GCHQ and NSA Targeted Private German Companies
By Laura Poitras, Marcel Rosenbach and Holger Stark
Documents show that Britain's GCHQ intelligence service infiltrated German Internet firms and America's NSA obtained a court order to spy on Germany and collected information about the chancellor in a special database. Is it time for the country to open a formal espionage investigation?
March 29, 2014
The headquarters of Stellar, a company based in the town of Hurth near Cologne, are visible from a distance. Seventy-five white antennas dominate the landscape. The biggest are 16 meters (52 feet) tall and kept in place by steel anchors. It is an impressive sight and serves as a popular backdrop for scenes in TV shows, including the German action series "Cobra 11."
Stellar operates a satellite ground station in Hurth, a so-called "teleport." Its services are used by companies and institutions; Stellar's customers include Internet providers, telecommunications companies and even a few governments. "The world is our market," is the high-tech company's slogan.
Using their ground stations and leased capacities from satellites, firms like Stellar -- or competitors like Cetel in the nearby village of Ruppichteroth or IABG, which is headquartered in Ottobrunn near Munich -- can provide Internet and telephone services in even the most remote areas. They provide communications links to places like oil drilling platforms, diamond mines, refugee camps and foreign outposts of multinational corporations and international organizations.
Super high-speed Internet connections are required at the ground stations in Germany in order to ensure the highest levels of service possible. Most are connected to major European Internet backbones that offer particularly high bandwidth.
Probing German Internet Traffic
The service they offer isn't just attractive to customers who want to improve their connectivity. It is also of interest to Britain's GCHQ intelligence service, which has targeted the German companies. Top secret documents from the archive of NSA whistleblower Edward Snowden viewed by SPIEGEL show that the British spies surveilled employees of several German companies, and have also infiltrated their networks.
One top-secret GCHQ paper claims the agency sought "development of in-depth knowledge of key satellite IP service providers in Germany."
The document, which is undated, states that the goal of the effort was developing wider knowledge of Internet traffic flowing through Germany. The 26-page document explicitly names three of the German companies targeted for surveillance: Stellar, Cetel and IABG.
The operation, carried out at listening stations operated jointly by GCHQ with the NSA in Bude,  in Britain's Cornwall region, is largely directed at Internet exchange points used by the ground station to feed the communications of their large customers into the broadband Internet. In addition to spying on the Internet traffic passing through these nodes, the GCHQ workers state they are also seeking to identify important customers of the German teleport providers, their technology suppliers as well as future technical trends in their business sector.
The document also states that company employees are targets -- particularly engineers -- saying that they should be detected and "tasked," intelligence jargon for monitoring. In the case of Stellar, the top secret GCHQ paper includes the names and email addresses of 16 employees, including CEO Christian Steffen. In addition, it also provides a list of the most-important customers and partners. Contacted by SPIEGEL, Stellar CEO Steffen said he had not been aware of any attempts by intelligence services to infiltrate or hack his company. "I am shocked," he said.
'Servers of Interest'
Intelligence workers in Bude also appear to have succeeded in infiltrating competitor Cetel. The document states that workers came across four "servers of interest" and were able to create a comprehensive list of customers. According to Cetel CEO Guido Neumann, the company primarily serves customers in Africa and the Middle East and its clients include non-governmental organizations as well as a northern European country that uses Cetel to connect its diplomatic outposts to the Internet. Neumann also says he was surprised when he learned his firm had been a target.
The firm IABG in Ottobrunn appears to have been of particular interest to the intelligence service -- at least going by a short notation that only appears next to the Bavarian company's name. It notes, "this may have already been looked at by NSA NAC," a reference to the NSA's network analysis center.
IABG's history goes back to the 1970s. The company was established as a test laboratory for aerospace and space technologies. The German Defense Ministry was an important client as well. Although the company has been privately held since 1993, it has continued to play a role in a number of major projects connected at least in part to the government. For example, it operated the testing facility for Germany's Transrapid super high-speed maglev train and also conducted testing on the Airbus A380 super jumbo jet and the Ariane rocket, the satellite launcher at the heart of the European space program.
IABG also does considerable business with the Bundeswehr, Germany's armed forces. The company states that its "defense and security" unit is "committed to the armed forces and their procurement projects." These include solutions for "security issues, for prevention and reactions against dangers like terrorism and attacks against critical infrastructure."
Like Stellar and Cetel, the company also operates a satellite ground station -- one that apparently got hacked, according to the GCHQ document. It includes a list of IABG routers and includes their network addresses. In addition, it contains the email addresses of 16 employees at the company named as possible targets. IABG did not respond to a request for comment from SPIEGEL. In a statement, GCHQ said it does not comment on intelligence-related issues but "all of GCHQ's work is carried out in accordance with a strict legal and policy framework which ensures that our activities are authorised, necessary and proportionate."
Classic Acts of Espionage
Monitoring companies and their employees along with the theft of customer lists are classic acts of economic espionage. Indeed, such revelations ought be a case for the German federal public prosecutors' office, which in the past has initiated investigations into comparable cases involving Russia or China.
