Categories: HackingIntelligence

Treasure Map – Fiveeyes tap into German telco networks to map end devices

Documents leaked by Snowden reveal the existence of the Treasure Map program run by FiveEyes Intelligence agencies to control the global network.

Treasure Map is the name of the last program of intelligence revealed by documents leaked by the whistleblower Edward Snowden. Treasure Map is a program to map every device exposed on the Internet, including routing devices.

The capabilities of the Treasure Map are detailed in a presentation from the documents leaked by Snowden which the SPIEGEL has disclosed, it instructs Intelligence analysts to “map the entire Internet — Any device, anywhere, all the time.”

Thanks to the Treasure Map, analysts belonging to the “FiveEyes” intelligence agencies are able to create an “interactive map of the global Internet” in “near real-time”.

But potentialities of Treasure Map are not limited to monitoring, the platform could be used in “Computer Attack/Exploit Planning.” as anticipated by The New York Times last November.

Giving a look to the Treasure Map graphics related to the German Internet Infrastructure is possible to note red markings which appears to indicate the networks already exploited by FiveEyes agencies. Two “Autonomous Systems” (AS) — networks —  are marked in red, they are labeled Deutsche Telekom AG and Netcologne and a legend for the graphics states “Red Core Nodes: SIGINT Collection access points within AS.” This means that networks marked with a red points are monitored by the FireEye Intelligence agencies and consider that the red-marked AS of Deutsche Telekom includes several thousand routers on a global scale. In March, SPIEGEL reported on the large-scale attack run by GCHQ on German satellite teleport operators Stellar, Cetel and IABG, all these companies are marked red on the Treasure Map graphic

“Regional provider Netcologne operates its own fiber-optic network and provides telephone and Internet services to over 400,000 customers. The formerly state-owned company Telekom, of which the German government still owns a 31.7 percent stake, is one of the dozen or so international telecommunications companies that operate global networks, so-called Tier 1 providers. In Germany alone, Telekom provides mobile phone services, Internet and land lines to 60 million customers.” reports the Der Spiegel agency.

As reported on the presentation of the Treasure Map, the NSA and its allies are also able to monitor the end devices of the customers of German companies, representatives from Deutsche Telekom expressed the disappointment of the company:

“The accessing of our network by foreign intelligence agencies,” says a Telekom spokesperson, “would be completely unacceptable.”

If we consider that Netcologne is only a regional telecommunication provider, it would seem highly likely that the FiveEyes agents accessed the network from within Germany violating German law.

The SPIEGEL has already contacted 11 non-German providers marked in the documents disclosed, the media agency is requesting comment, but the companies replied that they were unable to find any irregularities.

“We would be extremely concerned if a foreign government were to seek unauthorized access to our global networks and infrastructure,” said a spokesperson for the Australian telecommunications company Telstra.

Deutsche Telekom confirmed that it had found no indication that any Intelligence agency had obtained access to its computer network, but it announced ongoing investigation.

“We are looking into every indication of possible manipulations but have not yet found any hint of that in our investigations so far,” a Telekom spokesman said in a statement on Sunday. “We’re working closely with IT specialists and have also contacted German security authorities.

Let’s wait for further details on the alleged attacks.

Pierluigi Paganini

(Security Affairs – Treasure Map program, Intelligence, FiveEyes)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during…

8 hours ago

INC Ransom stole 3TB of data from the National Health Service (NHS) of Scotland

The INC Ransom extortion group hacked the National Health Service (NHS) of Scotland and is threatening…

12 hours ago

CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft SharePoint vulnerability disclosed at the…

18 hours ago

The DDR Advantage: Real-Time Data Defense

This is the advantage of Data Detection and Response (DDR) for organizations aiming to build…

21 hours ago

Finnish police linked APT31 to the 2021 parliament attack

The Finnish Police attributed the attack against the parliament that occurred in March 2021 to…

1 day ago

TheMoon bot infected 40,000 devices in January and February

A new variant of TheMoon malware infected thousands of outdated small office and home office…

1 day ago

This website uses cookies.