CORTEX Trojan horse?

Written By: - Date published: 10:35 am, December 11th, 2015 - 16 comments
Categories: Abuse of power, Spying - Tags: , ,

Spying, surveillance and CORTEX are back in the news. By way of background, recall the revelations that emerged just prior to the 2014 election at Dotcom’s flawed “Moment of Truth” (NEW ZEALAND LAUNCHED MASS SURVEILLANCE PROJECT WHILE PUBLICLY DENYING IT). Here’s The Guardian summary:

In trying to confuse and deflect the attention in surveillance tool Speargun, Key hastily released some details of a different tool, CORTEX. This raised many interesting questions. More of CORTEX below.

Round 2 on surveillance occurred earlier this year, with further revelations in the “Snowden Files”, as reported in The Herald by Nicky Hager and Ryan Gallagher, for example Snowden revelations / The price of the Five Eyes club: Mass spying on friendly nations. And let’s not forget David Fisher’s scoop on spying for Tim Groser’s failed WTO job bid, GCSB spies monitored diplomats in line for World Trade Organisation job.

Fast forward to today and CORTEX is back in the news. David Fisher:

GCSB ‘Cortex’ system aimed at ISPs

The “Cortex” system Prime Minister John Key made public to counter claims of mass surveillance of New Zealanders is now being aimed at the internet service providers handling the emails and online data of everyday Kiwis.

But the Government Communications Security Bureau said Kiwis’ Twitter communications were safe, with the “eligible” internet service providers (ISPs) carrying less than 1 per cent of the country’s internet traffic. Of that, it was expected 1 per cent at most of that traffic would contain suspect cyber activity and only 0.01 per cent to 0.5 per cent would be seen by a GCSB analyst alerted by an automated system.

The details were published on the GCSB website ahead of an expected announcement today by Communications Minister Amy Adams of a new cyber security action plan.

The details on the GCSB website say it is carrying out a “malware free networks” pilot with an ISP which could later be rolled out to others. It says it is not compulsory for ISPs to join and ISPs are obliged to tell customers their data is being screened.

However, it also says ISPs are not allowed to name the GCSB as being involved because doing so could give hackers a signpost to valuable targets.

It rejected any suggestion it is “mass surveillance”, saying it had an automated searching function to sniff out malicious traffic.

However, it also conceded that a rare set of circumstances could lead to GCSB staff reading people’s emails. In those cases, “all a GCSB analyst would be looking for in an email is evidence of malicious cyber activity”. …

Some pretty odd comments from the GCSB there, but never mind, it seems clear that new measures will be put in place. So is CORTEX in fact benign malware protection, or is it a Trojan horse for more? I have no way of knowing of course. But these comments in the NBR in September make me ponder:

Early successes for Cortex have included helping a government agency mitigate an attack on several officials’ emails, aiding six significant organisations recover from a newly identified source of cyber attack and detecting large-scale targeting of a nationally significant entity as part of a global campaign by a foreign threat, [acting GCSB director] Jagose said. It also helped an Auckland firm recover from overseas criminal attack, resolved a long-term compromise in a large information technology firm, helped a telecommunications provider respond and strengthen systems after suspicious activity on its network, and assisted private sector firms facing ransomware attacks.

Those claimed successes, if indeed a result of CORTEX, while vague, seem to go well beyond simple malware detection and prevention, and in to quite broad analysis of content.

Given this government’s record of secrecy, lies, and misuse of surveillance, I think we the people would be naive to believe that CORTEX and other aspects of the proposed “cyber security action plan” are anything less than another escalation of the surveillance of New Zealanders.

Final footnote – Key long ago withdrew his promise to resign if there was mass surveillance.

PM won’t give assurance NZers not caught in eavesdropping

Key says he won’t quit if mass collection of Kiwis’ communications proved



16 comments on “CORTEX Trojan horse?”

  1. ianmac 1

    How can he get away with it? Sad that there is no public vehicle where Cortex implications could be explored, or for that matter that Judith Collins “has been cleared of Dirty Tricks.” (Note that “Native Affairs” has been downsized to 30 minutes so that it can explore topical magazine things like TV at seven.)

    • Lara 1.1

      How can he get away with it?


      A great many Kiwis think that “if you have nothing to hide, you have nothing to fear”.

      And that is the sum total of their understanding of the concept of privacy. And its importance.

      • Hanswurst 1.1.1

        It’s also the reverse engineering of “If you have nothing to hide, you have nothing to fear”. Key appears not to be consumed by fear, ergo he has nothing to hide… at least for those who buy into his laid-back public presentation.

  2. Murray Simmonds 2

    Given the fact that Windows 10 now spies on most of its users, and as of last week, Windows Vista, Windows 7 and Windows 8 do likewise (unless you have succeeded in stopping them from doing so), I can’t see that it makes a helluva lot of difference.

    Except I suppose that Mac Users and Linux users may now come under the spyware-net via Cortex, whereas they’d previously been exempt by virtue of being non-Microsoft users.

    It seems to be one of the many prices that we pay for being connected to the internet. That, plus the fact that we now live in a Global-corporation-controlled world. Pity they aren’t as good at doing something about Global Climate Change as they seem to be at doing things about mass-surveillance.

