Another day, another NSA revelation. German magazine Der Spiegel reported Sunday of an elite spying division within the agency that conducts its most difficult and sensitive operations.
The group, Tailored Access Operations (TAO), conducts cyber attacks, intercepts computer deliveries, exploits software security flaws, and all around is responsible for “getting the ungettable” – according to NSA documents retrieved by Der Spiegel. The magazine compares the unit to a “squad of plumbers that can be called in when normal access to a target is blocked.”
Instead of plungers, TAO specialists use Microsoft Windows crash reports to gain access to computers, tap undersea Internet cables, and hack into email servers (including Blackberry). But the news outlet reports sometimes even the most sophisticated of spies resort to old school tactics to target the world’s most high-profile targets, such as intercepting shipping deliveries.
If a target person, agency or company orders a new computer or related accessories, for example, TAO can divert the shipping delivery to its own secret workshops… At these so-called "load stations," agents carefully open the package in order to load malware onto the electronics, or even install hardware components that can provide backdoor access for the intelligence agencies. All subsequent steps can then be conducted from the comfort of a remote computer.
Der Spiegel’s cache of NSA internal documents, which the magazine has not yet identified the source of, also adds more to our understanding of the culture inside the agency. Take for example TAO’s habit of hijacking Windows crash reports:
Although the method appears to have little importance in practical terms, the NSA's agents still seem to enjoy it because it allows them to have a bit of a laugh at the expense of the Seattle-based software giant. In one internal graphic, they replaced the text of Microsoft's original error message with one of their own reading, "This information may be intercepted by a foreign sigint system to gather detailed information and better exploit your machine." ("Sigint" stands for "signals intelligence.")
Read the full report, which is certain to make you question your own cybersecurity.