The NSA Is Building the Country’s Biggest Spy Center (Watch What
You Say)
[Excerpts of excellent NSA overview to focus on the MRF decryption facility.]
When Barack Obama took office, Binney hoped the new administration might
be open to reforming the program to address his constitutional concerns.
He and another former senior NSA analyst, J. Kirk Wiebe, tried to bring the
idea of an automated warrant-approval system to the attention of the Department
of Justice’s inspector general. They were given the brush-off. “They
said, oh, OK, we can’t comment,” Binney says.
Sitting in a restaurant not far from NSA headquarters, the place where he
spent nearly 40 years of his life, Binney held his thumb and forefinger close
together. “We are, like, that far from a turnkey totalitarian state,”
he says.
There is still one technology preventing untrammeled government access to
private digital data: strong encryption. Anyone—from terrorists and
weapons dealers to corporations, financial institutions, and ordinary email
senders—can use it to seal their messages, plans, photos, and documents
in hardened data shells. For years, one of the hardest shells has been the
Advanced Encryption Standard, one of several algorithms used by much of the
world to encrypt data. Available in three different strengths—128 bits,
192 bits, and 256 bits—it’s incorporated in most commercial email
programs and web browsers and is considered so strong that the NSA has even
approved its use for top-secret US government communications. Most experts
say that a so-called brute-force computer attack on the algorithm—trying
one combination after another to unlock the encryption—would likely
take longer than the age of the universe. For a 128-bit cipher, the number
of trial-and-error attempts would be 340 undecillion (1036).
Breaking into those complex mathematical shells like the AES is one of the
key reasons for the construction going on in Bluffdale. That kind of
cryptanalysis requires two major ingredients: super-fast computers to conduct
brute-force attacks on encrypted messages and a massive number of those messages
for the computers to analyze. The more messages from a given target, the
more likely it is for the computers to detect telltale patterns, and Bluffdale
will be able to hold a great many messages. “We questioned it one
time,” says another source, a senior intelligence manager who was also
involved with the planning. “Why were we building this NSA facility?
And, boy, they rolled out all the old guys—the crypto guys.” According
to the official, these experts told then-director of national intelligence
Dennis Blair, “You’ve got to build this thing because we just
don’t have the capability of doing the code-breaking.” It was a
candid admission. In the long war between the code breakers and the code
makers—the tens of thousands of cryptographers in the worldwide computer
security industry—the code breakers were admitting defeat.
So the agency had one major ingredient—a massive data storage
facility—under way. Meanwhile, across the country in Tennessee, the
government was working in utmost secrecy on the other vital element: the
most powerful computer the world has ever known.
The plan was launched in 2004 as a modern-day Manhattan Project. Dubbed the
High Productivity Computing Systems program, its goal was to advance computer
speed a thousandfold, creating a machine that could execute a quadrillion
(1015) operations a second, known as a petaflop—the computer equivalent
of breaking the land speed record. And as with the Manhattan Project, the
venue chosen for the supercomputing program was the town of Oak Ridge in
eastern Tennessee, a rural area where sharp ridges give way to low, scattered
hills, and the southwestward-flowing Clinch River bends sharply to the southeast.
About 25 miles from Knoxville, it is the “secret city” where uranium-
235 was extracted for the first atomic bomb. A sign near the exit read: what
you see here, what you do here, what you hear here, when you leave here,
let it stay here. Today, not far from where that sign stood, Oak Ridge is
home to the Department of Energy’s Oak Ridge National Laboratory, and
it’s engaged in a new secret war. But this time, instead of a bomb of
almost unimaginable power, the weapon is a computer of almost unimaginable
speed.
In 2004, as part of the supercomputing program, the Department of Energy
established its Oak Ridge Leadership Computing Facility for multiple agencies
to join forces on the project. But in reality there would be two tracks,
one unclassified, in which all of the scientific work would be public, and
another top-secret, in which the NSA could pursue its own computer covertly.
“For our purposes, they had to create a separate facility,” says
a former senior NSA computer expert who worked on the project and is still
associated with the agency. (He is one of three sources who described the
program.) It was an expensive undertaking, but one the NSA was desperate
to launch.
Known as the Multiprogram Research Facility, or Building 5300, the $41 million,
five-story, 214,000-square-foot structure was built on a plot of land on
the lab’s East Campus and completed in 2006. Behind the brick walls
and green-tinted windows, 318 scientists, computer engineers, and other staff
work in secret on the cryptanalytic applications of high-speed computing
and other classified projects. The supercomputer center was named in honor
of George R. Cotter, the NSA’s now-retired chief scientist and head
of its information technology program. Not that you’d know it.
“There’s no sign on the door,” says the ex-NSA computer expert.
At the DOE’s unclassified center at Oak Ridge, work progressed at a
furious pace, although it was a one-way street when it came to cooperation
with the closemouthed people in Building 5300. Nevertheless, the unclassified
team had its Cray XT4 supercomputer upgraded to a warehouse-sized XT5. Named
Jaguar for its speed, it clocked in at 1.75 petaflops, officially becoming
the world’s fastest computer in 2009.
1 Geostationary satellites
Four satellites positioned around the globe monitor frequencies carrying
everything from walkie-talkies and cell phones in Libya to radar systems
in North Korea. Onboard software acts as the first filter in the collection
process, targeting only key regions, countries, cities, and phone numbers
or email.
2 Aerospace Data Facility, Buckley Air Force Base, Colorado
Intelligence collected from the geostationary satellites, as well as signals
from other spacecraft and overseas listening posts, is relayed to this facility
outside Denver. About 850 NSA employees track the satellites, transmit target
information, and download the intelligence haul.
