Optic Nerve, GCHQ intercepted webcam images from millions of Yahoo users

The Guardian revealed that under the surveillance program Optic Nerve the GCHQ has intercepted webcam images from millions of Yahoo users around the world.

A new collection of documents leaked by Edward Snowden has made public the program Optic Nerve, yet another surveillance operation operated by the intelligence agencies since 2008. The news was reported by The Guardian, Optic Nerve is a program that allowed the GCHQ agency to collect images from webcam from more than 1.8 million Yahoo user accounts globally in a six-month period in 2008 alone. 

” The collection of webcam material was probably secured by getting an “external warrant” under paragraph four of section 8 of Ripa.” “But section 8 permits GCHQ to perform more sweeping and indiscriminate trawls of external data if a minister issues a “certificate” along with the warrant. It allows ministers to sanction the collection, storage and analysis of vast amounts of material, using technologies that barely existed when Ripa was introduced.” reported The Guardian. 

It is not more a surprise the collaboration between the intelligence agencies GCHQ and the National Security Agency, according the report the British agency gathered the images with the help of the National Security Agency (NSA).

To limit the volume of captured images, partly to comply with human rights legislation, Optic Nerve saved imaged every five minutes, and it seems that for its investigation it was also used an experimental automated facial recognition system.

The massive acquisition raises many doubts on the respect of the user’s privacy, despite the spies were able to analyze only metadata in the webcam images captured, the operation has also involved a large numbers of unaware and innocent people, the majority of videos has “no intelligence value whatsoever,” according to a cited document.

Webcam images were captured via GCHQ’s network of Internet cable taps and then elaborated by the NSA’s XKeyscore, the system considered “widest-reaching” architecture for developing intelligence from the internet and collects ‘nearly everything a user does on the internet’. XKeyscore allows the collection of online data analyzing the content of emails, social media and browsing history.

The disconcerting news is that Yahoo was not aware of the intelligence activity as explained by a company spokeswoman in an emailed statement.

“This report, if true, represents a whole new level of violation of our users’ privacy that is completely unacceptable,” Yahoo stated, adding that it is committed to preserving its users’ trust and security and will continue its efforts to expand encryption across all services.

GCHQ refused any accusation highlighted in an emailed statement that it is “a longstanding policy that we do not comment on intelligence matters.” “Furthermore, all of GCHQ’s work is carried out in accordance with a strict legal and policy framework which ensures that our activities are authorized, necessary and proportionate,”.

I don’t know how do you consider it, but because Optic Nerve was used to collect data in bulk it cannot filter data related to U.S. or U.K. citizens.

Stay tuned!

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs –  Secunia Vulnerability Review 2014, Optic Nerve)