Government // Cybersecurity
News
11/25/2013
03:05 PM
Connect Directly
RSS
E-Mail
50%
50%

NSA Surveillance Infected 50,000 PCs With Malware

Leaked document details agency's "implants," satellite intercepts, joint CIA eavesdropping operations, and embassy-based monitoring programs abroad.

The National Security Agency (NSA) has hacked into more than 50,000 PCs to install malware that monitors US government targets.

So said a report, published Saturday by Dutch newspaper NRC Handelsblad, that included a top secret NSA presentation that dates from 2012. The newspaper said the document was furnished by former NSA contractor Edward Snowden.

The leaked presentation, which is labeled as restricted for dissemination to the United States, Australia, Canada, Great Britain, and New Zealand -- the countries that comprise the "five eyes" surveillance network -- highlights the NSA's "classes of access," which include third-party agreements or liaisons with 30 countries and 20 high-speed optical cable access programs, and the ability to eavesdrop on 12 foreign and 40 regional satellites.

The slide also lists "80+ SCS," apparently referring to the agency's secret Special Collection Service monitoring stations, which involve a joint project with the CIA that's designed to eavesdrop on difficult-to-reach places such as foreign embassies and communications centers.

[ For more on the NSA's data interceptions, see NSA Reportedly Taps Google, Yahoo Data Centers. ]

That figure squares with another leaked slide, published last month by Germany's Der Spiegel weekly news magazine, which reported that as of 2010 the NSA's SCS teams were active in about 80 locations, of which 19 were in Europe -- including such cities as Paris, Madrid, Rome, Berlin, and Frankfurt. The teams reportedly operate from US embassies, using camouflaged surveillance equipment installed on upper floors or rooftops of the embassies.

"Wiretapping from an embassy is illegal in nearly every country. But that is precisely the task of the SCS, as is evidenced by another secret document," Der Spiegel reported. "According to the document, the SCS operates its own sophisticated listening devices with which they can intercept virtually every popular method of communication: cellular signals, wireless networks, and satellite communication."

Meanwhile, the leaked slide published Saturday by NRC Handelsblad also lists the aforementioned "50,000 world-wide implants," which were installed by the NSA's CNE -- computer network exploitation -- teams. The CNE teams operate from within the agency's Tailored Access Operations (TAO) group and comprise about 1,000 personnel, including 600 military and civilian personnel who are based at the NSA's headquarters in Fort Meade, Md., Foreign Policy reported.

The number of systems exploited to date by CNE squares with information contained in the LinkedIn profile of Dean Schyvincht, who as of late August 2013 claimed to be the Texas-based TAO senior computer network operator. Schyvincht said he managed 14 people who collectively executed "over 54,000 Global Network Exploitation (GNE) operations in support of national intelligence agency requirements," the Washington Post reported. That LinkedIn profile has since been deleted.

According to the Post, the NSA first began its CNE operations in 1998, and by 2008 a secret American intelligence report revealed that the agency had installed an estimated 20,000 "implants" into targeted systems. That means the number of systems infected by the NSA has more than doubled in the past five years.

The NSA might activate that malware for a period of weeks, months, or even years. "The malware can be controlled remotely and be turned on and off at will. The 'implants' act as digital 'sleeper cells' that can be activated with a single push of a button," reported NRC Handelsblad. "The NSA presentation shows their CNE operations [are] in countries such as Venezuela and Brazil. The malware installed in these countries can remain active for years without being detected."

The ongoing leak of classified NSA information, meanwhile, led the agency's director, Gen. Keith Alexander, to offer his resignation to President Obama, the Wall Street Journal first reported Sunday. The newspaper said Alexander offered to quit in June, after Snowden took credit for the leaks. But an unnamed former US defense official told the Journal that senior administration officials declined his offer, saying that while they no longer trusted Alexander, they didn't believe that his resignation would solve the problems that lead to the leaks, and furthermore didn't want to hand Snowden what they said would amount to a win.

But the leaks will likely reshape how the agency operates, according to Richard Ledgett, who's heading the NSA's Snowden response team. "It was cataclysmic," he said of the leaks, speaking to the Journal. "This is the hardest problem we've had to face in 62 years of existence."

One alteration might follow the departure of Alexander, who's set to leave this coming spring. Deputy defense secretary Ashton Carter is reportedly recommending that -- for the first time ever -- the president select a civilian leader for the NSA.