3 NSA Georgia, Fort Gordon, Augusta, Georgia
Focuses on intercepts from Europe, the Middle East, and North Africa. Codenamed
Sweet Tea, the facility has been massively expanded and now consists of a
604,000-square-foot operations building for up to 4,000 intercept operators,
analysts, and other specialists.
4 NSA Texas, Lackland Air Force Base, San Antonio
Focuses on intercepts from Latin America and, since 9/11, the Middle East
and Europe. Some 2,000 workers staff the operation. The NSA recently completed
a $100 million renovation on a mega-data center here—a backup storage
facility for the Utah Data Center.
5 NSA Hawaii, Oahu
Focuses on intercepts from Asia. Built to house an aircraft assembly plant
during World War II, the 250,000-square-foot bunker is nicknamed the Hole.
Like the other NSA operations centers, it has since been expanded: Its 2,700
employees now do their work aboveground from a new 234,000-square-foot facility.
6 Domestic listening posts
The NSA has long been free to eavesdrop on international satellite
communications. But after 9/11, it installed taps in US telecom
“switches,” gaining access to domestic traffic. An ex-NSA official
says there are 10 to 20 such installations.
7 Overseas listening posts
According to a knowledgeable intelligence source, the NSA has installed taps
on at least a dozen of the major overseas communications links, each capable
of eavesdropping on information passing by at a high data rate.
8 Utah Data Center, Bluffdale, Utah
At a million square feet, this $2 billion digital storage facility outside
Salt Lake City will be the centerpiece of the NSA’s cloud-based data
strategy and essential in its plans for decrypting previously uncrackable
documents.
9 Multiprogram Research Facility, Oak Ridge, Tennessee Some 300 scientists and computer engineers with top security clearance
toil away here, building the world’s fastest supercomputers and working
on cryptanalytic applications and other secret projects.
10 NSA headquarters, Fort Meade, Maryland
Analysts here will access material stored at Bluffdale to prepare reports
and recommendations that are sent to policymakers. To handle the increased
data load, the NSA is also building an $896 million supercomputer here.
http://www.heery.com/portfolio/oak-ridge-national-laboratory.aspx?service=5
Oak Ridge National Laboratory - Multi-Program Research Facility
Oak Ridge, Tennessee
The Department of Energy (DOE) complex at Oak Ridge required the creation
of a state of the art, large-scale, secure science and technology facility
that would provide the appropriate infrastructure and environment to both
integrate and consolidate multidisciplinary scientific capabilities for defense
and homeland security activities. The Heery-designed and constructed
Multi-Program Research Facility (MPRF) provides facilities for research and
development activities in non-proliferation research, training and operations;
cyber security research and development; geospatial analysis; inorganic membrane
research and prototyping; and myriad other activities.
Based on Heery’s previous successful work with ORNL as part of a third-party
development team, ORNL tapped the Keenan team to serve as its developer for
the MPRF, with Heery in the role of design-builder.
The MPRF contains 218,000 SF of office and laboratory space. This highly
secure building plays a key role in delivering the science and technology
needed to protect homeland and national security. In addition, Heery
International continues to work on various new assignments on the ORNL campus.
The goal was to develop cutting-edge facilities designed for sustainability
and energy efficiency. Heery guided ORNL and the development team in delivering
facilities to showcase energy and water efficiency and renewable energy
improvements. With Heery’s assistance, ORNL now has the most LEED-certified
space in the entire DOE system, having attained LEED certification for the
firm’s earlier project, the East Campus Complex, and LEED Gold certification
for the MPRF, which is the first LEED Gold facility on the ORNL campus.
Following images from bing.com/maps
The MRF is at upper left.
Overview
Location: Oak Ridge, TN
Building type(s): Other, Laboratory, Commercial office
New construction
195,000 ft2 (18,100 m2)
Project scope: 5-story building
Rural setting
Completed October 2006
Rating: U.S. Green Building Council LEED-NC, v.2/v.2.1--Level: Gold (39 points)
The Multiprogram Research Facility (MRF) was implemented through a design-build
contract, but is a complex mixture of labs and offices that have stringent
operational, security, and environmental and energy requirements. The program
was highly developed and has detailed technical parameters that could not
be compromised.
Environmental Aspects
The building's vertical orientation minimized its footprint on the landscape.
Using native, drought-resistant plants in the landscape obviated the need
for irrigation. This, along with the use of low-flow plumbing fixtures, reduced
potable water usage by approximately 34%.
The building was projected to use 25% less energy than that of a comparable
facility built in minimal compliance with code. A hybrid solar lighting system
with rooftop solar collectors was installed to test the feasibility of using
fiber optics for natural lighting.
The project team preferred materials with recycled content and those that
were manufactured regionally. The team also recycled construction waste wherever
possible.
Owner & Occupancy
Owned by Keenan Development Associates, LLC, Corporation, for-profit
Occupants: Federal government
Typically occupied by 318 people, 40 hours per person per week
Expected Building Service Life: 35 years
Building Programs
Indoor Spaces:
Other (43%), Office (18%), Laboratory (14%), Conference (6%), Data processing
(6%), Mechanical systems (3%), Retail general (3%), Public assembly (2%),
Restrooms (2%), Lobby/reception (2%), Cafeteria, Circulation, Gymnasium,
Electrical systems
27 January 2014. Add 47 pages to NBC News. Tally now *1,057 pages (~1.8%)
of reported 58,000 files. DoD claims 1,700,000 files (~.0062% of that
released).
27 January 2014. Add 18 pages to Anonymous via New York Times.
16 January 2014. Add 8 pages to The Guardian.
* 14 January 2014. Add 21 pages to Information.dk (duplicate).
* 13 January 2014. Add 4 pages to Information.dk (duplicate).
