FacebookTwitterGoogle+RedditEmail

The NSA’s Band of Technology Criminals

by ALFREDO LOPEZ

On this website, we’ve speculated that one outcome of the flood of NSA-centered revelations has been to desensitize U.S. citizens and diminish outrage at what is actually revealed. We are becoming conditioned to the horror story that is the National Security Administration.

Right before Christmas, we got another dose of breath-taking outrageousness through the reporting of a group of journalists courtesy of the German weekly news magazine Der Spiegel. The report profiles the work of a powerful unit of technological thugs called the Tailored Access Operations unit or TAO — either an unfortunate coincidence in naming or a reflection of disdain for another culture.

By the NSA’s own admission, this is among its most important programs and one of its fastest growing. Its existence has already been reported on by the Washington Post based on Edward Snowden information. These Spiegel articles add disturbing details to the picture.

The unit, founded in 1997 and now comprised of an estimated 1,000 technologists and support staff in a half dozen offices nationwide, attacks highly selective and well-protected targets. It steals data, conducts on-line denial of service and other attacks against computers and servers in other countries (including government servers and websites), sneaks into offices and other locations to break open and tamper with computers, and intercepts shipments of equipment to break into those and insert modifications that will allow NSA data capture.

Yet, as frightening as this activity is, perhaps TAO’s greatest attack is on the Internet itself. It has turned a technology that was designed to enable communication among the world’s people into an implement of war and sabotage. In fact, one TAO paper explains the need to “support Computer Network Attacks as an integrated part of military operations.”

In the NSA’s on-line war effort, this is its shock troop, housed separately from all other NSA staff and drawn from the NSA’s elite programmers and hackers. “Their job is breaking into, manipulating and exploiting computer networks, making them hackers and civil servants in one,” the Spiegel report explains. And their assignments are usually to go after those “targets” that have proven most resistant to the NSA’s normal spying and data-capture methods.

Snowden documents demonstrate how wide and pervasive this unit’s work has become. According to Bloomberg Businessweek, TAO operations intercept and collect about two petabytes of data every hour — for reference, a petabyte is a quadrillion bytes of data (the article you’re reading contains about 12,000 bytes).

That almost unfathomable amount of spy information reflects a frenzied level of operation. “During the middle part of the last decade,” the Spiegel report explains, “the special unit succeeded in gaining access to 258 targets in 89 countries — nearly everywhere in the world. In 2010, it conducted 279 operations worldwide.”

The specifics of one profiled operation, targeting Mexico, profile the most routine and basic TAO work. In a project named “Operation Whitetamale”, TAO staffers in Texas zeroed in on Mexico’s Secretariat for Public Security, a 20,000 person agency responsible at the time for overseeing Mexico’s police, counterterrorism, prison system and border police.

The NSA has a section called “Target Selection” that is responsible for listing individuals, organizations and agencies whose data the NSA wants. Some time ago, the Target Selection staff gave TAO a list of Mexican government officials it wanted to spy on. For the most part, these weren’t people suspected of wrong-doing. The NSA wanted to track them to evaluate their performance in the various anti-drug and border-control projects the U.S. is most interested in and their attitudes and internal communications about those programs. In short, they wanted to spy on them.

TAO went to work. They first hacked into the officials’ email accounts (including that of Mexico’s President), probably the easiest of their tasks. Using that as a basis, they then obtained IP addresses (the unique number assigned to every computer on the Internet) for computers used for email. They then captured the individual IP addresses of many Secretariat employees. With that info, they would know when people are on-line and what they’re doing when they are. They captured all kinds of non-public information including conversations, internal reports, meeting minutes and diagrams of the security agencies’ structures and video surveillance. All of it was turned over to the NSA for processing.

But that spying, which caused an outcry in Mexico and a diplomatic mess when discovered, is only a small part of TAO’s activities.

One TAO presentation, revealed in Snowden documents, describes the importance of “Computer Network Exploitation” which means capturing actual control over servers, workstations, firewalls, routers, handsets, phone switches, even SCADA systems (the computerized systems that run factory and industrial operations). If you have control over those systems, not only can you capture data but you can actually shut down communications and even parts of an economy.

