Britain and America's spies have secretly accessed the information held by giant telecoms provider Deutsche Telekom, which is part-owned by the German Government, according to a leading German newspaper.
The claim, published by Der Spiegel on Sunday, is a further blow to relations between the three allies after last year's revelations that Washington bugged the phone of German leader Angela Merkel.
Citing documents provided by whistleblower Edward Snowden, Spiegel says America's NSA and Britain's GCHQ intelligence agencies broke into Deutsche Telecom's networks as part of their ‘Treasure Map' project to map the internet and all the servers and end users devices on it.
They also tapped into the networks run by German regional telecoms provider Netcologne.
Deutsche Telekom is one of the world's largest telecoms providers, with £48 billion revenues and is almost one-third owned by the Bonn Government.
Spiegel claims the spies could have accessed the information of both companies' corporate customers, saying: “According to the logic of the undated Treasure Map documents, the NSA and its partner agencies are perhaps not only able to monitor the networks of these companies and the data that travels through them, but also the end devices of their customers.”
However, after being informed of the findings, neither company found evidence of data being exfiltrated, though Spiegel quotes a Deutsche Telekom spokesperson as saying: "The accessing of our network by foreign intelligence agencies would be completely unacceptable."
The company's head of security, Volker Tschersich, said the agencies may also have accessed the Tat14 international telecoms cable.
In another twist, the WikiLeaks international journalists' organisation has leaked the secret surveillance software which German company FinFisher has supplied to governments and police worldwide.
WikiLeaks says the ‘malware' is used against journalists, activists and political dissidents and has published it so it can be detected by its targets.
Accusing the German Government of protecting FinFisher, WikiLeaks founder Julian Assange said: "FinFisher continues to operate brazenly from Germany selling weaponised surveillance malware to some of the most abusive regimes in the world. The Merkel Government pretends to be concerned about privacy, but its actions speak otherwise.”
Assange added: “This full data release will help the technical community build tools to protect people from FinFisher including by tracking down its command and control centres."
WikiLeaks has also exposed some of FinFisher's customers, who range from Australia's New South Wales Police and the Dutch national police, to Qatar State Security and the secret services of Hungary and Italy.
WikiLeaks estimates that FinFisher has made around £38 million revenue from selling its computer intrusion systems, software exploits and remote monitoring systems – which can intercept communications and data on OSX, Windows and Linux systems as well as Android, iOS, BlackBerry, Symbian and Windows mobiles.
Commenting on the FinFisher expose, privacy expert Brian Honan, founder of BH Consulting, told SCMagazineUK.com: “This is a double-edged question because on the one hand we have legitimate police use of surveillance methods; the concerns are where governments or repressive regimes use these devices, be that FinFisher or anything else, for mass surveillance or just to monitor dissidents with no justification or cause to do so.
“So being able to detect FinFisher for those people would obviously be a benefit. That criminals can also detect it now against legitimate police surveillance, it makes the job harder but it doesn't make it impossible.”
On Spiegel's revelations, he said: “While we probably accept that spy agencies need to spy, to do that on your supposed allies' networks is a concern.
“I think Deutsche Telekom and the German Government need to sit down with their allies and discuss exactly what's going on and work out ways to ensure that the rights of EU citizens and customers of our networks are not being trampled on or compromised without any due oversight.”
Honan added: “As individuals we all need to ensure that our privacy and the privacy of others is protected. From a corporate point of view the concern I would have would be that if I have staff travelling to countries who would willy-nilly infect mobile devices on a mass surveillance-type scenario, then suddenly you may have your corporate device now being monitored by a foreign government.”
Commenting on the Spiegel report, Emma Carr, director of UK privacy watchdog Big Brother Watch, said it shows British Government hypocrisy over the protection of privacy.
She told SCMagazineUK.com via email: “At a foreign policy level, the UK has frequently sought to defend and uphold our privacy and yet these latest revelations only reaffirm that our domestic policies are undermining this good work.
“We boldly challenge countries like Russia and China who seek to control and monitor the free flow of information yet we are seemingly doing exactly that ourselves.
“The Government must lead by example or we risk seeing our actions copied around the world to the detriment of millions of people who hope the internet may finally bring them democracy.”
* In April, SC Magazine covered Spiegel's report of a large-scale attack by GCHQ on German satellite operators Stellar, Cetel and IABG.
A new short film, by filmmaker Katy Scoggin and Laura Poitras, co-founder of the publication Intercept, shows the reactions of Stellar engineers when confronted with evidence that they have been surveilled by GCHQ.