ISPs in US, UK, Netherlands and South Korea are suing the UK spy agency GCHQ over its illegal attacks on their networks in the course of conducting surveillance.
The attacks were detailed in Snowden leaks, which described how the NSA and GCHQ targeted administrators at ISPs and interchanges so that it could compromise their networks in order to spy on third parties. The ISPs are also asking the EU court to rule on whether the spy agencies' malicious software — also detailed in a Snowden leak — is legal.
The suit is led by Privacy International, and the ISPs are GreenNet (UK), Riseup (US), Greenhost (Netherlands), Mango (Zimbabwe), Jinbonet (South Korea), May First/People Link (US) and the Chaos Computer Club (Germany).
The allegations that the legal actions are based on include:
claims that employees of Belgian telecommunications company Belgacom were targeted by GCHQ and infected with malware to gain access to network infrastructure
GCHQ and the US National Security Agency, where Mr Snowden worked, had a range of network exploitation and intrusion capabilities, including a "man-on-the-side" technique that covertly injects data into existing data streams to create connections that will enable the targeted infection of users
the intelligence agencies used an automated system, codenamed Turbine, that allowed them to scale up network implants
German internet exchange points were targeted, allowing agencies to spy on all internet traffic coming through those nodes
(Image: GCHQ / Always listening, George Rex, CC-BY)