TAO: The NSA’s Shadow Network…Insiders Guide…

These are the people who were “Hacked”…(A small part of the data consists of shellcode over 3 yrs old)…Who will be @ the Auction?

Could the whole thing be an “Experiment”?

Their motto is “Your data is our data, your equipment is our equipment – anytime, any place, by any (legal) means.”

The Office of Tailored Access Operations (TAO) is a cyber-warfare intelligence-gathering unit of the National Security Agency (NSA).

TAO identifies, monitors, infiltrates, and gathers intelligence on computer systems being used by entities foreign to the United States.

The NSA terms these activities “computer network exploitation”.

TAO is reportedly “now the largest and arguably the most important component of the NSA’s huge Signals Intelligence Directorate (SID) (SIGINT), consisting of more than 1,000 military and civilian computer hackers, intelligence analysts, targeting specialists, computer hardware and software designers, and electrical engineers.”

The TAO has developed an attack suite they call QUANTUM. It relies on a compromised router that duplicates internet traffic, typically HTTP requests, so that they go both to the intended target and to an NSA site (indirectly).

The insert method and other variants of QUANTUM are closely linked to a shadow network operated by the NSA alongside the Internet, with its own, well-hidden infrastructure comprised of “covert” routers and servers.

It appears the NSA also incorporates routers and servers from non-NSA networks into its covert network by infecting these networks with “implants” that then allow the government hackers to control the computers remotely.

In this way, the intelligence service seeks to identify and track its targets based on their digital footprints. These identifiers could include certain email addresses or website cookies set on a person’s computer. Of course, a cookie doesn’t automatically identify a person, but it can if it includes additional information like an email address.

In that case, a cookie becomes something like the web equivalent of a fingerprint.Once TAO teams have gathered sufficient data on their targets’ habits, they can shift into attack mode, programming the QUANTUM systems to perform this work in a largely automated way.

If a data packet featuring the email address or cookie of a target passes through a cable or router monitored by the NSA, the system sounds the alarm. It determines what website the target person is trying to access and then activates one of the intelligence service’s covert servers, known by the codename FOXACID.

This NSA server coerces the user into connecting to NSA covert systems rather than the intended sites. In the case of Belgacom engineers, instead of reaching the LinkedIn page they were actually trying to visit, they were also directed to FOXACID servers housed on NSA networks.

Undetected by the user, the manipulated page transferred malware already custom tailored to match security holes on the target person’s computer.The technique can literally be a race between servers, one that is described in internal intelligence agency jargon with phrases like: “Wait for client to initiate new connection,” “Shoot!” and “Hope to beat server-to-client response.” Like any competition, at times the covert network’s surveillance tools are “too slow to win the race.” Often enough, though, they are effective.

Implants with QUANTUMINSERT, especially when used in conjunction with LinkedIn, now have a success rate of over 50 percent, according to one internal document.Tapping Undersea CablesAt the same time, it is in no way true to say that the NSA has its sights set exclusively on select individuals.

Of even greater interest are entire networks and network providers, such as the fiber optic cables that direct a large share of global Internet traffic along the world’s ocean floors.One document labeled “top secret” and “not for foreigners” describes the NSA’s success in spying on the “SEA-ME-WE-4” cable system.

This massive underwater cable bundle connects Europe with North Africa and the Gulf states and then continues on through Pakistan and India, all the way to Malaysia and Thailand. The cable system originates in southern France, near Marseille. Among the companies that hold ownership stakes in it are France Telecom, now known as Orange and still partly government-owned, and Telecom Italia Sparkle.

The document proudly announces that, on Feb. 13, 2013, TAO “successfully collected network management information for the SEA-Me-We Undersea Cable Systems (SMW-4).” With the help of a “website masquerade operation,” the agency was able to “gain access to the consortium’s management website and collected Layer 2 network information that shows the circuit mapping for significant portions of the network.

“It appears the government hackers succeeded here once again using the QUANTUMINSERT method.The document states that the TAO team hacked an internal website of the operator consortium and copied documents stored there pertaining to technical infrastructure.

But that was only the first step. “More operations are planned in the future to collect more information about this and other cable systems,” it continues.But numerous internal announcements of successful attacks like the one against the undersea cable operator aren’t the exclusive factors that make TAO stand out at the NSA.

In contrast to most NSA operations, TAO’s ventures often require physical access to their targets. After all, you might have to directly access a mobile network transmission station before you can begin tapping the digital information it provides.Spying Traditions Live OnTo conduct those types of operations, the NSA works together with other intelligence agencies such as the CIA and FBI, which in turn maintain informants on location who are available to help with sensitive missions.

This enables TAO to attack even isolated networks that aren’t connected to the Internet. If necessary, the FBI can even make an agency-owned jet available to ferry the high-tech plumbers to their target. This gets them to their destination at the right time and can help them to disappear again undetected after as little as a half hour’s work.

NSA officials issued a statement saying, “Tailored Access Operations is a unique national asset that is on the front lines of enabling NSA to defend the nation and its allies.” The statement added that TAO’s “work is centered on computer network exploitation in support of foreign intelligence collection.” The officials said they would not discuss specific allegations regarding TAO’s mission.

Sometimes it appears that the world’s most modern spies are just as reliant on conventional methods of reconnaissance as their predecessors.

Take, for example, when they intercept shipping deliveries. If a target person, agency or company orders a new computer or related accessories, for example, TAO can divert the shipping delivery to its own secret workshops. The NSA calls this method interdiction.

At these so-called “load stations,” agents carefully open the package in order to load malware onto the electronics, or even install hardware components that can provide backdoor access for the intelligence agencies. All subsequent steps can then be conducted from the comfort of a remote computer.

These minor disruptions in the parcel shipping business rank among the “most productive operations” conducted by the NSA hackers, one top secret document relates in enthusiastic terms.

This method, the presentation continues, allows TAO to obtain access to networks “around the world.”

And yet , once again , someone left the backdoor open……

Via diggaman.net

 

 

 

 

 

 

 

Source:spiegel

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s