NSA May Have Undercover Operatives in Foreign Companies


An aerial view showing the 'Dagger Complex' in Griesheim near Darmstadt, Germany, 07 July 2014. The area on the edge of a former airfield is considered one of the most important branches of the US secret NSA.

An aerial view showing the ‘Dagger Complex’ in Griesheim near Darmstadt, Germany, 07 July 2014. The area on the edge of a former airfield is considered one of the most important branches of the US secret NSA. EPA/BORIS ROESSLER



As a much-anticipated documentary about NSA whistleblower Edward Snowden premiers in New York this evening, new revelations are being published simultaneously that expose more information about the NSA’s work to compromise computer networks and devices.


Newly-brought-to-light documents leaked by Snowden discuss operations by the NSA working inside China, Germany and South Korea to help physically subvert and compromise foreign networks and equipment, according to a report published by the Intercept. They also suggest the NSA may have undercover agents planted inside companies to provide assistance in gaining access to systems in the global communications industry. And they bolster previous reports that the NSA works with U.S. and foreign companies to weaken their encryption systems.


The new report is written by Peter Maass and Laura Poitras. Poitras is the celebrated documentary filmmaker who Snowden contacted in 2013 to provide her with a trove of NSA documents and who has interviewed him in Hong Kong and Moscow for her film CitizenFour.


Among the new documents, which are seen in the film, is a 13-page brief dating from 2004 about Sentry Eagle, a term the NSA used to describe a collection of closely held programs whose details were so tightly controlled that, according to the document, they could be disclosed only to a limited number of people approved by senior intelligence officials.


“Unauthorized disclosure . . .will cause exceptionally grave damage to U.S. national security,” the document states. “The loss of this information could critically compromise highly sensitive cryptologic U.S. and foreign relationships, multi-year past and future NSA investments, and the ability to exploit foreign adversary cyberspace while protecting U.S. cyberspace.”


The documents describe new details about six NSA programs under the Sentry Eagle rubric. They are:


Sentry Hawk—which involves computer network exploitation (aka CNE), the government’s term for digital espionage. (For example, programs like Flame might fall in this category.)


Sentry Falcon—which involves computer network defense


Sentry Osprey—which appears to involve overseeing NSA clandestine operations conducted in conjunction with the CIA, FBI, the Defense Intelligence Agency and Army intelligence. These operations involve human intelligence “HUMINT assets (Target Exploitation—TAREX) to support signals intelligence (SIGINT) operations.”


This is one of the biggest reveals of the report. Apparently, under Sentry Osprey, people responsible for target exploitation are embedded into operations conducted by the CIA, Defense Intelligence Agency, and FBI to provide technical expertise these agencies lack. This would include covert or clandestine field activities or interception of devices in the supply chain to modify equipment or install hardware implants. The TAREX group specializes in physical subversion—that is, subversion involving physical access to a device or facility.


Some of the TAREX bases of operation overseas appear to be located in South Korea, Germany and Beijing, China. But domestic centers for these operations are also based in Hawaii, Texas and Georgia. The NSA also handily keeps TAREX personnel stationed in U.S. embassies.


Glen Greenwald described this so-called interdiction activity in his recent book No Place to Hide, which included a photo of NSA agents opening packages that had been intercepted enroute to their destination in order to implant surveillance beacons in them.


Sentry Raven—focuses on cracking encryption systems. The documents state that the NSA “works with specific U.S. commercial entities…to modify U.S manufactured encryption systems to make them exploitable for SIGINT.” It doesn’t name the commercial entities or the encryption tools they modified, however.


Sentry Condor—involves computer network attacks (CNA), the government’s term for computer and network penetrations that involve degrading, damaging, delaying or destroying systems. (Think Stuxnet.)


Sentry Owl—a program involving collaboration with private companies.


Previous stories have revealed that the NSA has worked to convince U.S. companies to install backdoors and help the agency undermine encryption in their products to facilitate spying. They have also revealed how the NSA hacked computers belonging to system administrators at a telecom in Belgium to gain access to routers responsible for transmitting the mobile communications of customers. But none has discussed the NSA embedding agents in companies.


There has long been speculation about the NSA obtaining assistance from foreign companies. Most recently with regard to revelations that the NSA was intercepting all of the mobile phone communications of three countries—including Afghanistan.


Security experts have speculated that this type of collection would be difficult to accomplish without the cooperation of a telecom or the assistance of insiders to help the NSA subvert the telecom services. These documents indicate the speculation was right.



No comments:

Post a Comment