The compromises were executed by NSA’s hacking unit called Tailored Access Operations (TAO), whose existence and activities were unveiled in early September by the Washington Post. Both that revelation and the current one have been based on documents shared by NSA whistleblower Edward Snowden.
TAO reportedly employs around 1,000 hackers, and they are tasked with offensive operations such as infecting crucial computer networks with malware designed to steal information, to persist through software and equipment upgrades, and sometimes to create backdoors.
The documents perused by NRC show that some 50,000 targets were compromised by mid-2012. Previous reports put that number at around 20,000 in 2008, and the number for these “implants”, which are afterwards controlled by the GENIE unit, is estimated to reach 85,000 by this year’s end.
It’s interesting to note that the slide of the presentation that shows where in the world these implants are deployed contains a note saying that the information in it should be shared with intelligence agencies in Australia, Canada, Great Britain and New Zealand.
These four countries and the US are part of a long-standing alliance of intelligence operations called “Five-Eyes”, and have recently tried to water down the UN draft resolution concerning people’s right to privacy in the digital age.
Naturally, the map showing the location of “implants” does not show any in any of these countries, although it would be naive to think there are none. According to the map, the NSA is mostly concentrated on deploying malware on networks in Europe, Mexico, Latin America (the north part) the Middle and Far East, north-east Africa, India, China, and Russia.
“The malware installed in these countries can remain active for years without being detected,” the reporters point out, adding that it can be controlled remotely and be turned on and off at will.
It is believed that this type of Computer Network Exploitation (CNE) has been performed by Britain’s GCHQ against Belgium’s state owned telco Belgacom and one of its subsidiaries.
The reporters point out that while “Dutch intelligence services - AIVD and MIVD – have displayed interest in hacking,” they are prohibited by law from executing “exploitations” such as these performed by the NSA. On the other hand, the Dutch government is looking into allowing the country’s police to break into cyber criminal’s computers, which is seen by many as a really bad idea.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.