‘Getting the ungettable’: Leaks reveal NSA’s top hacking unit
Der Spiegel described the Office of Tailored Access Operations
(TAO) as “something like a squad of plumbers that can be
called in when normal access to a target is blocked.”
According to the secret documents obtained by the German news magazine, TAO specialists are involved in the most sensitive operations of US intelligence - including counterterrorism, cyber-attacks, and traditional espionage.
The unit, which was created at the dawn of the internet, was developed with the mission of “getting the ungettable.”
“It’s not about the quantity produced, but the quality of intelligence that is important,” a former TAO boss wrote, describing her work in a document. She added that her hacked had contributed to “some of the most significant intelligence our country [the US] has ever seen.”
She stated that TAO “needs to continue to grow and must lay the foundation for integrated Computer Network Operations” and that it must also “support Computer Network Attacks as an integrated part of military operations.”
In order to achieve those aims, the unit has to gain “pervasive, persistent access on the global network,” the ex-chief said.
The top secret unit has succeeded in gaining access to 258 targets in 89 countries. In 2010 alone, it conducted 279 global operations, according to the documents.
Der Spiegel reported that TAO specialists have directly accessed the protected networks of democratically elected leaders of different states. They infiltrated networks of European telecommunications companies and gained access to messages sent over Blackberry's BES email servers – which are considered to be securely encrypted.
The papers state that TAO recruits its staff among “geeks” at hacker conferences, with NSA director Keith Alexander visiting several such events in recent years.
TAO was originally located at the NSA’s headquarters in Fort Meade, Maryland. But the unit has since expanded, with offices in Wahiawa, Hawaii; Fort Gordon, Georgia; Buckley Air Force Base near Denver, Colorado; and San Antonio, Texas.
The document shows that the NSA’s “on-call digital plumbers” also have a European branch – the European Security Operations Centre (ESOC), stationed at the so-called “Dagger Complex” at a US military compound near Frankfurt, Germany.
Hacking Mexico’s security agency
Mexico has been a prime target for US intelligence, with
surveillance assigned to TAO’s San Antonio branch - situated just
200 kilometers from the US-Mexico border.
The unit’s hackers accessed the network of Mexico's Secretariat of Public Security, which is responsible for overseeing the country’s police, prison system, counter-terrorism operations, and border officers.
The NSA is most interested in information on the drug trade, as well as overall security and human trafficking taking place at the border, according to the documents.
As part of ‘Operation WHITETAMALE,’ TAO infiltrated the Secretariat’s network by breaking into the emails of elected systems administrators and telecommunications engineers. Hackers then began mining large amounts of data.
The NSA spies had wide knowledge of the agency’s servers - including IP addresses, computers used for email traffic, and individual addresses of employees. They also obtained diagrams of the security agency’s structures, including video surveillance.
The operation has been going on for years, Spiegel said, and was aborted only after the paper reported the news for the first time in October.
The NSA’s internal division labels the type of activity TAO performed against the Mexican agency as “Computer Network Exploitation” (CNE).
Its goal is to “subvert endpoint devices,” including servers, workstations, firewalls, routers, handsets, phone switches, and industrial control systems used at factories and power plants – otherwise known as SCADAs.
Tapping global underwater internet cables
The NSA’s push for global surveillance explains its interest
towards the fiber optic cables which direct a large share of
global internet traffic along the world’s ocean floors.
A document labeled “top secret” and “not for foreigners” describes the success of US intelligence in spying on the SEA-ME-WE-4 cable system.
The system is a massive underwater cable bundle which connects Europe with North Africa and the Gulf states before continuing through Pakistan and India and onto Malaysia and Thailand.
The cable system originates in southern France, near Marseille, with French Orange and Telecom Italia Sparkle being among the primary stakeholders in the project.
According to the document, TAO “successfully collected network management information for the SEA-Me-We Undersea Cable Systems (SMW-4)” on February 13, 2013.
The agency was able to “gain access to the consortium's management website and collected Layer 2 network information that shows the circuit mapping for significant portions of the network.”
The document states that the TAO team hacked an internal website of the operator consortium and copied documents stored there pertaining to technical infrastructure.
But the NSA has no intention of resting its oars. “More operations are planned in the future to collect more information about this and other cable systems,” the document states.