Related Snowden Document and Page Count Assessment:
http://cryptome.org/2014/01/snowden-count.htm
* 5 January 2014. Add 16 pages to Der Spiegel (30 December 2013. No source
given for NSA docs). Tally now *962 pages (~1.7%) of reported 58,000. NSA
head claims 200,000 (~.50% of that released).
4 January 2014. The source was not identified for *133 pages published
by Der Spiegel and Jacob Appelbaum in late December 2013. They are included
here but have not been confirmed as provided by Edward Snowden. Thanks to
post by
Techdirt.
Glenn Greenwald tweeted:
Glenn Greenwald @ggreenwald, 8:05 AM - 29 Dec 13
@Cryptomeorg @ioerror I had no involvement in that Spiegel article, ask them
- and they don't say those are Snowden docs.
Matt Blaze tweeted, 11:24 AM - 2 Jan 14
matt blaze @mattblaze
If there are other sources besides Snowden, I hope journalists getting docs
are careful to authenticate them (& disclose uncertainty).
3 January 2014. Add 13 pages to Washington Post.
3 January 2014. See also EFF, ACLU and LeakSource accounts:
https://www.eff.org/deeplinks/2013/11/nsa-spying-primary-sources https://www.aclu.org/nsa-documents-released-public-june-2013 http://leaksource.wordpress.com/
2 January 2014. Add 1 page to Washington Post published 10 July 2013.
* 31 December 2013. Add 16 pages to Der Spiegel.
* 30 December 2013. Add 50 pages of NSA ANT Catalog by Jacob Appelbaum (no
source given for NSA docs).
* 30 December 2013. Add 21 pages from 30C3 video by Jacob Appelbaum (no source
given for NSA docs).
* 30 December 2013. Add 42 pages (8 duplicates) to Der Spiegel (no source
given for NSA docs).
* 29 December 2013. Add 4 pages to Der Spiegel (no source given for NSA docs).
24 December 2013. Add 2 pages to Washington Post.
23 December 2013
http://www.adn.com/2013/12/22/3243451/pincus-snowden-still-has-a-road.html
We've yet to see the full impact of former National Security Agency contractor
Edward Snowden's unauthorized downloading of highly classified intelligence
documents.
Among the roughly 1.7 million documents he walked away with -- the vast majority
of which have not been made public -- are highly sensitive, specific intelligence
reports, as well as current and historic requirements the White House has
given the agency to guide its collection activities, according to a senior
government official with knowledge of the situation.
The latter category involves about 2,000 unique taskings that can run to
20 pages each and give reasons for selective targeting to NSA collectors
and analysts. These orders alone may run 31,500 pages.
13 December 2013. Add 26 pages to Trojkan (SVT). Tally now 797 pages (~1.4%)
of reported 58,000. NSA head claims 200,000 (~.40% of that released). Australia
press reports "up to 20,000 Aussie files."
Rate of release over 6 months, 132.8 pages per month, equals 436 months to
release 58,000, or 36.3 years. Thus the period of release has decreased in
the past month from 42 years.
12 December 2013. Belatedly add 27 pages to Guardian and 18 pages to Washington
Post.
3 November 2013
47 42 Years to Release Snowden Documents
Out of reported 50,000 pages (or files, not clear which), about
446 514 pages (>1% 1%) have been released
over 5 months beginning June 5, 2012. At this rate, 89 100
pages per month, it will take 47 42 years for full release.
Snowden will be 77 72 years old, his reporters hoarding
secrets all dead.
NY
Times, 3 November 2013:
Whatever reforms may come, Bobby R. Inman, who weathered his own turbulent
period as N.S.A. director from 1977 to 1981, offers his hyper-secret former
agency a radical suggestion for right now. “My advice would be to take
everything you think Snowden has and get it out yourself,” he said.
“It would certainly be a shock to the agency. But bad news doesn’t
get better with age. The sooner they get it out and put it behind them, the
faster they can begin to rebuild.”
Outlet
Pages
The Guardian
273
Washington Post
216
Der Spiegel
* 97
O Globo Fantastico
~87
New York Times
Anonymous
118 (82 joint)
18
ProPublica
89 (82 joint)
Le Monde
20
Dagbladet
13
NRC Handelsblad
4
Huffington Post
3
CBC
9
The Globe and Mail
18
SVT
2
L'Espresso
3
Trojkan (SVT)
29
Jacob Appelbaum
* 71
Information.dk
22*
Anonymous/New York Times
18
NBC News
47
Timeline of releases:
27 January 2014. Add 47 pages to NBC News.
27 January 2014. Add 18 pages to Anonymous.
16 January 2014. Add 8 pages to The Guardian.
* 14 January 2014. Add 21 pages to Information.dk (duplicate).
* 13 January 2014. Add 4 pages to Information.dk (duplicate).
3 January 2014. Add 13 pages to Washington Post.
2 January 2014. Add 1 page to Washington Post published 10 July 2013.
* 31 December 2013. Add 16 pages to Der Spiegel.
* 30 Decebmer 2013. Add 50 pages of NSA ANT Catalog by Jacob Appelbaum.
* 30 December 2013. Add 21 pages from 30C3 video by Jacob Appelbaum.
* 30 December 2013. Add 16 pages to Der Spiegel.
* 30 December 2013. Add 42 pages to Der Spiegel.
* 29 December 2013. Add 4 pages to Der Spiegel.
24 December 2013. Add 2 pages to Washington Post.
13 December 2013. Add 26 pages to Trojkan (SVT).
12 December 2013. Belatedly add 27 pages to Guardian and 18 pages to Washington
Post.
