Additionally, under an extensive effort code-named GENIE, U.S. computer specialists break into foreign networks so that they can be put under surreptitious U.S. control. Budget documents say the $652 million project has placed “covert implants,” sophisticated malware transmitted from far away, in computers, routers and firewalls on tens of thousands of machines every year, with plans to expand those numbers into the millions.and
The documents provided by Snowden and interviews with former U.S. officials describe a campaign of computer intrusions that is far broader and more aggressive than previously understood. The Obama administration treats all such cyber-operations as clandestine and declines to acknowledge them.
The administration’s cyber-operations sometimes involve what one budget document calls “field operations” abroad, commonly with the help of CIA operatives or clandestine military forces, “to physically place hardware implants or software modifications.”The focus on routers, switches, and firewalls is very interesting and news. To the best of my knowledge, nothing like this is known to the computer security industry. No doubt the NSA is careful to test its efforts first, to ensure they aren't detected.
Much more often, an implant is coded entirely in software by an NSA group called Tailored Access Operations (TAO). As its name suggests, TAO builds attack tools that are custom-fitted to their targets.
The NSA unit’s software engineers would rather tap into networks than individual computers because there are usually many devices on each network. Tailored Access Operations has software templates to break into common brands and models of “routers, switches and firewalls from multiple product vendor lines,” according to one document describing its work.
The implants that TAO creates are intended to persist through software and equipment upgrades, to copy stored data, “harvest” communications and tunnel into other connected networks. This year TAO is working on implants that “can identify select voice conversations of interest within a target network and exfiltrate select cuts,” or excerpts, according to one budget document. In some cases, a single compromised device opens the door to hundreds or thousands of others.
However, the hunt will be on now.
This suggests also a new market niche doing intrusion detection on these kinds of infrastructure components. However, it's not clear that a US based firm could be a very credible provider...
I kind of have the suspicion that we are not the only ones doing this.
ReplyDeleteAnd I also suspect that the obvious suspects (state actors and their intelligence agencies) have been doing it a long time.
Another interesting speculation is action on this front by private interests: corporations (like oh, say Goldman Sachs), drug gangs, terrorists, any sort of group with the deep pockets to do it.
"nothing like this is known to the computer security industry" ... How is that possible? If true, it would appear the security industry has charged a fortune to provide no security. Malware is malware - it does certain things and exhibits signatures - government written or not - in order to work, does it not? How could this go undetected?
ReplyDeleteMr Sunshine. Not "no security", just "the best solution to the halting problem that money can currently buy" :-)
ReplyDeletehttp://en.wikipedia.org/wiki/Halting_problem
That is generally somewhat better than nothing, but considerably worse than everything.
Also sheds light on Government reluctance to allow Telcos to use equipment supplied by China's Huawei.
ReplyDeleteDuring the Reagan administration US agencies reportedly planted malware in pipeline control systems supplied to the Soviet Union. This pipeline later ruptured with consequent large fires that were reported to be visible to space satellites.
ReplyDeleteThis activity constitutes a direct threat to the citizens of another state. I fail to see how this can be considered other than an act of war.
If memory serves me correctly, it is illegal in the UK to develop algorithms or devices that GCHQ cannot decrypt.
ReplyDelete