In addition, the Patriot Act, which the NSA has cited as its justification for the digital dragnet it's now running, is set to expire on June 1, 2015. Privacy experts believe that if the Obama administration seeks to get the law reauthorized, it will need to compromise with pro-privacy members of Congress who want to see the agency cease its mass surveillance of U.S. citizens.

Pen testing helps companies become more secure by finding and analyzing their insecurities, but pen test services can be fraught with their own kind of risk. In this Dark Reading report, Choosing, Managing And Evaluating A Penetration Testing Service, we recommend what to look for in a provider and its wares, how to get what you pay for, and how to ensure that pen testing itself doesn't open the company or its employees up to new risk. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
kendler
50%
50%
kendler,
User Rank: Apprentice
11/25/2013 | 3:47:55 PM
NSA surveillance
NSA surveillance can be bypassed if you have the proper Internet knowledge. I have created an eBook which teaches the users how to protect themselves from the NSA surveillance. You can check the eBook page here http://www.gofundme.com/yeswescan
Thomas Claburn
50%
50%
Thomas Claburn,
User Rank: Author
11/25/2013 | 4:35:31 PM
Re: NSA surveillance
Hmm, ebook vs. NSA. I know which one I'd pick in a fight.
WKash
50%
50%
WKash,
User Rank: Author
11/25/2013 | 5:52:06 PM
Dual Hatted
Gen. Keith Alexander continues to argue that the ability of Cyber Command and NSA to work jointly, under one chief, has been a lesson in cyber efficienciy. But it's increasingly unlikely that dual-hatted position will survive the way Alexander crafted it, after he reitres, in light of the continuing revelations about NSA's practices.
samicksha
50%
50%
samicksha,
User Rank: Strategist
11/26/2013 | 1:43:15 AM
Re: NSA surveillance
Thanx to IW for bringing this news to us, i read about this news in more detail, The agency installed specialized malware referred to as "implants", and these implants persist through software and equipment upgrades and can be used to harvest communications, copy stored data and tunnel into the compromised networks from outside, according to the Washington Post. Their number is expected to reach over 85,000 by the end of 2013, i guess we already reached end of 2013...
virsingh211
50%
50%
virsingh211,
User Rank: Strategist
11/26/2013 | 3:04:54 AM
Re: NSA surveillance
@samicksha: you will be amazed to know, in 2008 The NSA had 20,000 implants for cyber operations, you can now calculate how this figure grew significantly.
kendler
50%
50%
kendler,
User Rank: Apprentice
11/26/2013 | 7:07:49 AM
NSA
NSA surveillance can be bypassed if you have the proper Internet knowledge. I have created an eBook which teaches the users how to protect themselves from the NSA surveillance. You can check the eBook page here http://www.gofundme.com/yeswescan
Thomas Claburn
50%
50%
Thomas Claburn,
User Rank: Author
11/26/2013 | 12:40:31 PM
Re: Dual Hatted
It's distressing how disinterested most congressional officials are in defending the Constitition.
WKash
50%
50%
WKash,
User Rank: Author
11/26/2013 | 1:51:54 PM
Re: Dual Hatted
It was interesting watching some of the JFK anniversary programs and the retelling of the Bay of Pigs dilemma. It was a reminder of the face off between what the military concluded  (America needs to attack) and what JFK concluded (Let's give Krushchev time to back down without losing face) -- all from the same intelligence. 

It's hard to for people and even Congressmen to appreciate what men like Alexander must balance in his dual hatted military-and-civilian roles.

 
Shepy
50%
50%
Shepy,
User Rank: Apprentice
11/28/2013 | 7:33:14 AM
annoyed victims
"The NSA might activate that malware for a period of weeks, months, or even years. "The malware can be controlled remotely and be turned on and off at will. The 'implants' act as digital 'sleeper cells' that can be activated with a single push of a button," reported NRC Handelsblad. "The NSA presentation shows their CNE operations [are] in countries such as Venezuela and Brazil. The malware installed in these countries can remain active for years without being detected.""

I wonder how long it is till we see some massive international event because of this, i know Germany are looking at it very closely concerning their own systems,
Cyber Security Standards for Major Infrastructure
Cyber Security Standards for Major Infrastructure
The Presidential Executive Order from February established a framework and clear set of security standards to be applied across critical infrastructure. Now the real work begins.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Government Tech Digest Oct. 27, 2014
To meet obligations -- and avoid accusations of cover-up and incompetence -- federal agencies must get serious about digitizing records.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
A roundup of the top stories and community news at InformationWeek.com.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.