Before the Swedish Riksdag passed the FRA Law a few years ago, expanding the authorisation of the FRA to conduct signals intelligence (SIGINT), rumours circulated that the law would allow the FRA to not only passively collect data passing through the telecom and computer networks, but would also begin “active SIGINT”– computer hacking. The Director-General of the FRA, Ingvar Åkesson, was called in to the Riksdag’s Standing Committee on Defence for questioning on 13 May 2008.
“The most important question I personally asked was whether the FRA was conducting any active signals intelligence. And the FRA chief said no to that,” says Peter Rådberg (MP), member of the Standing Committee on Defence.
Åkesson was also asked whether the new FRA Law would make active SIGINT – hacking – legal, and once again he clearly said no.
“We asked a question as to whether it was legal for the FRA to conduct active signals intelligence gathering, and he said no to that,” Rådberg says.
He said that clearly?
Rådberg: “It was clear!”
Did that reassure you?
Rådberg: “If the FRA chief says no to such a clear question, you have to assume that it’s the truth.”
But in 2010, several members of Parliament who are on the Signals Intelligence Committee received an anonymous e-mail whose contents were considered to be so credible and so sensitive that most of it was stamped as confidential. The sender, who called himself “Lars Larsson”, warned the committee that the FRA might be on its way to beginning to conduct “active signals intelligence”.
“This refers to a variety of types of computer hacking. Some of the FRA’s partners are very keen on the FRA participating in active signals intelligence. It is therefore extremely important that you parliamentarians monitor the issue.”
Documents leaked by Edward Snowden, which Uppdrag Granskning uncovered in collaboration with Glenn Greenwald and Ryan Gallagher, confirm what the anonymous e-mail author warned about. Despite Åkesson’s statement, it is clear that the FRA, in collaboration with the American NSA, has been hacking into computers. In April this year the top management of the FRA and the NSA, including NSA chief Keith Alexander, met to discuss a top-secret project, Operation Winterlight. This is not just any joint project. The heading of the document is “Quantum operations”. Quantum is the NSA’s secret hacking programme.
Who the FRA targeted in operation Winterlight is not indicated. However, the number of attacks – or “shots” – that were carried out and how many computers were taken over and redirected to the British intelligence agency GHCQ is:
“...100 shots, five of which were successfully redirected to the GCHQ server.”
Uppdrag Granskning asked one of the world’s leading computer security experts, Bruce Schneier, to review the technical formulations in the NSA’s secret documents. He states that there is no doubt that the FRA actively participated in the hacker attack.
“Both Quantum and FoxAcid are NSA/GCHQ programmes to attack computer users. The fact that Sweden is involved in these programmes means that Sweden is involved in active attacks against internet users. It is not just passive monitoring. This is an active attack.
Without any doubt?
“Yeah, without any doubt! That document shows that the FRA is doing active attacks,” Schneier confirms.
FRA spokesman Fredrik Wallin doesn’t want to comment on whether or not the FRA is carrying out active SIGINT, but he says that all intelligence gathering that the authority carries out is supported by Swedish law.
“In general I can say that we follow the laws that apply to our operations, and we have permits from the Defence Intelligence Court for all of our intelligence gathering, regardless of the tools or methods used. Beyond that, I cannot comment, confirm or deny that we use this or that method,” Wallin says.
Ingvar Åkesson, former Director-General of the FRA, declined a request for an interview with SVT, and informed us by e-mail that he is sorry for the confusion surroundoing what was said in the hearing at the defence committe. He writes that all SIGINT collection at the FRA during his tenure was done according to Swedish law. Åkesson does not deny that FRA is a part of the Quantum hacking efforts.
Reporters: Sven Bergman, Joachim Dyfvemark, Ryan Gallagher, Glenn Greenwald, Fredrik Laurin and Filip Struwe.
Tip: read more about the NSA’s computer attacks in Bruce Schneier’s article in The Guardian.
Translated from Swedish by Jennifer Evans.