- NSA unit called Tailored Access Operations combines spying and hacking to track its targets
- Techniques include installing spyware, setting up fake websites to gather usernames
- TAO works "in support of foreign intelligence collection," an NSA spokeswoman says
- German magazine reported on the group based on internal agency documents
A top-secret National Security Agency team uses spyware and hacking to gather intelligence on targets, according to a new report based on internal agency documents.
According to Der Spiegel, a German magazine that published some of the documents, the unit's interception techniques are worthy of James Bond: intercepting a computer being shipped to a target and installing spyware before it is delivered; supplying an altered monitor cable that transmits everything on a computer's screen to the NSA; or planting a USB plug with a secret radio transmitter.
The unit, called Tailored Access Operations, also uses hacking in addition to spy craft. The most basic method involves phishing, sending an e-mail that lures a target into clicking on it and unknowingly downloading NSA spyware. More sophisticated techniques include identifying exploitable computer vulnerabilities by eavesdropping on a target's error messages; tracking a target's cookies to shadow their Internet use; and even surreptitiously diverting a target's web surfing to phony replica web pages of commonly used sites such as LinkedIn and Facebook.
Agents could use such fake sites both to see what a target is typing and to try to insert spyware on the target's computer, according to cybersecurity expert Michael Sutton at ZScaler, a California-based information technology security company.
"Now they have my username and password, they can get into my account and help them in other attacks," said Sutton. "But in this particular scenario, what they really want to do is infect my machine" by transferring malware to it.
"From an eavesdropping perspective, this is a gold mine," he said. "If I can 'own' your computer, if I can gain access to it and gain a foothold into it, now I have access to all of your secrets."
An NSA spokeswoman declined to discuss specific reports about the unit but said in a statement, "Tailored Access Operations (TAO) is a unique national asset that is on the front lines of enabling NSA to defend the nation and its allies."
She added that "its work is centered on computer network exploitation in support of foreign intelligence collection."
The documents in Der Spiegel named targets that were penetrated successfully, including Mexico's security service and an underwater communications cable network. In 2010, TAO counted 279 active operations worldwide.
"This is NSA's hacking organization," said Matthew Aid, who wrote a book about the NSA and said he has spoken to members or former members of the unit. "It's 1,600 men and women, military and civilians, average age mid-20s, maybe early 30s, so it's a very young, very tech-savvy organization."
The hackers focus on foreign militaries, governments and corporations, he said, and they are protected by multiple levels of secrecy.
"Cypher-locked doors. Retinal scanners. You have to have a special need-to-know clearance for access to the TAO spaces at NSA. And the people who work there can't talk to any other NSA employees about what they do and how they do it."
This report follows a string of revelations leaked by former NSA contractor Edward Snowden about privacy and spying, from the tracking of millions of overseas cell phones, to the monitoring of foreign leaders' phones, to the global bulk scanning of e-mails.
President Barack Obama commissioned a panel to review the NSA's tactics, and he is expected to address their findings in January.
According to the documents posted online by Der Spiegel, TAO programmers develop spyware to infiltrate everything from smartphones and computers to routers, servers, hard drives and firewalls to access global communications traffic. But there is no indication that the companies whose products were targeted, such as Samsung, Dell, and Cisco, cooperated with the NSA's spyware or were even aware of it.
"No commercially available security system can detect a bug implanted by TAO," said Aid. "That's its reputation."