US intelligence carried out 231 offensive cyber-ops in 2011, nearly three-quarters of them against key targets such as Iran, Russia, China and N. Korea, as well as nuclear proliferation, a classified report obtained by The Washington Post says.
The “most challenging targets” also include suspected
terrorists “in Afghanistan, Pakistan, Yemen, Iraq, Somalia,
and other extremist safe havens,” according to one list of
priorities. US budget documents describe the attacks as
“active defense.”
Some cyber-operations reportedly feature what one budget document
calls “field operations” organized “to physically place hardware
implants or software modifications” with the help of CIA
operatives or clandestine military forces.
An implant is often coded in software by an NSA group called
Tailored Access Operations, which builds attack tools that are
custom-fitted to their targets, The Washington Post reports,
adding that this year TAO is working on implants that “can
identify select voice conversations of interest within a target
network and exfiltrate select cuts,” one budget document
says.
The reported US intelligence cyber-missions include the defense
of military and other classified computer networks against
foreign attack. These missions account for one-third of the total
cyber-operations budget of $1.02 billion or 2013, according to
the Cryptologic Program budget.
President Barack Obama's directive on cyber-operations, issued in
October 2012 and leaked in June 2013 by Snowden, stated that
military cyber-operations resulting in the disruption,
destruction or manipulation of computers must be approved by the
president himself. The document largely does not apply to US
intelligence agencies, however.
According to the US intelligence budget, by the end of this year
a $652 million program named GENIE, which reportedly helps the US
break into foreign networks to plant sophisticated malware in
computers, routers and firewalls in tens of thousands of machines
every year, will control at least 85,000 implants in
strategically chosen computers around the world - four times the
number available in 2008.
The NSA appears to be planning a rapid expansion of those
numbers, which were limited until recently by the need for human
operators to take remote control of compromised computers.
Affected by disclosures of the classified data by Snowden, the
NSA announced earlier this month it would cut up to 90 percent of
its system administrators to reduce the number of people with
access to secret information. Snowden leaked documents to the
Guardian and the Washington Post, revealing previously secret
telephone and internet surveillance programs run by the US
government.
According to an authoritative reference document, for GENIE’s
next phase the NSA has brought online an automated system,
code-named TURBINE, capable of managing “potentially millions
of implants” for intelligence gathering “and active
attack,” The Washington Post reported.
Given the “vast volumes of data” pulled in by the NSA,
storage could be a problem. The NSA has nearly completed a
large-scale new data center in Utah, which will manage
“storage, analysis, and intelligence production.” This
will allow intelligence agencies “to evaluate similarities
among intrusions that could indicate the presence of a
coordinated cyber-attack, whether from an organized criminal
enterprise or a nation-state.”