NSA Reportedly Infected 50,000 Computer Networks Worldwide
November 26, 2013

Leaked Documents Show That NSA Infected 50,000 Computer Networks Worldwide

Bryan P. Carpender for redOrbit.com - Your Universe Online

The U.S. National Security Agency (NSA) reportedly hacked more than 50,000 computer networks worldwide by mid-2012, infecting them with malware, according to documents leaked by Edward Snowden, the former government employee and whistleblower.

This new information obtained by Dutch newspaper NRC Handelsblad comes from a leaked PowerPoint slide showing a world map that highlights more than 50,000 worldwide “implants” of malware in a process known as CNE (Compute Network Exploitation). According to the NSA’s career site, CNE “includes enabling actions and intelligence collection via computer networks that exploit data gathered from target or enemy information systems or networks.”

Malware is malicious software whose purposes include the disruption of computer operations and the gathering of sensitive information. This malware is used by a department known as TAO (Tailored Access Operations), which is composed of over 1,000 of the NSA’s elite hackers, reports PCMag.com.

These super hackers execute these malware implants, allegedly breaking through firewalls and hacking into network routers and switches, giving them access to the data transmitted by the devices connected to them.

Once the malware has been implanted inside a given network, the implants are not necessarily activated immediately upon deployment. The malware can remain dormant in a “sleeper mode” until the TAO is ready to use it; then it can be activated with a single push of a button, enabling the NSA’s hackers to extract useful data at will.

Additionally, these malware implants can remain active for extended periods of time without being detected; in some cases, they can gather data for years with nobody discovering them.
Some reports estimate that the NSA had already installed over 20,000 implants as early as 2008. Given the mid-2012 number of 50,000 additional implants, it’s possible that as many as 85,000 could be deployed by the close of 2013.

While these new numbers are noteworthy, the process of CNE is hardly breaking news. In August, The Washington Post reported that these implants were active. However, the NSA has been engaged in cyber operations since 1998, evolving right along with technology.

NSA techniques have been used by other intelligence agencies, including the UK’s Government Communications Headquarters (GCHQ), which infiltrated Belgacom, a Belgian telecommunications provider.

But the NSA isn’t relying exclusively on CNE to gather intelligence.

Thanks to another document Snowden leaked to The New York Times, the information keeps coming. In the 2012 document, the NSA affirms that it has been engaged in SIGINT (NSA jargon for “signals intelligence” – the gathering of information through intercepting signals) for decades. It describes the present day environment as “the golden age of SIGINT.”

According to the document, “For SIGINT to be optimally effective, legal, policy, and process authorities must be as adaptive and dynamic as the technological and operational advances we seek to exploit.” The document also outlines the NSA’s mission statement and broad goals through the year 2016 to “close gaps between the environment and expectations over the next five years.”

When asked about the reports, the NSA declined to comment, instead referring inquiries directly to the US government. Not surprisingly, those inquiries were fielded by a government spokesperson whose response was the generic statement that “any disclosure of classified material is harmful to our national security.”