According to the 2013 Snowden documents, UK intelligence agency GCHQ took the help of commercial partners to tap into undersea cables that carry Internet traffic, enabling them to secretly gather vast amounts of digital communications data under a surveillance program code-named Tempora.
Now, leaked documents obtained by The Intercept can confirm that GCHQ paid New Zealand-based Endace to create data capture systems to enable it to tap high-speed Internet traffic.
Founded in New Zealand back in 2001, Endace began as a spin-out of an academic research project. The company was acquired by California-based Emulex in 2015, but earlier this year a management-led buyout spun it back out as a private company.
At the time, CEO Stuart Wilson said:
Operating as an independent company again allows us to continue to deliver innovative solutions to our customers under the Endace brand they’ve known and trusted for more than 15 years.
Endace’s website boasts of the ability to offer “100% accurate network recording, any speed, any network”, and also lists that the company does business with:
- 3 of the top 5 telcos in the USA
- 5 of the top 10 global telcos
- Top US, European and APAC government and defence departments
- 5 of the top 10 commercial banks in the USA
- 2 of the 3 largest exchanges in the world
- 4 of the top 5 diversified financials globally
- 4 of the top 10 Fortune 500 organizations.
In the past, Endace’s name has been associated with state surveillance via a 2011 WikiLeaks dump of brochures and marketing materials from the companies seeking to sell services to spy agencies. However, the new store of documents details specific purchases and product requirements such as a £245,000 charge in a statement of work dated February 2010 to accelerate “feature enhancements” to certain of its data capture and monitoring products which it says have been “identified” in discussions with GCHQ. Also mentioned in the document is the fact that the majority of these enhancements are “of a bespoke nature” and would not otherwise have formed part of its planned commercial road-map for the unit.
The recently uncovered cache of internal documents includes emails, customer lists, project updates, product overviews, contracts and financial reports. TVNZ has also reported on the documents, which were leaked to The Intercept through the open-source whistleblower submission site, SecureDrop.
The documents explain that GCHQ was in a bid to ramp up its surveillance capabilities. As noted by The Intercept, as of 2009 the agency was tapping into 87 different 10Gbps capacity cables, but by March 2011 it wanted to expand even that number to 415 cables. It is interesting to note that in an earlier July 2010 document, setting out its vision for 2013, it has innocuously described its ambition to “grow our Internet access to 800 10Gs“.
In one of its contracts with GCHQ, Endace is revealed to have been bound by the UK’s Official Secrets Act, thereby enforcing non-disclosure of its contract with the spy agency. The leaked documents also uncover that Endace used New Zealand government research funding to develop certain surveillance products for GCHQ. There remains much more to this leak, however, with revelations that in addition to selling tech to enable GCHQ to tap fibre optic cables at high speed and massive scale, Endace also sold surveillance-enabling technology to a host of other government agencies and bodies, including in the U.S. and Canada, Israel, Denmark, Spain, Morocco, India, and Australia. Things look quite problematic, especially in the case of Morocco, with The Intercept noting that the particular security agency in question — the DGST — has been implicated in torture.
Endace is also shown to have a large number of telecoms customers — including AT&T, AOL, Verizon, Sprint, Cogent Communications, Telstra, Belgacom, Swisscom, Deutsche Telekom, Telena Italy, Vastech South Africa, and France Telecom, also having finance giants on under its belt, such as Morgan Stanley, Reuters and Bank of America.
On the flip side, Endace does also sell network monitoring equipment to companies wanting to check and maintain their own networks, including to help investigate data breaches and network security incidents. One such customer, there is HealthShare NZ. Its website also cites instances of it providing financial companies with monitoring technology to help “high-frequency traders to monitor, measure, and analyze critical network environments”.