James Risen and Laura Poitras / The New York Times & Floor Boon, Steven Derix and Huib Modderkolk / NRC Handelsblad & Darrell Etherington / Tech Crunch.com – 2013-11-26 16:25:42
WASHINGTON and BERLIN (November 22, 2013) — Officials at the National Security Agency, intent on maintaining its dominance in intelligence collection, pledged last year to push to expand its surveillance powers, according to a top-secret strategy document.
In a February 2012 paper laying out the four-year strategy for the NSA’s signals intelligence operations, which include the agency’s eavesdropping and communications data collection around the world, agency officials set an objective to “aggressively pursue legal authorities and a policy framework mapped more fully to the information age.”
Written as an agency mission statement with broad goals, the five-page document said that existing American laws were not adequate to meet the needs of the NSA to conduct broad surveillance in what it cited as “the golden age of Sigint,” or signals intelligence.
“The interpretation and guidelines for applying our authorities, and in some cases the authorities themselves, have not kept pace with the complexity of the technology and target environments, or the operational expectations levied on NSA’s mission,” the document concluded.
Using sweeping language, the paper also outlined some of the agency’s other ambitions. They included defeating the cybersecurity practices of adversaries in order to acquire the data the agency needs from “anyone, anytime, anywhere.”
The agency also said it would try to decrypt or bypass codes that keep communications secret by influencing “the global commercial encryption market through commercial relationships,” human spies and intelligence partners in other countries. It also talked of the need to “revolutionize” analysis of its vast collections of data to “radically increase operational impact.”
The strategy document, provided by the former NSA contractor Edward J. Snowden, was written at a time when the agency was at the peak of its powers and the scope of its surveillance operations was still secret. Since then, Mr. Snowden’s revelations have changed the political landscape.
Prompted by a public outcry over the NSA’s domestic operations, the agency’s critics in Congress have been pushing to limit, rather than expand, its ability to routinely collect the phone and email records of millions of Americans, while foreign leaders have protested reports of virtually unlimited NSA surveillance overseas, even in allied nations. Several inquiries are underway in Washington; Gen. Keith B. Alexander, the NSA’s longest-serving director, has announced plans to retire; and the White House has offered proposals to disclose more information about the agency’s domestic surveillance activities.
The NSA document, titled “Sigint Strategy 2012-2016,” does not make clear what legal or policy changes the agency might seek. The NSA’s powers are determined variously by Congress, executive orders and the nation’s secret intelligence court, and its operations are governed by layers of regulations. While asserting that the agency’s “culture of compliance” would not be compromised, NSA officials argued that they needed more flexibility, according to the paper.
Senior intelligence officials, responding to questions about the document, said that the NSA believed that legal impediments limited its ability to conduct surveillance of terrorism suspects inside the United States.
Despite an overhaul of national security law in 2008, the officials said, if a terrorism suspect who is under surveillance overseas enters the United States, the agency has to stop monitoring him until it obtains a warrant from the Foreign Intelligence Surveillance Court.
“NSA’s Sigint strategy is designed to guide investments in future capabilities and close gaps in current capabilities,” the agency said in a statement. “In an ever-changing technology and telecommunications environment, NSA tries to get in front of issues to better fulfill the foreign-intelligence requirements of the US government.”
Critics, including some congressional leaders, say that the role of NSA surveillance in thwarting terrorist attacks — often cited by the agency to justify expanded powers — has been exaggerated. In response to the controversy about its activities after Mr. Snowden’s disclosures, agency officials claimed that the NSA’s sweeping domestic surveillance programs had helped in 54 “terrorist-related activities.”
But under growing scrutiny, congressional staff members and other critics say that the use of such figures by defenders of the agency has drastically overstated the value of the domestic surveillance programs in counterterrorism.
Agency leaders believe that the NSA has never enjoyed such a target-rich environment as it does now because of the global explosion of digital information — and they want to make certain that they can dominate “the Sigint battle space” in the future, the document said. To be “optimally effective,” the paper said, “legal, policy and process authorities must be as adaptive and dynamic as the technological and operational advances we seek to exploit.”
Intent on unlocking the secrets of adversaries, the paper underscores the agency’s long-term goal of being able to collect virtually everything available in the digital world. To achieve that objective, the paper suggests that the NSA plans to gain greater access, in a variety of ways, to the infrastructure of the world’s telecommunications networks.
Reports based on other documents previously leaked by Mr. Snowden showed that the NSA has infiltrated the cable links to Google and Yahoo data centers around the world, leading to protests from company executives and a growing backlash against the NSA in Silicon Valley.
