How to Eavesdrop on an Entire System? Mind the horns!

In early 2006, the Electronic Frontier Foundation (EFF) sued the telecommunications giant AT&T on charges that in 2002 it has helped the United States’ National Security Agency (NSA) in the mass spying on its customers. Three years earlier, NSA agents, disguised as technicians of the company, installed at the headquarters of AT&T a derivative of the optical connection which serves almost all of California. The deviation is connected to the supercomputer Narus 2000, a powerful system for recording and analysis of terabytes of data. The case ended with a Court ruling that the company had violated the law by helping the National Security Agency.

On Monday, Bulgarian Prime Minister Boyko Borisov demonstrated awareness on the topic: “I never heard of such a possibility, the subject of eavesdropping to be an information system and not an individual.” This is indicative of the level of operational knowledge of the former Chief Secretary of the Interior, who counted dead bodies, while in the United States NSA was doing mass deployment of eavesdropping of information systems. But 13 years later, we can already say: “Congratulations, now it is in our country as well.”

A year ago, Bivol revealed through documents from WikiLeaks, that our country has been visited several times by Thomas Mishkovsky, commercial agent of Trovicor, one of the companies that sell equipment for total surveillance with the ability to integrate it in national registries (the Civil Registration and Administrative Services, the Traffic Police, the National Revenue Agency etc.).

Mishkovsky has been in Bulgaria from 25 to 27 February 2013. Then Boyko Borisov was in power as first-term Prime Minister and the Interior Ministry was managed by Tsvetan Tsvetanov. Mishkovsky’s next visit was on 17 and 18 June, during the term of the Socialist-endorsed Cabinet “Oresharski” and Tsvetlin Yovchev was already Minister of Interior. The purpose of the Trovicor agent’s business visit is not known, but his very arrival in Bulgaria means that the company has the Bulgarian government as a customer, and in particular, the State Agency for National Security (DANS). DANS is authorized through the department “Technical Operations” to eavesdrop independently of the Specialized Operative and Technical Information Directorate (SDOTO), transformed into State Agency Technical Operation (DATO).

Sources of Bivol shared on condition of anonymity that it was precisely during this period (April 2013, during the term of the caretaker government of Marin Raykov), when the services installed monitoring equipment at several large Bulgarian mobile telephony and internet providers, which can be activated “on call “. Such equipment has been installed at major service providers like Mobiltel, Vivacom, Eurocom, Neterra and Bulsatkom, and with it, it is possible to “cover” 75% of customers in Bulgaria, experts say.

In addition to passive monitoring of all traffic, the system can attack targeted individual computers with the virus FinSpy. Documents, published by WikiLeaks, revealed that the Bulgarian government is an exclusive client of the company Dreamlab, which together with Gamma International, commercializes this aggressive spyware. As it became clear, DANS has used such a server, installed in the former Ministry of State Administration and Administrative Reform (MSAAR), but the IP address belonged to the Agency.

Why in MSAAR? To listen to the internal traffic of the State Administration; to monitor State servants for leaks of classified information, for example, or for protest attitudes against the government. And because it’s easy.

The traffic of the State administration goes through different suppliers, but it comes together at a communication point in downtown Sofia. This is not a big secret. Some agents, disguised as technicians, come in, install a derivative and leave. Maybe they were not even disguised.

Then some other agents watch on the screen what State servant and from what computer was chatting with whom to make them come to the evening protest… A click with the mouse and one can see his/her contacts in social networks, visited websites, conducted chats, Skype calls, family tree, vehicle registration, fines, taxes… all that Trovicor could integrate. There is parallel recording of hundreds, even thousands of profiles, not just for 300, but for 3,000 days, if there is space on hard disks.

If that State servant is wise enough to have an encrypted connection, or to turn on the HTTPS protocol on Facebook, his computer is quietly infected with FinSpy and begins to record screenshots of the screen and any keyboard touch. There is no escape. This way, not only the correspondence of the target person is followed, but of his contacts as well, even if these individuals are outside the State Administration.

This is it, the “much more complex and deeper thing”, of which Borisov spoke. Get used to the fact that this powerful and expensive arsenal will not be used for hunting terrorists, gangsters and “banksters”, but against the internal enemy, against the politically inconvenient people in public administration and elsewhere.

*This analysis is based solely on information that is already public. If its conclusions are classified information, it is not the analyst who should be blamed, but those who made unrestrained public statements.

***

If you find this article useful, support our work with a small donation.

Pay a Bivol Tax!

We will highly appreciate if you decide to support us with monthly donations keeping the option Monthly