"BLACK BUDGET" UNLOCKS DETAILS [Virginian - Pilot]
(Virginian - Pilot Via Acquire Media NewsEdge) By Barton Gellman and Ellen Nakashima
The Washington Post
U.S. intelligence services carried out 231 offensive cyber- operations in 2011, the leading edge of a clandestine campaign that embraces the Internet as a theater of spying, sabotage and war, according to top-secret documents obtained by The Washington Post.
That disclosure, in a classified intelligence budget provided by NSA leaker Edward Snowden, provides new evidence that the Obama administration's growing ranks of cyberwarriors infiltrate and disrupt foreign computer networks.
Additionally, under an extensive effort code-named GENIE, U.S. computer specialists break into foreign networks so that they can be put under surreptitious U.S. control. Budget documents say the $652 million project has placed "covert implants," sophisticated malware transmitted from far away, in computers, routers and firewalls on tens of thousands of machines every year, with plans to expand those numbers into the millions.
The documents provided by Snowden and interviews with former U.S. officials describe a campaign of computer intrusions that is far broader and more aggressive than previously understood. The Obama administration treats all such cyber-operations as clandestine and declines to acknowledge them.
The scope and scale of offensive operations represent an evolution in policy, which in the past sought to preserve an international norm against acts of aggression in cyberspace, in part because U.S. economic and military power depends so heavily on computers.
"The policy debate has moved so that offensive options are more prominent now," said former deputy defense secretary William J. Lynn III, who has not seen the budget document and was speaking generally. "I think there's more of a case made now that offensive cyber-options can be an important element in deterring certain adversaries."
Of the 231 offensive operations conducted in 2011, the budget said, nearly three-quarters were against top-priority targets, which, former officials say, includes adversaries such as Iran, Russia, China and North Korea, and activities such as nuclear proliferation. The document provided few other details about the operations.
Stuxnet, a computer worm reportedly developed by the United States and Israel that destroyed Iranian nuclear centrifuges in attacks in 2009 and 2010, is often cited as the most dramatic use of a cyberweapon. Experts said no other known cyberattacks carried out by the United States match the physical damage inflicted in that case.
U.S. agencies define offensive cyber-operations as activities intended "to manipulate, disrupt, deny, degrade, or destroy information resident in computers or computer networks, or the computers and networks themselves," according to a presidential directive issued in October 2012.
Most offensive operations have immediate effects only on data or the proper functioning of an adversary's machine: slowing its network connection, filling its screen with static or scrambling the results of basic calculations. Any of those could have powerful effects if they caused an adversary to botch the timing of an attack, lose control of a computer or miscalculate locations.
U.S. intelligence services are making routine use around the world of government-built malware that differs little in function from the "advanced persistent threats" that U.S. officials attribute to China. The principal difference, U.S. officials told The Post, is that China steals U.S. corporate secrets for financial gain.
"The Department of Defense does engage" in computer network exploitation, according to an emailed statement from an NSA spokesman, whose agency is part of the Defense Department. "The department does ... not ... engage in economic espionage in any domain, including cyber."
The administration's cyber-operations sometimes involve what one budget document calls "field operations" abroad, commonly with the help of CIA operatives or clandestine military forces, "to physically place hardware implants or software modifications."
Much more often, an implant is coded entirely in software by an NSA group called Tailored Access Operations. As its name suggests, TAO builds attack tools that are custom-fitted to their targets.
The NSA unit's software engineers would rather tap into networks than individual computers because there are usually many devices on each network. Tailored Access Operations has software templates to break into common brands and models of "routers, switches and firewalls from multiple product vendor lines," according to one document describing its work.
The implants that TAO creates are intended to persist through software and equipment upgrades, to copy stored data, "harvest" communications and tunnel into other connected networks. This year TAO is working on implants that "can identify select voice conversations of interest within a target network and exfiltrate select cuts," or excerpts, according to one budget document. In some cases, a single compromised device opens the door to hundreds or thousands of others.
Of offensive operations conducted in 2011, the budget said, nearly three-quarters were against top-priority targets: Iran, Russia, China, North Korea, and activities such as nuclear proliferation. Documents say the $652 million project has placed "covert implants," malware transmitted in computers, routers and firewalls on tens of thousands of machines every year, with plans to expand numbers into the millions.
(c) 2013 ProQuest Information and Learning Company; All Rights Reserved.
[ Back To Technology News's Homepage ]