‘Core secrets’ exposed: NSA used undercover agents in foreign companies
To infiltrate foreign networks and gain access to sensitive systems, the NSA has been using the tactics of “physical subversion” – deploying undercover agents in Chinese, German, South Korean and possibly even American companies, The Intercept reports.
Past reports on the National Security Agency (NSA) have typically depicted a government organ that hacks other systems or works with private corporations to bypass their own encryption protections, but the latest report based on files leaked by Edward Snowden suggests the agency could be embedding operatives into foreign, as well as domestic, “commercial entities.”
In a 13-page document published by The Intercept, the NSA describes six different programs that it considers to be “core secrets,” all of which are filed under the banner of “Sentry Eagle.” The document warns that any disclosure of the “secrets” will cause “exceptionally grave damage to US national security” and should not be done without an authorization from a senior intelligence official.
These programs, some of which were ongoing as of 2012, are composed of the following:
Sentry Hawk: Which involves cooperation between the NSA as well as foreign and domestic companies to exploit computer networks.
Sentry Falcon: Which includes the defense of computer networks.
Sentry Osprey: Which involves the NSA cooperating with the CIA, FBI and Pentagon to employ human operatives that can help give the agency access to networks.
Sentry Raven: Which describes the NSA’s negotiations with American companies to weaken their encryption in order to give the agency easier access.
Sentry Condor: Which includes offensive network attacks that can destroy or weaken computer systems.
Sentry Owl: Which involves the NSA working with foreign companies to make their products susceptible to NSA data gathering.
One of the biggest revelations is that under Sentry Osprey, undercover agents – human intelligence assets, or “HUMINT” – have been embedded to help the NSA successfully conduct signals intelligence operations (SIGINT), which involve the interception of communications and electronic signals. Whether these agents are impersonating employees, outside businessmen, or some other type of personnel is unknown. Foreign companies as well as domestic companies could be targeted.
This “target exploitation” group – labeled “TAREX” – reportedly has a presence in South Korea, Germany, and China, with a domestic presence in Georgia, Hawaii, and Texas.
Already, the American Civil Liberties Union told The Intercept that it has had discussions with domestic tech executives over the possibility that the NSA is physically infiltrating their companies.
Meanwhile, the report noted that the US intelligence agency isn’t the only one that would want the data that tech companies are holding, pointing to groups in China that are suspected to want such information just as badly.
The new documents also show that the NSA is or was cooperating significantly with foreign companies under Sentry Owl, particularly when it comes to manufacturing products it can easily exploit. Coverage exposing the breadth of the NSA’s access to data held by American firms has already sparked concern for the US economy – tech executives recently warned the surveillance could “break” the internet – but now there’s indication that even foreign companies have been affected.
Not only does that make it harder for consumers to obtain protected communications hardware, but if foreign governments are not aware that their own companies are working with intelligence agency, former NSA cryptographer William Binney said the news could spark backlash and investigations overseas.
For its part, the NSA declined to clarify details to The Intercept. It released a statement saying, “It should come as no surprise that NSA conducts targeted operations to counter increasingly agile adversaries.”
At the same time, the agency said it “takes into account the globalization of trade, investment and information flows, and the commitment to an open, interoperable, and secure global Internet.”