Inside TAO: Documents Reveal Top NSA Hacking Unit
By SPIEGEL Staff
The NSA's TAO hacking unit is
considered to be the intelligence agency's top secret weapon. It
maintains its own covert network, infiltrates computers around the world
and even intercepts shipping deliveries to plant back doors in
electronics ordered by those it is targeting.
In January 2010, numerous homeowners in San Antonio, Texas, stood
baffled in front of their closed garage doors. They wanted to drive to
work or head off to do their grocery shopping, but their garage door
openers had gone dead, leaving them stranded. No matter how many times
they pressed the buttons, the doors didn't budge. The problem primarily
affected residents in the western part of the city, around Military
Drive and the interstate highway known as Loop 410.
In the United States, a country of cars and commuters, the mysterious
garage door problem quickly became an issue for local politicians.
Ultimately, the municipal government solved the riddle. Fault for the
error lay with the United States' foreign intelligence service, the
National Security Agency, which has offices in San Antonio. Officials at
the agency were forced to admit that one of the NSA's radio antennas
was broadcasting at the same frequency as the garage door openers.
Embarrassed officials at the intelligence agency promised to resolve the
issue as quickly as possible, and soon the doors began opening again.
It was thanks to the garage door opener episode that Texans learned
just how far the NSA's work had encroached upon their daily lives. For
quite some time now, the intelligence agency has maintained a branch
with around 2,000 employees at Lackland Air Force Base, also in San
Antonio. In 2005, the agency took over a former Sony computer chip plant
in the western part of the city. A brisk pace of construction commenced
inside this enormous compound. The acquisition of the former chip
factory at Sony Place was part of a massive expansion the agency began
after the events of Sept. 11, 2001.
On-Call Digital Plumbers
One of the two main buildings at the former plant has since housed a
sophisticated NSA unit, one that has benefited the most from this
expansion and has grown the fastest in recent years -- the Office of
Tailored Access Operations, or TAO. This is the NSA's top operative unit
-- something like a squad of plumbers that can be called in when normal
access to a target is blocked.
According to internal NSA documents viewed by SPIEGEL, these on-call
digital plumbers are involved in many sensitive operations conducted by
American intelligence agencies. TAO's area of operations ranges from
counterterrorism to cyber attacks to traditional espionage. The
documents reveal just how diversified the tools at TAO's disposal have
become -- and also how it exploits the technical weaknesses of the IT
industry, from Microsoft to Cisco and Huawei, to carry out its discreet
and efficient attacks.
The unit is "akin to the wunderkind of the US intelligence
community," says Matthew Aid, a historian who specializes in the history
of the NSA. "Getting the ungettable" is the NSA's own description of
its duties. "It is not about the quantity produced but the quality of
intelligence that is important," one former TAO chief wrote, describing
her work in a document. The paper seen by SPIEGEL quotes the former unit
head stating that TAO has contributed "some of the most significant
intelligence our country has ever seen." The unit, it goes on, has
"access to our very hardest targets."
A Unit Born of the Internet
Defining the future of her unit at the time, she wrote that TAO
"needs to continue to grow and must lay the foundation for integrated
Computer Network Operations," and that it must "support Computer Network
Attacks as an integrated part of military operations." To succeed in
this, she wrote, TAO would have to acquire "pervasive, persistent access
on the global network." An internal description of TAO's
responsibilities makes clear that aggressive attacks are an explicit
part of the unit's tasks. In other words, the NSA's hackers have been
given a government mandate for their work. During the middle part of the
last decade, the special unit succeeded in gaining access to 258
targets in 89 countries -- nearly everywhere in the world. In 2010, it
conducted 279 operations worldwide.
Indeed, TAO specialists have directly accessed the protected networks of
democratically elected leaders
of countries. They infiltrated networks of European telecommunications
companies and gained access to and read mails sent over Blackberry's BES
email servers, which until then were believed to be securely encrypted.
Achieving this last goal required a "sustained TAO operation," one
document states.
This TAO unit is born of the Internet -- created in 1997, a time when
not even 2 percent of the world's population had Internet access and no
one had yet thought of Facebook, YouTube or Twitter. From the time the
first TAO employees moved into offices at NSA headquarters in Fort
Meade, Maryland, the unit was housed in a separate wing, set apart from
the rest of the agency. Their task was clear from the beginning -- to
work around the clock to find ways to hack into global communications
traffic.
Recruiting the Geeks
To do this, the NSA needed a new kind of employee. The TAO workers
authorized to access the special, secure floor on which the unit is
located are for the most part considerably younger than the average NSA
staff member. Their job is breaking into, manipulating and exploiting
computer networks, making them hackers and civil servants in one. Many
resemble geeks -- and act the part, too.
Indeed, it is from these very circles that the NSA recruits new hires
for its Tailored Access Operations unit. In recent years, NSA Director
Keith Alexander has made several appearances at major hacker conferences
in the United States. Sometimes, Alexander wears his military uniform,
but at others, he even dons jeans and a t-shirt in his effort to court
trust and a new generation of employees.
The recruitment strategy seems to have borne fruit. Certainly, few if
any other divisions within the agency are growing as quickly as TAO.
There are now TAO units in Wahiawa, Hawaii; Fort Gordon, Georgia; at the
NSA's outpost at Buckley Air Force Base, near Denver, Colorado; at its
headquarters in Fort Meade; and, of course, in San Antonio.
One trail also leads to Germany. According to a document dating from
2010 that lists the "Lead TAO Liaisons" domestically and abroad as well
as names, email addresses and the number for their "Secure Phone," a
liaison office is located near Frankfurt -- the European Security
Operations Center (ESOC) at the so-called "
Dagger Complex" at a US military compound in the Griesheim suburb of Darmstadt.
But it is the growth of the unit's Texas branch that has been
uniquely impressive, the top secret documents reviewed by SPIEGEL show.
These documents reveal that in 2008, the Texas Cryptologic Center
employed fewer than 60 TAO specialists. By 2015, the number is projected
to grow to 270 employees. In addition, there are another 85 specialists
in the "Requirements & Targeting" division (up from 13 specialists
in 2008). The number of software developers is expected to increase from
the 2008 level of three to 38 in 2015. The San Antonio office handles
attacks against targets in the Middle East, Cuba, Venezuela and
Colombia, not to mention Mexico, just 200 kilometers (124 miles) away,
where the government has fallen into the NSA's crosshairs.
No comments:
Post a Comment