Wikileaks’s latest dump of secrets yesterday alleged that this German city is at the center of their cyber ops. This makes so much sense when you think about it
The ever-controversial Wikileaks dropped a load of live grenades yesterday with their most recent dump, this time detailing the Central Intelligence Agency’s hacking activities. Most of the attention rightly turned to the spy agency’s efforts to compromise mobile devices, smart TVs, and other pieces of tech that could help them with collecting information. The collection of hacking manuals and organizational charts helped to provide some interesting insights into the workings of the otherwise opaque organization.
Wikileaks made note of the fact that the CIA was making use of the US consulate in the German city of Frankfurt as the HQ of their cyber-snooping ops across Europe, the Middle East, and Africa.
The fact that US consulates and embassies are used by intelligence agencies for running operations is far from shocking. Embassies are generally referred to as spy dens and counterintelligence agencies monitor them as such.
What is more interesting is why Frankfurt makes perfect sense for setting up a spy hub in general.
The crossroads of the internet
Frankfurt is home to the world’s largest internet exchange point, making it an ideal place to set up shop. In the age of wireless, we often forget that the internet still runs through a series of fiber optic cables, under the seas and the ground. These cables have to meet up at certain intersections, making the connections with cables from other parts of the globe. This is how we are able to communicate from one side of the globe to the other.
As the financial capital of continental Europe, it follows that Frankfurt would be more than happy to host this exchange point. Information is power, and when you are say performing millions or billions of financial transactions based on algorithmic trading per day, having those few extra milliseconds to make a smarter decision based on new data can be worth quite a lot.
However the flip side to being close to the mouth of the source is that it makes it a target for agencies that want to monitor that traffic to the greatest effect possible. Not surprisingly, the CIA is not the first spy agency to be caught with their hand in the proverbial cookie jar of the exchange.
Last September, Fortune’s David Meyer reported that the exchange point’s operator De-Cix was suing the German government in an attempt to get them to limit their mass surveillance operations. According to his report, De-Cix was claiming that Germany’s intel outfit the Bundesnachrichtendienst (let’s just call them the BND) had come to them with orders that would allow for them to monitor the traffic flowing through their pipes. The company stated these orders were very illegal under the G10 Act that deals with intelligence gathering.
Based in no small part on their history under the Gestapo and Stasi state security apparatuses, Germans have set out a very strong set of protections against overreaching surveillance regimes. Their privacy laws are recognized as some of the strongest in the region. While some monitoring of internet traffic is clearly permitted, there are limitations that need to be respected.
The CIA apparently has fewer qualms about sitting on international internet communications. While it is known that they have cooperated with the BND in the past (to the Germans’ embarrassment when the details came to light), they have also crossed red lines. Consider the reaction when it was revealed that the US was actively listening to Chancellor Angela Merkel’s personal phone.
Airport hub for most of Europe
Easy mobility of personnel appears to be the second major factor behind the choice to base the operations in Frankfurt.
As one of the biggest hubs in Europe, it is one of the most popular transit junctions for airborne travel. The Wikileaks report makes note that as a part of the Schengen region, once someone enters one of these countries, they can move between states of the European Union without passport checks that could raise unwanted eyebrows.
The ability to move between countries remains important for carrying out ops in person. Not every machine is accessible through remote hacks. This necessitates the occasional need to put malicious code on a target’s machine through USB stick or otherwise, giving your side’s hackers an in for later operations.
As a spy agency, the CIA should be expected to be carrying out intelligence operations. You know, spying.
The questions that need to be asked here are similar to the suit between De-Cix and the BND: When the CIA or other agencies like the National Security Agency decide to start tapping our communications, how wide of a net should they be allowed to cast? Where is the line between mass surveillance that is useful, and when do they cross that line in the sand and provoke a public rebuke? This line can be blurry, to say the least and it moves constantly with the tides.
As the public, we need to keep in mind that when we communicate, there is always the risk that someone is recording us, listening in. Chances are that we are not interesting enough to warrant a closer inspection. However, being aware of the risks and engaging in a public debated is a part of being a citizen in the information age, demanding more responsibility on both our part and from the watchers.