U.S. intelligence specialists conducted 231 cyber-operations in 2011, part of a full-spectrum surveillance campaign that uses the internet for sabotage, spying, and war. Based on leaked documents detailing the $56 billion “black budget” by Edward Snowden, the Washington Post paints a disturbing picture of cyber-warriors infiltrating thousands of computers and networks across the globe. Under a campaign of clandestine activity codenamed GENIE, computer “hackers” use tailor-made “implants”, or malware, to exploit and disrupt foreign IT infrastructures.
These offensive operations were primarily targeted against Iran, Russia, China, and North Korea. The “Stuxnet” worm developed by the U.S. and Israel is the most prominent example of cyberattack.The sophisticated virus was used to sabotage Iranian scientists’ efforts to enrich uranium. According to an October 2012 presidential directive, cyber-operations are activities intended to “to manipulate, disrupt, deny, degrade, or destroy information resident in computers or computer networks, or the computers and networks themselves”. In apparent distinction to China’s cyberattacks (carried out by the Technical Reconnaissance Bureau of the People’s Liberation Army), the U.S. government hackers do not, officially, go after corporate data or systems.
Cyber-operations can involve the physical intrusion of a compromised system. According to the leaked budget document, these are known as “field operations”, often carried out by CIA operatives or other clandestine military forces. But usually implants are software, not hardware.
The Office of Tailored Access Operations (TAO) is an NSA group charged with developing unique software implants to hack into an enemy system, bypassing and exploiting routers, switches, and firewalls. The TAO implants harvest all kinds of data, and can endure hardware upgrades and tunnel into connected networks. In some cases, a comprised device can open the door to thousands of others. The purpose of such implants can be to lay dormant, creating a “back door” for future access. Under U.S. cyberdoctrine, these operations are known as “exploitation”, and serve to prefigure future attacks.
By the close of 2013, GENIE is projected to control at least 85,000 implants in “strategically chosen computers”. That number is quadruple the 2008 figure. The NSA is thus rapidly escalating the number of what could be called “zombie machines” across the planet. At present, GENIE is limited by a staff of 1,870 people. This means that only a slice of the total number of compromised systems can be directly controlled. However, the next phase would be a more automated system that takes human operators out of the loop.
Codenamed TURBINE, the NSA has already rolled out an automated online system that is capable of managing “potentially millions of implants”, both for intelligence and attack.
The most skilled NSA hackers are based in TAO’s headquarters, the Remote Operations Center in Fort Meade, Maryland. It is more commonly referred to as “the ROC” (as in, the rock). Teams from the FBI, CIA, and U.S. Cyber Command with alongside the ROC, as do operators from the NSA’s National Threat Operations Center, whose mission was cyberdefence. ROC’s “breaking and entering” GENIE infrastructure absorbs nearly 2/3 of the cyber-operations budget of $1.02 billion in fiscal 2013.
The boom in TAO is mirrored by the growth of the CIA’s Information Operations Center (IOC). This unit employs “hundreds” of people across Northern Virginia, and is now one of the agency’s largest divisions, focusing on cybersecurity. While U.S. Cyber Command attracts a lot of attention, the IOC undertakes “notable offensive operations” according to the document.
The GENIE is out the bottle. A huge infrastructure created by the intelligence community and the military now spans across the globe, targeting virtual space with sophisticated implants designed to exfiltrate sensitive data, and sabotage those assets deemed threatening to U.S. national security. While its coordinates may currently be limited by human operators, the existence of project TURBINE will fully automate the number of “zombie” machines infected by NSA and CIA malware. The result will be millions of computers that unknowingly feed information directly to the U.S. homeland. Of course, the additional threat comes from the proliferation of implants and malware from a range of nation-states, as the internet is increasingly militarized and firewalled in the name of competing claims to “security” and “defense”.