11 December 2013. Belatedly add 25 pages to Guardian.
11 December 2013. Belatedly add 74 pages to Washington Post.
10 December 2013. Add 2 pages to CBC.
10 December 2013. Add 4 pages to CBC (duplicate of previous source).
9 December 2013. Add 3 pages to Trojkan. Add 2 pages to Guardian. Add 82
pages to New York Times and ProPublica (joint).
6 December 2013. Add 3 pages to L'Espresso.
5 December 2013. Add 2 pages to SVT (Swedish TV).
5 December 2013. Add 1 page to Washington Post.
4 December 2013. Add 3 pages to Washington Post.
2 December 2013. Add 3 pages to CBC.
30 November 2013. Add 18 pages to The Globe and Mail.
30 November 2013. Add 3 pages to NRC Handelsblad.
29 November 2013. Add 1 page to CBC.
27 November 2013. Add 3 pages to Huffington Post.
26 November 2013. Add 4 pages to Washington Post.
23 November 2013. Add 1 page to NRC Handelsblad.
23 November 2013. Add 5 pages to New York Times.
22 November 2013. Add 10 pages to Dagbladet.
18 November 2013. Add 6 pages to The Guardian.
17 November 2013. Add two images to Der Spiegel.
4 November 2013. Add 14 pages to Washington Post.
3 November 2013. A reports an additional 54 slides for O Globo Petrobas.
3 November 2013. Add 22 pages to New York Times.
2 November 2013. Add 13 pages to Guardian, 11 are duplicates.
31 October 2013. Add 4 pages to Washington Post.
29 October 2013. Add 3 pages to Der Spiegel
27 October 2013. Add 2 pages to Der Spiegel.
25 October 2013. Add 4 pages to Le Monde.
22 October 2013. Add 5 pages to Le Monde.
21 October 2013. Add 11 pages to Le Monde, 8 are duplicates.
20 October 2013. Add 1 page to Der Spiegel.
13 October 2013. Add 4, 7 and 9 pages to Washington Post.
8 October 2013. Add 7 pages to O Globo: CSE spying on Brazilian ministry,
reported 7 October 2013.
6 October 2013. Add Snowden pages published by Washington Post, Der Spiegel,
O Globo Fantastico, New York Times, ProPublica. Some are duplicates(*).
5 October 2013
26 Years to Release Snowden Docs by The Guardian
Out of reported 15,000 pages, The Guardian has published 192 pages in fourteen
releases over four months, an average of 48 pages per month, or 1.28% of
the total. At this rate it will take 26 years for full release.
Edward Snowden will be 56 years old.
Glenn Greenwald will be 72.
Laura Poitras will be 75.
Alan Rusbridger will be 86.
Barton Gellman will be 78.
Julian Assange will be 68.
Chelsea Manning will be 52.
Keith Alexander will be 88.
Barack Obama will be 78.
Daniel Ellsberg will be 108.
This author will be 103.
Entrance to the CIA Operations Center
Hi-resolution
(3.2MB)
Undistorted red sign at left states: "Restricted Area Authorized Personnel
Only"
“There is no substitute for juggling multiple classified, time sensitive
projects, 12 hours a day, over and over again outside of actually doing
it,” said Bradley, an officer serving in the CIA Operations Center (Ops
Center). And that is exactly what Bradley and his Ops Center colleagues do
each day in one of the most fast-paced work environments at the CIA.
Ops Center officers provide around-the-clock alert and warning communication
to the CIA director and Agency leadership on international crises and priority
matters of national security. They also facilitate timely communication to
senior Agency and Intelligence Community leaders, as well as President’s
Daily Brief (PDB) briefers and the White House.
While many CIA officers become subject matter experts on specific topics,
Ops Center officers address world-wide political, military and economic issues
daily, and they use a wide range of analytic and operational knowledge to
support the Agency’s mission at home and abroad.
So what prepares a person for such an important job with very high stakes?
Bradley’s experiences before joining the Agency were a good start.
As an undergraduate student, Bradley earned a double major in “world
religions” and “politics and government” with a “national
security studies” minor. After graduation, he went on to work five jobs
simultaneously — as a police officer and dispatcher, resort manager,
the executive director of a national security think tank, a newspaper columnist,
and as a freelance marketing consultant. Bradley enrolled fulltime in graduate
school after leaving his law enforcement position, but he still maintained
his newspaper column and his position at the think tank.
Bradley’s interest in intelligence and national security was piqued
during his years as a law enforcement officer. He always knew that one day
he wanted to contribute his skills to a higher purpose: the protection of
the nation and its interests abroad.
“When I was growing up, my father — a former Green Beret —
always talked about the virtue of intelligence in carrying out Special Forces
missions. He taught me that there is nothing like timely, accurate intelligence
to help save lives,” Bradley said.
Bradley’s path to the Agency began when he worked with the CIA Center
for Studies in Intelligence for his final graduate project. Bradley’s
task was to interview former 9/11 and Weapons of Mass Destruction Commission
participants about how well CIA worked with them during their investigations.
Bradley formed lasting relationships with the Agency officers he worked with
and was offered a job when the project ended.
“I was given a few choices on which job I could take, and the Ops Center
position appealed to me,” Bradley said. And since beginning his work
in the Ops Center, Bradley said, “It’s everything I imagined it
would be and more.”
Bradley remarked about the composure and professionalism of his Ops Center
colleagues, no matter how hectic things get on the floor. “Everyone
remains exceptionally poised and manages the pressure in a way our fellow
Americans would be very proud of,” Bradley noted. “It’s a
great team environment.”
And after three years in the Ops Center, despite sacrificing his weekends
and holidays, Bradley is still excited to come to work each day. “I’m
not burned out yet,” he said. “I will continue to work long days
for the sake of our country as long as I’m able.”
