Governments accused of using hacked data to spy on people

According to leaked documents, governmental organisations in the UK, US and Canada are making use of hacked intel

Hand casting a shadow over a keyboard

The UK, US and Canadian governments are using data gleaned from hackers to spy on people, a report has revealed.

Documents leaked to The Intercept suggest the National Security Agency (NSA) is using data mined by hackers in their own snooping schemes in an initiative called Intolerant.

One leaked document explained the thinking behind the campaign, stating: "INTOLERANT traffic is very organised. Each event is labeled to identify and categorise victims. Cyber attacks commonly apply descriptors to each victim it helps herd victims and track which attacks succeed and which fail."

The documents went on to explain that hackers are stealing the emails of some of its targets and collecting their stolen data, meaning the investigating government agencies can get access to their targets' emails and gain other insights into who's being hacked.

They continued: "People who open attachments from unknown senders (gasp) or respond to 'Nigerian' money laundering emails aren't the only individuals on the internet being hacked.

"Some of our targets are also being targeted by outside forces, by state-sponsored and freelance hackers. Could your target's communications be the target of other countries or groups?"

The documents list a number of groups that have been spied upon using the techniques, including the Indian navy, Tibetan pro-democracy personalities and the Tibetan Government in Exile.

Other documents referred to a scheme named Lovely Horse that monitored security analyst and hacker Twitter accounts to gain insights into how to more effectively monitor targets.

"Analysts are potentially missing out on valuable open source information relating to cyber defence because of an inability to easily keep up to date with specific blogs and Twitter sources," the documents said.

Featured Resources

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Evaluate your order-to-cash process

15 recommended metrics to benchmark your O2C operations

Download now

AI 360: Hold, fold, or double down?

How AI can benefit your business

Download now

Getting started with Azure Red Hat OpenShift

A developer’s guide to improving application building and deployment capabilities

Download now

Recommended

SolarWinds hackers hit Malwarebytes through Microsoft exploit
hacking

SolarWinds hackers hit Malwarebytes through Microsoft exploit

20 Jan 2021
FBI warns of ongoing corporate vishing attacks
phishing

FBI warns of ongoing corporate vishing attacks

19 Jan 2021
NSA issues guidance on encrypted DNS usage
Domain Name System (DNS)

NSA issues guidance on encrypted DNS usage

15 Jan 2021
How LogPoint uses MITRE ATT&CK
Whitepaper

How LogPoint uses MITRE ATT&CK

15 Jan 2021

Most Popular

IT retailer faces €10.4m GDPR fine for employee surveillance
General Data Protection Regulation (GDPR)

IT retailer faces €10.4m GDPR fine for employee surveillance

18 Jan 2021
Citrix buys Slack competitor Wrike in record $2.25bn deal
collaboration

Citrix buys Slack competitor Wrike in record $2.25bn deal

19 Jan 2021
Should IT departments call time on WhatsApp?
communications

Should IT departments call time on WhatsApp?

15 Jan 2021