Your Source for Leaks Around the World!

NSA Hacking Unit Remote Operations Center (ROC)

In Archive, Hacking, NSA, NSA Files, ROC, Surveillance, TAO on February 6, 2015 at 12:58 PM

nsa-roc

01/17/2015

h/t Jacob Appelbaum/Laura Poitras/SPIEGEL:

The men and women working for the Remote Operations Center (ROC), which uses the codename S321, at the agency’s headquarters in Fort Meade, Maryland, work on one of the NSA’s most crucial teams, the unit responsible for covert operations. S321 employees are located on the third floor of one of the main buildings on the NSA’s campus. In one report from the Snowden archive, an NSA man reminisces about how, when they got started, the ROC people were “just a bunch of hackers.” Initially, people worked “in a more ad hoc manner,” the report states. Nowadays, however, procedures are “more systematic”. Even before NSA management massively expanded the ROC group during the summer of 2005, the department’s motto was, “Your data is our data, your equipment is our equipment.”

NSA specialists at the Remote Operations Center (ROC) have an entire palette of digital skeleton keys and crowbars created by the Tailored Access Operations (TAO) unit, enabling access to even the best protected computer networks. They give their tools aggressive-sounding names, as though they were operating an app-store for cyber criminals: The implant tool “Hammerchant” allows the recording of Internet-based phone calls (VoIP). Foxacid allows agents to continually add functions to small malware programs even after they have been installed in target computers. The project’s logo is a fox that screams as it is dissolved in acid. The NSA has declined to comment on operational details but insists that it has not violated the law.

But as well developed as the weapons of digital war may be, there is a paradox lurking when it comes to breaking into and spying on third party networks: How can intelligence services be sure that they won’t become victims of their own methods and be infiltrated by private hackers, criminals or other intelligence services, for example?

To control their malware, the Remote Operation Center operatives remain connected to them via their own shadow network, through which highly sensitive telephone recordings, malware programs and passwords travel.

The incentive to break into this network is enormous. Any collection of VPN keys, passwords and backdoors is obviously of very high value. Those who possess such passwords and keys could theoretically pillage bank accounts, thwart military deployments, clone fighter jets and shut down power plants. It means nothing less than “global network dominance”.

As they are busy spying, the spies are spied on by other spies. In response, they routinely seek to cover their tracks or to lay fake ones instead. In technical terms, the ROC lays false tracks as follows: After third-party computers are infiltrated, the process of exfiltration can begin — the act of exporting the data that has been gleaned. But the loot isn’t delivered directly to ROC’s IP address. Rather, it is routed to a so-called Scapegoat Target. That means that stolen information could end up on someone else’s servers, making it look as though they were the perpetrators.

Before the data ends up at the Scapegoat Target, of course, the NSA intercepts and copies it using its mass surveillance infrastructure and sends it on to the ROC. But such cover-up tactics increase the risk of a controlled or uncontrolled escalation between the agencies involved.

REMOTE OPERATIONS CENTER (ROC) DOCS:

  1. Reblogged this on The Cryptosphere and commented:
    Meet the ROC Team and wonder how many of our headlines here are due to their “great success in its CNE, CNA and CND operations.”

  2. […] Hacking Unit Remote Operations Center (ROC) Originally posted on LeakSource:01/17/2015 h/t Jacob Appelbaum/Laura Poitras/SPIEGEL: The men and women working for the Remote […]

  3. […] NSA Hacking Unit Remote Operations Center (ROC) | LeakSource. […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: