Snowden docs reveal NSA digital warfare capabilities

The United States government is gearing up for digital war, with classified documents leaked by former National Security Agency contractor Edward Snowden published by Germany's Der Spiegel outlining the agency's moves to appropriate foreign attacks for its own use.
Written by Leon Spencer, Contributor

The United States National Security Agency (NSA) is putting network attacks launched by other countries to its own use in a bid to gear up for digital war, according to documents leaked by former NSA contractor Edward Snowden.

The documents, which were published by German news outlet Der Spiegel on January 17, contain numerous approaches employed by the agency in order to take its online operations far beyond its breathtaking surveillance program, and well into the realm of offensive cyberwarfare.

One document (PDF) dated 2006, from the Snowden archive, explaining the role the Remote Operations Center (ROC) -- the headquarters of the NSA's Tailored Access Operations (TAO) cyberwarfare intelligence-gathering unit -- outlines the centre's increasing activities in its bid for "global network dominance".

"The ROC provides a crucial piece of the puzzle in helping the agency achieve the Transformation 3.0 objective of Global Network Dominance," the document says. "ROC exploitation and collection requirements have grown at an unbelievable rate.

"The ROC has already enjoyed great success in its CNE, CNA, and CND (Computer Network Exploitation/Attack/Defense) operations, and is bound to achieve even more in its new facilities. Their motto says it all: 'Your data is our data, your equipment is our equipment -- any time, any place, by any legal means'," it says.

Another document (PDF) contains an interview conducted for the NSA's regular "SIDtoday" bulletin with a ROC "hacker" from the TAO, the group that hacks targets' computers.

"In the early days, TAO used to be just a bunch of hackers! We did things in a more ad hoc manner ... one guy did it all. Now we're more systematic in how we do things," it says.

A document (PDF) from 2007 provides an overview of projects undertaken by the TAO/ATO departments, including the remote destruction of network cards, possible future projects, and a description of what TAO's Politerain project team gets up to, written for an intern job posting.

"TAO/ATO Persistence Politerain (CNA) team is looking for interns who want to break things," it says. "We are tasked with remotely degrade or destroy opponent computers, routers, and network-enabled devices by attacking the hardware using low-level programming.

"The projects below an intern could be expected to produce results in 4-6 months," it says.

The document outlines some of the programs that Politerain was, at the time, hoping to utilise in order to carry out its objectives.

One program, Passionatepolka, involves techniques thought to enable the remote bricking of network cards, while another project, Argyleanien, employs a security feature built into hard drives that allows for zeroisation, the erasure of sensitive information.

"We want to use this feature to cause the loss of data," the document says.

The documents also outline the NSA's practice of "Fourth-Party Collection", which sees the agency's operatives tap the information resulting from attacks carried out by other non-"Five-Eyes" nations, such as China.

A document (PDF) outlining a SIDtoday article outlines how "Fourth-Party Collection" takes advantage of non-partner computer network exploitation activity.

"The exploitation activity may be state-sponsored or opportunistic, but when one target nation is gathering data on another target nation, the intelligence community ... may be able to use that information," it says.

Likewise, the documents (PDF) also outline how the NSA can utilise its cyberdefence infrastructure, such as its Tutelage system -- which identifies incursions and blocks them from reaching their targets -- and reverse engineer or repurpose the software used in the attacks to launch attacks of its own.

Meanwhile, another top secret document (PDF) from the archive, dated 2010, highlights the NSA's ability to use the Apple iPhone Unique Device Identifier (UDID) for "target tracking and correlation of end-point machines and target phones".

"With the analysis of the UDIDs on target machines and correlation in passive collection with known target yahoo selectors, the UDID can be used to correlate iPhone handsets to end-point sync machines and tasked Yahoo selectors," the document says.

The NSA's offensive digital warfare aims and capabilities come to light as US and UK intelligences services move to conduct war games to test the cyberdefences of banks, as part of new plans for the agencies to work more closely together on digital threats.

Editorial standards