persecution.
    (2) This right may not be invoked in the case of prosecutions genuinely arising from non-political crimes or from acts contrary to the purposes and principles of the United Nations.

    1. The US hasn’t paid much attention to its international obligations lately. Unless it’s likely to get us permanent military bases in a strategic location.

      1. Actually, it’s not “lately”. When you study political sciences, this is actually what you learn from very pro-US professors, internationally: the US policy is, and always was, and maybe always will be, to follow multilateral agreements only as far as it’s useful for the US.

        No irony or sarcasm contained so far.

        Bilateral agreements, sometimes secret, are far more a Bismarck, ehm, US of A thing.

  10. defined in an internal glossary as “active collection against an email
    account that acquires mail messages without removing them from the
    remote server”

    I have one of those, it’s called IMAP isn’t it?

    1. It’s funny isn’t it. It reminds me of trying to explain to people that if someone gets their email password, they can read their email forever and they’ll never know about it. 
      “So if they get the password they can hack the account?”
      “Oh, god.”

  11. Any news on any government protesting against this and threating to leave these meetings?

  12. Are we actually surprised by this? The basic purpose of spy agencies to spy on foreign governments. Unsavoury or not, is there any suggestion that GCHQ did something “improper” or out of line with its remit here? Is there any suggestion that foreign powers are not engaged in the same tactics? 

    I think that civil liberties aside, the economic argument against mass surveillance is most likely that GCHQ and the NSA can’t know that they adequately defend the data they collect. If we go out on a stretch and assume everyone at the NSA and CGHQ are genuine patriots who ignore the data they collect on their own citizens, even the fact that they collect the data would be of immense interest to foreign powers interested in economic espionage. I would expect China and Russia to be infiltrating these programs and using the “inadvertent” data to their advantage in the market and in world affairs. How can we know the system is watertight? – The existence of Snowden shows that the system isn’t perfect – Cheney might actually be right that he’s working for the Chinese.

    You could say that domestic phone collection raises civil liberties questions, but spying on foreign governments is actually the purpose of the NSA and of GCHQ – why is Snowden now revealing information about actions that are indisputably within the spirit and purpose of these agencies? I think this revelation makes him more deserving of being hunted down and imprisoned than if he had just kept to revealing the phone tapping / metadata collection policy which has a civil liberties component.

    1. The basic purpose of spy agencies to spy on foreign governments.

      Maybe it’s time to stop saying, “That’s just the way it is because that’s just the way it is,” and to reevaluate whether we want to pour time, money and civil rights into the ever-expanding spy industry.

  13. i must be missing something because i can’t find the part where blackberry gets singled out as being especially easy to intercept. rather, all i can find is the suggestion that they are especially relevant to intercepting the communications of the target population – perhaps because most of them were using blackberry smart phones, which in turn may very well be because blackberry was more secure than the alternatives. nothing is perfectly secure, though. the strongest ant can still be squashed under my foot.

Comments are closed.