Treasure Map – Fiveeyes tap into German telco networks to map end devices

Pierluigi Paganini September 15, 2014

Documents leaked by Snowden reveal the existence of the Treasure Map program run by FiveEyes Intelligence agencies to control the global network.

Treasure Map is the name of the last program of intelligence revealed by documents leaked by the whistleblower Edward Snowden. Treasure Map is a program to map every device exposed on the Internet, including routing devices.

The capabilities of the Treasure Map are detailed in a presentation from the documents leaked by Snowden which the SPIEGEL has disclosed, it instructs Intelligence analysts to “map the entire Internet — Any device, anywhere, all the time.”

Thanks to the Treasure Map, analysts belonging to the “FiveEyes” intelligence agencies are able to create an “interactive map of the global Internet” in “near real-time”.

But potentialities of Treasure Map are not limited to monitoring, the platform could be used in “Computer Attack/Exploit Planning.” as anticipated by The New York Times last November.

Treasure Map program

Giving a look to the Treasure Map graphics related to the German Internet Infrastructure is possible to note red markings which appears to indicate the networks already exploited by FiveEyes agencies. Two “Autonomous Systems” (AS) — networks —  are marked in red, they are labeled Deutsche Telekom AG and Netcologne and a legend for the graphics states “Red Core Nodes: SIGINT Collection access points within AS.” This means that networks marked with a red points are monitored by the FireEye Intelligence agencies and consider that the red-marked AS of Deutsche Telekom includes several thousand routers on a global scale. In March, SPIEGEL reported on the large-scale attack run by GCHQ on German satellite teleport operators Stellar, Cetel and IABG, all these companies are marked red on the Treasure Map graphic

“Regional provider Netcologne operates its own fiber-optic network and provides telephone and Internet services to over 400,000 customers. The formerly state-owned company Telekom, of which the German government still owns a 31.7 percent stake, is one of the dozen or so international telecommunications companies that operate global networks, so-called Tier 1 providers. In Germany alone, Telekom provides mobile phone services, Internet and land lines to 60 million customers.” reports the Der Spiegel agency.

As reported on the presentation of the Treasure Map, the NSA and its allies are also able to monitor the end devices of the customers of German companies, representatives from Deutsche Telekom expressed the disappointment of the company:

“The accessing of our network by foreign intelligence agencies,” says a Telekom spokesperson, “would be completely unacceptable.”

If we consider that Netcologne is only a regional telecommunication provider, it would seem highly likely that the FiveEyes agents accessed the network from within Germany violating German law.

The SPIEGEL has already contacted 11 non-German providers marked in the documents disclosed, the media agency is requesting comment, but the companies replied that they were unable to find any irregularities.

“We would be extremely concerned if a foreign government were to seek unauthorized access to our global networks and infrastructure,” said a spokesperson for the Australian telecommunications company Telstra.

Deutsche Telekom confirmed that it had found no indication that any Intelligence agency had obtained access to its computer network, but it announced ongoing investigation.

“We are looking into every indication of possible manipulations but have not yet found any hint of that in our investigations so far,” a Telekom spokesman said in a statement on Sunday. “We’re working closely with IT specialists and have also contacted German security authorities.

Let’s wait for further details on the alleged attacks.

Pierluigi Paganini

(Security Affairs – Treasure Map program, Intelligence, FiveEyes)

you might also like

leave a comment