National Security Agency (NSA)

Category Main Article: Cybercrime and Cyber Conflict: USA

The National Security Agency (NSA) USA is a radio engineering and electronic intelligence unit that US Department of Defense is part of the Intelligence Community as an independent intelligence body. The NSA is responsible for collecting and analyzing information, monitoring electronic communication networks and accounting for Internet traffic.

NSA hacking tools

Main article: NSA tools for hacking Windows

2023: Creation of a division to control the safety of AI when implemented in the public sector

On September 28, 2023, the director of the US National Security Agency (NSA), Army General Paul Nakasone, announced the creation of a new structure to oversee the development and integration of artificial intelligence capabilities in the public sector. The unit was called the AI Security Center.

It is assumed that the structure will combine the various activities of the agency related to AI and security. The center will work closely with the U.S. industrial sector, national laboratories, academia and the Department of Defense, as well as selected foreign partners. Nakasone, who runs the US Cybercom and is the head of the Central Security Service, stressed that the priority for the country is to maintain leadership in the field of AI as the technology develops.

NSA will create a structure to oversee the development and integration of artificial intelligence capabilities in the public sector

The AI Security Center will be the heart of developing best practices and risk assessment in order to promote the safe implementation of new opportunities in national security enterprises and in the military-industrial sector, the report said.

The center will help the U.S. contain AI threats affecting critical infrastructure while deploying new capabilities in the defense sector - all in line with national security initiatives. The United States also presented a "political declaration" on the responsible use of artificial intelligence for military purposes, which is aimed at systematizing the norms for the responsible use of technology.

AI will be increasingly important in ensuring national security in diplomatic, technological and economic matters for our country, our allies and partners. The U.S. is leading in this important area today, but that leadership should not be taken for granted, "General Nakasone said.[1]

2022: China catches NSA hacking state university computers and tells details of attack

At the end of September 2022, China published a new report on the results of the investigation, which reveal even more details of cyber attacks on one of the Chinese universities undertaken by the US National Security Agency (NSA). According to the state edition of People's Daily, the NSA began with a man-in-the-middle attack (when a cybercriminal intercepts data transmitted between two companies or people) at Northwestern Polytechnic University. Read more here.

2021

Former NSA information security specialists have created a company to protect trains and tanks from cyber attacks

In mid-October 2021, specialists who had experience at the US National Security Agency (NSA) in the field of information security (IS) created their own company Shift5 to protect trains and tanks from cyber attacks. The company monitors so-called operational technologies, such as systems that ensure the operation of vehicles or weapons systems. Read more here.

Launch of a laboratory for the development of quantum computing

In early May 2021, the US Army Research Office and the Laboratory for Physical Sciences at the National Security Agency (NSA) announced the launch of a research center for the development of quantum computing. The project was named LPS Qubit Collaborative (LQC). Read more here.

2020: Launch of a project from the Pentagon and the NSA to identify users of secure IT systems

In mid-July 2020, it became known that the US Department of Defense Information Support Office (DISA) joined forces with the National Security Agency (NSA) to develop a zero trust reference architecture for identifying users with access to secure information systems. The results of the project should be presented by the end of 2020, as announced by DISA head Vice Admiral Nancy Norton. Read more here.

2019

Creating a cyber division that will protect industry and national systems

In mid-July 2019, the U.S. National Security Agency announced it was creating a new cybersecurity unit, Cybersecurity Directorate, that would protect industry and national systems. Read more here.

Ex-employee confessed to data theft and agreed to 9 years in prison

On March 28, 2019, Harold Martin pleaded guilty to stealing trade secrets from the U.S. National Security Agency (NSA) while working in the one.Read more here.

Help Kaspersky Lab in catching the NSA data thief

On January 9, 2019, it became known that Kaspersky Lab, whose software was banned from American government agencies, helped catch a secret data thief from the National Security Agency (NSA). Read more here.

2018

Search for information about spy microchips from the PRC

On October 11, 2018, it became known that the US National Security Agency (NSA) is searching for witnesses who could confirm information about the installation of Chinese spy microchips on the servers of American companies. This was reported by Bloomberg with reference to NSA expert Rob Joyce.

