Endace, a little-known New Zealand company, is discovered to have developed the Medusa system, named after the ancient Greek mythology snake demon, whose main purpose is to collect large amounts of high-speed Internet data. Its main customer is the British Government Communications General Administration GCHQ as well as other government agencies and telecommunications customers from the United States, Israel, Denmark, Australia, Canada, Spain and India.
The Intercept, an Australia-based newspaper, obtained reports through leaked documents from SecureDrop and the reports suggested that Endace’s largest customer is GCHQ. The devices allow customers to monitor, block and capture 100 percent of network traffic. According to the leaked documents, GCHQ purchased Endeace’s monitoring technology for the purpose of building FGA, FGA, which stands for “friendly government agency”, is considered to be just GCHQ.
In one of the leaked Endace documents obtained by The Intercept — under a section titled “customer user stories” — the company describes a situation in which a government agency has obtained “the encryption keys for a well-known program.” An Endace surveillance “probe,” the document suggests, could help the government agency “unencrypt all packets sent by this program on a large network in the last 24 hours.”
Once the data has been decrypted, the agency will be able to “look for the text string ‘Domino’s Pizza,’” Endace joked, “as they have information suggesting this is the favorite pizza of international terrorists.”