The Edward Snowden revelations keep bubbling to the surface relentlessly. The bosses at the NSA must dread waking up in the morning, fretting about disclosures they’d see in the media. They might feverishly check their mobile devices on the way to work, hearts racing. It must be torturous, excruciating, infuriating, maybe nauseating. They must hate Snowden.
But what about us?
Every day somewhere in the world, there is a new tidbit on how the NSA does business, how deeply the spying actually goes, how broad and all-encompassing it is, and how its immense dragnet snares Americans and foreigners alike, indiscriminately, carelessly, randomly, though they’re just going about their lives.
Turns out, the NSA has been very busy – much busier than we’d thought until now – infecting computer networks with malicious software to purloin whatever information, sensitive or otherwise, flows through or is stored on them. The NRC Handelsblad, a major daily paper in the Netherlands, reported that it “laid eyes on” an NSA management presentation from 2012 that explained how the agency collects data around the globe.
Among other morsels, the presentation bragged about Computer Network Exploitation (CNE) perpetrated by the agency’s special shop, the Tailored Access Operations (TAO), where over 1,000 hackers are trying to wiggle up the bureaucratic ladder and get noticed and promoted by hacking more deeply and into more systems than the next guy. They must be having a blast. By mid-2012, the NSA had penetrated 50,000 networks worldwide, including telecom networks.
The “implants” they installed act as a “sleeper cells” that can remain dormant for years and defy detection, but can be turned on remotely with the click of a mouse. Pretty slick.
Gallingly, the NRC Handelsblad reported as an example that Belgacom, Belgium’s former telecom monopoly that is still majority-owned by the state and remains its largest voice and data carrier, discovered in September that it had been attacked. Apparently, the NSA’s British sister, the GCHQ, had installed this type of malware on the Belgacom network to harvest its customers’ telephone and data traffic. They did it the old-fashioned way: tricking Belgacom employees into going to a fake Linkedin page.
Gallingly, because I used to live in Belgium for a few years when I did a startup there. Our email and website were hosted by Belgacom, and our broadband and telephone services were provided by Belgacom, as were our cellphone services (through their mobile division Proximus). From time to time, we’d communicate on paper or person-to-person in our favorite café or over dinner. But everything else, including our personal emails and phone calls, went through Belgacom – and likely the NSA.
I’m a (mostly) law-abiding American. I swear I was totally harmless at the time; I didn’t even have Testosterone Pit.
OK, Belgacom was probably a sitting duck. It’s not the most competent organization. It’s responsible for many of my untimely gray hairs. For example, one day we found a paper letter in our physical mailbox that explained calmly and in icily polite French that Belgacom would upgrade its email servers and that our email would be out for a month.
We thought it was a joke. So we called to find out. Nope, it wasn’t a joke. They were going to upgrade their servers, and our email wouldn’t work for a month. It apparently was no big deal. These kinds of things happen. Belgians can get pretty relaxed about this stuff. At any rate, we shouldn’t complain. After all, they gave us several weeks’ notice – so we could prepare for it, we were told. Prepare for what? Living in the Stone Age?
So Belgacom must have been a breeze to penetrate. Apprentice hackers probably did it during their summer internship.
Even if the NSA failed to snoop on me because the malware was turned off or didn’t work or hadn’t been installed just yet, there are other Americans who were in Belgium more recently, or are still there, or are there on vacation or business and use broadband at the hotel and cell service with their smartphone, and they’re all provided by Belgacom. We’re all being caught up in that vast total-surveillance dragnet, anywhere.
It remains a mystery to me how my humble, incoherent, silly, and self-contradictory personal and business data might enhance US national security. But a coup like this, even if it was a breeze, would certainly get the hackers and their bosses at the NSA promoted.
The NSA refused to comment, according to the paper, and a government spokesman explained that disclosure of classified materials is harmful to US national security. I see. And presumably we should just do our patriotic duty and hand over all our private data and communications to the NSA upfront without demur.
Cisco CEO John Chambers had a euphemism for it during the earnings call: “challenging political dynamics” in China, without ever naming the NSA. Then there were India and others, including Russia where Snowden is holed up, and where sales had collapsed even more than in China. Read…. NSA Spying Crushes US Tech Companies in Emerging Markets (“An Industry Phenomenon,” Says Cisco’s Chambers)
Enjoy reading WOLF STREET and want to support it? You can donate. I appreciate it immensely. Click on the beer and iced-tea mug to find out how:
Would you like to be notified via email when WOLF STREET publishes a new article? Sign up here.