9:30 ET, 26 November 2013

A new report based on documents leaked by Snowden revealed that the NSA placed malicious software on more than 50000 networks around the world.

The NSA infected more than 50000 networks worldwide with malicious software designed to steal sensitive information. The large-scale cyber espionage operation was revealed once again by documents provided by former NSA consultant Edward Snowden according to Dutch media outlet NRC.

“The NSA declined to comment and referred to the US Government. A government spokesperson states that any disclosure of classified material is harmful to our national security.” reported NRC.

The news is not surprising but once again raises the debate on the effrontery US surveillance program that created a complex and efficient global spying machine.

The documents include a presentation dated 2012 that details how the NSA operates worldwide to steal information exploiting Computer Network Exploitation (CNE) in more than 50000 networks.

nsa

Computer Network Exploitation is a secret system malware based used to compromise the computers within targeted networks and steal sensitive data. Security experts believe that the telecoms were the most likely targets for the malware, they are confident that the CNE was used in September 2013 to hack the Belgium telecom provider Belgacom. The GCHQ (British Government Communications Headquarters) used fake LinkedIn and Slashdot to hack Belgacom, OPEC & others GRX providers, the cyber espionage operation was conducted to install malware in the Belgacom network in order to tap their customers’ communications and data traffic.

NSA’s Computer Network Operations program describes Computer Network Exploitation as a key part of the program’s mission that “includes enabling actions and intelligence collection via computer networks that exploit data gathered from target or enemy information systems or networks.”

The slides recently published report on top and bottom a stripe reads, “REL TO USA, AUS, CAN, GBR, NZL”, known as five eyes nations that include the U.S., U.K., Canada, Australia, and New Zealand. Those countries work together conducting intelligence operations and sharing the same orientation on surveillance matter, they recently were opposed to the United Nations’ anti-surveillance, right-to-privacy draft resolution called “The Right to Privacy in the Digital Age“.

The US hacking campaigns are performed by a special department of US cyber units known as called TAO (Tailored Access Operations) that I also mentioned when I described the FOXACID architecture. TAO employs more than a thousand high profile hackers, in August the Washington Post reported that the NSA installed an estimated 20,000 ‘implants’ as early as 2008, by mid-2012 this number had more than doubled to 50,000.

The malware used for cyber espionage are software agents that could remain undetected for a long time, the NSA-presentation shows their CNE-operations in countries such as Venezuela and Brazil.

Since now the NSA declined to comment and referred to the US Government, the NRC concludes its article remarking that the Dutch government’s intelligence service has also its own hacking unit, but that it’s prohibited by law the hack on foreign networks to conduct similar cyber operations.

Pierluigi Paganini

(Security Affairs – NSA, 50000 networks)

rsa-logo