UK spy agency sued by Internet providers over malware attacks

July 3, 2014 by Joseph Fitsanakis

By JOSEPH FITSANAKIS | intelNews.org

A group of Internet service providers from North America, Europe, Asia and Africa have filed a lawsuit against Britain’s foremost signals intelligence agency, accusing it of hurting their business by spying on them. The legal complaint was filed against the Government Communications Headquarters (GCHQ), the British government agency tasked with communications interception, which also provides information assurance to both civilian and military components of the British state. Service providers from the United States, United Kingdom, Germany, Netherlands, South Korea and Zimbabwe are listed as plaintiffs in the complaint, which was filed on Wednesday in a court in London. The legal action against the spy agency is based on articles that surfaced in the international press last year. They alleged that GCHQ targeted Belgium’s largest telecommunications service provider Belgacom. The revelations surfaced first in September of 2013 in Flemish newspaper De Standaard. The paper claimed that Belgacom’s mainframe computers had been deliberately infected by an “unidentified virus”, which had specifically targeted telecommunications traffic carried by Belgacom’s international subsidiaries. De Standaard further claimed that the scope and technical sophistication of the operation pointed to a state-sponsored agency as the culprit. Further revelations about the Belgacom malware attacks were made in German newsmagazine Der Spiegel in November of last year, pointing to GCHQ as the agency behind the operation. The allegations originated in information provided by Edward Snowden, an American defector to Russia who used to work for GCHQ’s American equivalent, the National Security Agency. In their lawsuit, the Internet service providers allege that, regardless of whether they were themselves targeted by GCHQ in a manner similar to that of Belgacom, the British spy agency effectively compromised the integrity of their industry. It did so, they argue, by allegedly targeting employees of telecommunications service providers, by infecting telecommunications networks with malware, by exploiting data streams, by infecting the computers of end-users, and by compromising Internet exchange points used to carry communications traffic between clients. The providers argue that such techniques are not only unlawful, but also “undermine the goodwill the organizations rely on” to sustain their businesses. The plaintiffs partnered with British-based lobby group Privacy International to file their lawsuit. It is the first time in the GCHQ’s nearly 96-year existence that the organization has faced a lawsuit of this kind. The spy agency released a statement on Wednesday, in which it said it conducts its operations “in accordance with a strict legal and policy framework which ensures that our activities are authorized, necessary and proportionate”.