NSA malware infected over 50,000 computer networks worldwide

NSA malware infected over 50,000 computer networks worldwide

Summary: A newly-surfaced Snowden slide shows the NSA infected more than 50,000 computer networks worldwide with malware, according to Dutch outlet NRC.

SHARE:

A new slide leaked by Edward Snowden shows where the NSA infected more than 50,000 computer networks worldwide with malware, according to Dutch media outlet NRC.

The NSA management presentation slide from 2012 shows a world map spiderwebbed with "Computer Network Exploitation" access points in more than 50,000 locations around the globe.

NSA malware CNE NRC

Like all the slides we've seen so far, this one is unlikely to win a Powerpoint beauty pageant anytime soon.

Not that this should deter anyone from the profoundly disturbing implications of a US government malware map being reported by a Dutch news agency -- to which the US government gave a "no comment."

Translated from Dutch:

The American intelligence service - NSA - infected more than 50,000 computer networks worldwide with malicious software designed to steal sensitive information. 

Documents provided by former NSA employee Edward Snowden and seen by this newspaper, prove this.

(...) The NSA declined to comment and referred to the US Government. A government spokesperson states that any disclosure of classified material is harmful to our national security.

On the NSA's Computer Network Operations program description page it describes CNE as, "Includes enabling actions and intelligence collection via computer networks that exploit data gathered from target or enemy information systems or networks."

In an article dated August 29, 2013, The Washington Post reported on the NSA's "hacking unit" called Tailored Access Operations (TAO).

The Post wrote:

According to a profile by Matthew M. Aid for Foreign Policy, it's a highly secret but incredibly important NSA program that collects intelligence about foreign targets by hacking into their computers, stealing data, and monitoring communications. 

(...) Dean Schyvincht, who claims to currently be a TAO Senior Computer Network Operator in Texas, might reveal the most about the scope of TAO activities.

He says the 14 personnel under his management have completed "over 54,000 Global Network Exploitation (GNE) operations in support of national intelligence agency requirements." 

This is one letter away from being exact.

On the NSA's network ops page, there is no program with the acronym GNE - only CNE and,

Computer Network Attack (CNA): Includes actions taken via computer networks to disrupt, deny, degrade, or destroy the information within computers and computer networks and/or the computers/networks themselves.

Computer Network Defense (CND): Includes actions taken via computer networks to protect, monitor, analyze, detect, and respond to network attacks, intrusions, disruptions, or other unauthorized actions that would compromise or cripple defense information.

Across the slide top and bottom a stripe reads, "REL TO USA, AUS, CAN, GBR, NZL."

These are the  so-called "Five Eyes" nations -- which include the U.S., U.K., Canada, Australia, and New Zealand.

Last week, the very same "Five Eyes" nations moved to oppose the United Nation's anti-surveillance, right-to-privacy draft resolution called "The right to privacy in the digital age".

Security researchers online are speculating that telecoms were the most likely targets for the malware.

They may not be too far off the mark.

NRC cites an example of Britain's intelligence service GHCQ, being found to use spoofed LinkedIn pages to install surveillance malware on target computers in Belgium telecom, Belgacom (translated):

One example of this type of hacking was discovered in September 2013 at the Belgium telecom provider Belgacom. 

For a number of years the British intelligence service - GCHQ - has been installing this malicious software in the Belgacom network in order to tap their customer's telephone and data traffic. 

The Belgacom network was infiltrated by GCHQ through a process of luring employees to a false Linkedin page.

NRC concludes its explosive article by telling us that the Dutch government's intelligence services has its own hacking unit, but is prohibited by law from performing the type of operations the NSA appears to have done in the CNE slide.

Unlike the feeling here in the US, where it's starting to feel like an ordered state against which a transgression can be measured has nearly vanished, and is almost forgotten.

Topics: Security, Government US, Government UK, Telcos

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

57 comments
Log in or register to join the discussion
  • Wow

    Thank God the Chinese, Iran and other countries' agencies are not doing the same thing.
    D.J. 43
    • I don't live there

      I live in the US where I paid the price (Nam) to ensure that Americans have freedoms and the right to privacy. It sickens me that the government I went to war for is doing this.
      NoAxToGrind
      • Isn't there a law against spreading malware?

        I didn't know that the law against spreading computer viruses and malware exempted government employees from doing it.

        If it doesn't, then those individuals who are spreading malware on behalf of the NSA should be jailed.
        Vbitrate
        • The government...

          ... believes it is exempt and above all laws and regulations. They ignore the guiding primary laws of this nation (the Bill of Rights) on a daily basis. We live in a police state. Sheeple are still convinced they still live in a democracy because that's what our tyrants want them to believe. It keeps them complacent and easily manipulated. The illusion of choice is an excellent trick to subdue the masses.
          BillDem
          • Extreme!