So far, however, German Federal Public Prosecutor Harald Range has been struggling with the NSA issue. Some experienced investigators have had a problem applying the same criteria used to assess intelligence services like Russia's to those of the United States and Britain. Federal prosecutors in Karlsruhe have provided a preliminary assessment, but so far no decision has been made about whether the agency will move forward with legal proceedings.
Under review at the moment are allegations that the NSA monitored the chancellor's mobile phone  and also conducted mass surveillance on the communications of millions of Germans.  Range recently told the Berlin-based daily Die Tageszeitung
the affair was "an extremely complicated issue."
"I am currently reviewing whether reasonable suspicion even exists for an actionable criminal offense," he told the newspaper. "Only if I can affirm that can I then address the question of whether a judiciary inquiry would run contrary to the general public interest -- a review required for any espionage-related crime" in Germany. A decision is expected soon.
The launch of legal proceedings against GCHQ agents or NSA employees would quickly become a major political issue that would further burden already tense trans-Atlantic relations. An additional problem is the fact that Range is in possession of very few original documents, particularly those pertaining to the NSA's monitoring of Chancellor Merkel.
A secret NSA document dealing with high-ranking targets has provided further indications that Merkel was a target. The document is a presentation from the NSA's Center for Content Extraction, whose multiple tasks include the automated analysis of all types of text data. The lists appear to contain 122 country leaders. Twelve names are listed as an example, including Merkel's.
The list begins with "A," as in Abdullah Badawi, the former Malaysian prime minister, and continues with the presidents of Peru, Somalia, Guatemala and Colombia right up to Belarusian President Alexander Lukashenko. The final name on the list, No. 122, is Yulia Tymoshenko, who was Ukrainian prime minister at the time. The NSA listed the international leaders alphabetically by their first name, with Tymoshenko listed under "Y". Merkel is listed under "A" as the ninth leader, right behind Malawian President Amadou Toumani Touré, but before Syrian dictator Bashar Assad.
The document indicates that Angela Merkel has been placed in the so-called "Target Knowledge Database" (TKB), the central database of individual targets. An internal NSA description states that employees can use it to analyze "complete profiles" of target persons. The responsible NSA unit praises the automated machine-driven administration of collected information about high-value targets.
The searchable sources cited in the document include, among others, the signals intelligence database "Marina," which contains metadata ingested from sources around the world. The unit also gives special attention to promoting a system for automated name recognition called "Nymrod". The document states that some 300 automatically generated "cites," or citations, are provided for Angela Merkel alone. The citations in "Nymrod" are derived from intelligence agencies, transcripts of intercepted fax, voice and computer-to-computer communication. According to internal NSA documents, it is used to "find information relating to targets that would otherwise be tough to track down." Each of the names contained in Nymrod is considered a "SIGINT target."
The manual maintenance of the database with high-ranking targets is a slow and painstaking process, the document notes, and fewer than 200,000 targets are managed through the system. Automated capture, by contrast, simplifies the saving of the data and makes it possible to manage more than 3 million entries, including names and the citations connected to them.
The table included in the document indicates the capture and maintenance of records pertaining to Merkel already appears to have been automated. In any case, the document indicates that a manual update was not available in May 2009. The document could be another piece of the puzzle for investigators in Karlsruhe because it shows that Chancellor Merkel was an official target for spying.
In addition to surveillance of the chancellor, the Federal Prosecutor's Office is also exploring the question of whether the NSA conducted mass espionage against the German people. The internal NSA material also includes a weekly report dating from March 2013 from the Special Sources Operations (SSO) division, the unit responsible for securing NSA access to major Internet backbone structures, like fiber optic cables.
In the document, the team that handles contact with US telecommunications providers like AT&T or Verizon reports on the legal foundations with which it monitors the data of certain countries. According to the SSO report, FISA, the special court responsible for intelligence agency requests, provided the NSA with authorization to monitor "Germany" on March 7, 2013. The case number provided in the ruling is 13-319.
A License to Spy
The documents do not provide sufficient information to precisely determine the types of data included in the order, and the NSA has said it will not comment on the matter. However, lawyers at the American Civil Liberties Union believe it provides the NSA with permission to access the communications of all German citizens, regardless whether those affected are suspected of having committed an offense or not. Under the FISA Amendments Act, the NSA is permitted to conduct blanket surveillance in foreign countries without any requirement to submit individual cases for review by the court, whose deliberations and rulings are top secret.
According to the partial list in the document, the court has provided similar authorization for countries including, China, Mexico, Japan, Venezuela, Yemen, Brazil, Sudan, Guatemala, Bosnia and Russia. In practice, the NSA uses this permission in diverse ways -- sometimes it uses it to monitor telecommunications companies, and at others it surveils individuals.
"So far, we have no knowledge that Internet nodes in Germany have been spied on by the NSA," Hans-Georg Maassen, president of the Federal Office for the Protection of the Constitution, Germany's domestic intelligence agency, which is also responsible for counterintelligence measures, said last summer.
It's also possible the Americans don't even have to do that, at least not directly. It's quite feasible they have better access through major US providers like AT&T or Verizon whose infrastructure is used to process a major share of global Internet traffic. The NSA could use that infrastructure to access data from Germany. This would be totally legal from the American perspective -- at least according to the FISA court.
Editor's note: You can read an additional report on spying by the NSA and GCHQ on Germany and Chancellor Merkel on The Intercept.