Rob Joyce urged those with information to contact the Federal Bureau of Investigation (FBI), the NSA or the US Department of the Interior.

In early October 2018, Bloomberg published an article claiming that Chinese hackers tried to spy on American companies using microchips. According to agency sources, spy chips were introduced into motherboards intended for servers used by companies such as Apple and Amazon. Sources claimed that this happened during the assembly stage of equipment in factories in the PRC, which are contractors of the world's largest motherboard manufacturer Supermicro.

Apple and Amazon subsequently denied the claims. Supermicro also denied Bloomberg's allegations. Later, security expert Joe Fitzpatrick, who was referenced by the agency, said Bloomberg distorted his words in his article, taking them out of context.

On October 1, 2018, the head of the FBI, Christopher Ray, refused to answer the question of whether the FBI was investigating hacker attacks, explaining this by the rules of the department.^[2]

Ex-programmer's sentence to 5.5 years in prison for leaking cyber weapons in favor of Kaspersky Lab

In September 2018, a 68-year-old ex-NSA programmer Ngiya Hoan Pho was sentenced to five and a half years in prison for leaking secret cyber military developments. Back in December, Pho pleaded guilty to premeditated unauthorized copying of classified security-related information state. More. here

Cyber ​ ​ division created in US NSA to fight Russia

"The Russians Are Coming"

Paul Nakasone, who heads the National Security Agency (NSA) and at the same time holds the post of head of cyber warfare, USA officially confirmed in July 2018 to the Bloomberg news agency the fact of creating a separate special unit "to repel Russian threats in cyberspace."^[3]

"I have formed a group in Russia - Russia Small Group," Nakasone said. "That's what the intelligence community really had to do after the 2016 [events] of 2017."

The Washington Post reported that the US NSA and its cyber military members intend to counter "Russian threats to US security" in the midterm elections in November, in which the House of Representatives of the US Congress (lower house) of 35 senators and 39 state governors will be re-elected.

"Russia has significant capabilities, and we certainly must be prepared for such a challenge," Paul Nakasone said last weekend during his speech at the annual Aspen Security Forum in Aspen, Colorado. "And if such a challenge follows, I believe, without any doubt we will be ready to oppose."

Strengthening the infrastructure of the NSA cyber military

In June 2018, The New York Times wrote that the Pentagon over the past few months has significantly expanded the capabilities of cyber warfare under the US NSA, granting them, among other things, the right to hack into enemy networks to protect American networks. Such powers indeed greatly expand the maneuver field for the NSA cyber warlords, since they were previously allowed mainly only to protect US networks. Also, the status increase, in all likelihood, also opened up additional opportunities "to protect against Russia," Bloomberg notes.

NSA Steps Up Surveillance of Americans' Phone Calls

The National Security Agency (NSA) USA in 2017 tracked three times more phone calls and text messages of Americans than in the previous year, reports in May 2018. Reuters This is stated in the report of the Office of the Director of National Intelligence of the United States.

According to the agency, a sharp increase in tracking phone calls was recorded in the second year after the adoption of a law in the United States, which was intended to reduce the scale of surveillance. Data collected by the NSA includes numbers and times of calls or text messages. It is clarified that the NSA does not record the content of the conversations.

Rumor about the possible appointment of a military expert as head of the NSA

Wired reported on April 3, 2018 that the National Security Agency and the US Cyber ​ ​ Command will soon be headed by General Paul Nakasone. This means that for the first time since 2010, when the NSA and Cyber ​ ​ Command were paired into a single structure, they will be led by a person for whom military action in cyberspace is a "native element." Until now, the leadership role in this tandem belonged to NSA immigrants. Read more here.

2017

Data on the secret project of the NSA Red Disk leaked to the Web

In November 2017, information appeared that confidential data from a hard drive belonging to the US National Security Agency (NSA) leaked to the Web.

As it turned out, the classified project of the NSA and the US Army, stored on the Amazon Web Services server, was not password protected. The leaked virtual disk image contained more than 100 GB of data.

The data from the disk was discovered by security researcher Chris Vickery and in October 2017 announced his discovery to the government.

