The Dutch intelligence service - AIVD - hacks internet web forums to collect the data of all users. The majority of these people are unknown to the intelligence services and are not specified as targets when the hacking and data-collection process starts. A secret document of former NSA-contractor Edward Snowden shows that the AIVD use a technology called Computer Network Exploitation – CNE – to hack the web forums and collect the data.
Last week NRC reported that the NSA has infected 50,000 computer networks worldwide with malicious software. According to Dutch law, the intelligence service is permitted to hack computers of people or organisations under suspicion. But the law is not prescriptive regarding sophisticated forms of computer espionage. These techniques allow the intelligence services to harvest, analyse and utilise computer data of a large group of people using web forums.
‘AIVD crossed boundaries of Dutch legislation’
Nico van Eijk, a Dutch professor in Information Law, is of the opinion that the Dutch intelligence service has crossed the boundaries of Dutch legislation. “They use sweeps to collect data from all users of web forums. The use of these techniques could easily lead to mass surveillance by the government.”
IT specialist Matthijs Koot says that the exploitation of this technology can lead to a blurring of the lines between normal citizens and legitimate targets of the intelligence services.
The document summarizes a meeting held on February 14, 2013 between officials of the NSA and the Dutch intelligence services - AIVD and MIVD. During this meeting Dutch officials briefed their American counterparts on the way they target web forums with the CNE technique. “They acquire MySQL databases via CNE access”, the document reads.
MySQL is free open source software used to build databases for web forums. These databases contain all the posts of all the users of the forum and their personal data.
During the meeting Dutch intelligence officers explained how they use the information in the database. In order to identify targets. According to the document the Dutch “are looking at marrying the forum data with other social network info, and trying to figure out good ways to mine the data that they have.”
Dutch MP’s call for parliamentary inquiry
A group of Dutch members of parliament have called for a parliamentary inquiry into the way the secret services are collecting and using data. The Dutch intelligence services have been previously criticised by an oversight committee for the way in which they have used legally intercepted data. According to this committee the search queries the intelligence services used to filter the data, were not specific enough. The use of generic queries, the committee concluded, was “not in accordance with Dutch law”.
A spokesperson for the Dutch government refused to comment on the use of data from web forums by the AIVD, but stated that the intelligence services are allowed to hack computers. A spokesperson for the American government stated that the publication of classified information is a threat to US national security.