Yet the paper also shows how the agency believes it can influence and shape trends in high-tech industries in other ways to suit its needs. One of the agency’s goals is to “continue to invest in the industrial base and drive the state of the art for high performance computing to maintain pre-eminent cryptanalytic capability for the nation.”
The paper added that the NSA must seek to “identify new access, collection and exploitation methods by leveraging global business trends in data and communications services.”
And it wants to find ways to combine all of its technical tools to enhance its surveillance powers. The NSA will seek to integrate its “capabilities to reach previously inaccessible targets in support of exploitation, cyberdefense and cyberoperations,” the paper stated.
The agency also intends to improve its access to encrypted communications used by individuals, businesses and foreign governments, the strategy document said. The NSA has already had some success in defeating encryption, The New York Times has reported, but the document makes it clear that countering “ubiquitous, strong, commercial network encryption” is a top priority.
The agency plans to fight back against the rise of encryption through relationships with companies that develop encryption tools and through espionage operations. In other countries, the document said, the NSA must also “counter indigenous cryptographic programs by targeting their industrial bases with all available Sigint and Humint” — human intelligence, meaning spies.
The document also mentioned a goal of integrating the agency’s eavesdropping and data collection systems into a national network of sensors that interactively “sense, respond and alert one another at machine speed.” Senior intelligence officials said that the system of sensors is designed to protect the computer networks of the Defense Department, and that the NSA does not use data collected from Americans for the system.
One of the agency’s other four-year goals was to “share bulk data” more broadly to allow for better analysis. While the paper does not explain in detail how widely it would disseminate bulk data within the intelligence community, the proposal raises questions about what safeguards the NSA plans to place on its domestic phone and email data collection programs to protect Americans’ privacy.
NSA officials have insisted that they have placed tight controls on those programs. In an interview, the senior intelligence officials said that the strategy paper was referring to the agency’s desire to share foreign data more broadly, not phone logs of Americans collected under the Patriot Act.
Above all, the strategy paper suggests the NSA’s vast view of its mission: nothing less than to “dramatically increase mastery of the global network.”
Other NSA documents offer hints of how the agency is trying to do just that. One program, code-named Treasure Map, provides what a secret NSA PowerPoint presentation describes as “a near real-time, interactive map of the global Internet.” According to the undated PowerPoint presentation, disclosed by Mr. Snowden, Treasure Map gives the NSA “a 300,000 foot view of the Internet.”
Relying on Internet routing data, commercial and Sigint information, Treasure Map is a sophisticated tool, one that the PowerPoint presentation describes as a “massive Internet mapping, analysis and exploration engine.” It collects Wi-Fi network and geolocation data, and between 30 million and 50 million unique Internet provider addresses — code that can reveal the location and owner of a computer, mobile device or router — are represented each day on Treasure Map, according to the document. It boasts that the program can map “any device, anywhere, all the time.”
The documents include addresses labeled as based in the “U.S.,” and because so much Internet traffic flows through the United States, it would be difficult to map much of the world without capturing such addresses.
But the intelligence officials said that Treasure Map maps only foreign and Defense Department networks, and is limited by the amount of data available to the agency. There are several billion I.P. addresses on the Internet, the officials said, and Treasure Map cannot map them all. The program is not used for surveillance, they said, but to understand computer networks.
The program takes advantage of the capabilities of other secret NSA programs. To support Treasure Map, for example, the document states that another program, called Packaged Goods, tracks the “traceroutes” through which data flows around the Internet. Through Packaged Goods, the NSA has gained access to “13 covered servers in unwitting data centers around the globe,” according to the PowerPoint. The document identifies a list of countries where the data centers are located, including Germany, Poland, Denmark, South Africa and Taiwan as well as Russia, China and Singapore.
Despite the document’s reference to “unwitting data centers,” government officials said that the agency does not hack into those centers. Instead, the officials said, the intelligence community secretly uses front companies to lease space on the servers.
Despite the NSA’s broad surveillance powers, the strategy paper shows that NSA officials still worry about the agency’s ability to fend off bureaucratic inertia while keeping pace with change.
“To sustain current mission relevance,” the document said, Signals Intelligence Directorate, the NSA’s signals intelligence arm, “must undertake a profound and revolutionary shift from the mission approach which has served us so well in the decades preceding the onset of the information age.”
NSA Infected 50,000 Computer Networks with Malicious Software
Floor Boon, Steven Derix and Huib Modderkolk / NRC Handelsblad
THE NETHERLANDS (November 23, 2013) — The American intelligence service — NSA — infected more than 50,000 computer networks worldwide with malicious software designed to steal sensitive information. Documents provided by former NSA-employee Edward Snowden and seen by this newspaper, prove this.
