Insane New NSA Spying Allegations Have Emerged

Insane New NSA Spying Allegations Have Emerged

The news: Documents leaked by former National Security Agency (NSA) contractor Edward Snowden already brought attention to the NSA's elite Tailored Access Operations (TAO) division, which is comprised of hackers who have infiltrated tens of thousands of computer networks worldwide. But two new reports by German magazine Der Spiegel reveal the extent of what the unit is able to accomplish, and the tools it uses to do so. The findings are straight from a Hollywood movie.

What the TAO does: Using sophisticated software like the NSA's XKeyScore to isolate packets of user data — including sites visited, networks, and Tor uses — TAO agents can remotely install malware on unsuspecting users' computers. One example is a system called QUANTUMINSERT, in which an NSA agent attempts to redirect a user from his intended website to a special FoxAcid server loaded with malware. One such payload, dubbed DireScallop, prevents commercial security software from wiping NSA tools during a reboot. Others collect more data or make a user's computer vulnerable to further secret attacks.

The NSA routinely spies on whatever data can provide a clearer picture of the security holes in a given system. That includes Microsoft error reports, which NSA agents made fun of in this leaked slide:


The TAO also carries out special missions to infiltrate target networks. Der Spiegel specifically mentions an NSA mission named WHITETAMALE, which gained access to Mexico's Secretariat of Public Security, as well as an operation that successfully infiltrated the Belgian telecommunications company Belgacom.

TAO agents are sometimes escorted to targets by FBI-owned jets, which enable them to be in and out in as little as 30 minutes.

But every NSA James Bond needs to build custom gear for difficult situations. In cases when these remote tools aren't enough, the TAO turns to another NSA division, Advanced or Access Network Technology (ANT).

ANT builds NSA surveillance devices disguised as innocuous hardware. The division builds "implants" designed to penetrate networking security, directly transmit intelligence, or even interfere with a system's operations to give the NSA an edge. Der Spiegel gained access to their 2008 catalog.

A modified monitor cable that lets "TAO personnel [see] what is displayed on the targeted monitor" costs just $30. Other equipment is pricier. An "active GSM base station," equipment that mimics a cell phone tower in order to steal data from mobile devices, costs $40,000. A 50-pack of radio-capable computer bugging devices disguised as USB drives goes for over $1,000,000.

ANT also builds special software, primarily malware designed to infect the BIOS of a targeted system. The BIOS is motherboard software that activates hardware components and controls how they interact. It operates below the operating system and is first to turn on when a user powers their system, making it the ideal point of access for the NSA to target a computer. Infected BIOSes can be extremely difficult to clear.

ANT hackers also developed ways to attack the firmware of American-produced hard drives, including models made by Western Digital, Seagate, Maxtor, and Samsung. They've also cracked networking equipment like routers and firewalls produced by Juniper Networks and Huawei.

Der Spiegel found no reason to suspect anyone at those companies knows of the NSA's programs to exploit and create security holes in their products. And the NSA doesn't seem to care very much that their "intelligence solutions" could easily be co-opted by parties other than the U.S. government, cyber-criminals or foreign governments could potentially reproduce the NSA's results.

Even new computers aren't safe. According to Der Spiegel, the NSA routinely collaborates with the CIA and FBI to interdict shipments of computer and networking equipment to install bugs and modified hardware components before they reach their intended owners.

The big take-away: Using their own special workshops, TAO agents can ensure that computers are compromised before they're even unwrapped.

How much do you trust the information in this article?

Tom McKay

Tom is a staff writer at Mic, covering national politics, media, policing and the war on drugs. He is based in New York and can be reached at tmckay@mic.com.

MORE FROM

President Donald Trump turns Boy Scout Jamboree into campaign rally

The president discussed health care, Hillary Clinton, Obama, big yachts and more to 40,000 Boy Scouts and volunteers

This child kept HIV in remission for 8 years without drugs. Here’s what that really means.

More than eight years after his initial treatment, the child is still in remission.

Driver charged with human trafficking after 30-40 people found locked in fatally hot tractor-trailer

The charge against James Matthew Bradley, the alleged driver of the vehicle, could carry a punishment as severe as the death penalty.

Charlie Gard’s parents end legal fight to continue treatment for terminally ill son

The parents have withdrawn their request for Charlie to receive treatment in the U.S.

10th person dies after 38 found locked in sweltering tractor-trailer outside Texas Walmart

8 were found dead at the scene; 2 more died after being rushed to the hospital in critical or serious condition.

Dozens killed in deadly car bomb attack in Kabul

The Taliban has claimed responsibility for the deadly attack.

President Donald Trump turns Boy Scout Jamboree into campaign rally

The president discussed health care, Hillary Clinton, Obama, big yachts and more to 40,000 Boy Scouts and volunteers

This child kept HIV in remission for 8 years without drugs. Here’s what that really means.

More than eight years after his initial treatment, the child is still in remission.

Driver charged with human trafficking after 30-40 people found locked in fatally hot tractor-trailer

The charge against James Matthew Bradley, the alleged driver of the vehicle, could carry a punishment as severe as the death penalty.

Charlie Gard’s parents end legal fight to continue treatment for terminally ill son

The parents have withdrawn their request for Charlie to receive treatment in the U.S.

10th person dies after 38 found locked in sweltering tractor-trailer outside Texas Walmart

8 were found dead at the scene; 2 more died after being rushed to the hospital in critical or serious condition.

Dozens killed in deadly car bomb attack in Kabul

The Taliban has claimed responsibility for the deadly attack.