After unpacking and downloading, the disk image was a 2013-dated snapshot of a hard drive from a Linux server that was part of a cloud intelligence-sharing system called Red Disk. The project was developed by the Office of Futures INSCOM (U.S. Army Intelligence and Security Command) as a complement to the so-called Distributed Common Ground System (DCGS), an outdated U.S. Army intelligence processing and sharing platform.

The project was conceived as an easily customizable cloud system capable of providing access to the required data as part of complex military operations. In particular, it was assumed that the Red Disk system would be able to provide American soldiers in hot spots with data directly from the Pentagon, including satellite images and video broadcasting from unmanned aerial vehicles.

As a result, the system did not meet expectations: it turned out to be too difficult to use and had a low speed. Nevertheless, $93 million was invested in the development of the project, while it was never fully implemented.^[4]

NSA collapses after stealing its hacking tools

The National Security Agency (NSA) cannot recover from the blow inflicted on it by the hacker group Shadow Brokers, which stole the source codes of the department's hacker tools in 2016. In August 2016, hackers began publishing these codes, which caused great damage to the NSA's intelligence and cyber capabilities, former US Secretary of Defense Leon Panetta told The New York Times that ^[5].

The NSA has been investigating the incident for 15 months, but it still cannot say with certainty whether this was a hacker operation by foreign specialists, or an internal leak, or both. The NSA counterintelligence unit Q Group and the Federal Bureau of Investigation (FBI) were involved in the investigation. Since 2015, three NSA employees have been arrested for taking classified data out of the office, but the department fears that there are still undisclosed spies in the state.

These concerns were confirmed to The New York Times by former NSA cyber officer Jake Williams, who described how a Shadow Brokers representative talked to him on Twitter in April 2017. The unknown hacker not only knew who Williams was, but also mentioned the technical details of the NSA's hacking operations, which were known only to some of Williams' colleagues in the unit.

Global damage

The harm caused by Shadow Brokers significantly surpassed the damage from the revelations of Edward Snowden, who took four laptops with classified materials from the department in 2013, although his actions attracted more media attention. But if Snowden exposed only the names of hacker tools, then Shadow Brokers released their codes. Now these codes, created with the money of American taxpayers, are being bought up by hackers from North Korea and other states in order to be used against the United States and allied powers, writes The New York Times.

The publication connects the theft of codes with large ransomware attacks, in particular, with the destruction of files of tens of thousands of employees of Mondelez International, the manufacturer of Oreo cookies. The incident, which occurred at the end of June, was caused by the spread of the Petya virus. FedEx, a parcel delivery company, suffered from the same ransomware, which cost the attack $300 million. These companies, like hospitals in the United States, Britain and Indonesia, an engineering plant in France, an oil company in Brazil, a chocolate factory in Tasmania and many others, deserve an explanation for why the codes created by the NSA were used against them, the newspaper said.

The United States learned about the theft of NSA data through Kaspersky Anti-Virus from Israeli special services

In early October, The Wall Street Journal and The Washington Post reported that NSA data was stolen using Kaspersky Anti-Virus. The data was reportedly accessed through the home computer of one of the agency's employees. This employee, sources of publications said, was fired in 2015^[6].

The use of Kaspersky Anti-Virus to steal data from the National Security Agency (NSA) USA became known from the Israeli special services, The New York Times ^[7] about^[8]See more. Kaspersky Lab

NSA monitors foreigners outside the United States

In September 2017, it became known that the US National Security Agency (NSA) monitors more than 100 thousand foreign citizens outside the country. The intelligence service operates on the basis of paragraph 702, VII of the Foreign Intelligence Surveillance Act (FISA), CNN reports citing a number of high-ranking officials. ^[9]

Specifically, paragraph 702 allows the Attorney General and the Director of National Intelligence to authorize surveillance of individuals who are not U.S. citizens or who are outside the country if they possess information of foreign intelligence interest.

The amendment to the "Act on Secret Observation" expires in December 2017, but opinions on the advisability of extending it are divided.

Arguments "against"

A number of American politicians opposed the further extension of this law, fearing that it could be used to spy, including on American citizens. Intelligence agencies can access electronic communications of US citizens without an appropriate warrant because of only one mention of a foreign object, said Senator Ron Wyden.

