Germany’s BND Intelligence Agency Is Cutting Cooperation With The NSA

Entrance to the future BND Headquarters office in Pullach, Bavaria.

German intelligence has drastically reduced its cooperation with the US National Security Agency in response to a growing fall-out over their alleged joint surveillance of European officials and companies, according to media reports.

The BND, Germany’s foreign intelligence agency, ceased the online surveillance it is believed to have been carrying out on behalf of the NSA at its satellite listening station in Bad Aibling, Bavaria, at the start of the week, pending an investigation into the scandal. The end of the operation was reported by the national daily newspaper Süddeutsche Zeitung and other German media, citing sources close to a German parliamentary inquiry into the allegations.

Fax and phone intercepts were still being passed on, according to the reports.

The move was welcomed by Konstantin von Notz of the Green party ombudsman, who is in the parliamentary committee investigating the Edward Snowden revelations, of NSA spying. He said it was an acknowledgement that the operation was out of control.

“This is certainly a drastic step. It’s like pulling the emergency rip cord, because even in the year 2015 they’re still not able to control these search terms for Internet traffic,” he said, adding that Angela Merkel’s government had proven she was unable to protect German and European interests.

The decision was made after the NSA failed to provide a clear reason for each request for the surveillance of individuals or organisations. This had been demanded by the BND and Merkel’s office last month after BND’s chief, Gerhard Schindler, informed the chancellery that there was “massive doubt” about the veracity of the joint surveillance activities, which have been going on for a decade.

The government has yet to respond to the allegations. Members of her own party have joined calls for the government to release the list of 40,000 “selectors” – the IP addresses, search terms and names – used by the BND on behalf of the NSA.

Angela Merkel is under increasing pressure to reveal more about the nature of Germany’s cooperation with the NSA.

Wolfgang Bosbach, a prominent member of Merkel’s CDU and chair of the Bundestag’s home affairs select committee, said the lists were necessary in order to be able to establish whether or not the BND had acted illegally in assisting the NSA.

“It still remains to be seen whether this list can be released, as that depends on what arrangements were made with the US by the then government [of Gerhard Schröder] after the dramatic events of September 11 … I would like to know what was agreed with the Americans. It’s important in order to be able to answer the question as to whether the BND has acted within the law,” he told German broadcaster DLF.

Merkel has so far ruled out releasing the list until consultations with the US are completed. She has said she is prepared to go before the parliamentary committee and answer questions.

According to media reports citing those present at a secret session of the parliamentary committee, it is believed that on the request of Berlin for the NSA to justify each search request, the agency did provide necessary explanations for telephone numbers – believed to be in the millions – that it was wanting information on. But regarding other “selectors” such as those used to search emails, the response was sluggish, Peter Altmaier, Merkel’s chief of staff is reported to have told the committee.

It has also emerged that in his appearance before the committee, the BND boss Schindler, said that his agents had failed to record the data they had passed onto the NSA, making it nearly impossible to reconstruct what information they were provided with. He reportedly said they had no technical means of being able to retrieve the searches.

Whether the admission is just a convenient ploy to cover up any mistakes the BND might have made, as some MPs have inferred, has yet to be seen. The admission has added a further sting to the revelations, and does nothing to improve the position of the BND in the affair. The BND would appear to have at the best very careless if it indeed failed to record any details of the information transfers.

According to Schindler, no companies were on the surveillance list, rather European politicians, EU institutions and other officials.

Schindler, however, was at pains to play down the potential political damage caused. According to Spiegel Online, he told the committee the BND had only seized on communications originating in crisis areas of the world such as Africa and the Far East. He said with that in mind it was unlikely that the search of EU politicians’ emails would have been fruitful.

Schindler also said that most European authorities and almost all diplomats communicated via Virtual Private Networks (VPNs) rather than by email, which would have hindered BND attempts to intercept them.
Schindler repeated that he had first been made aware that the NSA was undertaking a massive sweep of European data by a colleague on March 13, and he had immediately informed the chancellery in Berlin.
Altmaier said the government was putting “considerable pressure” on the US to release the selectors list. A close advisor to Merkel told the committee that it expected an answer without delay.

Christine Lambrecht, parliamentary head of the opposition SPD faction, said despite calls for people to resign over the affair it was too early for conclusions to be drawn. She said it was important that the row did not overshadow the cooperation between intelligence agencies, “as it’s ever clearer that this work cannot be managed by one service alone … the question is only in what legal framework such cooperation takes place.”

Guardian: http://bit.ly/ZCp1oG

« What Do UK Consumers Think About SMEs’ Cyber Security?
Ex-CIA Chief: ‘If we don’t handle China well, it will be catastrophic’ »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

K7 Computing

K7 Computing

K7 provides antivirus and internet security products for business and home users.

Q-CERT

Q-CERT

Q-CERT is the National Computer Security Emergency Team of Qatar.

Silent Breach

Silent Breach

Silent Breach specializes in network security and digital asset protection. Services include Pentesting, Security Assessments, Incident Detection & Response, Governance Risk & Compliance.

PlainID

PlainID

PlainID provides IAM teams with a simple and intuitive means to control their organization’s entire authorization process.

Simeio Solutions

Simeio Solutions

Simeio is a complete Identity and Access Management (IAM) solution provider that engages securely with anyone, anywhere, anytime.

CodeSealer

CodeSealer

CodeSealer provide invisible end-to-end user interface protection with a unique web security solution to eliminate Man-in-the-Middle and Man-in-the-Browser vulnerabilties.

National Centre for Cyber Security (NCCS) - Pakistan

National Centre for Cyber Security (NCCS) - Pakistan

National Centre for Cyber Security (NCCS) undertakes cyber security research and plays a leading role in securing Pakistan’s Cyberspace.

CyberForum

CyberForum

CyberForum supports businesses from the IT and high-tech industry in all stages of their development: from startup consulting to professional staffing and even location marketing campaigns.

Raonsecure

Raonsecure

Raonsecure is one of Korea’s leading ICT security software companies – providing a variety of PC and mobile security solutions to financial institutions, government, and enterprise.

Active Countermeasures

Active Countermeasures

Active Countermeasures believe in giving back to the security community. We do this through free training, thought leadership, and both open source and affordable commercial tools.

Real Protect

Real Protect

Real Protect is a Brazilian provider of managed security (MSS) and cyber defense services.

Thistle Technologies

Thistle Technologies

Thistle Technologies is building tools that help connected device manufacturers build security resiliency into devices.

South East Cyber Resilience Centre (SECRC)

South East Cyber Resilience Centre (SECRC)

The South East Cyber Resilience Centre supports and helps protect SMEs and supply chain businesses and third sector organisations in the region against cyber crime.

BlastWave

BlastWave

BlastWave deliver Operational Technology Cybersecurity solutions that minimize the available attack surface and protect against the rising tide of AI-powered cyber attacks.

Colt Technology Services

Colt Technology Services

Colt Technology Services (Colt) is a global digital infrastructure company which creates extraordinary connections to help businesses succeed.

Pixee

Pixee

Pixee fixes vulnerabilities, hardens code, squashes bugs, and gives engineers more time to focus on the work that counts.