According to documents provided by former NSA-employee Edward Snowden, the US National Security Agency (NSA) infected 50,000 networks with malware designed to steal sensitive information. The revelations come from the Dutch newspaper NRC which says it has seen the documents first hand.
A top secret presentation given in 2012 showed how the NSA hacked – called ‘Computer Network Exploitation’ (CNE) by the NSA – over 50,000 networks using malware. It is thought that the infiltration discovered earlier this year at the Belgium telecom provider Belgacom is an example of the NSA’s infiltration techniques, this time according to NRC in conjunction with GCHQ. The malware infected Belgacom’s computers by luring employees to a fake LinkedIn page.
This hacking work is carried out by a special department in the NSA called TAO (Tailored Access Operations), which is said to employ more than a thousand hackers. By 2008 the TAO had access to over 20,000 networks with the program recently expanded to include up to 50,000 networks around the world including some in Rome, Berlin, Pristina, Kinshasa, and Rangoon.
The installed malware took its instructions from a command and control server and could be turned on and off at will. The malware, known as ‘implants’, can be put into a sleeper mode and activated when needed. “The NSA-presentation shows their CNE-operations in countries such as Venezuela and Brazil. The malware installed in these countries can remain active for years without being detected,” wrote Floor Boon, Steven Derix and Huib Modderkolk of NRC.
According to the NSA’s careers website the organization carries out three types of Computer Network Operations:
- Computer Network Attack (CNA): Includes actions taken via computer networks to disrupt, deny, degrade, or destroy the information within computers and computer networks and/or the computers/networks themselves.
- Computer Network Defense (CND): Includes actions taken via computer networks to protect, monitor, analyze, detect, and respond to network attacks, intrusions, disruptions, or other unauthorized actions that would compromise or cripple defense information systems and networks.
- Computer Network Exploitation (CNE): Includes enabling actions and intelligence collection via computer networks that exploit data gathered from target or enemy information systems or networks.
The presentation also revealed that along with CNE missions the NSA has access to large Internet cables at 20 different locations; runs over 80 regional Special Collection Service (SCS) installations that are part of a joint CIA-NSA program; and maintains liaison with 30 third-party countries outside of the Five Eyes partnership of Australia, Canada, the U.K. and New Zealand.