For their part, representatives of the NSA deny the presence of such incidents. According to them, the department is obliged to comply with numerous measures to protect the privacy of citizens in accordance with the 2008 charter.

Arguments "for"

The NSA itself advocates the extension of the amendment, in particular, arguing that thanks to the "Act on Secret Surveillance," it was repeatedly possible to timely identify threats of cyber espionage, prevent cyber attacks and disrupt the preparation of terrorist acts by Daesh (banned in Russia).

In addition, US Attorney General Jeff Sessions and Director of National Intelligence Daniel Coats proposed an indefinite extension of the law allowing covertly electronic surveillance of citizens. The US presidential administration also advocated extending the law without making any changes to its text.

Secret US base found in Australia to intercept communications

According to a new portion of US National Security Agency (NSA) documents provided by Edward Snowden, the US government has built a secret base in the Northern Territory of Australia to monitor wireless communications and support its drone program. Documents published by The Intercept mention the base under the code name Rainfall, but its official name is the Joint Defense Facility Pine Gap.

"A short drive from Alice Springs, the second most populous city in the Northern Territories, is a highly classified protected facility codenamed Rainfall. This remote base, located in the desert wilderness in the very heart of the country, is one of the most important objects in the eastern hemisphere for conducting covert surveillance, "writes The^[10].

The base houses a strategic satellite communications ground station for secret monitoring of telecommunications in several countries and obtaining geolocation data of targets intended for drone attacks. The work of the base is actively carried out, hundreds of American and Australian employees are involved in it.

The satellites used on the basis are geostationary, that is, they are located in orbit above 32 thousand km above the surface of the planet and are equipped with powerful equipment for monitoring wireless communication on Earth. In particular, satellites are capable of intercepting data transmitted using mobile phones, radio and uplinks of satellite communications.

The Northern Territory is a federal entity within Australia, in the north of the mainland. It has a status slightly lower than that of the state. It borders Western Australia to the west, South Australia to the south, and Queensland to the east. The main town is Darwin.

Satellite uplinks are a portion of a communications link used to transmit signals from a ground terminal to a satellite or on-board platform.

Facebook and Google announce total NSA surveillance

In May 2017, it became known that IT companies in America are asked to amend the law on surveillance on the Internet. They wrote such a letter to Congress. It was signed by executives from more than 20 companies. The authors of the appeal propose to deprive the authority of the national security agency. In addition, the activities of the NSA want to control.

The companies' request concerns PRISM mass surveillance software. They demand to limit the amount of data that the NSA can collect using this program, as well as ensure the transparency of this process. At the same time, the court should monitor each case of obtaining personal data. The letter was signed, in particular, by Facebook, Google, Airbnb, Amazon, Dropbox, Microsoft, Uber, Yahoo and others.

Tools for hacking the SWIFT banking system

Shadow Brokers published another portion of hacking tools allegedly owned by Equation Group, a hacker group associated with the US NSA The ^[11].

Among these tools, funds were found to carry out attacks on the international interbank system SWIFT and its service bureaus. Apparently, the goal of the NSA was to get the ability to track any transactions conducted through this system.

Published tools also include exploits for hacking systems based on different versions of Windows, as well as a number of presentations and accompanying documents for these and other Equation tools.

SWIFT representatives told Threspost that neither the infrastructure nor the SWIFT data themselves were compromised, but at the same time "third-party organizations" could receive unauthorized access to communication channels between service bureaus and their clients.

Service bureaus are third-party service providers that manage and support financial institutions' connections to the SWIFTNet network. The Shadow Brokers "drain" in particular includes detailed data on the architecture of EastNets, SWIFT's largest service bureau in the Middle East, and data for accessing it.

It is worth noting that the American intelligence services after the September 11, 2001 attacks secretly gained access to financial information on the SWIFT network - this was done in order to track possible financial transactions of terrorists.

In 2006, The New York Times, The Wall Street Journal and the Los Angeles Times published materials on the ability of the NSA and the CIA to monitor transactions in SWIFT, so the administration of this service was severely criticized for insufficient protection of customer data.

Subsequently, the architecture of the entire system began to be updated - just in order to protect the secrecy of transactions.