    • Gareth 2.1

      Windows Vista, 7 & 8 are not suddenly spying on users. If you’ve turned on the Customer Experience Improvement Program, then there are 4 Optional KBs which change what is collected by that program.

      You must have CEIP turned on, and you must be installing Optional updates, not just mandatory and recommended ones, to notice any difference.

      Windows 10 on the other hand, does spy on you to be able to serve personalised ads and whatever else Microsoft comes up with.

      • BLiP 2.1.1

        Its not just “Optional” updates Micro$oft is sneaking onto Windows 7 and 8 . . .

        . . . Yes, in a quite bizarre move Infoworld spotted Microsoft has simultaneously reissued no less than four controversial user tracking patches for Windows 7 and Windows 8. Stranger still in an attempt to get them onto more computers, Microsoft has even reclassified one as ‘Important’ so it will now install automatically on any PCs and laptops running default Windows Update settings (read: the vast majority) . . .

        . . . users of Windows 7 and 8 would be advised to check to see if updates KB 2952664, KB 2976978, KB 2977759, and KB 3035583 have been installed. These dodgy “updates” have been rolling out since at least September and there’s bound to more.

        It should also be remembered that Nicro$oft has been colluding with NSA for years.

      • DH 2.1.2

        That’s not true Gareth. I don’t have CEIP turned on and KB3068708 shows as an important update, not an optional one. I had to uninstall that one and then hide it with the other KBs to stop them being installed.

    • Liberal Realist 2.2

      With ISP involvement CORTEX looks to be network based. They’ll likely be intercepting and filtering raw traffic (packets) sniffing for metadata, hence every subscriber using that ISP will be potentially affected. Malware prevention my arse!

      When you install Windows 10 you can disable most of the invasive privacy settings. You can also disable these settings post install. You’ll lose a few features such as Cortana (Which doesn’t do much in NZ region at present). The weirdest one is ‘Wifi Sense’ which can inadvertently share your Wifi password! WTF!

      Anyway, there is plenty of information out there on how to disable these features for normal users.


      If you really want to avoid your privacy being compromised you can make it really difficult for the snoops.

      Whonix is an open source, high privacy architecture OS (linux) that you can run in a virtual machine.

      Some detail on Virtual Machines:

  3. Paul Campbell 3

    It was weird, the GCSB director gave a talk about cortex at Kiwicon today …. Almost no technical content …. I see the working with ISPs to protect from malware is basically a Trojan horse to get deep packet inspection into ISP’s premises … If all ISPs offer this ‘service’ we’ll have no choice but having every network packet we send or receive inspected by the GCSB

  4. BLiP 4

    Encrypting your data yet? Its not as difficult as some might think but be careful, some encryption tools are not up to the task. So . . .

    In the face of widespread Internet surveillance, we need a secure and practical means of talking to each other from our phones and computers. Many companies offer “secure messaging” products—but are these systems actually secure? We decided to find out, in the first phase of a new EFF Campaign for Secure & Usable Crypto.

    This scorecard represents only the first phase of the campaign. In later phases, we are planning to offer closer examinations of the usability and security of the tools that score the highest here. As such, the results in the scorecard below should not be read as endorsements of individual tools or guarantees of their security; they are merely indications that the projects are on the right track. For practical advice and tutorials on how to protect your online communication against surveillance, check out EFF’s Surveillance . . . Self-Defense guide.

    With National Ltd™’s plans to involve corporations in its mass-surveillance progrom, its not just government we have to protect ourselves from.

  5. Bill 5

    something about lobotomy…

  6. vto 6

    I think the world has accepted that government and spies cannot be trusted one iota, and that all of their internet traffic is under surveillance and is stored.

    As such people’s habits are changing. For example, use cash pretty much all the time now. Cash is also faster, more convenient and easier. If cash had been invented now it would be held up as the next great technology, such are its benefits. Doh.

  7. Murray Simmonds 7

    I posted this link earlier in the week (or was it last week??)

    There are several other interesting articles in Forbes magazine, including situations reported where Microsoft automatically installed the Windows 10 upgrade on machines where it wasn’t wanted; they did so WITHOUT the permission of the owners.

    Its well worth checking out those articles in Forbes magazine.

  8. Esoteric Pineapples 8

    I think we can take it as read that the government has the capacity to spy on anyone it wants to. It would be so easy to set up someone you want to bring down. As just one example, set up a false identity on Facebook as an attractive young woman (or using a real one). Develop an online a comproming online sexual relationship. Save the target’s communications and then publically release them. (Probably works mostly with men). Basically the “honeypot” manouvre.
    Someone wants to know my real identity from comments on the Standard? Just hack into the site using survelliance technology to find my email etc. I’ve joined a Facebook page on the Kurds. I take it as read that I run the risk that if I ever go to Turkey my name may pop up when they read my passport as someone undesirable. Protecting your privacy is something that really only applies to not wanting friends, family and the community to know stuff about you. Politically you might as well lay your heart on your sleeve.

Recent Comments

Recent Posts

  • Swiss tax agreement tightens net
    Opportunities to dodge tax are shrinking with the completion of a new tax agreement with Switzerland, Revenue Minister Stuart Nash announced today. Mr Nash and the Swiss Ambassador David Vogelsanger have today signed documents to update the double tax agreement (DTA). The previous DTA was signed in 1980. “Double tax ...
    2 weeks ago