The NSA’s Band of Technology Criminals


On this website, we’ve speculated that one outcome of the flood of NSA-centered revelations has been to desensitize U.S. citizens and diminish outrage at what is actually revealed. We are becoming conditioned to the horror story that is the National Security Administration.

Right before Christmas, we got another dose of breath-taking outrageousness through the reporting of a group of journalists courtesy of the German weekly news magazine Der Spiegel. The report profiles the work of a powerful unit of technological thugs called the Tailored Access Operations unit or TAO — either an unfortunate coincidence in naming or a reflection of disdain for another culture.

By the NSA’s own admission, this is among its most important programs and one of its fastest growing. Its existence has already been reported on by the Washington Post based on Edward Snowden information. These Spiegel articles add disturbing details to the picture.

The unit, founded in 1997 and now comprised of an estimated 1,000 technologists and support staff in a half dozen offices nationwide, attacks highly selective and well-protected targets. It steals data, conducts on-line denial of service and other attacks against computers and servers in other countries (including government servers and websites), sneaks into offices and other locations to break open and tamper with computers, and intercepts shipments of equipment to break into those and insert modifications that will allow NSA data capture.

Yet, as frightening as this activity is, perhaps TAO’s greatest attack is on the Internet itself. It has turned a technology that was designed to enable communication among the world’s people into an implement of war and sabotage. In fact, one TAO paper explains the need to “support Computer Network Attacks as an integrated part of military operations.”

In the NSA’s on-line war effort, this is its shock troop, housed separately from all other NSA staff and drawn from the NSA’s elite programmers and hackers. “Their job is breaking into, manipulating and exploiting computer networks, making them hackers and civil servants in one,” the Spiegel report explains. And their assignments are usually to go after those “targets” that have proven most resistant to the NSA’s normal spying and data-capture methods.

Snowden documents demonstrate how wide and pervasive this unit’s work has become. According to Bloomberg Businessweek, TAO operations intercept and collect about two petabytes of data every hour — for reference, a petabyte is a quadrillion bytes of data (the article you’re reading contains about 12,000 bytes).

That almost unfathomable amount of spy information reflects a frenzied level of operation. “During the middle part of the last decade,” the Spiegel report explains, “the special unit succeeded in gaining access to 258 targets in 89 countries — nearly everywhere in the world. In 2010, it conducted 279 operations worldwide.”

The specifics of one profiled operation, targeting Mexico, profile the most routine and basic TAO work. In a project named “Operation Whitetamale”, TAO staffers in Texas zeroed in on Mexico’s Secretariat for Public Security, a 20,000 person agency responsible at the time for overseeing Mexico’s police, counterterrorism, prison system and border police.

The NSA has a section called “Target Selection” that is responsible for listing individuals, organizations and agencies whose data the NSA wants. Some time ago, the Target Selection staff gave TAO a list of Mexican government officials it wanted to spy on. For the most part, these weren’t people suspected of wrong-doing. The NSA wanted to track them to evaluate their performance in the various anti-drug and border-control projects the U.S. is most interested in and their attitudes and internal communications about those programs. In short, they wanted to spy on them.

TAO went to work. They first hacked into the officials’ email accounts (including that of Mexico’s President), probably the easiest of their tasks. Using that as a basis, they then obtained IP addresses (the unique number assigned to every computer on the Internet) for computers used for email. They then captured the individual IP addresses of many Secretariat employees. With that info, they would know when people are on-line and what they’re doing when they are. They captured all kinds of non-public information including conversations, internal reports, meeting minutes and diagrams of the security agencies’ structures and video surveillance. All of it was turned over to the NSA for processing.

But that spying, which caused an outcry in Mexico and a diplomatic mess when discovered, is only a small part of TAO’s activities.

One TAO presentation, revealed in Snowden documents, describes the importance of “Computer Network Exploitation” which means capturing actual control over servers, workstations, firewalls, routers, handsets, phone switches, even SCADA systems (the computerized systems that run factory and industrial operations). If you have control over those systems, not only can you capture data but you can actually shut down communications and even parts of an economy.

