David Miliband, during his time as Foreign Secretary, granted British spy agency GCHQ permission to exploit popular software programs without being detected in order to learn new ways to hack computers.
That was the revelation today after 23 new documents leaked by NSA whistleblower Edward Snowden were publicly released.
GCHQ carried out ‘reverse engineering’ – a technique that allows hackers to find weak points in computer programs – on anti-virus and encryption software used by some of the world’s largest organisations, according to The Intercept.
The leaked documents expose GCHQ’s attempts in 2008, when Miliband headed up the Foreign Office, to obtain warrants that allowed it to infringe software copyrights and breach licensing agreements.
According to 'top-secret documents' obtained by The Intercept, GCHQ avoided its authorisation protocol for 'some continuous period of time'.
When it did eventually obtain a warrant for reverse engineering, it did so through a section of British intelligence law that ‘does not explicitly authorise’ such activity, as shown in a 2008 warrant renewal application to Miliband.
“The agency’s slippery legal maneuvers to enable computer hacking call into question U.K. government assurances about mass surveillance,” said Andrew Fishman and Glenn Greenwald, authors of today’s report from The Intercept. “To assuage public concern over such activity, the government frequently says spies are subject to rigorous oversight, including an obligation to obtain warrants.
“As it turns out, such authorisations have, at times, been vague and routine, as demonstrated by top-secret memos prepared by GCHQ in connection with the reverse engineering warrant.”
The warrant renewal application identified a number of leading software products that GCHQ wished to target with its reverse engineering, including anti-virus programs from security company Kaspersky Lab.
It claimed that Kaspersky’s products ‘continued to pose a challenge’ to its computer network exploitation (CNE), and so reverse engineering was ‘essential’ for it to exploit the software without being detected.
Networking giant Cisco also got a mention, with GCHQ stating that its hacking of routers through reverse engineering had given it access to almost any internet user in Pakistan.
Commenting on the leaks, Kapersky Labs told The Intercept, "It is extremely worrying that government organisations would be targeting us instead of focusing resources against legitimate adversaries, and working to subvert security software that is designed to keep up safe.”