Posted: Jan 23, 2014 01:12 PM
Last Updated: Jan 23, 2014 01:12 PM
WASHINGTON — The National Security Agency has implanted software in
nearly 100,000 computers around the world that allows the United States to
conduct surveillance on those machines and can also create a digital highway
for launching cyberattacks.
While most of the software is inserted by gaining access to computer networks,
the N.S.A. has increasingly made use of a secret technology that enables
it to enter and alter data in computers even if they are not connected to
the Internet, according to N.S.A. documents, computer experts and American
officials.
The technology, which the agency has used since at least 2008, relies on
a covert channel of radio waves that can be transmitted from tiny circuit
boards and USB cards inserted surreptitiously into the computers. In some
cases, they are sent to a briefcase-size relay station that intelligence
agencies can set up miles away from the target.
The radio frequency technology has helped solve one of the biggest problems
facing American intelligence agencies for years: getting into computers that
adversaries, and some American partners, have tried to make impervious to
spying or cyberattack. In most cases, the radio frequency hardware must be
physically inserted by a spy, a manufacturer or an unwitting user.
The N.S.A. calls its efforts more an act of “active defense” against
foreign cyberattacks than a tool to go on the offensive. But when Chinese
attackers place similar software on the computer systems of American companies
or government agencies, American officials have protested, often at the
presidential level.
Among the most frequent targets of the N.S.A. and its Pentagon partner, United
States Cyber Command, have been units of the Chinese Army, which the United
States has accused of launching regular digital probes and attacks on American
industrial and military targets, usually to steal secrets or intellectual
property. But the program, code-named Quantum, has also been successful in
inserting software into Russian military networks and systems used by the
Mexican police and drug cartels, trade institutions inside the European Union,
and sometime partners against terrorism like Saudi Arabia, India and Pakistan,
according to officials and an N.S.A. map that indicates sites of what the
agency calls “computer network exploitation.”
“What’s new here is the scale and the sophistication of the
intelligence agency’s ability to get into computers and networks to
which no one has ever had access before,” said James Andrew Lewis, the
cybersecurity expert at the Center for Strategic and International Studies
in Washington. “Some of these capabilities have been around for a while,
but the combination of learning how to penetrate systems to insert software
and learning how to do that using radio frequencies has given the U.S. a
window it’s never had before.”
No Domestic Use Seen
There is no evidence that the N.S.A. has implanted its software or used its
radio frequency technology inside the United States. While refusing to comment
on the scope of the Quantum program, the N.S.A. said its actions were not
comparable to China’s.
“N.S.A.'s activities are focused and specifically deployed against —
and only against — valid foreign intelligence targets in response to
intelligence requirements,” Vanee Vines, an agency spokeswoman, said
in a statement. “We do not use foreign intelligence capabilities to
steal the trade secrets of foreign companies on behalf of — or give
intelligence we collect to — U.S. companies to enhance their international
competitiveness or increase their bottom line.”
Over the past two months, parts of the program have been disclosed in documents
from the trove leaked by Edward J. Snowden, the former N.S.A. contractor.
A Dutch newspaper published the map of areas where the United States has
inserted spy software, sometimes in cooperation with local authorities, often
covertly. Der Spiegel, a German newsmagazine, published the N.S.A.'s catalog
of hardware products that can secretly transmit and receive digital signals
from computers, a program called ANT. The New York Times withheld some of
those details, at the request of American intelligence officials, when it
reported, in the summer of 2012, on American cyberattacks on Iran.
President Obama is scheduled to announce on Friday what recommendations he
is accepting from an advisory panel on changing N.S.A. practices. The panel
agreed with Silicon Valley executives that some of the techniques developed
by the agency to find flaws in computer systems undermine global confidence
in a range of American-made information products like laptop computers and
cloud services.
Embracing Silicon Valley’s critique of the N.S.A., the panel has recommended
banning, except in extreme cases, the N.S.A. practice of exploiting flaws
in common software to aid in American surveillance and cyberattacks. It also
called for an end to government efforts to weaken publicly available encryption
systems, and said the government should never develop secret ways into computer
systems to exploit them, which sometimes include software implants.
Richard A. Clarke, an official in the Clinton and Bush administrations who
served as one of the five members of the advisory panel, explained the
group’s reasoning in an email last week, saying that “it is more
important that we defend ourselves than that we attack others.”
“Holes in encryption software would be more of a risk to us than a
benefit,” he said, adding: “If we can find the vulnerability, so
can others. It’s more important that we protect our power grid than
that we get into China’s.”
From the earliest days of the Internet, the N.S.A. had little trouble monitoring
traffic because a vast majority of messages and searches were moved through
servers on American soil. As the Internet expanded, so did the N.S.A.'s efforts
to understand its geography. A program named Treasure Map tried to identify
nearly every node and corner of the web, so that any computer or mobile device
that touched it could be located.
A 2008 map, part of the Snowden trove, notes 20 programs to gain access to
big fiber-optic cables — it calls them “covert, clandestine or
cooperative large accesses” — not only in the United States but
also in places like Hong Kong, Indonesia and the Middle East. The same map
indicates that the United States had already conducted “more than 50,000
worldwide implants,” and a more recent budget document said that by
the end of last year that figure would rise to about 85,000. A senior official,
who spoke on the condition of anonymity, said the actual figure was most
likely closer to 100,000.
That map suggests how the United States was able to speed ahead with implanting
malicious software on the computers around the world that it most wanted
to monitor — or disable before they could be used to launch a cyberattack.
A Focus on Defense
In interviews, officials and experts said that a vast majority of such implants
are intended only for surveillance and serve as an early warning system for
cyberattacks directed at the United States.
“How do you ensure that Cyber Command people” are able to look
at “those that are attacking us?” a senior official, who compared
it to submarine warfare, asked in an interview several months ago.