If that seems like science-fiction, the Stuxnet program is worth considering. Jointly developed by the United States and Israel, the program targeted Iran’s nuclear industry by unleashing a computer virus that successfully sabotaged the Iranian nuclear research and development program and set it back years. That SCADA attack left as many as 1,000 Iranian centrifuges unusable. It was a form of warfare with absolutely no declaration of war or, for that matter, reliable evidence that Iran was doing anything that might be dangerous to anyone.

Those who think they may be safe from this kind of sabotage because they live in the United States apparently need to think again. The NSA, relying mostly on TAO staff, has been running a huge “hackers’ project”: inserting “trojans” (programs that live on your computer and, when triggered, can do just about anything the hacker wants) on an estimated 85,000 computers world-wide. A trojan can report on every single thing you do on the Internet and some of them can, in fact, destroy all of your stored data.

It’s here that the legal questions arise. If you hack a computer anywhere on earth and start capturing its data you are going to capture data from U.S. citizens because, in a world-wide system like the Internet, people in this country communicate with people in other countries (and from other governments) world-wide. That type of spying on U.S. citizens is, in fact, completely illegal.

What’s more TAO has developed highly sophisticated methods for implanting. Usually trojans are delivered to your computer via emails that unleash the infection when you open them. At this point, many regular Internet users (often burned by a trojan plant) don’t open those emails so their success rate has dropped enormously. But TAO’s trojan-planting success rate is a reported 80 percent based on NSA documents.

The question is what are they doing differently; the answer is that they use Facebook, Yahoo, Twitter and YouTube (among other social networking services) as a kind of backdoor to computers. Users of these services interact with them in scores of ways during an on-line session. TAO has figured out ways to insert the virus during those interactions probably by hacking into the servers these companies maintain.

This kind of “outside server capture” is one of TAO’s major tactics. Apparently the unit’s hackers work assiduously to “capture” servers and computers all over the world. Once they’ve infected non-NSA servers, they use those outside servers to conduct or expand attacks and spying. In short, they recruit computers world-wide to their army without the owners’ permission or knowledge.

The amount of damage that can be done by server capture is nightmare-provoking. According to NSA reports, TAO staff has used these remote stations to perform all types of data capture and even to manipulate the on-line movement of Internet users. In one project, targeting the Belgian telecom company Belgacom, TAO used captured servers to force company engineers to go to NSA websites that were masquerading as the legitimate sites the engineers were seeking. The Belgians thought they were transferring information to their own protected websites but were actually giving all that information to the NSA.

This thirst for stolen data appears insatiable and TAO’s quest for mega-data is expanding constantly. Perhaps the most dramatic example is TAO’s cracking of the “SEA-ME-WE-4”, a massive telecommunications cable system that runs under-water linking Europe with the North Africa, the Gulf States, Pakistan, India and extending to Malaysia and Thailand. TAO hacked the computers managing the system and captured about it. Then the NSA successfully intercepted and captured information on the system’s layout, structure and data handling. This gave it the ability to intercept massive amounts of transferred data; it can even shut the cable’s data transfer down if it wants.

What distinguishes TAO from the rest of the NSA, besides the sophistication and scope of its on-line attacks and data-theft, is its willingness to sneak into offices and server centers and plant data-capture devices into equipment there. This way, collaborating with FBI and CIA personnel, TAO can attack networks that aren’t on the Internet such as office and building-wide networks. According to Snowden documents, the FBI provides jets to ferry TAO staffers to remote locations so they can break into those offices at times when there are few people in a building. They complete their work in a matter of minutes and the information collection or sabotage automatically begins; the documents indicate that there are CIA and FBI personnel in those offices to collect and move the captured data.

The presence of the FBI in these operations is significant. The Bureau, by law, usually investigate domestic targets so, while we don’t know which offices TAO has targeted, it’s logical to assume they are either in or linked to offices in the United States.

In fact, they frequently don’t need to visit offices. TAO intercepts a shipment of computers destined for a target location and routes them to what it calls “load offices” There, TAO staffers expertly open the packages, insert the malware (usually trojans) into the computers, cell phones or other devices, close the package and send the equipment on to its original destination. These offices are receiving equipment that is already hacked and ready to send information to the NSA.