US NSA GenCyber Cyber ​ ​ Training Program

The GenCyber program, which teaches cyber warriors, is directly funded by a key intelligence unit - the US National Security Agency. Within the framework of GenCyber, special courses are held in 36 states, where everyone interested is told about the basics of cybersecurity and cyber warfare, and a number of universities are preparing directly "cyber warriors"^[12].

One of the offspring of the GenCyber program is the National Cyber ​ ​ Warfare Academy, which works at the University of North Georgia and is doing just that. To study, recruits students in order to prepare for service in federal and military state institutions. Moreover, priority is given to Americans who study Russian.

The specialization of future cyber warriors includes training in drone programming, car hacking and even 3D design. At the end of the training, each graduate is issued a document - "hacker certificate." And there are 76 such educational institutions in the United States, which, under the leadership of the NSA, train future cyber warriors with all kinds of skills, and this is just the beginning. In 2017, it is planned to hold 120-150 such courses, and by 2020 the program manager Stephen Lyafonten wants to increase the number of such courses to 200 per year.

The National Science Foundation also funds the Cyber ​ ​ Corps program, which is designed to recruit cybersecurity specialists, and, of course, all this is paid by American taxpayers - grants from $22,000 to $34,000 per person. For such a generous reward, each graduate must "pay off the debt" - get a job only in government agencies, the list of which is the same - the NSA and the Ministry of the Interior, where they will have to deal with cyber operations.

'Snowden# 2 'stole 50TB of classified data' due to mental disorder '

In February 2017, the US National Security Agency accused Harold Martin, his former freelance employee, of stealing classified information. The amount of data he stole is a total of 50 TB, which is approximately 500 million pages. The US government has already managed to call the incident the largest theft of classified data in the history of the country^[13].

Among other things, Martin allegedly stole lists of secret agents NSA working abroad undercover. Also, according to the resource, The New York Times he stole computer codes designed to attack government networks of other states, including Iran, China North Korea and. In Russia total, he had 75% of the hacker tools used by the Tailored Access Operations (TAO) division, which conducts cyber attacks at the NSA.

In addition, the discovered archive contains NSA documents for 2014, which contain detailed intelligence about foreign cyber systems and methods of cyber attacks. Martin also found an NSA user guide for intelligence collection and a file describing the agency's daily operations, dating back to 2007.

In addition, Martin is accused of stealing data from other departments, including the Central Intelligence Agency (CIA), the US National Directorate of Military Space Intelligence and the US Cyber ​ ​ Command.

At the same time, it has not yet been specified what Martin did with the stolen data, if at all. Nevertheless, he will have to answer immediately on 20 criminal articles, for each of which he can receive up to 10 years in prison. The investigation into Snowden No. 2, which began in August 2016, is ongoing. In mid-February, Martin will appear in court in the city of Baltimore, USA.

2016

Hacking Cisco equipment using NSA tools

In September 2016, Cisco reported that unknown hackers attacked the company's customers using hacking tools that the American authorities worked with to conduct cyber espionage. Read more here.

Hackers steal NSA-linked Equation Group toolkit

Main article: NSA tools for hacking Windows

As stated in the statement^[14] Shadow Brokers (until now this group was not widely known), hackers managed to hack the creators of the famous computer "worm" Stuxnet, with which computers of nuclear facilities in Iran were infected. Stuxnet is called a cyber weapon created in the fate of the US government, and its authors are considered the hacker collective Equation Group. The existence of this group in 2015 was told by Russian security experts Kaspersky Labs; according to them, Equation Group controlled the creation of Stuxnet and Flame worms, and was also involved in at least 500 hacks in 42 countries around the world. The targets of the Equation Group hacks were often government entities; there is an opinion that this hacker group is directly related to the NSA and acts in the interests of the US authorities^[15]Read more here.

Search for server crackers of the US Democratic Party before the presidential election

American hackers from the NSA are probably trying to hack into Russian hacker groups in order to find out their involvement in hacking the servers of the US Democratic Party. It is reported by ABC News^[16], citing sources in American intelligence.

Robert Joyce, head of legal access operations at the NSA, did not previously comment on the hacking of the Democratic Party, but noted that the NSA has the technical capabilities and permissions to "hack in response" the hacker groups involved.