“That is what the submarines do all the time,” said the official,
speaking on the condition of anonymity to describe policy. “They track
the adversary submarines.” In cyberspace, he said, the United States
tries “to silently track the adversaries while they’re trying to
silently track you.”
If tracking subs was a Cold War cat-and-mouse game with the Soviets, tracking
malware is a pursuit played most aggressively with the Chinese.
The United States has targeted Unit 61398, the Shanghai-based Chinese Army
unit believed to be responsible for many of the biggest cyberattacks on the
United States, in an effort to see attacks being prepared. With Australia’s
help, one N.S.A. document suggests, the United States has also focused on
another specific Chinese Army unit.
Documents obtained by Mr. Snowden indicate that the United States has set
up two data centers in China — perhaps through front companies —
from which it can insert malware into computers. When the Chinese place
surveillance software on American computer systems — and they have,
on systems like those at the Pentagon and at The Times — the United
States usually regards it as a potentially hostile act, a possible prelude
to an attack. Mr. Obama laid out America’s complaints about those practices
to President Xi Jinping of China in a long session at a summit meeting in
California last June.
At that session, Mr. Obama tried to differentiate between conducting surveillance
for national security — which the United States argues is legitimate
— and conducting it to steal intellectual property.
“The argument is not working,” said Peter W. Singer of the Brookings
Institution, a co-author of a new book called “Cybersecurity and
Cyberwar.” “To the Chinese, gaining economic advantage is part
of national security. And the Snowden revelations have taken a lot of the
pressure off” the Chinese. Still, the United States has banned the sale
of computer servers from a major Chinese manufacturer, Huawei, for fear that
they could contain technology to penetrate American networks.
An Old Technology
The N.S.A.'s efforts to reach computers unconnected to a network have relied
on a century-old technology updated for modern times: radio transmissions.
In a catalog produced by the agency that was part of the Snowden documents
released in Europe, there are page after page of devices using technology
that would have brought a smile to Q, James Bond’s technology supplier.
One, called Cottonmouth I, looks like a normal USB plug but has a tiny
transceiver buried in it. According to the catalog, it transmits information
swept from the computer “through a covert channel” that allows
“data infiltration and exfiltration.” Another variant of the technology
involves tiny circuit boards that can be inserted in a laptop computer —
either in the field or when they are shipped from manufacturers — so
that the computer is broadcasting to the N.S.A. even while the computer’s
user enjoys the false confidence that being walled off from the Internet
constitutes real protection.
The relay station it communicates with, called Nightstand, fits in an oversize
briefcase, and the system can attack a computer “from as far away as
eight miles under ideal environmental conditions.” It can also insert
packets of data in milliseconds, meaning that a false message or piece of
programming can outrace a real one to a target computer. Similar stations
create a link between the target computers and the N.S.A., even if the machines
are isolated from the Internet.
Computers are not the only targets. Dropoutjeep attacks iPhones. Other hardware
and software are designed to infect large network servers, including those
made by the Chinese.
Most of those code names and products are now at least five years old, and
they have been updated, some experts say, to make the United States less
dependent on physically getting hardware into adversaries’ computer
systems.
The N.S.A. refused to talk about the documents that contained these descriptions,
even after they were published in Europe.
“Continuous and selective publication of specific techniques and tools
used by N.S.A. to pursue legitimate foreign intelligence targets is detrimental
to the security of the United States and our allies,” Ms. Vines, the
N.S.A. spokeswoman, said.
But the Iranians and others discovered some of those techniques years ago.
The hardware in the N.S.A.'s catalog was crucial in the cyberattacks on
Iran’s nuclear facilities, code-named Olympic Games, that began around
2008 and proceeded through the summer of 2010, when a technical error revealed
the attack software, later called Stuxnet. That was the first major test
of the technology.
One feature of the Stuxnet attack was that the technology the United States
slipped into Iran’s nuclear enrichment plant at Natanz was able to map
how it operated, then “phone home” the details. Later, that equipment
was used to insert malware that blew up nearly 1,000 centrifuges, and temporarily
set back Iran’s program.
But the Stuxnet strike does not appear to be the last time the technology
was used in Iran. In 2012, a unit of the Islamic Revolutionary Guards Corps
moved a rock near the country’s underground Fordo nuclear enrichment
plant. The rock exploded and spewed broken circuit boards that the Iranian
news media described as “the remains of a device capable of intercepting
data from computers at the plant.” The origins of that device have never
been determined.
On Sunday, according to the semiofficial Fars news agency, Iran’s Oil
Ministry issued another warning about possible cyberattacks, describing a
series of defenses it was erecting — and making no mention of what are
suspected of being its own attacks on Saudi Arabia’s largest oil producer.
N.S.A. Devises Radio Pathway Into Computers
By
DAVID
E. SANGER and
THOM
SHANKER
JAN. 14, 2014
WASHINGTON -- The National Security Agency has implanted software in nearly
100,000 computers around the world that allows the United States to conduct
surveillance on those machines and can also create a digital highway for
launching cyberattacks.
While most of the software is inserted by gaining access to computer networks,
the N.S.A. has increasingly made use of a secret technology that enables
it to enter and alter data in computers even if they are not connected to
the Internet, according to N.S.A. documents, computer experts and American
officials.
The technology, which the agency has used since at least 2008, relies on
a covert channel of radio waves that can be transmitted from tiny circuit
boards and USB cards inserted surreptitiously into the computers. In some
cases, they are sent to a briefcase-size relay station that intelligence
agencies can set up miles away from the target.