If that seems like science-fiction, the Stuxnet program is worth considering. Jointly developed by the United States and Israel, the program targeted Iran’s nuclear industry by unleashing a computer virus that successfully sabotaged the Iranian nuclear research and development program and set it back years. That SCADA attack left as many as 1,000 Iranian centrifuges unusable. It was a form of warfare with absolutely no declaration of war or, for that matter, reliable evidence that Iran was doing anything that might be dangerous to anyone.

Those who think they may be safe from this kind of sabotage because they live in the United States apparently need to think again. The NSA, relying mostly on TAO staff, has been running a huge “hackers’ project”: inserting “trojans” (programs that live on your computer and, when triggered, can do just about anything the hacker wants) on an estimated 85,000 computers world-wide. A trojan can report on every single thing you do on the Internet and some of them can, in fact, destroy all of your stored data.

It’s here that the legal questions arise. If you hack a computer anywhere on earth and start capturing its data you are going to capture data from U.S. citizens because, in a world-wide system like the Internet, people in this country communicate with people in other countries (and from other governments) world-wide. That type of spying on U.S. citizens is, in fact, completely illegal.

What’s more TAO has developed highly sophisticated methods for implanting. Usually trojans are delivered to your computer via emails that unleash the infection when you open them. At this point, many regular Internet users (often burned by a trojan plant) don’t open those emails so their success rate has dropped enormously. But TAO’s trojan-planting success rate is a reported 80 percent based on NSA documents.

The question is what are they doing differently; the answer is that they use Facebook, Yahoo, Twitter and YouTube (among other social networking services) as a kind of backdoor to computers. Users of these services interact with them in scores of ways during an on-line session. TAO has figured out ways to insert the virus during those interactions probably by hacking into the servers these companies maintain.

This kind of “outside server capture” is one of TAO’s major tactics. Apparently the unit’s hackers work assiduously to “capture” servers and computers all over the world. Once they’ve infected non-NSA servers, they use those outside servers to conduct or expand attacks and spying. In short, they recruit computers world-wide to their army without the owners’ permission or knowledge.

The amount of damage that can be done by server capture is nightmare-provoking. According to NSA reports, TAO staff has used these remote stations to perform all types of data capture and even to manipulate the on-line movement of Internet users. In one project, targeting the Belgian telecom company Belgacom, TAO used captured servers to force company engineers to go to NSA websites that were masquerading as the legitimate sites the engineers were seeking. The Belgians thought they were transferring information to their own protected websites but were actually giving all that information to the NSA.

This thirst for stolen data appears insatiable and TAO’s quest for mega-data is expanding constantly. Perhaps the most dramatic example is TAO’s cracking of the “SEA-ME-WE-4”, a massive telecommunications cable system that runs under-water linking Europe with the North Africa, the Gulf States, Pakistan, India and extending to Malaysia and Thailand. TAO hacked the computers managing the system and captured about it. Then the NSA successfully intercepted and captured information on the system’s layout, structure and data handling. This gave it the ability to intercept massive amounts of transferred data; it can even shut the cable’s data transfer down if it wants.

What distinguishes TAO from the rest of the NSA, besides the sophistication and scope of its on-line attacks and data-theft, is its willingness to sneak into offices and server centers and plant data-capture devices into equipment there. This way, collaborating with FBI and CIA personnel, TAO can attack networks that aren’t on the Internet such as office and building-wide networks. According to Snowden documents, the FBI provides jets to ferry TAO staffers to remote locations so they can break into those offices at times when there are few people in a building. They complete their work in a matter of minutes and the information collection or sabotage automatically begins; the documents indicate that there are CIA and FBI personnel in those offices to collect and move the captured data.

The presence of the FBI in these operations is significant. The Bureau, by law, usually investigate domestic targets so, while we don’t know which offices TAO has targeted, it’s logical to assume they are either in or linked to offices in the United States.

In fact, they frequently don’t need to visit offices. TAO intercepts a shipment of computers destined for a target location and routes them to what it calls “load offices” There, TAO staffers expertly open the packages, insert the malware (usually trojans) into the computers, cell phones or other devices, close the package and send the equipment on to its original destination. These offices are receiving equipment that is already hacked and ready to send information to the NSA.

How “illegal” is TAO? When it is used on U.S. citizens or residents, it’s completely illegal and it’s not possible to fathom how these activities could be conducted on the Internet without affecting data coming from or going into this country. When the activities are outside the U.S., the judgements enter the murky world of espionage which has very few rules and prohibitions.

