National Security Agency Has 50,000+ "Digital Sleeper Cells" In Infected Networks
The United States National Security Agency is in the malware business, according to a new report based on documents leaked by ex-NSA contractor Edward Snowden.
And business has been booming, according to the report authored by Dutch media source NRC Handelsblad, which got its hands on a slide from a 2012 NSA management presentation provided by Edward Snowden.
The slide shows a map of what the intelligence agency called "Computer Network Exploitation" or CNE. The map itself shows more than 50,000 locations or access points, which the CNE program created by installing malware on computers on those networks. The information is believed to be current up to mid-year 2012, but the NSA's aims are reportedly to have infected even more networks by the end of 2013, so it's possible that 50,000 infected networks is a conservative figure at this point.
The CNE program is further corroborated by a previous reports by the Washington Post and Foreign Policy, also based on NSA documents from Edward Snowden, exposing information about the government's hacking unit, called Tailored Access Operations, or TAO.
TAO is a "highly secret but incredibly important NSA program that collects intelligence about foreign targets by hacking into their computers, stealing data, and monitoring communications," according to the Washington Post. Primarily based at the NSA headquarters in Fort Meade, there are reportedly at least 600 professional hackers working around the clock to tap into thousands of foreign computer systems, accessing the computer hard drives and emails of those targeted abroad. TAO, according to the Foreign Policy report, is also responsible for developing information vital to the mission of possibly destroying foreign computer and communications systems in a cyberattack, if such an attack were ever ordered by the president.
The CNE, the collection of compromised foreign networks, is reported to be part of TAO's activities, and, according to the Washington Post, at least the existence of the CNE is not really much of a secret. A quick look at some computer specialists' LinkedIn profiles reveals the links between the NSA, TAO, and CNE. For example Brendan Conlon, former Deputy Chief of Integrated Cyber Operations for the NSA and also former Chief of TAO in Hawaii, has a LinkedIn profile that includes the following eye-catching resume-builder:
"Brendan began his career at NSA as a developer of software implants for Computer Network Exploitation (CNE) operations. He has also spent time as a Technical Operations Officer detailed to the Central Intelligence Agency. As the Chief of Tailored Access Operations - Hawaii, he led a large group of Global Network
Exploitation Analysts and Operators."
According to NRC's reporting, the CNE has networks with what are equivalent to "digital sleeper cells," due to the fact that the NSA malware installed on computers can be turned on and off "with a single push of a button." NRC Handelsblad says one example of the CNE infiltration of computer systems with malicious software was the hacking of Belgium telecom company Belgacom, discovered in September of 2013: the GCHQ, the NSA's British sister agency, and part of many NSA programs and actions, had been installing malicious software on the Belgacom network in order to tap customer telephone and data traffic. The malware was installed through a false LinkedIn page that employees were tricked into clicking.