Image via Wikimedia
NSA Director Keith Alexander has made a habit over the years of attending security conferences to recruit savvy young hackers. Now we know why. Some of those computer whizzes are now part of the agency's Tailored Access Operations or "TAO" program, a unit of elite hackers tasked with "getting the ungettable" by infiltrating the hardest targets to access with pointedly intrusive tactics. The German newspaper Der Spiegel outed the program yesterday, citing internal NSA documents suspected to be leaks from Edward Snowden's cache.
The unit has reportedly accessed 258 targets in 89 countries around the world, gathering "some of the most significant intelligence our country has ever seen" by breaking past firewalls, infecting websites, and hacking consumer electronics from prominent Silicon Valley companies like Cisco, Apple, Yahoo, Facebook, and Twitter.
To get eyes in hard-to-reach places, government hacker-spies exploit firms' security vulnerabilities—for instance, agents intercept error reports from Microsoft's bug-riddled Internet Explorer to find out where the technical weaknesses are and hit them with spyware. Hackers use run-of-the-mill cyberattack tricks like spam and viruses and more sophisticated techniques like the NSA's "Quantum insert" method, which works by beating legitimate websites to a server and serving up bugged clones instead. According to the classified documents, the agency has targeted Facebook, Yahoo, and Twitter's servers, though only the British spy agency GCHQ was able to infiltrate Google.
What's even more shocking is that the agency also physically hacks into the digital devices users rely on everyday—computers, hard drives, USBs, routers, and such—to track targets. To get ahold of the consumer electronics, TAO agents intercept shipping deliveries, open the packages in "secret workshops," implant bugs, and send the product back on its way with no one ever the wiser. Sometimes the NSA will even borrow an FBI jet to clandestinely get in and out in under a half hour.
For particularly hard-to-penetrate firewalls, the agency's "ANT" division steps in. ANT specialists use a toolkit of James Bond-style surveillance equipment purchased by the NSA to set up secret back doors in intercepted products. Once the malware is implanted, government spies can monitor a computer remotely to track a target's digital activity. Essentially, the Feds are building a covert "shadow network" alongside the Internet to expand the scope of its snooping. Which means if it deems you an asset, the NSA could secretly have permanent access to your computer network.
The special hacking unit has compromised the hardware on products from Western Digital, Seagate, Maxtor, and Samsung and thwarted the security systems of Cisco, Huawei, Juniper Networks, and Dell, leaving the companies with unaddressed vulnerabilities they don't even know about. And we can now add Apple to the list. An ANT program called DROPOUTJEEP bugs the iPhone with spyware that gives it access to nearly all communication data—text messages, contact lists, photos, and so on, Der Spiegel reporter and security researcher Jacob Appelbaum revealed today at a conference in Germany.
In other words, the US intelligence community is making the major players in Silicon Valley look like suckers. And it raises the inevitable question: Are tech companies aware they're being hacked by the government? How compliant are they with the NSA?
Nearly all the firms named in the report told Der Spiegel that they weren't aware of the TAO unit’s activity. I reached out to the companies this morning. Twitter declined to comment on the record. A Microsoft spokesperson told me, "Microsoft does not provide any Government with direct or unfettered access to our customer’s data. We would have significant concerns if the allegations about Government actions are true. Regardless, we continue to review our encryption technologies and practices." I’ll update this post as others comment.
Cisco responded to the report on its blog yesterday. "At this time, we do not know of any new product vulnerabilities, and will continue to pursue all avenues to determine if we need to address any new issues," it wrote. "We do not work with any government to weaken our products for exploitation, nor to implement any so-called security 'back doors' in our products."
The thing is, we've heard blatant denials like this from tech firms before, when the NSA PRISM scandal first hit. But it's since become clear they weren't entirely true.
In June, Microsoft, Yahoo, Google, Facebook, AOL, Skype, YouTube, and Apple said they had never heard of PRISM and didn't provide the government direct back door access to their data. But over time the outright denials blurred into vague explanations—that they tried to resist handing over data, or offered as little as possible to get the NSA off their back, or the government forced their hand. At the end of the day, most conceded that they had cooperated with the NSA at least a little bit.
So were the companies lying at first? Maybe. Or maybe they did know but were legally forbidden to talk about it publicly, or only certain people at the company were briefed on the top-secret operation. Maybe that's still the case. We don't know for sure. But for their part, consumers aren't buying that the tech companies are innocent victims in all this. Watching their customers' trust dwindle, Silicon Valley companies have gone on the offense, beefing up encryption, releasing transparency reports, and declaring as often as possible their commitment to user privacy.
The major firms recently teamed up to lobby the president and Congress to reform the NSA surveillance, arguing that lost trust translates to lost profits, meaning the US economy takes a hit. This latest bombshell revelation that the NSA has back door access to basically every popular website and device isn't going help earn back that trust, and is bound to reignite the who-knows-what blame game.