The radio frequency technology has helped solve one of the biggest problems
facing American intelligence agencies for years: getting into computers that
adversaries, and some American partners, have tried to make impervious to
spying or cyberattack. In most cases, the radio frequency hardware must be
physically inserted by a spy, a manufacturer or an unwitting user.
The N.S.A. calls its efforts more an act of "active defense" against foreign
cyberattacks than a tool to go on the offensive. But when Chinese attackers
place similar software on the computer systems of American companies or
government agencies, American officials have protested, often at the presidential
level.
Among the most frequent targets of the N.S.A. and its Pentagon partner, United
States Cyber Command, have been units of the Chinese Army, which the United
States has accused of launching regular digital probes and attacks on American
industrial and military targets, usually to steal secrets or intellectual
property. But the program, code-named Quantum, has also been successful in
inserting software into Russian military networks and systems used by the
Mexican police and drug cartels, trade institutions inside the European Union,
and sometime partners against terrorism like Saudi Arabia, India and Pakistan,
according to officials and an N.S.A. map that indicates sites of what the
agency calls "computer network exploitation."
"What's new here is the scale and the sophistication of the intelligence
agency's ability to get into computers and networks to which no one has ever
had access before," said James Andrew Lewis, the cybersecurity expert at
the Center for Strategic and International Studies in Washington. "Some of
these capabilities have been around for a while, but the combination of learning
how to penetrate systems to insert software and learning how to do that using
radio frequencies has given the U.S. a window it's never had before."
The count of Snowden files has ranged from an initial low end of 10,000 to
the latest high of 1,700,000, although the high end is likely exaggerated
by officials to maximize alleged damage.
The number of pages in these files has not been estimated but about 1,000
pages have been released, mostly as PDFs and images. How many total pages
might be in the files and now long would it take Snowden to read them to
assure least harm to the US?
For comparison, Cryptome's archive is about 70,000 files. Converting these
files to pages comes to about 1,000,000 pages. These files are PDFs, HTMLs,
DOCs, TXTs, DWGs, images, spreadsheets, with a few videos and films excluded
from the count. To get the page count all files were converted to PDFs. The
page count of documents ranges from 1 to 2,200. This might be a fair range
of types and page counts of files in the Snowden batch.
An average file then, of 70,000 files with 1,000,000 pages, comes to 14.28
pages per file. Using this as a guide for the Snowden files, the number of
pages could range from 142,800 pages for 10,000 files to 24,276,000 pages
for 1.7 million files.
Examining the low end of 142,800 pages would be about like reading 476 books
of 300 pages length. Examining the high end of 24,276,000 pages would be
like reading 80,920 books of 300 pages each.
Snowden is smart and knows his material thoroughly so time to speed read
a 300-page book of NSA material, could be done in, say, 2 hours.
On the low end it would take 952 hours to read 142,800 pages, reading 10
hours a day, would come to 95 days, or about 3 months.
On the high end it would take 161,890 hours to read 24,276,000 pages, reading
10 hours a day, would come to 1,619 days or about 54 months -- 4 1/2 years.
4 1/2 years is longer than Snowden is reported to have worked for Dell and
Booz Allen as contractor to NSA.
It is unlikely Snowden would have examined 24 million pages.
More likely Snowden used a program to quickly analyze large data collections
and rank intelligence actionability in the NSA manner. Glenn Greenwald told
Buzzfeed
that the documents had been beautifully organized, “almost to a scary
degree.” As if prepared with a purposeful program for analyzing and
data sharing with avid customers.
There are information security programs which compartmentalize data for multiple
levels of security and access as well as controls for the distribution and
timing of release. These are used to manage classified data handling among
a variety of personnel and agencies with varying clearances.
It could be that Snowden remains in control of his material's release by
way of programmed implants in the material for access and timing although
the material is physically distant from him. This too is conventional security
practice.
These practices would be characteristic of a seasoned security person who
could not be certain of media outlets' long-term behavior, their transmission
and storage security, their theft and spying prevention capabilities, their
susceptiblity to coercion or persuasion by officials or by inducements to
betray him to protect themselves.
Events have shown that these meticulous security measures would have been
and remain appropriate.
It also allows Snowden to remain in charge of any negotiations for return
of the material, for accurate accounting of the material's scope, retention,
distribution and release, and for assuring his safety without relying on
the fickle fingers of fate of informants and turncoats which have beckoned
the all-too-trusting to long-term imprisonment.
__________
As an aside, another way to surmise what Snowden allegedly had on four laptops
is by file size. Cryptome's 70,000 files comes to about 17GB, or an average
of 243KB per file. Using that as a guide to Snowden's files, the total size
ranges from 2.43GB for 10,000 files to 413GB for 1,700,00 files. On the high
end that's about 103GB per laptop. No problem, laptops with 100GB-250GB disks
are common.
The Panopticon Economy: NSA San Antonio Data Mining Facility 2008:
http://www2.sacurrent.com/news/story.asp?id=69607
Surrounded by barbwire fencing, the anonymous yet massive building on West
Military Drive near San Antonio’s Loop 410 freeway looms mysteriously
with no identifying signs of any kind. Surveillance is tight, with security
cameras surrounding the under-construction building. Readers are advised
not to take any photos unless you care to be detained for at least a 45-minute
interrogation by the National Security Agency, as this reporter was.
There’s a strangely blurry line during such an interrogation. After
viewing the five photos I’d taken of the NSA’s new Texas Cryptology
Center, the NSA officer asked if I would delete them. When I asked if he
was ordering me to do so, he said no; he was asking as a personal favor.
I declined and was eventually released.
America’s top spy agency has taken over the former Sony microchip plant
and is transforming it into a new data-mining headquarters — oddly
positioned directly across the street from a 24-hour Walmart — where
billions of electronic communications will be sifted in the agency’s
mission to identify terrorist threats.