A management presentation dating from 2012 explains how the NSA collects information worldwide. In addition, the presentation shows that the intelligence service uses ‘Computer Network Exploitation’ (CNE) in more than 50,000 locations. CNE is the secret infiltration of computer systems achieved by installing malware, malicious software.
One example of this type of hacking was discovered in September 2013 at the Belgium telecom provider Belgacom. For a number of years the British intelligence service — GCHQ — has been installing this malicious software in the Belgacom network in order to tap their customers’ telephone and data traffic. The Belgacom network was infiltrated by GCHQ through a process of luring employees to a false Linkedin page.
NSA special department employs
more than a thousand hackers
The NSA computer attacks are performed by a special department called TAO (Tailored Access Operations). Public sources show that this department employs more than a thousand hackers. As recently as August 2013, the Washington Post published articles about these NSA-TAO cyber operations.
In these articles, The Washington Post reported that the NSA installed an estimated 20,000 ‘implants’ as early as 2008. These articles were based on a secret budget report of the American intelligence services. By mid-2012 this number had more than doubled to 50,000, as is shown in the presentation NRC Handelsblad laid eyes on.
Cyber operations are increasingly important for the NSA. Computer hacks are relatively inexpensive and provide the NSA with opportunities to obtain information that they otherwise would not have access to. The NSA-presentation shows their CNE-operations in countries such as Venezuela and Brazil. The malware installed in these countries can remain active for years without being detected.
‘Sleeper cells’ can be activated
with a single push of a button
The malware can be controlled remotely and be turned on and off at will. The ‘implants’ act as digital ‘sleeper cells’ that can be activated with a single push of a button. According to the Washington Post, the NSA has been carrying out this type of cyber operation since 1998.
The Dutch intelligence services — AIVD and MIVD — have displayed interest in hacking. The Joint Sigint Cyber Unit — JSCU — was created early in 2013. The JSCU is an inter-agency unit drawing on experts with a range of IT skills. This new unit is prohibited by law from performing the type of operations carried out by the NSA as Dutch law does not allow this type of Internet searches.
The NSA declined to comment and referred to the US Government. A government spokesperson states that any disclosure of classified material is harmful to our national security.
NSA Has 50,000 ‘Digital Sleeper Agents’
Via Computer Malware, Says Latest Snowden Leak
Darrell Etherington / Tech Crunch.com
(November 23, 2013) — Sleeper agents are among the most sinister spy assets: they lie in wait, wolves in sheep’s clothing, and then deliver a critical blow when activated. The NSA has 50,000 of those waiting for the literal push of a button, according to the latest batch of leaked Snowden documents, as seen by Dutch daily evening newspaper NRC. But these aren’t people, like Keri Russel and Matthew Rhys in The Americans — these are computers, infected with malware and untroubled by conscience or the risk of going native.
The NSA reportedly infected 50,000 computer networks worldwide with malicious software with the sole aim of harvesting sensitive information it wasn’t privy to, which is basically what you’d call textbook spy work in the digital age, from an agency tasked with spying.
That’s not to excuse or dismiss the significance of this revelation, but we’ve heard from the Washington Post previously that the NSA was working on this sort of thing and that at least 20,000 computers had been infected by the program as of 2008. So to hear from Snowden documents via the NRC that it’s now climbed to 50,000 is hardly surprising.
New details brought to light indicate that operations from its so-called “Computer Networks Exploitation” program are active around the world, and can remain active for many years without being detected in some parts of the world like Venezuela and Brazil.
All the malware can we watched and controlled remotely, and turned on and off “with a single push of a button.” A New York Times report published yesterday also asserts that the NSA has been pushing to stretch its surveillance powers even further, with the aim of catching up to the spread and reach of digital technology and online communications.
The truly amazing thing about this is just how pedestrian the NSA’s efforts are — according to NRC, they’re essentially running the same kind of phishing scams with false email requests that you’ll see from any other purveyor of malicious software. As an example, NRC points to how the British GCHQ used false LinkedIn pages to lure and infect Belgacom network employees. Just one more good reason to never click on anything sent from anyone ever.
The ongoing NSA debacle is like a Breugel painting, with more and more detail emerging every time you look at it anew. Yahoo and Google’s networks were apparently compromised in a similar fashion, documents revealed in late October, and with up to 200,000 documents in total potentially taken by Snowden and shared with reporters, it’s unlikely we’re anywhere near seeing the whole picture at this point.
The NSA declined to comment on this story or the original report.
Posted in accordance with Title 17, Section 107, US Code, for noncommercial, educational purposes.