Skip to main content

NSA team spies, hacks to gather intelligence on targets, report says

By Dugald McConnell and Brian Todd, CNN
updated 7:17 AM EST, Tue December 31, 2013
  • NSA unit called Tailored Access Operations combines spying and hacking to track its targets
  • Techniques include installing spyware, setting up fake websites to gather usernames
  • TAO works "in support of foreign intelligence collection," an NSA spokeswoman says
  • German magazine reported on the group based on internal agency documents

(CNN) -- A top-secret National Security Agency team uses spyware and hacking to gather intelligence on targets, according to a new report based on internal agency documents.

According to Der Spiegel, a German magazine that published some of the documents, the unit's interception techniques are worthy of James Bond: intercepting a computer being shipped to a target and installing spyware before it is delivered; supplying an altered monitor cable that transmits everything on a computer's screen to the NSA; or planting a USB plug with a secret radio transmitter.

The unit, called Tailored Access Operations, also uses hacking in addition to spy craft. The most basic method involves phishing, sending an e-mail that lures a target into clicking on it and unknowingly downloading NSA spyware. More sophisticated techniques include identifying exploitable computer vulnerabilities by eavesdropping on a target's error messages; tracking a target's cookies to shadow their Internet use; and even surreptitiously diverting a target's web surfing to phony replica web pages of commonly used sites such as LinkedIn and Facebook.

Agents could use such fake sites both to see what a target is typing and to try to insert spyware on the target's computer, according to cybersecurity expert Michael Sutton at ZScaler, a California-based information technology security company.

"Now they have my username and password, they can get into my account and help them in other attacks," said Sutton. "But in this particular scenario, what they really want to do is infect my machine" by transferring malware to it.

"From an eavesdropping perspective, this is a gold mine," he said. "If I can 'own' your computer, if I can gain access to it and gain a foothold into it, now I have access to all of your secrets."

An NSA spokeswoman declined to discuss specific reports about the unit but said in a statement, "Tailored Access Operations (TAO) is a unique national asset that is on the front lines of enabling NSA to defend the nation and its allies."

She added that "its work is centered on computer network exploitation in support of foreign intelligence collection."

The documents in Der Spiegel named targets that were penetrated successfully, including Mexico's security service and an underwater communications cable network. In 2010, TAO counted 279 active operations worldwide.

"This is NSA's hacking organization," said Matthew Aid, who wrote a book about the NSA and said he has spoken to members or former members of the unit. "It's 1,600 men and women, military and civilians, average age mid-20s, maybe early 30s, so it's a very young, very tech-savvy organization."

The hackers focus on foreign militaries, governments and corporations, he said, and they are protected by multiple levels of secrecy.

"Cypher-locked doors. Retinal scanners. You have to have a special need-to-know clearance for access to the TAO spaces at NSA. And the people who work there can't talk to any other NSA employees about what they do and how they do it."

This report follows a string of revelations leaked by former NSA contractor Edward Snowden about privacy and spying, from the tracking of millions of overseas cell phones, to the monitoring of foreign leaders' phones, to the global bulk scanning of e-mails.

President Barack Obama commissioned a panel to review the NSA's tactics, and he is expected to address their findings in January.

According to the documents posted online by Der Spiegel, TAO programmers develop spyware to infiltrate everything from smartphones and computers to routers, servers, hard drives and firewalls to access global communications traffic. But there is no indication that the companies whose products were targeted, such as Samsung, Dell, and Cisco, cooperated with the NSA's spyware or were even aware of it.

"No commercially available security system can detect a bug implanted by TAO," said Aid. "That's its reputation."

Part of complete coverage on
Data mining & privacy
updated 10:25 AM EDT, Sun June 23, 2013
He's a high-school dropout who worked his way into the most secretive computers in U.S. intelligence as a defense contractor.
updated 8:26 AM EDT, Thu May 29, 2014
Traitor or patriot? Low-level systems analyst or highly trained spy?
updated 3:27 PM EDT, Thu May 29, 2014
What are the takeaways from Snowden's NBC interview? You might be surprised.
updated 7:52 AM EDT, Fri April 18, 2014
Months after accepting asylum in Russia, Snowden asked Putin about Moscow's own surveillance practices.
updated 12:43 PM EDT, Wed March 12, 2014
A federal judge has refused the Obama administration's request to extend storage of classified NSA telephone surveillance data beyond the current five-year limit.
updated 8:44 PM EDT, Sun March 9, 2014
From his sanctuary in the Ecuadorian embassy in London, Julian Assange said that everyone in the world will be just as effectively monitored soon -- at least digitally.
updated 8:39 PM EDT, Mon March 10, 2014
In a rare public talk via the Web, fugitive NSA leaker Edward Snowden urged a tech conference audience to help "fix" the U.S. government's surveillance of its citizens.
updated 11:55 PM EDT, Thu August 1, 2013
The White House is "very disappointed" that National Security Agency leaker Edward Snowden has been granted temporary asylum in Russia.
updated 8:57 AM EST, Tue December 10, 2013
Spies with surveillance agencies in the U.S. and U.K. infiltrated video games like "World of Warcraft" in a hunt for terrorists "hiding in plain sight" online.
updated 7:39 AM EDT, Fri August 2, 2013
Bradley Manning and Edward Snowden both held jobs that gave them access to some of their country's most secret and sensitive intelligence. They chose to share that material with the world and are now paying for it.
updated 10:35 AM EDT, Thu August 1, 2013
The NSA's controversial intelligence-gathering programs have prevented 54 terrorist attacks around the world, including 13 in the United States.
updated 2:54 PM EDT, Thu August 1, 2013
You've never heard of XKeyscore, but it definitely knows you. The National Security Agency's top-secret program essentially makes available everything you've ever done on the Internet.
updated 9:04 AM EDT, Sun August 18, 2013
You may have never heard of Lavabit and Silent Circle. That's because they offered encrypted (secure) e-mail services, something most Americans have probably never thought about needing.
updated 2:54 PM EDT, Wed July 24, 2013
"Any analyst at any time can target anyone. Any selector, anywhere ... I, sitting at my desk, certainly had the authorities to wiretap anyone."
updated 9:56 AM EDT, Tue July 2, 2013
President Barack Obama responds to outrage by European leaders over revelations of alleged U.S. spying.
updated 3:54 PM EDT, Fri August 29, 2014
Browse through a history of high-profile intelligence leaking cases.
updated 10:37 AM EDT, Tue July 2, 2013
Former President George W. Bush talks Snowden, AIDS, Mandela and his legacy.
updated 9:04 AM EDT, Wed June 26, 2013
Edward Snowden took a job with an NSA contractor in order to gather evidence about U.S. surveillance programs.
updated 6:47 AM EDT, Wed June 19, 2013
With reports of NSA snooping, many people have started wondering about their personl internet security.
updated 9:52 AM EDT, Wed August 14, 2013
Click through our gallery to learn about other major leaks and what happened in the aftermath.
updated 4:02 PM EDT, Sun June 9, 2013
What really goes on inside America's most secretive agency? CNN's Chris Lawrence reports.