Snowden leaks: NSA conducted 231 offensive cyber-ops in 2011, hailed as 'active defense'
US intelligence carried out 231 offensive cyber-ops in 2011, nearly three-quarters of them against key targets such as Iran, Russia, China and N. Korea, as well as nuclear proliferation, a classified report obtained by The Washington Post says.
The “most challenging targets” also include suspected
terrorists “in Afghanistan, Pakistan, Yemen, Iraq, Somalia,
and other extremist safe havens,” according to one list of
priorities. US budget documents describe the attacks as
Some cyber-operations reportedly feature what one budget document calls “field operations” organized “to physically place hardware implants or software modifications” with the help of CIA operatives or clandestine military forces.
An implant is often coded in software by an NSA group called Tailored Access Operations, which builds attack tools that are custom-fitted to their targets, The Washington Post reports, adding that this year TAO is working on implants that “can identify select voice conversations of interest within a target network and exfiltrate select cuts,” one budget document says.
The reported US intelligence cyber-missions include the defense of military and other classified computer networks against foreign attack. These missions account for one-third of the total cyber-operations budget of $1.02 billion or 2013, according to the Cryptologic Program budget.
President Barack Obama's directive on cyber-operations, issued in October 2012 and leaked in June 2013 by Snowden, stated that military cyber-operations resulting in the disruption, destruction or manipulation of computers must be approved by the president himself. The document largely does not apply to US intelligence agencies, however.
According to the US intelligence budget, by the end of this year a $652 million program named GENIE, which reportedly helps the US break into foreign networks to plant sophisticated malware in computers, routers and firewalls in tens of thousands of machines every year, will control at least 85,000 implants in strategically chosen computers around the world - four times the number available in 2008.
The NSA appears to be planning a rapid expansion of those numbers, which were limited until recently by the need for human operators to take remote control of compromised computers. Affected by disclosures of the classified data by Snowden, the NSA announced earlier this month it would cut up to 90 percent of its system administrators to reduce the number of people with access to secret information. Snowden leaked documents to the Guardian and the Washington Post, revealing previously secret telephone and internet surveillance programs run by the US government.
According to an authoritative reference document, for GENIE’s next phase the NSA has brought online an automated system, code-named TURBINE, capable of managing “potentially millions of implants” for intelligence gathering “and active attack,” The Washington Post reported.
Given the “vast volumes of data” pulled in by the NSA, storage could be a problem. The NSA has nearly completed a large-scale new data center in Utah, which will manage “storage, analysis, and intelligence production.” This will allow intelligence agencies “to evaluate similarities among intrusions that could indicate the presence of a coordinated cyber-attack, whether from an organized criminal enterprise or a nation-state.”