“No longer able to store all the intercepted phone calls and e-mail
in its secret city, the agency has now built a new data warehouse in San
Antonio, Texas,” writes author James Bamford in the Shadow Factory,
his third book about the NSA. “Costing, with renovations, upwards of
$130 million, the 470,000-square-foot facility will be almost the size of
the Alamodome. Considering how much data can now be squeezed onto a small
flash drive, the new NSA building may eventually be able to hold all the
information in the world.”
Bamford’s book focuses on the NSA’s transformation since 9/11,
with the impetus for the new facility being a direct ramification of those
attacks. At the time, the NSA had only about 7 percent of its facilities
outside the Washington D.C./Baltimore area. But the realization that additional
attacks could virtually wipe out the agency catalyzed a regional expansion.
[See “Secret Agency Man,” November 5, 2008.]
The new facility is a potential boon to the local economy since it’s
reportedly going to employ around 1,500 people, but questions remain about
whether there will be adequate oversight to prevent civil-rights violations
like Uncle Sam’s recent notorious warrantless wiretapping program. The
NSA would suggest the facility’s ability to sort through surveillance
data is one of America’s top defenses against terrorist threats, but
the NSA’s presence comes with concerns that abuse of its secretive power
could see the agency become akin to the “Thought Police” of 1984,
George Orwell’s classic novel depicting the nightmare of a total
surveillance society — and all for nothing. Even as the facility is
completed, a new government-backed report has concluded that data surveillance
is an ineffective method for identifying potential terrorists or preventing
attacks.
So just what will be going on inside the NSA’s new San Antonio facility?
Bamford describes former NSA Director Mike Hayden’s goals for the
data-mining center as knowing “exactly what Americans were doing day
by day, hour by hour, and second by second. He wanted to know where they
shopped, what they bought, what movies they saw, what books they read, the
toll booths they went through, the plane tickets they purchased, the hotels
they stayed in… In other words, Total Information Awareness, the same
Orwellian concept that John Poindexter had tried to develop while working
for the Pentagon’s [Defense Advanced Research Projects Agency].”
...
Bamford writes about how NSA and Microsoft had both been eyeing San Antonio
for years because it has the cheapest electricity in Texas, and the state
has its own power grid, making it less vulnerable to power outages on the
national grid. He notes that it seemed the NSA wanted assurance Microsoft
would be here, too, before making a final commitment, due to the advantages
of “having their miners virtually next door to the mother lode of data
centers.” The new NSA facility is just a few miles from Microsoft’s
data center of the same size. Bamford says that under current law, NSA could
gain access to Microsoft’s stored data without even a warrant, but merely
a fiber-optic cable.
“What the Microsoft people will have will be just storage of a lot of
the email that is being sent. They keep this email — I don’t know
why — and there should be some legislation saying how long it should
be kept,” said Bamford in a phone interview last week. “The post
office doesn’t keep copies of our letters when we mail letters; why
should the telecom companies or the internet providers keep copies of our
email? It doesn’t make sense to me. But there’s no legislation.
So they need a place to store it, and that’s where they’re storing
all this stuff.” (Microsoft did not return a call for comment before
press deadline.) ...
NSA’s new facility also gives the agency easy access to UTSA’s
Institute for Cyber Security and the school’s Center for Infrastructure
Assurance and Security. The ICS was founded in 2007 with a $3.5-million grant
from the Texas Emerging Technology Fund to continue efforts to protect American
communities against cyber-attacks, with the CIAS — a think tank launched
in 2001 — being rolled into the ICS. All of this led U.S. Representative
Ciro Rodriguez (D-San Antonio) to declare San Antonio “the center of
cybersecurity, in the country and the world.”
ICS Founding Executive Director Ravi Sandhu acknowledges some synergy between
the NSA presence in San Antonio and UTSA’s cybersecurity work.
“Cybersecurity in the public domain has largely been about defense,
but there’s certainly an attack component to it. To some degree, the
U.S. Department of Defense and intelligence agencies are now starting to
talk about the attack component in the public domain,” says Sandhu.
Sandhu says UTSA’s cybersecurity students are recruited by many of San
Antonio’s local employers and doesn’t doubt that NSA is one of
them. “Recruiting is one end … but it’s an attractive thing
for NSA employees [too]. They can further their education — they can
do degrees part-time, they can do advanced degrees … so there are advantages
beyond direct recruitment of NSA students.”
Does automated data mining even work?
While the opening of the NSA’s massive new data center heightens existing
civil-rights concerns, a new report from the National Research Council questions
whether such data-mining is even effective. Sponsored by the Department of
Homeland Security and the National Science Foundation and released in October
of this year, the report suggests that pattern-based data-mining is not even
a viable way to identify terrorists.
The 352-page study —“Protecting Individual Privacy in the Struggle
Against Terrorists” — concludes that identification of terrorists
through automated data-mining “is neither feasible as an objective nor
desirable as a goal of technology development efforts.” It also says
inevitable false positives will result in “ordinary, law-abiding citizens
and businesses” being erroneously flagged as suspects.
“Actions such as arrest, search, or denial of rights should never be
taken solely on the basis of an automated data-mining result,” says
the report. The question, then, is how rigorously will human analysts vet
such information before alleged leads are pursued, and who has oversight
of the process?
“Part of the problem is … jurisdiction over national-security issues
is very divided in Congress. You have the Homeland Security committee, the
Justice committee, but, of course, you also have some basic issues —
government oversight, appropriations,” says Professor Fred Cate, the
NRC committee member who wrote most of the report and who serves as director
of Indiana University’s Center for Applied Cybersecurity Research. “So
I think in some ways one of the issues is the need for a more streamlined
oversight system so that somebody takes responsibility for it.”