Skip to content ↓ | Skip to navigation ↓

Amid rising tensions between Germany and its allies over alleged spying activities, claims have emerged in the last few days that American and British intelligence agencies have obtained access to German telecoms firms in order to access customer data.

According to a report in Der Spiegel, a top secret program called “Treasure Map” has been developed to allow the NSA and partners, including the UK’s GCHQ to “map the entire internet – any device, anywhere, all the time.”

The leaked Treasure Map presentation paints a picture of an “interactive map of the global Internet,” monitored in “near real-time,” opening up opportunities for greater exploitation.

TreasureMap slide

Targets are said to have included Deutsche Telekom, the parent company of T-Mobile and German provider Netcologne.

While Deutsche Telekom says it has found no evidence so far that a security breach has occurred, it doesn’t mince its words regarding how strongly it would view any such surveillance.

“We are looking into every indication of possible manipulations, but have not yet found any hint of that in our investigations so far. We’re working closely with IT specialists and have also contacted German security authorities. It would be completely unacceptable if a foreign intelligence agency were to gain access to our network.”

The newspaper reports are the latest in a long string of revelations originating from documents leaked by NSA whistleblower Edward Snowden, causing an avalanche of headlines.

And the issue of foreign state-sponsored surveillance has become a particularly hot topic in Germany, after German Chancellor Angela Merkel last year accused the NSA of tapping her mobile phone.

One German company which clearly feels very strongly about the alleged hacking is German satellite-based Internet operator Stellar. The leaked Treasure Map documents suggest that the NSA and its intelligence partners have compromised Stellar’s network, having apparently breached the computer systems of key employees.

Stellar network

Der Spiegel has published a video (“Chokepoint: The Moment Stellars Learns It Has Been Hacked”) where reporter Marcel Rosenbach shows shocked Stellar staff leaked documents, which appear to contain evidence that their systems were infiltrated at a deep level.

Stellar login details

Germany must be feeling somewhat left out in the cold if reports are to be believed that the US shares information gathered by Treasure Map with other members of the so-called Five Eyes intelligence alliance, such as the United Kingdom, Australia, Canada and New Zealand.

I wonder how Angela Merkel feels when she looks at her phone now, and sees that it’s Barack Obama on the line?

After all, if this is how supposedly friendly countries are snooping on her country in cyberspace – who can imagine what traditional enemies might be up to?

The truth, of course, is that its unlikely that there are entirely innocent countries when it comes to state-sponsored surveillance. All of them are probably at it, or are developing the resources to join the online spying game.

But it is individuals, employees and corporations who may find themselves at risk – either being directly targeted by a snooping foreign intelligence agency, or happening to be doing business in a country where telecommunications have been compromised and could be leaking confidential data in the hands of unauthorized parties.

 

Related Articles:

Resources:

picCheck out Tripwire SecureScan™, a free, cloud-based vulnerability management service for up to 100 Internet Protocol (IP) addresses on internal networks. This new tool makes vulnerability management easily accessible to small and medium-sized businesses that may not have the resources for enterprise-grade security technology – and it detects the Heartbleed vulnerability.

picThe Executive’s Guide to the Top 20 Critical Security Controls

Tripwire has compiled an e-book, titled The Executive’s Guide to the Top 20 Critical Security Controls: Key Takeaways and Improvement Opportunities, which is available for download [registration form required].