Your Source for Leaks Around the World!

Codename GENIE: NSA to Control 85,000 “Implants” in Strategically Chosen Machines Around the World by Year End

In Archive, CIA, Hacking, Malware, NSA, NSA Files, TAO on August 31, 2013 at 9:57 PM

GENIE

08/30/2013

Barton Gellman/Ellen Nakashima/WashingtonPost:

U.S. intelligence services carried out 231 offensive cyber-operations in 2011, the leading edge of a clandestine campaign that embraces the Internet as a theater of spying, sabotage and war, according to top-secret documents obtained by The Washington Post.

That disclosure, in a classified intelligence budget provided by NSA leaker Edward Snowden, provides new evidence that the Obama administration’s growing ranks of cyberwarriors infiltrate and disrupt foreign computer networks.

Additionally, under an extensive effort code-named GENIE, U.S. computer specialists break into foreign networks so that they can be put under surreptitious U.S. control. Budget documents say the $652 million project has placed “covert implants,” sophisticated malware transmitted from far away, in computers, routers and firewalls on tens of thousands of machines every year, with plans to expand those numbers into the millions.

Of the 231 offensive operations conducted in 2011, the budget said, nearly three-quarters were against top-priority targets, which former officials say includes adversaries such as Iran, Russia, China and North Korea and activities such as nuclear proliferation. The document provided few other details about the operations.

The administration’s cyber-operations sometimes involve what one budget document calls “field operations” abroad, commonly with the help of CIA operatives or clandestine military forces, “to physically place hardware implants or software modifications.”

Much more often, an implant is coded entirely in software by an NSA group called Tailored Access Operations (TAO). As its name suggests, TAO builds attack tools that are custom-fitted to their targets.

The NSA unit’s software engineers would rather tap into networks than individual computers because there are usually many devices on each network. Tailored Access Operations has software templates to break into common brands and models of “routers, switches and firewalls from multiple product vendor lines,” according to one document describing its work.

The implants that TAO creates are intended to persist through software and equipment upgrades, to copy stored data, “harvest” communications and tunnel into other connected networks. This year TAO is working on implants that “can identify select voice conversations of interest within a target network and exfiltrate select cuts,” or excerpts, according to one budget document. In some cases, a single compromised device opens the door to hundreds or thousands of others.

By the end of this year, GENIE is projected to control at least 85,000 implants in strategically chosen machines around the world. That is quadruple the number — 21,252 — available in 2008, according to the U.S. intelligence budget.

The NSA appears to be planning a rapid expansion of those numbers, which were limited until recently by the need for human operators to take remote control of compromised machines. Even with a staff of 1,870 people, GENIE made full use of only 8,448 of the 68,975 machines with active implants in 2011.

For GENIE’s next phase, according to an authoritative reference document, the NSA has brought online an automated system, code-named TURBINE, that is capable of managing “potentially millions of implants” for intelligence gathering “and active attack.”

When it comes time to fight the cyberwar against the best of the NSA’s global competitors, the TAO calls in its elite operators, who work at the agency’s Fort Meade headquarters and in regional operations centers in Georgia, Texas, Colorado and Hawaii. The NSA’s organizational chart has the main office as S321. Nearly everyone calls it “the ROC,” pronounced “rock”: the Remote Operations Center.

“To the NSA as a whole, the ROC is where the hackers live,” said a former operator from another section who has worked closely with the exploitation teams. “It’s basically the one-stop shop for any kind of active operation that’s not defensive.”

Once the hackers find a hole in an adversary’s defense, “[t]argeted systems are compromised electronically, typically providing access to system functions as well as data. System logs and processes are modified to cloak the intrusion, facilitate future access, and accomplish other operational goals,” according to a 570-page budget blueprint for what the government calls its Consolidated Cryptologic Program, which includes the NSA.

Teams from the FBI, the CIA and U.S. Cyber Command work alongside the ROC, with overlapping missions and legal authorities. So do the operators from the NSA’s National Threat Operations Center, whose mission is focused primarily on cyber­defense. That was Snowden’s job as a Booz Allen Hamilton contractor, and it required him to learn the NSA’s best hacking techniques.

The NSA designs most of its own implants, but it devoted $25.1 million this year to “additional covert purchases of software vulnerabilities” from private malware vendors, a growing gray-market industry based largely in Europe.

The “most challenging targets” to penetrate are the same in cyber-operations as for all other forms of data collection described in the intelligence budget: Iran, North Korea, China and Russia. GENIE and ROC operators place special focus on locating suspected terrorists “in Afghanistan, Pakistan, Yemen, Iraq, Somalia, and other extremist safe havens,” according to one list of priorities.

Related Link: Digital “Sleeper Cells”: NSA Infects More Than 50,000 Computer Networks Worldwide With Malware “Implants”

  1. […] Related Link: Codename GENIE: NSA to Control 85,000 “Implants” in Strategically Chosen Machines Around the Wor… […]

  2. […] in de infrastructuur van het web, waar beveiliging niet bijzonder waterdicht is. Het NSA-programma Genie lijkt het vooral gemunt te hebben op netwerken om de communicatielijnen te kunnen volgen en te […]

  3. […] for these projects is the TAO (Tailored Access Operation) in charge of aggressive operations. According to the Washington Post, by the end of 2013, the GENIE programme will have remote control of 85,000 spyware devices in […]

  4. […] thousand hackers. As recently as August 2013, the Washington Post published articles about these NSA-TAO cyber operations. In these articles The Washington Post reported that the NSA installed an estimated 20,000 […]

  5. […] thousand hackers. As recently as August 2013, the Washington Post published articles about these NSA-TAO cyber operations. In these articles The Washington Post reported that the NSA installed an estimated 20,000 […]

  6. […] Leaksource calls itself the “#1 source for leaks around the world.” Last August, it headlined “Codename GENIE: NSA to Control 85,000 ‘Implants’ in Strategically Chosen Machines Around the World by Year End,” saying: […]

  7. […] Leaksource calls itself the “#1 source for leaks around the world.” Last August, it headlined “Codename GENIE: NSA to Control 85,000 ‘Implants’ in Strategically Chosen Machines Around the World by Year End,” saying: […]

  8. […] plan for the US intelligence services, around 85,000 computers worldwide are projected to be infiltrated by the NSA specialists by the end of this year. By far the majority of these […]

  9. […] Earlier reports based on the Snowden files indicate that the NSA has already deployed between 50,000 and 85,000 of its implants against computers and networks across the world, with plans to keep on scaling up those numbers. […]

  10. […] targets or steal data (Figure 18). Several times a year, the spy club tries to take control of as many machines as possible, as long as they are […]

  11. […] Codename GENIE: NSA to Control 85,000 “Implants” in Strategically Chosen Machines Around the Wor… […]

  12. […] Excerpt from the secret NSA budget on computer network operations / Code word GENIE (2MB) (See: Codename GENIE: NSA to Control 85,000 “Implants” in Strategically Chosen Machines Around the Wor…) […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: