NSA Has Hacked 50,000 Computers Globally

In reality there is little new in this latest revelation beyond the extent of NSA hacks. We have already learnt about the NSA/GCHQ's quantum injection hacking program (it is known that the NSA used this to hack Petrobras in Brazil and GCHQ used it to hack Belgacom in Belgium); but what wasn't known was the extent of the agencies' operations.

The NRC report publishes a single slide titled 'Worldwide SIGINT/Defense Cryptologic Platform'. Its legend is headed, 'Classes of Access.'  Quite how this world map relates to 50,000 hacked computer networks is not immediately obvious; but nevertheless the report states that the NSA has "infected more than 50,000 computer networks worldwide with malicious software designed to steal sensitive information. Documents provided by former NSA-employee Edward Snowden and seen by this newspaper, prove this."

Whether this report should be taken to suggest that the NSA has placed its own malware on 50,000 computer networks is questionable – it could equally mean that the NSA has the ability to do that, on demand, that through its widespread points of access to the internet backbone. David Harley, ESET senior research fellow, believes 50,000 malware samples in the wild are not likely to be completely undetected by all of the anti-virus companies.

"It’s likely that some AV companies have detected it. We wouldn’t necessarily know what it was though, so any detections may well be buried in a pile of heuristic or behavioral detections. Furthermore, it’s unlikely that what’s being described is a single once-found-always-detected variant." So it is possible.

A report from the Washington Post in August suggested that the NSA would have the capacity to embark on such a campaign. The NRC report states, "The NSA computer attacks are performed by a special department called TAO (Tailored Access Operations)." WP has already indicated that TAO includes 600 unit members working 24/7 in rotating shifts. It is, said the Post, "a highly secret but incredibly important NSA program that collects intelligence about foreign targets by hacking into their computers, stealing data, and monitoring communications."

It further points out that "TAO is also responsible for developing programs that could destroy or damage foreign computers and networks via cyberattacks if commanded to do so by the president." The Post adds that TAO may have been responsible for Stuxnet and Flame.

NRC says the NSA's malware "can be controlled remotely and be turned on and off at will. The ‘implants’ act as digital ‘sleeper cells’ that can be activated with a single push of a button." It describes the purpose as 'to steal sensitive information.' More worrying, however, is that the Post has suggested that TAO is also involved in offensive cyberwarfare.

What’s Hot on Infosecurity Magazine?