Nosey Smurf, Gumfish and Foggybottom: The snooping tools that may have got GCHQ in hot water

Sign up to our free weekly IndyTech newsletter delivered straight to your inbox

Sign up to our free IndyTech newsletter

Please enter a valid email address

Please enter a valid email address

SIGN UP

I would like to be emailed about offers, events and updates from The Independent. Read our privacy notice

GCHQ, the Government’s listening station, is being subjected to unprecedented legal action over its alleged use of hacking tools, such as “Nosey Smurf”, “Gumfish” and “Foggybottom”, to intercept personal and private data by infecting computers and mobiles.

The civil rights group Privacy International has today launched the groundbreaking legal challenge at the Investigatory Powers Tribunal in London, claiming that GCHQ’s alleged use of such spying techniques is “incompatible with democratic principles and human rights standards”.

Details of the spying capabilities of GCHQ were revealed in documents leaked by former National Security Agency contractor Edward Snowden last year. The Snowden documents showed that GCHQ and the NSA were using malware for the mass interception of communications.

In its claim Privacy International set out the different hacking devices available to GCHQ.

Nosey Smurf is a tool which allows listeners to take over a computer’s microphone and record conversations taking place nearby the device. Gumfish takes over the device’s webcam and can film or take photographs. Foggybottom records Internet browsing histories and collects login details. Tracker Smurf identifies the geographic whereabouts of the user. Grok logs the keystrokes entered into a device.

Privacy International said such “invasive” tools enabled GCHQ to build up a detailed picture of the individual on the end of the phone or computer. Information could include “location, age, gender, marital status, finances, health information, ethnicity, sexual orientation, education, family relationships, private communications, and potentially, their most intimate thoughts”.

Launching the legal challenge, Eric King, Deputy Director of Privacy International, said: “The hacking programmes being undertaken by GCHQ are the modern equivalent of the government entering your house, rummaging through your filing cabinets, diaries, journals and correspondence, before planting bugs in every room you enter. Intelligence agencies can do all this without you even knowing about it, and can invade the privacy of anyone around the world with a few clicks. All of this is being done under a cloak of secrecy without any public debate or clear lawful authority.”

Such behaviour was “the purview of dictatorships not democracies”, he said. “Unrestrained, unregulated Government spying of this kind is the antithesis of the rule of law and Government must be held accountable for their actions.”

A GCHQ spokesperson said it had “no comment” on the matter.

Privacy International this week successfully challenged HMRC when a High Court judge ruled that customs officials had acted unlawfully and “irrationally” by issuing blanket refusals to requests for information on the status of any investigation into the potentially illegal export of malware hacking tools from Britain to repressive regimes.

Privacy International had submitted a dossier of evidence to HMRC in 2012, alleging that Gamma International, a company with its roots in Britain, had illegally exported surveillance technology to numerous governments with records of human rights abuse, including Bahrain, Ethiopia, Egypt and Turkmenistan.

Gamma, a British-German company, has refused to comment on its development of FinSpy, a “Trojan” programme which allows a remote user to gain full access to a targeted computer. Privacy International last year called on the National Crime Agency to investigate the case of Tadesse Kersmo, a political refugee who fled to Britain from Ethiopia in 2009 and has continued to take part in opposition politics. FinSpy surveillance software first appeared on the London-based university lecturer’s computer in 2012, according to Privacy International.