Joyce added that the priority for the NSA at the moment is to find out who is responsible for the hack.

Rajesh De, a former NSA consultant general lawyer, also noted that the NSA can work in conjunction with the FBI as part of the investigation and focus on Russian hacker groups.

How the NSA taps Europe and Russia from the British base Menwith Hill

One of the largest spy bases of the US National Security Agency (NSA), located in the UK, is a link in the global spy network and specializes in intercepting telephone conversations and other communications in Europe, Russia and the Middle East^[17] Europe and ^[18].

According to a journalistic investigation published by the British publication The Intercept, at the secret Menwith Hill base in British North Yorkshire, which was called Field Station 8613 during the Cold War and spied on Soviet communications, in 2016 there are more than 2,200 analysts mainly from the American NSA.

The top secret nature of the Menwith Hill base emphasizes the round-the-clock patrolling by the British Army and surveillance cameras placed on almost every three-meter section of the base fence, which covers an area of ​ ​ about 2 square meters. km

According to classified documents obtained by The Intercept journalists from former NSA employee Edward Snowden, Menwith Hill has implemented two main functions of global espionage. One is called Fornsat and uses powerful antenna fields to intercept signals from foreign satellites.

A second feature called Overhead uses American government satellites with a geostationary orbit over countries of interest to monitor mobile traffic and Wi-Fi networks.

According to American journalist James Bamford, who worked with Snowden, in 2016 the NSA was developing two global initiatives at once. The first is called TreasureMap, its task is to create a real-time interactive map of all devices in the world that are connected to the Internet. The second operation is called Turbine, its goal is to place malware on computer systems around the world for espionage or cyber attacks.

James Bamford claims that the NSA and CIA affiliate, which deals with cyber espionage, is called the Special Collection Service. Its branches, equipped with the necessary equipment, are located in US embassies around the world. The regional service center responsible for operations in the Caribbean, Central and South America is located in San Antonio, Texas.

According to Bamford, the leadership of the cyber service is carried out from Fort Mead, the headquarters of the NSA, located in Maryland. In the process of construction is a separate headquarters of the Special Collection Service, worth $3.2 billion. The headquarters will be equipped with a supercomputer, which will occupy an area of ​ ​ 55 thousand square meters. m and will consume about 60 MW of electricity. After its launch, cyber espionage in the United States should reach a new level.

Journalist David Sanger has written a book about the large-scale cyber war that the United States is waging against Iran. In particular, we are talking about the Olympic Games initiative, authorized by the Barack Obama Administration, which, using cyber attacks, set back Iran's nuclear program two years ago. During the operation, about a thousand turbines were destroyed remotely, and the Iranian nuclear station in Netenz was also disabled.

2015

NSA prepares the United States for a large-scale cyber war

Mass surveillance by the US National Security Agency (NSA) is just the beginning of more global events, Spiegel magazine wrote in 2015. New documents released by Edward Snowden and at the disposal of the publication indicate that the agency is arming America for future wars in cyberspace, in which ^[19] Spiegel Internet should play a key role: ^[20].

The purpose of the preparation is to gain the ability to paralyze computing networks, and thereby disrupt the work of enterprises, including power plants, water supply systems, factories and airports, as well as financial institutions.

In the twentieth century, nuclear, biological and chemical weapons were created. Only decades later, measures were developed to regulate these types of weapons. Today, a new digital weapon is being created for war on the Internet. But no international agreement and no organization regulates digital weapons. There is only one law here - the strongest wins, writes Spiegel.

It is noteworthy that the Canadian theorist Marshall McLuhan foresaw this decades ago. In 1970, he stated:

War III will be a guerrilla information war with no separation between military and civilian involvement."

This, according to the German publication, is exactly what the NSA is preparing for now.

By 2015, the ground forces, naval forces and air forces have cyber units. USA But the NSA, which, by the way, is also a military organization, according to Spiegel, is leading in this area. It is no coincidence that NSA Director Michael Rogers also holds the position of head of the US Cyber ​ ​ Command. He is in charge of about 40 thousand military men who are engaged in espionage and conduct. cyber attacks

From a military point of view, Internet surveillance is only the first phase of cyber warfare. Based on the NSA documents at Spiegel's disposal, surveillance is necessary in order to find vulnerabilities in the enemy information system. After the vulnerabilities are found, the second phase comes - installing bugs and gaining the ability to constantly observe.

