NSA, GCHQ Accused of Breaking Into Networks Run by Deutsche Telekom

A system called TREASUREMAP was reportedly used to spy on German network operators.

Deutsche Telekom network break-in

By Max Smolaks

The U.S. National Security Agency (NSA) and its British counterpart GCHQ have been accused of breaking into the networks run by German Internet Service Providers (ISPs), in an effort to map the entire Internet.

A system code-named "TREASUREMAP," first described by The New York Times in November, has been attempting to collect information about all the servers, routers and end-user devices accessible online, and make it available in "near real-time."

According to the German daily Der Spiegel, TREASUREMAP managed to compromise the networks of several major ISPs including Deutche Telekom—a former state monopoly. This information was hidden in the documents released by former U.S. intelligence contractor Edward Snowden.

X Marks the Spot

According to the NSA slides, TREASUREMAP attempts to map out the entirety of Internet—"any device, anywhere, all the time"—from the data center floor to the smartphone in your pocket.

Der Spiegel reports that the system is available to any member of the "Five Eyes"—not just the U.S. and the U.K., but also Australia, New Zealand and Canada. The documents state that TREASUREMAP can be used not only as intelligence tool, but also for attack and exploit planning.

Even though the existence of the system has been known for a while, Der Spiegel found new evidence of potentially illegal activity after reviewing the Snowden files related to Germany.

The journalists noticed that Deutsche Telekom AG and Netcologne were marked in red on the TREASUREMAP documents. According to the legend, red markings denote access points for signals intelligence collection—in other words, networks that have been accessed by the Five Eyes intelligence staff in the past.

Deutche Telekom is a major telecommunications company that operates in the U.S. and Europe, serving 60 million customers in Germany alone. It is part-owned by the German state and has a 50 percent stake in the U.K.'s largest mobile network operator, EE.

Meanwhile, NetCologne is a regional ISP owned by the city of Cologne that serves more than 500,000 customers.

If the information on the slides is to be believed, the NSA managed to compromise the networks of German ISPs, giving it the ability to track traffic all the way to end-user devices. However, after being contacted by Der Spiegel, the operators failed to find any suspicious equipment or data slurping activity in their networks.

"The accessing of our network by foreign intelligence agencies would be completely unacceptable," a spokesman for Deutche Telekom told the newspaper.

"This is just the tip of the iceberg," commented Mike Janke, CEO and co-founder of Silent Circle. "The ability to map every device, every router, every cell tower connection on a giant telecom's network would enable you to know where every single person and device is within a Telecoms system, what they are accessing and even push down targeted malware for surveillance to a specific device at the push of a button.

"It's total information awareness. If the Five-Eyes intelligence agencies can do this, I guarantee you that criminal gangs, hacker groups and many of the 70 or so other nation-states can do it as well."

Not So Stellar

The report in Der Spiegel goes on to describe Stellar, a small satellite communications business from Hürth which is featured heavily on the slides that appear to originate from GCHQ. According to these documents, the British agency compromised ten employee computers, including that of the CEO Christian Steffen.

The Stellar staff had no idea they were under surveillance, and were shocked to discover that GCHQ had mapped out their entire infrastructure, and had lists of customers served by each satellite transponder, as well as server passwords.

Stellar staff said this information could be used to manipulate links and emails, or make the Internet inaccessible in certain regions. "The hacked server stood behind our company's own firewall," Steffen said. "The only way of accessing it is if you first successfully break into our network."

"A cyber-attack of this nature is a clear criminal offence under German law," he added. Six weeks ago, Steffen wrote a letter to the British government asking for an explanation, but received no reply.

There were a total of 11 non-German ISPs marked in red on the Treasure Map slides, including Telstra—Australia's largest telecommunications company.

The news is unlikely to ease the tensions over electronic surveillance between the U.S. and Britain on one side, and Germany on the other. The German federal prosecutors are already investigating the claims that the NSA was taping the personal phone of Chancellor Angela Merkel.