Hacking is NSA's 'growth area,' Times says in agency profile

Drawing on thousands of leaked documents, The New York Times and the UK's Guardian offer up lengthy looks at the beleaguered spy agency.

NSA headquarters at Fort Meade, Md. Saul Loeb/AFP/Getty Images

Hacking has become the US National Security Agency's "growth area."

That's the word from The New York Times, which pulled from thousands of documents provided by former NSA contractor Edward Snowden to publish on Saturday a lengthy article it described as "a rich sampling of the agency's global operations and culture."

The Times was joined by the UK's Guardian newspaper, which published its own version of the piece.

Discussing how an agency with 35,000 employees and an official annual budget of $10.8 billion has "an almost unlimited agenda," the Times reports that the NSA "spies routinely on friends as well as foes" not only to fight terrorism but also to "achieve 'diplomatic advantage' over such allies as France and Germany and 'economic advantage' over Japan and Brazil, among other countries."

(The Guardian adds several items to the agenda, with "support for US military in the field; gathering information about military technology; anticipating state instability; monitoring regional tensions; countering drug trafficking;...[and] ensuring a reliable energy supply for the US," and it cites a quote from the NSA itself in noting that the agency can scoop up info from "virtually every country.")

Both pieces also offer a selection of specific examples of the agency's spying prowess, from real-time eavesdropping of terrorist communications during an attack on a hotel to the pinpointing of a sniper who was targeting American personnel inside the US "Green Zone" in Baghdad.

Both, too, note that despite such seemingly impressive accomplishments, the agency has its problems, from failing, as the Times puts it, "to produce a clear victory over a low-tech enemy" -- the Taliban in Afghanistan -- to the much-reported shortcomings in regard to ensuring the privacy of Americans' communications.

The 'digital battlefield'
Not surprisingly -- given an agency that, as the Guardian reports, describes our new world of high-tech activities as the "digital battlefield" -- both articles discuss the NSA's technological chops.

The "growth area" remark about hacking comes in a section of the Times piece that discusses NSA divisions known as Tailored Access Operations and the Transgression Branch.

TAO, the Times reports, is the NSA unit "that breaks into computers around the world to steal the data inside, and sometimes to leave spy software behind. TAO is increasingly important in part because it allows the agency to bypass encryption by capturing messages as they are written or read, when they are not encoded."

As for the Transgression Branch, it apparently lets other hackers do the work and goes along for the ride:

The N.S.A.'s elite Transgression Branch, created in 2009 to 'discover, understand, evaluate and exploit' foreign hackers' work, quietly piggybacks on others' incursions into computers of interest, like thieves who follow other housebreakers around and go through the windows they have left ajar.

In one 2010 hacking operation code-named Ironavenger, for instance, the N.S.A. spied simultaneously on an ally and an adversary. Analysts spotted suspicious e-mails being sent to a government office of great intelligence interest in a hostile country and realized that an American ally was "spear-phishing" -- sending official-looking e-mails that, when opened, planted malware that let hackers inside.

The Americans silently followed the foreign hackers, collecting documents and passwords from computers in the hostile country, an elusive target. They got a look inside that government and simultaneously got a close-up look at the ally's cyberskills, the kind of intelligence twofer that is the unit's specialty.

The agency's tech acumen also extends to location tracking (as we might have surmised ). "At the big NSA station at Fort Gordon," the Times writes, "technicians developed an automated service called 'Where's My Node?' that sent an e-mail to an analyst every time a target overseas moved from one cell tower to another. Without lifting a finger, an analyst could follow his quarry's every move."

At the same time, though, with the advent of the digital age, the NSA sometimes finds itself overwhelmed with data, and it's certainly not immune to bugs and IT shortcomings.

We know the NSA's Hawaii facility was reportedly slow to install a mandatory software update . Today's Times piece mentions a flaw in one of the agency's own programs:

"In a note that may comfort computer novices," the Times writes, "the NSA Middle East analysts discovered major glitches in their search software: The computer was searching for the names of targets but not their e-mail addresses, a rather fundamental flaw. 'Over 500 messages in one week did not come in,' [a related NSA report] said about one target."

Capability, culpability
Perhaps the biggest takeaways from the Times and Guardian articles are the vastness of the NSA's reach -- "the technological revolution allows them to spy on almost anyone," the Guardian writes -- and the dangers suggested by that reach and the agency's desire to keep extending it.

"There's no question that from a capability standpoint we probably dwarf everybody on the planet, just about, with perhaps the exception of Russia and China," the Times quotes Director of National Intelligence James Clapper as saying.

That's made the agency very valuable in some ways to the US -- "in every international crisis," the Times writes, "American policy makers look to the NSA for inside information." But it's also created serious issues. The Times continues:

That creates intense pressure not to miss anything. When that is combined with an ample budget and near-invisibility to the public, the result is aggressive surveillance of the kind that has sometimes gotten the agency in trouble with the Foreign Intelligence Surveillance Court, a United States federal court that polices its programs for breaches of Americans' privacy.

And the Guardian underlines the point:

While there are frequent warnings in the [internal agency] documents reminding NSA staff of rules for protecting the privacy of Americans, other documents show repeated violations. Such violations are almost inevitable given the way the NSA collects so much, the technology and analysts unable to distinguish between data on foreigners and American citizens.

The NSA says in public it only collects a tiny percentage of Internet traffic, smaller than 'a dime on a basketball court.' But there is a gulf between what the NSA says in public and what it says in documents, in which technicians and analysts express their glee at finding novel ways of cracking into electronic communications and expanding their reach in ever more imaginative ways.

The question critics of the NSA raise is: just because it has the technical ability to do these things, should it?

You can read the Times piece here, and the Guardian piece here. Though they're similar to an extent, it's worthwhile to read both -- not only do you get more NSA tidbits, you get a glimpse of different editorial approaches as well. Be sure, also, to check out the Guardian's impressively executed multimedia feature "NSA Files: Decoded." You'll find that here.

About the author

Edward Moyer is an associate editor at CNET News and a many-year veteran of the writing and editing world. He enjoys taking sentences apart and putting them back together. He also likes making them from scratch.

 

ARTICLE DISCUSSION

Conversation powered by Livefyre

Don't Miss
Hot Products
Trending on CNET

Hot on CNET

Saving your life at speed and in style

Volvo have been responsible for some of the greatest advancements in car safety. We list off the top ways they've kept you safe today, even if you don't drive one.