GCHQ, working in concert with the NSA and its Canadian counterpart, has used hackers to obtain the content of emails by monitoring them in real-time as they breach email and other accounts that they are attacking, according to Glenn Greenwald, the journalist to whom Snowden leaked thousands of documents before fleeing to Russia for political asylum.
The security services are, according to Greenwald, piggybacking onto the work of hackers at the same time as they are publicly condemning them for hacking. “Hackers are stealing the emails of some of our targets… by collecting the hackers’ ‘take’, we… get access to the emails themselves,” The Intercept reports on one document.
Security services, claims Greenwald, have been “riding on the coat-tails” of hackers in order to gather the same information from them, without running the risk of implicating themselves directly.
The security agency looks out for hackers conducting both state-sponsored hacking, as well as maverick “freelancers”. The targets of the hackers compromised by GCHQ include government diplomats, activists and journalists – and appear to be aimed at China and Chinese state hacking activities.
“Intolerant [the name of the system] traffic is very organised. Each event is labelled to identify and categorise victims. Cyber attacks commonly apply descriptors to each victim – it helps herd victims and track which attacks succeed and which fail. Victim categories make Intolerant interesting:
A = Indian Diplomatic & Indian NavyB = Central Asian diplomaticC = Chinese Human Rights DefendersD = Tibetan Pro-Democracy PersonalitiesE = Uighur ActivistsF = European Special Rep to Afghanistan and Indian photo-journalismG = Tibetan Government in Exile”
In some cases, GCHQ and the NSA were unable to identify the hackers responsible, but concluded that they were sponsored by another government in some way due to the targets, techniques and resources they were able to employ.