The third phase in the NSA documents quoted by the publication appears with the word "control." In the third phase, the agency gets the opportunity to "control and destroy critical systems." Critical systems include everything that ensures the normal life of people - electrical networks, communications, transport. The documents include the concept of "phased seizure of control in real time."

One of the NSA presentations says that the next major global conflict will begin in cyberspace. Therefore, one of the most important tasks of the agency is to prepare for such a conflict. According to the documents, in 2013 the NSA hoped to receive about $1 billion from the state budget only to strengthen its computing networks.

Kaspersky reveals NSA's unique spyware

Шаблон:Main 'NSA virus on hard drives (February 2015)

Kaspersky Lab has discovered a unique cyber espionage program that can access information on most computers in the world. The investigation points to the connection of hackers with the US NSA ^[21].

The US National Security Agency has come up with the idea of ​ ​ hiding spyware in hard drives produced by Western Digital, Seagate, Toshiba and other leading manufacturers, thus gaining access to information on most computers in the world. This was reported in 2015 by Reuters with reference to a study by Kaspersky Lab and the testimony of former NSA employees.

According to the results of many years of observations, Kaspersky Lab managed to open the most complex and sophisticated cyber espionage system known to date. The company's specialists found personal computers in 30 countries infected with one or more such spyware. The largest number of infected computers, according to her, turned out to be in Iran, as well as Russia, Pakistan, Afghanistan, China, Mali, Syria, Yemen and Algeria. Most often, computers were attacked in government and military institutions, telecommunications companies, banks, energy companies, nuclear research companies, media companies and Islamic activists.

Kaspersky Lab does not name the specific country behind the spy campaign. However, it clarifies that it is closely connected with Stuxnet, which was developed by order of the NSA for attacks on the facilities of Iran's nuclear program. A former NSA official told Reuters that Kaspersky's findings were correct. Current agency employees rate these spyware as highly as Stuxnet, he said.

Another former intelligence official confirmed that the NSA had developed a valuable way to hide spyware in hard drives, but said he did not know what spyware tasks were assigned to them.

2014: Surveillance of German Chancellor, Norwegian and Swedish politicians via Danish internet cable

The National Security Agency (NSA) of the United States from 2012 to 2014 spied on Chancellor FRGAngela Merkel, as well as other French, Norwegian and Swedish politicians through a Danish Internet cable connecting Europe and the United States.

This was found out in 2021 by DR, in a joint investigation with SVT, NRK, Le Monde, Süddeutsche Zeitung, NDR and WDR.

Access to information to US intelligence agencies was provided by the Danish Military Intelligence Service (FE). The investigation, which helped identify and confirm surveillance, has been going on since at least 2014 and has been called Operation Dunhammer

Among those spied on by the NSA in the "framework of Danish-American cooperation," in addition to Merkel, were ex-Foreign Minister Germany Frank-Walter Steinmeier, German politician Per Steinbrück, as well as the Danish Ministries of Foreign Affairs and Finance.

Representatives of the governments of Norway and Sweden have already demanded an explanation from Denmark.

2012: Attack on internet provider in Syria

In 2012, the NSA introduced malware into the computer systems of Syria's largest Internet provider. This was supposed to give the intelligence service access to mailboxes and other Internet traffic of users almost throughout the country. But something went wrong, and instead launched the so-called "bricking" procedure, also known as the Passionatepolka tool, which destroyed data on Syrian computers. As a result, the Internet disappeared for some time throughout Syria.

2011: Wiretapping of Mexico's presidential candidate

At the end of the Cold War USA , other countries fell into the spotlight. For example, in 2011, during the election race in Mexico, the NSA tapped the mobile phones of presidential candidate Enrique Peña Nieto and nine of his close supporters. For this, advanced was used, ON which made it possible to filter the necessary mobile lines and install regular wiretapping on them, as well as intercept 85 thousand text messages. A former NSA employee told the world about technology that can "find a needle in a haystack." Edward Snowden Mexico's previous president, Felipe Calderón, also suffered a NSA cyber attack that gained access to his email.