How “illegal” is TAO? When it is used on U.S. citizens or residents, it’s completely illegal and it’s not possible to fathom how these activities could be conducted on the Internet without affecting data coming from or going into this country. When the activities are outside the U.S., the judgements enter the murky world of espionage which has very few rules and prohibitions.

But, illegal or not, these activities are immoral and destructive. The Internet has been built to facilitate human communication world-wide effectively facilitating our collaboration and mutual support as a human race. Programs like TAO cynically and brazenly misuse that functionality as a tool of war. They do just the opposite of why we created the Internet in the first place and stand as tributes to the moral terpitude of the government that rules us.

Alfredo Lopez writes about technology issues for This Can’t Be Happening!

Alfredo Lopez writes about technology issues for This Can’t Be Happening!

Weekend Edition
October 9-11, 2015
David Price – Roberto J. González
The Use and Abuse of Culture (and Children): The Human Terrain System’s Rationalization of Pedophilia in Afghanistan
Mike Whitney
Putin’s “Endgame” in Syria
Jason Hribal
The Tilikum Effect and the Downfall of SeaWorld
Paul Street
Hope in Abandonment: Cuba, Detroit, and Earth-Scientific Socialism
Gary Leupp
The Six Most Disastrous Interventions of the 21st Century
Andrew Levine
In Syria, Obama is Playing a Losing Game
Louis Proyect
The End of Academic Freedom in America: the Case of Steven Salaita
Rob Urie
Democrats, Neoliberalism and the TPP
Ismael Hossein-Zadeh
The Bully Recalibrates: U.S. Signals Policy Shift in Syria
Brian Cloughley
Hospital Slaughter and the US/NATO Propaganda Machine
John Walsh
For Vietnam: Artemisinin From China, Agent Orange From America
John Wight
No Moral High Ground for the West on Syria
Robert Fantina
Canadian Universities vs. Israeli Apartheid
Conn Hallinan
Portugal: Europe’s Left Batting 1000
John Feffer
Mouths Wide Shut: Obama’s War on Whistleblowers
Paul Craig Roberts
The Impulsiveness of US Power
Ron Jacobs
The Murderer as American Hero
Alex Nunns
“A Movement Looking for a Home”: the Meaning of Jeremy Corbyn
Philippe Marlière
Class Struggle at Air France
Binoy Kampmark
Waiting in Vain for Moderation: Syria, Russia and Washington’s Problem
Paul Edwards
Empire of Disaster
Xanthe Hall
Nuclear Madness: NATO’s WMD ‘Sharing’ Must End
Margaret Knapke
These Salvadoran Women Went to Prison for Suffering Miscarriages
Uri Avnery
Abbas: the Leader Without Glory
Halima Hatimy
#BlackLivesMatter: Black Liberation or Black Liberal Distraction?
Michael Brenner
Kissinger Revisited
Cesar Chelala
The Perverse Rise of Killer Robots
Halyna Mokrushyna
On Ukraine’s ‘Incorrect’ Past
Jason Cone
Even Wars Have Rules: a Fact Sheet on the Bombing of Kunduz Hospital
Walter Brasch
Mass Murders are Good for Business
William Hadfield
Sophistry Rising: the Refugee Debate in Germany
Christopher Brauchli
Why the NRA Profits From Mass Shootings
Hadi Kobaysi
How The US Uses (Takfiri) Extremists
Pete Dolack
There is Still Time to Defeat the Trans-Pacific Partnership
Marc Norton
The Black Panthers: Vanguard of the Revolution
Andre Vltchek
Stop Millions of Western Immigrants!
David Rosen
If Donald Dump Was President
Dave Lindorff
America’s Latest War Crime
Ann Garrison
Sankarist Spirit Resurges in Burkina Faso
Franklin Lamb
Official Investigation Needed After Afghan Hospital Bombing
Linn Washington Jr.
Wrongs In Wine-Land
Ronald Bleier
Am I Drinking Enough Water? Sneezing’s A Clue
Charles R. Larson
Prelude to the Spanish Civil War: Eduard Mendoza’s “An Englishman in Madrid”
David Yearsley
Papal Pop and Circumstance
October 08, 2015
Michael Horton
Why is the US Aiding and Enabling Saudi Arabia’s Genocidal War in Yemen?