It was a powerful piece of technology created for an important customer. The Medusa system, named after the mythical Greek monster with snakes instead of hair, had one main purpose: to vacuum up vast quantities of internet data at an astonishing speed.
The technology was designed by Endace, a little-known New Zealand company. And the important customer was the British electronic eavesdropping agency, Government Communications Headquarters, or GCHQ.
Dozens of internal documents and emails from Endace, obtained by The Intercept and reported in cooperation with Television New Zealand, reveal the firm’s key role helping governments across the world harvest vast amounts of information on people’s private emails, online chats, social media conversations, and internet browsing histories.
The leaked files, which were provided by a source through SecureDrop, show that Endace listed a Moroccan security agency implicated in torture as one of its customers. They also indicate that the company sold its surveillance gear to more than half a dozen other government agencies, including in the United States, Israel, Denmark, Australia, Canada, Spain, and India.
Some of Endace’s largest sales in recent years, however, were to the United Kingdom’s GCHQ, which purchased a variety of “data acquisition” systems and “probes” that it used to covertly monitor internet traffic.
Documents from the National Security Agency whistleblower Edward Snowden, previously disclosed by The Intercept, have shown how GCHQ dramatically expanded its online surveillance between 2009 and 2012. The newly obtained Endace documents add to those revelations, shining light for the first time on the vital role played by the private sector in enabling the spying.
Stuart Wilson, Endace’s CEO, declined to answer questions for this story. Wilson said in a statement that Endace’s technology “generates significant export revenue for New Zealand and builds important technical capability for our country.” He added: “Our commercial technology is used by customers worldwide … who rely on network recording to protect their critical infrastructure and data from cybercriminals, terrorists, and state-sponsored cybersecurity threats.”