The TAO of NSA

In last week’s reports, it has been pointed out that NSA has its own hacking unit called Tailored Access Operations (TAO), and that its capabilities have been tapped for hunting down Osama bin Laden.

Reporters Barton Gellman and Ellen Nakashima followed up with a extensive piece about TAO and the US agencies’ other specialist groups such as GENIE, whose goal is to break into foreign networks and put them under US control.

And while in the past the US concentrate more on cyber defense, this is not longer the case. “The documents provided by Snowden and interviews with former US officials describe a campaign of computer intrusions that is far broader and more aggressive than previously understood,” say the reporters.

According to the budget report made public on Friday, 231 offensive operations were conducted in 2011, mostly against top-priority targets such as Iran, Russia, China and North Korea.

And according to a presidential directive issued last year, their aim is “to manipulate, disrupt, deny, degrade, or destroy information resident in computers or computer networks, or the computers and networks themselves.”

Looking at it like that, there is little difference between the US offensive hacking operations and those perpetrated by China – except that the US Department of Defense supposedly does not engage in economic espionage.

Whether you believe that or not, the fact remains that they can. TAO operatives are capable and do create custom attack tools for different targets, compromise networking equipment in order to gain access to all the devices on them and exfiltrate data from them, plant backdoors on these networks, and so on.

According to documents provided by Edward Snowden, the US has, thusly, gained a foothold into some 85,000 strategically chosen machines around the world – but has yet to take advantage of the access on most of them because they don’t have enough human operators.

This is set to change in the future, as an automated system dubbed TURBINE will be able to take over for them and marshal the gathering of intelligence from these compromised machines.

TAO’s best operatives are located at NSA’a headquarters at Fort Meade and four regional centers located around the US, but the main office is the ROC – the Remote Operations Center – or, as a source calls it, a “one-stop shop for any kind of active operation that’s not defensive.”

The (reportedly) 600 people strong TAO might be the unit that generated Stuxnet and Flame, but the NSA does not rely only on these operatives to come up with attack tools and software vulnerabilities that can be exploited – it also buys the from private vendors mostly based in Europe.

“Teams from the FBI, the CIA and U.S. Cyber Command work alongside the ROC, with overlapping missions and legal authorities. So do the operators from the NSA’s National Threat Operations Center, whose mission is focused primarily on cyber­defense,” the reporters also shared. “That was Snowden’s job as a Booz Allen Hamilton contractor, and it required him to learn the NSA’s best hacking techniques.”

According to the recent cyber operations budget, only a third of it goes to cyber defense efforts. The rest is needed for cyber offense. Obviously, the US government believes that the best defense is a good offense.

Don't miss