How the U.S. Government Hacks the World is the title of an article by Michael Riley published by Bloomberg in May, 2013.
On a dispute over hacking between the U.S. and China, the author writes:
“‘You spy, we spy, but you just steal the wrong stuff.’ That’s a hard conversation,” says Michael Hayden, who headed the NSA [under President Clinton and President G.W Bush], and later the CIA.
“States spying on states, I got that,” says Hayden … “But this isn’t that competition. This is a nation-state attempting espionage on private corporations. That is not an even playing field.”
The tension between the two nations escalated in May, when a Pentagon report to Congress for the first time officially linked China’s government directly to the hacking of U.S. defense contractors. It revealed that U.S. intelligence had been tracking a vast hacking bureaucracy adept at stealing technology from American companies. China’s leaders have long denied being behind the hacks. An article about the Pentagon report in the official People’s Daily newspaper called the U.S. the “real hacking empire”.
The U.S. government doesn’t deny that it engages in cyber espionage.
Hayden is quoted as saying:
You’re not waiting for someone to decide to turn information into electrons and photons and send it. You’re commuting to where the information is stored and extracting the information from the adversaries’ network. We are the best at doing it. Period.”
The U.S. position is that some kinds of hacking are more acceptable than others — and the kind the NSA does is in keeping with unofficial, unspoken rules going back to the Cold War about what secrets are OK for one country to steal from another. …
Next the writer introduces us to TAO:
The men and women who hack for the NSA belong to a secretive unit known as Tailored Access Operations.
It gathers vast amounts of intelligence on terrorist financial networks, international money-laundering and drug operations, the readiness of foreign militaries, even the internal political squabbles of potential adversaries, according to two former U.S. government security officials, who asked not to be named when discussing foreign intelligence gathering.
For years, the NSA wouldn’t acknowledge TAO’s existence. A Pentagon official who also asked not to be named confirmed that TAO conducts cyber espionage, or what the Department of Defense calls “computer network exploitation”, but emphasized that it doesn’t target technology, trade, or financial secrets. The official says the number of people who work for TAO is classified. …
The two former security officials agreed to describe the operation and its activities without divulging which governments or entities it targets. According to the former officials, U.S. cyberspies, most from military units who’ve received specialized training, sit at consoles running sophisticated hacking software, which funnels information stolen from computers around the world into a “fusion center”, where intelligence analysts try to make sense of it all. The NSA is prohibited by law from spying on people or entities within the U.S., including noncitizens, or on U.S. citizens abroad.
According to one of the former officials, the amount of data the unit harvests from overseas computer networks, or as it travels across the Internet, has grown to an astonishing 2 petabytes an hour—that’s nearly 2.1 million gigabytes, the equivalent of hundreds of millions of pages of text.
The agency has managed to automate much of the process, one of the former officials says, requiring human hackers to intervene only in cases of the most well-protected computers. Just like spies in the physical world, the U.S. cyberspies take pains to obscure their tracks or disguise themselves as something else — hackers from China, say — in case their activities are detected.
Even as the rest of the Pentagon budget shrinks, the importance of the NSA’s hacking operations has helped create a booming cyber-industrial complex. Specialized units of big defense contractors, and boutique firms that create hacking tools, look for security flaws in popular software programs that allow government hackers to take over computers. A company called KEYW does a robust business training hackers for U.S. intelligence, says Chief Executive Officer Leonard Moodispaw, who cautions that he can’t reveal more. “Our federal partners don’t like it if we’re too explicit.”
All this activity gives China leverage against Washington’s complaints, says Steven Aftergood, director of the Project on Government Secrecy at the Federation of American Scientists. Beijing can turn U.S. protests about industrial espionage around and claim that Washington is doing something even worse. “It’s OK to steal plans for a new automobile,” Aftergood says the Chinese can argue, “but not our national secrets.”
Spiegel OnLine reported in October, 2013:
TAO specialists have directly accessed the protected networks of democratically elected leaders of countries. They infiltrated networks of European telecommunications companies and gained access to and read mails sent over Blackberry’s BES email servers, which until then were believed to be securely encrypted. Achieving this last goal required a “sustained TAO operation”, one document states.
This TAO unit is born of the Internet – created in 1997, a time when not even 2 percent of the world’s population had Internet access and no one had yet thought of Facebook, YouTube or Twitter. From the time the first TAO employees moved into offices at NSA headquarters in Fort Meade, Maryland, the unit was housed in a separate wing, set apart from the rest of the agency. Their task was clear from the beginning – to work around the clock to find ways to hack into global communications traffic.
“You spy, we spy … States spying on states …”
That’s the norm. And it’s good to know that the U.S. does it best.