The NSA has successfully compromised at least 50,000 ‘networks’ using malware controlled by a 1,000-strong team of hackers, a presentation leaked from the Snowden cache has revealed.
It’s another of the many statistics to emerge from Snowden’s hard drive that is single-handedly transforming the world’s understanding not only of US cyber-operations but what a well-resourced state can achieve if it wants to.
The presentation seen by Dutch news source NRC Handelsblad mentions that as of 2012 the NSA’s Tailored Access Operations (TAO) department had compromised “50,000 computer networks” as part of a larger Computer Network Exploitation (CNE) operation active for up to 15 years.
We have to be careful about the nomenclature here; 50,000 networks is in the NSA’s eyes equivalent to 50,000 separate locations so the actual number of PCs, servers and possibly routers controlled by this network is almost certainly much greater than 50,000 individual computers.
As NRC Handelsblad notes, an example of the type of hacking projects the TAO campaigns might resemble would be the infamous attacks on Belgian national telco Belgacom by Britain’s NSA ally GCHQ, first publicised in September by German magazine Spiegel Online.
In that attack, the malware was installed by luring Belgacom employees to bogus LinkedIn and Slashdot pages using a system called Quantum Insert, in effect they were phished using a tactic straight out of the criminal handbook.
Another way of viewing the TAO malware would be to see it as part of the 231 cyber-operations written up in August by the Washington Post from separate Snowden files as having been carried out in 2011 alone, all part of the well-financed ‘GENIE’ program. That report was also the first to discover that the NSA had been using malware but it is only now that details such as targeting and design are starting to become clearer.
The problem is that the accounts of what the NSA has been up to and for how long are still fragmentary. It is known that 50,000 networks in 30 countries have been compromised, as have 20 access points for international cable trunks, but that barely scratches the surface.
With news emerging almost every week of a new NSA attack on fundamental parts of international digital infrastructure – almost all as far as we can tell highly successful – it is now safer to assume that the NSA can unlock what it wants more or less at will.