2010: Hacking systems of SIM card manufacturers and 70% of cellular operators in the world

^[22] was published on The Intercept in February 2015], a new fragment of secret correspondence from the US National Security Agency (NSA) and the UK Government Communications Center (GCHQ). It follows from the document that back in 2010, the largest manufacturers of SIM-cards (in particular - Bluefish and Gemalto), supplying their products to most countries of the world, were hacked by special services. This was done to obtain copies of the keys used in the authorization of cellular subscribers.

The incident with copying keys occurred in the spring of 2010, but its consequences were relevant for a very long time. SIM cards can last for years, and their Ki (Key for identification) does not change throughout the entire period of use. This is a pseudo-random number that is stored in the ROM of each SIM card. When the manufacturer sends SIM cards to the mobile operator who ordered them, databases containing their identity values ​ ​ (IMSI) and their corresponding identification keys Ki are also transmitted with them. Then each Ki acts as the secret key of a certain card, with the help of which the authentication center (AuC) of the telecom operator is authenticated when registering in the network and traffic is encrypted^[23].

The US National Security Agency (NSA) planned to be able to listen to almost any mobile phone in the world. This is indicated by a new portion of documents released in the fall of 2014 by the former system administrator of the department, Edward Snowden, and published by The Intercept, which was launched in 2014 by eBay founder Pierre Omidyar as a platform capable of releasing selected documents of Edward Snowden.

In December 2014^[24] reports were published on this resource, from which it follows that GCHQ is also behind the attack on Belgium's largest operator Belgacom.

As part of a covert operation called Auroragold, the NSA intercepted messages from email accounts belonging to employees of companies in the telecommunications industry. How this interception was carried out is not specified.

The main efforts were aimed at intercepting messages from members of the GSM Association, the largest consortium of over 800 major telecom operators, Internet providers, mobile device developers, equipment and software from 220 countries.

In particular, the NSA was interested in documents marked IR.21s. Such documents are exchanged by most operators in the world in order to provide roaming functions in foreign countries. As follows from the explanations, these documents contain information that can be used to hack networks, including to hack encrypted communications.

As of May 2012, the agency intercepted mail and received technical documents from 701 cellular operators, which accounted for 70% of their total number in the world (985 companies). Hundreds of channels were intercepted every month. According to The Intercept, the operation lasted at least 2010.

The collected information came to the team engaged in processing - highlighting the most valuable data from the general information garbage. The data was also transmitted to members of the Five Eyes intelligence alliance, which includes, in addition to the United States, the United Kingdom, Canada, Australia and New Zealand.

The large number of operators that the NSA established surveillance for was concentrated in Libya, China and Iran, although data collection was carried out in almost every country in the world.

The GSMA said it was not prepared to assess the NSA's actions until the documents submitted were reviewed by lawyers. Consortium spokeswoman Claire Cranton suggested that if the authorities wanted access to communications, they should contact the police.

As The Intercept adds, exploiting security vulnerabilities in commercial companies, the NSA is in conflict with the US National Institute of Standards and Technology, a government organization that recently donated more than $800,000 to GSMA to develop improved technologies to protect the personal data of mobile device users.

The fact that the NSA installs "bugs" in the equipment of well-known American manufacturers, which is exported, became known in 2013. The agency has also created a dedicated search engine to easily access an extensive metadata database containing information on billions of phone calls and messages from around the world.

1952: President Trueman unleashes attacks on communications systems

The US is the only country that has ever actually started a cyber war. According to Reuters^[25] news agency: ^[26]been^[27], the US National Security Agency (NSA) has been engaged in electronic espionage of foreign politicians and has been wiretapping foreign telecommunications systems since 1952.

The beginning of the global wiretapping of the whole world by the US intelligence services was laid by President Harry Truman, who promised in the 1950s to tell the Russian people the truth about his government. The initiative was called the "Campaign of Truth," and the so-called. The "big lie" of the Soviet government was revealed by hacking and wiretapping communications of that time.

Notes