But, illegal or not, these activities are immoral and destructive. The Internet has been built to facilitate human communication world-wide effectively facilitating our collaboration and mutual support as a human race. Programs like TAO cynically and brazenly misuse that functionality as a tool of war. They do just the opposite of why we created the Internet in the first place and stand as tributes to the moral terpitude of the government that rules us.

Alfredo Lopez writes about technology issues for This Can’t Be Happening!

Alfredo Lopez writes about technology issues for This Can’t Be Happening!

More articles by:

CounterPunch Magazine

minimag-edit

bernie-the-sandernistas-cover-344x550

zen economics

May 23, 2017
Dimitris Konstantakopoulos
The European Left and the Greek Tragedy
Laura Leigh
This Land is Your Land, Except If You’re a Wild Horse Advocate
Hervé Kempf
Macron, Old World President
Michael J. Sainato
Devos Takes Out Her Hatchet
L. Ali Khan
I’m a Human and I’m a Cartoon
May 22, 2017
Diana Johnstone
All Power to the Banks! The Winners-Take-All Regime of Emmanuel Macron
Robert Fisk
Hypocrisy and Condescension: Trump’s Speech to the Middle East
John Grant
Jeff Sessions, Jesus Christ and the Return of Reefer Madness
Nozomi Hayase
Trump and the Resurgence of Colonial Racism
Rev. William Alberts
The Normalizing of Authoritarianism in America
Frank Stricker
Getting Full Employment: the Fake Way and the Right Way 
Jamie Davidson
Red Terror: Anti-Corbynism and Double Standards
Binoy Kampmark
Julian Assange, Sweden, and Continuing Battles
Robert Jensen
Beyond Liberal Pieties: the Radical Challenge for Journalism
Patrick Cockburn
Trump’s Extravagant Saudi Trip Distracts from His Crisis at Home
Angie Beeman
Gig Economy or Odd Jobs: What May Seem Trendy to Privileged City Dwellers and Suburbanites is as Old as Poverty
Colin Todhunter
The Public Or The Agrochemical Industry: Who Does The European Chemicals Agency Serve?
Jerrod A. Laber
Somalia’s Worsening Drought: Blowback From US Policy
Michael J. Sainato
Police Claimed Black Man Who Died in Custody Was Faking It
Clancy Sigal
I’m a Trump Guy, So What?
Gerry Condon
In Defense of Tulsi Gabbard
Weekend Edition
May 19, 2017
Friday - Sunday
John Pilger
Getting Assange: the Untold Story
Jeffrey St. Clair
The Secret Sharer
Charles Pierson
Trump’s First Hundred Days of War Crimes
Paul Street
How Russia Became “Our Adversary” Again
Andrew Levine
Legitimation Crises
Mike Whitney
Seth Rich, Craig Murray and the Sinister Stewards of the National Security State 
Robert Hunziker
Early-Stage Antarctica Death Rattle Sparks NY Times Journalists Trip
Ken Levy
Why – How – Do They Still Love Trump?
Bruce E. Levine
“Hegemony How-To”: Rethinking Activism and Embracing Power
Robert Fisk
The Real Aim of Trump’s Trip to Saudi Arabia
Christiane Saliba
Slavery Now: Migrant Labor in the Persian Gulf and Saudi Arabia
Chris Gilbert
The Chávez Hypothesis: Vicissitudes of a Strategic Project
Howard Lisnoff
Pay No Attention to That Man Behind the Curtain
Brian Cloughley
Propaganda Feeds Fear and Loathing
Stephen Cooper
Is Alabama Hiding Evidence It Tortured Two of Its Citizens?
Sheldon Richman
The Real Danger From Trump is Ignored
Jay Moore
Learning from History: Resistance in the 1850s and Today
Matthew Stevenson
Down and Out in London and Paris With Macron, May, Trump and Gatsby
David Jaffee
Rolling Back Democracy
Fred Gardner
Irrefutable Proof: Russian Election Meddling Documented!
Jess Guh
Neurology Study Reveals What We Already Know: People of Color Get Worse Healthcare
Joseph Natoli
A Culture of Narcissism, a Politics of Personality
David Rosen
Politics and the Agent of Social Change
Ian Almond
The Secret Joke of Our Democracy: Britain’s Elephant in the Boardroom
FacebookTwitterGoogle+RedditEmail