NSA slapped malware on 50,000+ networks, says report
The US National Security Agency placed malicious software on more than 50,000 computer networks around the world, says a report based on documents leaked by Edward Snowden.
A new slide culled from the trove of documents leaked by Edward Snowden shows where the NSA placed malware on more than 50,000 computer networks worldwide, according to Dutch media outlet NRC.
The NSA management presentation slide from 2012 shows a world map spiderwebbed with "Computer Network Exploitation" access points.
Like all the NSA slides we've seen so far, this one is unlikely to win a Powerpoint beauty pageant anytime soon.
Not that this should distract anyone from the profoundly disturbing implications of this US government malware map that's being reported by a Dutch news agency -- an outlet to which the US government gave a "no comment."
Translated from Dutch:
The American intelligence service -- NSA -- infected more than 50,000 computer networks worldwide with malicious software designed to steal sensitive information.
Documents provided by former NSA employee Edward Snowden and seen by this newspaper, prove this.
(...) The NSA declined to comment and referred to the US Government. A government spokesperson states that any disclosure of classified material is harmful to our national security.
An NSA Web page that outlines the agency's Computer Network Operations program describes Computer Network Exploitation, or CNE, as a key part of the program's mission and says CNE "includes enabling actions and intelligence collection via computer networks that exploit data gathered from target or enemy information systems or networks."
In late August, The Washington Post reported on the NSA's "hacking unit" called Tailored Access Operations (TAO).
The Post wrote:
According to a profile by Matthew M. Aid for Foreign Policy, it's a highly secret but incredibly important NSA program that collects intelligence about foreign targets by hacking into their computers, stealing data, and monitoring communications.
(...) Dean Schyvincht, who claims to currently be a TAO Senior Computer Network Operator in Texas, might reveal the most about the scope of TAO activities.
He says the 14 personnel under his management have completed "over 54,000 Global Network Exploitation (GNE) operations in support of national intelligence agency requirements."
This is one letter away from being exact.
On the NSA's network ops page, there is no program with the acronym GNE -- only CNE and,
Computer Network Attack (CNA): Includes actions taken via computer networks to disrupt, deny, degrade, or destroy the information within computers and computer networks and/or the computers/networks themselves.
Computer Network Defense (CND): Includes actions taken via computer networks to protect, monitor, analyze, detect, and respond to network attacks, intrusions, disruptions, or other unauthorized actions that would compromise or cripple defense information.
Across the newly published slide top and bottom a stripe reads, "REL TO USA, AUS, CAN, GBR, NZL."
These are the so-called Five Eyes nations -- the U.S., U.K., Canada, Australia, and New Zealand -- that share intelligence.
Last week, the very same Five Eyes nations moved to oppose the United Nations' anti-surveillance, right-to-privacy draft resolution called "The Right to Privacy in the Digital Age."
Security researchers online are speculating that telecoms were the most likely targets for the malware.
Only 50k milware installations globally? Must be restricted to the telcos, ISPs, banks, etc that allow for bulk collection.
-- the grugq (@thegrugq) November 23, 2013
They may not be too far off the mark.
NRC cites an example of Britain's NSA counterpart, GCHQ, being found to use spoofed LinkedIn pages to install surveillance malware on target computers in Belgium telecom, Belgacom (translated):
One example of this type of hacking was discovered in September 2013 at the Belgium telecom provider Belgacom.
For a number of years the British intelligence service -- GCHQ -- has been installing this malicious software in the Belgacom network in order to tap their customer's telephone and data traffic.
The Belgacom network was infiltrated by GCHQ through a process of luring employees to a false Linkedin page.
NRC concludes its article by telling us that the Dutch government's intelligence service has its own hacking unit, but that it's prohibited by law from engaging in the type of operations that the CNE slide suggests the NSA carried out.
This story originally appeared as "NSA malware infected over 50,000 computer networks worldwide" on ZDNet.