            Bill, you're a bit extreme here. The government is not destroying democracy in the US, big business is. The tyranny you're talking about is coming from large corporations and their overpaid CEOs, the ones that love to be bailed out because they're greedy and incompetent. Your technical comments are almost always right on, your political comments are way off. As a libertarian, I fear big business more than I fear my government.
            Eleutherios
          • The Goverment Is A Corporation

            You should fear big business just as much as the government since they are one in the same. The US is a registered corporation, hell YOU are a corporation, look up the legal definitions of Person and Corporation. Same thing.
            labrats
          • So long as

            your name is capitalized on your birth certificate....
            Tonydid
          • The 4th Amendment

            Clearly states that any surveillance requires a warrant sworn on the oath of a witness, specifying exactly what is being sought.

            The United States of America is not a democracy, it's a Federal Representative Republic. The U.S. Constitution was specifically written to avoid the pitfalls of democracy, especially tyranny of the majority.

            Every day we move closer to tyranny (democracy). Ending the filibuster in the Senate was just the latest step to allow the majority to run roughshod over the majority.

            Those who are glad to be rid of the pesky Republicans miss the point. When the minority has no power, no recourse, you end up with the Thirteen Colonies, the Soviet Union, or Germany of the late 1930s.
            bb_apptix
          • Minority rights is NOT minority RULE

            You are confusing the two.
            What the Corporo/Govern/Masters have installed here is merely an extension of the Military/Industrial Complex Eisenhower warned us about. They then proceeded to assassinate JFK. MLK, RFK and Malc'm X and a whole host of other not so well knowns numbering at least in the high tens of thousands. They buried us in Viet Nam, excused the Iran-Contra treason as "the country couldn't go through another impeachment process and survive" (a direct quote from Sen. Daniel Inouye, co-chair in the investigation). Dare to be a whistleblower and find out for yourself. No further explanation necessary as to why nobody has gone to prison for the crimes of Wall Street.
            Minority Rights does not give license to dictatorial powers by the .1% over the 99.9%. Period.

            SPLF
            spixleatedlifeform
        • Ha!

          How many cops do you see ignoring the speed limit? It's the "_Who's gonna stop me?"_ syndrome...
          Papa_Bill
      • Patriot Act

        It all began when Congess caved to Bush, drank the koolaid and allowed this to pass.
        D.J. 43
        • Uh no

          Surveillance and espionage, particularly of foreign sources, did not depend on the Patriot Act, nor did it commence with the Patriot Act, but began with the dawn of man.
          Luke Skywalker
          • Nor did Congress cave to Bush, they did

            what their constituents wanted them to do after 9/11 slapped them in the face with the outcome of not having good intel after the Clintons decimated cia and dod in order to achieve a budget surplus
            Johnny Vegas
          • Ummm....

            That never happened. I heard some nice but clueless suburban friends say the same thing years ago, but that was as goofy then as it is now.
            JustCallMeBC
          • WRONG! BALONEY!

            WRONG! Baloney! The DoD budget wasn't hurt and the black funds were tripled under Clinton! The spending spree in DoD was ripe... when DOOFUS Bush came in with league of dumbbells... that is when the bad guys knew to hit! Couldn't have got any easier!

            So quit posting BALONEY!
            SpankyFrost
          • Partially right:

            They did do what their constituents wanted them to do AFTER the Bush White House pumped their propaganda through the mainstream media, which was and is giving into the right (to convince the public they are not controlled by the left), and the right wing Faux media, which was and is a propaganda arm of the right. The anthrax attacks helped this along (has no one mentioned that, rather than attacking those who WERE in charge, as a terrorist might wish to do, they attacked the political OPPONENTS and skeptical MEDIA?).

            But the charge that Cinton weakened the CIA is false. In fact, during the transition process, Clinton staffers repeatedly TRIED to emphasize to incoming Bush staffers that they knew Osama Bin Laden and Al Qaeda were planning something, and were completely IGNORED. And the Bush White House also ignored its own August 2001 CIA briefing paper warning of Al Qaeda plans to hijack airliners to use as suicide bombs. And all this was known, but ignored, from PRE-PATRIOT intelligence.
            jallan32
          • Right - yet not so much.

            But the complaint here was that of privacy for Americans. That, is your Patriot Act. And no, constituents didn't get any say over 9/11 Patriot Act legislation.
            D.J. 43
          • Actually, they did.

            The fear of another 9/11 attack, whipped up by media, got the Patriot Act passed in a hurry without legislators actually reading it. Very few Congressmen at that time reported receiving a flood of objections to it. A trickle of objections, from people like you and me, but a flood of "H*** yes, let's catch those B****" calls and letters.
            jallan32
        • "Congress caved to Bush....."

          You are only off by some 50-60 years here........

          Seem to remember something about Enigma and the Japanese Imperial Navy's codes being broken (read) in WWII......

          Been going on a long time.......
          lbelden11
      • Re: I don't live there

        The choice to live in the US and believe Americans have any freedoms was yours to make. The risk that this turned out to be not true was yours too.

        Frankly, I don't believe you can do anything to change it.
        danbi