New light has been shed on the extensive scope of the National Security Agency’s spying operations yet again in a couple of reports from German publication Der Spiegel, which reveal various new “features” of the covert intelligence operations conducted by the NSA’s “geek” armies. The agency will apparently pull out all the stops in order to get to the information it seeks, even if that means intercepting shipping of computers purchased online by targets in order to infect them with spyware, or replace components with its own malware-installed hardware.
In addition to sophisticated attacks that target the digital aspects of modern life, the NSA sometimes still has to use “old-school” methods. When it comes to intercepting deliveries – a tactic that’s called “interdiction” – the NSA diverts the shipping delivery to its workshops where “agents carefully open the package in order to load the malware onto the electronics, or even install hardware components that can provide backdoor access for the intelligence agencies,” Der Spiegel writes. All subsequent steps can then be conducted from the comfort of a remote computer.
Such operations are among “the most productive” operations conducted by the agency allowing it to get into protected networks “around the world,” if needed, although there are several other means to getting to the information the NSA uses. However they’re only used for certain targets, and likely not responsible for all those Amazon shipments not arriving it time for Christmas.
The NSA’s Tailored Access Operations (TAO) division has been created in 1997 in order to use the growing Internet to spy on potential target. The division has increased its ranks and operations since then, massively expanding after the September 11, 2001 events, and it’s expected to further increase operations – with bases around the U.S. and maybe even in Europe – for future spying projects. “Getting the ungettable” is apparently TAO’s task, with one former TAO chief saying in a report that the division is responsible for “some of the most significant intelligence our country has ever seen,” with TAO having access to its “very hardest targets.”
For example, the agency can grab the error reports that Windows users send to Microsoft to identify bugs that can be used by TAO personnel to infect a targeted computer with custom spy malware. Moreover, the NSA uses various tactics to get its special spy Trojans installed on machines, from spam messages to targeting services like Facebook, LinkedIn Yahoo, Twitter and YouTube and using special operations with higher rates of success at infecting computers. Der Spiegel reveals that according to details in Washington’s current budget plan for intelligence services, some 85,000 computers worldwide will have been infected one way or another with spy malware by the end of the year.
Furthermore, the NSA has the ability of diverting traffic to NSA covert system that replicate existing services in order to transfer malware programs on the computers the targets are using. Another NSA digital spying operation targets the actual fiber optics cables that connect continents. One such successful NSA operation includes the tapping of the SEA-ME-WE-4 cable system that connects Europe with North America, Gulf states, Pakistan, India, Malaysia and Thailand.
Finally, in addition to diverting product shipments, tapping into Internet cables and networks, and infecting computers, the agency also has another arm called ANT – supposedly short for Advanced or Access Network Technology – that was able over the years to burrow its way “into nearly all the security architecture made by the major players in the industry” according to a second Der Spiegel story reveals (images from the published version of the article available from Cryptome), including products from U.S. companies such as Cisco, Dell, Western Digital, Seagate, Maxtor, but also international companies such as Samsung or Huawei.
According to the publication, the ANT team appears to have a key for almost “every lock.” A 50-page catalog apparently contains various technologies that can be used to compromise a digital target including laptops, computers, mobile phones, hard drives, routers and other gadgets susceptible to hacks. ANT operations include infecting machines at BIOS level in order for the spy malware to remain undetected to security program and to be reinstalled even after a system is completely cleaned. The agency has also compromised the firmware of hard drives manufactured by some of the companies mentioned above for similar spying purposes.