Newly released documents from the Edward Snowden trove reveal that the NSA actually had operatives working inside companies in order to help them gain secret information and enable acts of sabotage.
The National Security Agency has had agents in China, Germany, and South Korea working on programs that use “physical subversion” to infiltrate and compromise networks and devices, according to documents obtained by The Intercept.
The documents, leaked by NSA whistleblower Edward Snowden, also indicate that the agency has used “under cover” operatives to gain access to sensitive data and systems in the global communications industry, and that these secret agents may have even dealt with American firms. The documents describe a range of clandestine field activities that are among the agency’s “core secrets” when it comes to computer network attacks, details of which are apparently shared with only a small number of officials outside the NSA.
All this was revealed in a document that was released about a program called Sentry Eagle.
The most controversial revelation in Sentry Eagle might be a fleeting reference to the NSA infiltrating clandestine agents into “commercial entities.” The briefing document states that among Sentry Eagle’s most closely guarded components are “facts related to NSA personnel (under cover), operational meetings, specific operations, specific technology, specific locations and covert communications related to SIGINT enabling with specific commercial entities (A/B/C).”
…But the briefing document suggests another category of employees—ones who are secretly working for the NSA without anyone else being aware. This kind of double game, in which the NSA works with and against its corporate partners, already characterizes some of the agency’s work, in which information or concessions that it desires are surreptitiously acquired if corporations will not voluntarily comply. The reference to “under cover” agents jumped out at two security experts who reviewed the NSA documents for The Intercept.
“That one bullet point, it’s really strange,” said Matthew Green, a cryptographer at Johns Hopkins University. “I don’t know how to interpret it.” He added that the cryptography community in America would be surprised and upset if it were the case that “people are inside [an American] company covertly communicating with NSA and they are not known to the company or to their fellow employees.”
The ACLU’s Soghoian said technology executives are already deeply concerned about the prospect of clandestine agents on the payroll to gain access to highly sensitive data, including encryption keys, that could make the NSA’s work “a lot easier.”
Crimson Clupeidae says
I’m in the aerospace industry, and though I don’t currently work on any government programs, it wouldn’t have surprised me much to find that more than one of the people around me were government plants of some kind. Not many of the ones I worked directly with, and I wasn’t in a particularly sensitive area, but I bet there were a few around.
lanir says
I work in IT and do system administration work. I tend to have full access to most systems. The servers keeping the business going I have full access to -- sometimes the laptop they gave me they don’t trust me to install programs to without someone holding my hand. This is the security environment I tend to work in. All show and no practical knowledge of how to really mitigate risk factors. It leaves you with a one-size-fits-all security model that often leaves you with less secure areas.
I am hired for my knowledge then ignored when I use it as I speak to people in the company about best practices. I often recommend hiring other people with my level of knowledge so that someone else can check my work but this never happens. I generally make a point to suggest at least once that we get rid of useless security theatre that does nothing but get in the way without adding security but this also never happens.
In this sort of corporate environment (which I’ve found to be quite common at companies of all sizes but especially bigger ones) it doesn’t surprise me that some people will take money to do immoral things. I’ve occasionally left a job angry and had coworkers ask if I’d sabotaged something on the way out. The answer is always the same. No, I have ethics (which is the truth). As I keep learning, this makes me wildly unsuitable for any NSA position. I can’t seem to bring myself to feel very bad about that.
Marcus Ranum says
Ask the people at Hagelin and Crypto Ag how they feel. At Crypto Ag, NSA “consultants” pretended to be improving their key distribution system, but weakened it critically, instead. The NSA employee pretended to be a private cryptography expert. The same trick was performed on Hagelin. And, it appears, on RSA -- though RSA was paid substantially for the privilege of having their reference
Implementation shot below the waterline. AT&T’s team that worked on the 2600TSD rejected helpful “suggestions” on their key exchange that might have facilitated man in the middle attacks, and then there was the great distraction of the Clipper chip.
NSA’s actions have not benefitted national security but have furthered NSA’s mission of compromising communications. The mistake people make is assuming NSA’s mission is National Security. It’s not.
Marcus Ranum says
There are indications NSA improved DES, according to Coppersmith at IBM. Dennis Branstad once told me, sotto voce, that that was because NSA planned to prevent it from becoming a standard, but the reference implementation was published by IBM by mistake because they misunderstood NIST guidance (NIST at that time was acting as NSA’s sockpuppet) and the cat escaped from the bag. NSA thought the reference was was a hardware spec and proceeded to lay great mooing classified spherical cows when IBM published source code.
I know some of the characters in that tragicomedy and none of them are awkward enough to have really done what they did by accident 🙂
Dunc says
Do these people button up the back or something? What, exactly, do they think the NSA do all day? Or is this just a Captain Renault act?
ludicrous says
As of yesterday when I try to go to talkingpointsmemo I get this:
http://talkingpointsmemo.com/cgi-bin/redirect.ha
I have ATT uverse for my internet connection service. It will slow down and stop maybe a couple times a month and whatever site I am trying to connect with at that time will be infected with this. So now, again I will have to call ATT and go thru some process which I don’t understand or remember to get it fixed. Seems to me I have had to let them take remote control of my computer to fix it. When I ask why ATT doesn’t fix this they talk stupid as if it’s not something they are doing….. but google tells me it is ATT’s problem.
So now I am wondering if this might be a way for the snoops to get into our computers My computer? That would mean they are vacuuming up everything.
Chiroptera says
ludicrous, #6:
Huh. I have a website that I can’t check on my home computer because of a similar problem. I can still access the site with my mobile device so I thought it was just a setting wrong on my computer that I can’t find. (My work computer with the same operating system and browser also accesses it fine.)
It’s uverse’s fault? Damn.
Chiroptera says
ludicrous, #6:
When I mentioned this problem to a friend, he suggested powering off (unplugging) the uverse router. While it was powered off, I booted my affected computer and cleared the cache on my browsers (I suspect this step was unnecessary). Turned the router back on, and the problem was solved. I’m guessing that the router has an internal cache and powering off cleared it; I think clearing the browser chache was unnecessary.
Sorry for the derail; just in case anyone else finds this useful.