What Desktop Innovation Needs to Succeed
Open Source Feminism: The Unfinished Revolution
Why Debian Is the Gold Standard of Upstream Desktop Linux
Yesterday's Man: The Fall of Richard Stallman
What's the Future of Free Software?
November 25th, 2013

Hacked by the NSA

The Internet has become a neighborhood infested with cockroaches.

On Saturday, the Dutch newspaper NRC reported that the NSA has infected over 50,000 computer networks with malware designed to steal sensitive data. The allegation arises from examination of documents supplied by Edward Snowden and “seen by” NRC reporters.

“The malware can be controlled remotely and be turned on and off at will. The ‘implants’ act as digital ‘sleeper cells’ that can be activated with a single push of a button. According to the Washington Post, the NSA has been carrying out this type of cyber operation since 1998.”

These activities are being performed by over a thousand hackers employed in an NSA department called Tailored Access Operations or TAO.

Bumblehive NSA

The “Bumblehive” NSA facility in Utah

The NRC article includes a NSA slide indicating that in addition to the infected computer networks, the NSA has gained access and presumably spliced into fiber optic cables carrying Internet traffic at 20 locations, mostly located outside of the U.S. This is most interesting in light of the fact that Brazil has plans to lay new fiber optic cable that would link that country’s Internet with Europe, bypassing the United States. This was done in response to information, also leaked by Snowden, about the NSA’s spying on Brazil, which included intercepting Brazilian president Dilma Rousseff’s phone calls.

Rousseff’s proposals rest upon the premise that by routing web traffic away from American soil and keeping data within Brazil, the Brazilian government could more easily control and secure citizens’ online information. But experts say the plans would do little to stop the NSA from spying on Brazilian communications, and some worry that they could lead to a more fractured internet.

The Verge; September 25, 2013

It appears as if these experts are right. A cable doesn’t have to go anywhere near the USA to be successfully tapped by the NSA.

As news continues to be released, it becomes more and more obvious that the NSA is now the de facto owner of the Internet and at this point it appears that little can be done about it. The federal government has poured over $1.5 billion into the Bumblehive project alone, the million square foot facility in Utah that includes a 100,000 square foot data center. It seems doubtful, given the amount of money the U.S. government has put into such NSA projects, that legislators will vote to shut down these operations anytime soon — if ever.

The Bumblehive facility, where a September opening has been delayed due to unexplained power surges, would seem to be designed to withstand just about any calamity, up to and including World War III. According to a NSA watchdog website that collects facts on the NSA, the facility “includes water treatment facilities, chiller plants, electric substation, fire pump house, warehouse, vehicle inspection facility, visitor control center, and sixty diesel-fueled emergency standby generators and fuel facility for a 3-day 100% power backup capability.”

It’s also evidently designed for constant ongoing upgrades:

“In February 2012, Utah Governor Gary R. Herbert revealed that the Utah Data Center would be the ‘first facility in the world expected to gather and house a yottabyte’. Since then, conflicting media reports have also estimated our storage capacity in terms of zettabytes and exabytes. While the actual capacity is classified for NATIONAL SECURITY REASONS, we can say this: The Utah Data Center was built with future expansion in mind and the ultimate capacity will definitely be ‘alottabytes’!”

There is little doubt that the NSA’s activities will have a negative effect on the U.S. tech sector. Some countries are already considering mandating that business servers be located in-country in an attempt to thwart intrusions by the agency. The Swiss are taking a further step and have hopes of profiting from their strong privacy laws with “Swiss Cloud,” a cloud service being developed with security in mind by Swisscom, in which the Swiss government has a majority stake.

The most damage will probably come to U.S. enterprise level proprietary software companies such as Microsoft and Oracle. There have been credible allegations that Microsoft has built back doors into Windows for NSA access and that they’ve notified intelligence agencies of unpatched security vulnerabilities which have then been exploited against foreign targets.


Editor’s note: This article was updated 11/29/13 to more clearly identify a source used in this article.

Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux

8 comments to Hacked by the NSA