NSA Elite Hacking Team Operations Exposed: It should come as no surprise that the National Security Agency has a special team of top-gun hackers who breaks into systems around the world to spy on its targets. But revelations published yesterday by a German magazine about the NSA’s Tailored Access Operations (TAO) Group and the agency’s homegrown hacking tools shine some light on the scope and expertise of the agency’s hacking abilities, including its custom backdoor tools for popular commercial networking equipment and systems.
Der Spiegel reported yesterday that the NSA describes the TAO as specialized in “getting the ungettable” with access to “our very hardest targets.” According to the report, the hacking team successfully infiltrated 258 targets across 89 countries, and in 2010, executed some 279 different operations.
The report stops short of confirming whether the TAO team was involved in the creation and execution of Stuxnet, the highly targeted malware program that sabotaged uranium enrichment equipment in Iran’s Natanz nuclear facility. But it references leaked internal NSA presentation documents on the agency’s goals of hacking “servers, workstations, firewalls, routers, handsets, phone switches, SCADA systems, etc.”
Michael Sutton, vice president of security research at Zscaler, says the report by the German publication appears to “insinuate” TAO’s involvement with Stuxnet, but it’s not definitive. “The team does have a development arm constantly tinkering with new technologies,” Sutton says.
The leaked catalog of NSA’s custom software and hardware-based hacking tools date back to 2008, so the newly exposed information raises more questions about what else the agency has in its arsenal today. The NSA toolkit published by der Spiegel consists of so-called “implant” items, such as Nightstand, an 802.11 wireless exploitation and injection tool; Jetplow, a “firmware persistence implant” for taking over Cisco PIX and ASA firewalls; Halluxwater, a backdoor for Huawei firewalls; Feedtrough, a software tool that operates in Juniper firewalls to move other NSA spy software onto mainframes; and Dropout Jeep, a software tool for intercepting communications from an Apple iPhone.
According to the report, the tools have allowed the NSA to create its own global spy network “that operates alongside the Internet.” And in a nod to old-school spying techniques, the NSA’s TAO group reportedly can intercept from a target a computer shipment and load malware or hardware backdoor access onto the equipment before it reaches the buyer.