By Dan Farber
A new report from Der Spiegel, based on internal National Security Agency documents, reveals more details about how the spy agency gains access to computers and other electronic devices to plant backdoors and other spyware.
The Office of Tailored Access Operations, or TAO, is described as a “squad of digital plumbers” that deals with hard targets — systems that are not easy to infiltrate. TAO has reportedly been responsible for accessing the protected networks of heads of state worldwide, works with the CIA and FBI to undertake “sensitive missions,” and has penetrated the security of undersea fiber-optic cables. TAO also intercepts deliveries of electronic equipment to plant spyware to gain remote access to the systems once they are delivered and installed.
Der Spiegel: Inside TAO -Documents Reveal Top NSA Hacking Unit
Der Spiegel: Shopping for Spy Gear – Catalog Advertises NSA Toolbox
According to the report, the NSA has planted backdoors to access computers, hard drives, routers, and other devices from companies such as Cisco, Dell, Western Digital, Seagate, Maxtor, Samsung, and Huawei. The report describes a 50-page product catalog of tools and techniques that an NSA division called ANT, which stands for Advanced or Access Network Technology, uses to gain access to devices.
This follows a report that the security firm RSA intentionally allowed the NSA to create a backdoor into its encryption tokens.
“For nearly every lock, ANT seems to have a key in its toolbox. And no matter what walls companies erect, the NSA’s specialists seem already to have gotten past them,” the report said. The ANT department prefers targeting the BIOS, code on a chip on the motherboard that runs when the machine starts up. The spyware infiltration is largely invisible to other security programs and can persist if a machine is wiped and a new operating system is installed.
With the exception of Dell, the companies cited in the report and contacted by Der Spiegel claimed they had no knowledge of any NSA backdoors into their equipment.
In a blog post Sunday, a Cisco spokesperson wrote:
At this time, we do not know of any new product vulnerabilities, and will continue to pursue all avenues to determine if we need to address any new issues. If we learn of a security weakness in any of our products, we will immediately address it. As we have stated prior, and communicated to Der Spiegel, we do not work with any government to weaken our products for exploitation, nor to implement any so-called security ‘back doors’ in our products.
The NSA declined to comment on the report but said the TAO was key for national defense.
“Tailored Access Operations (TAO) is a unique national asset that is on the front lines of enabling NSA to defend the nation and its allies,” the agency said in a statement. “We won’t discuss specific allegations regarding TAO’s mission, but its work is centered on computer network exploitation in support of foreign intelligence collection.”
The end does not appear to be in sight for the revelations from the documents obtained by Edward Snowden, according to Glenn Greenwald, the journalist who first collaborated with Snowden to publish the material. In a speech delivered by video to the Chaos Communication Congress (CCC) in Hamburg on Friday, he said, “There are a lot more stories to come, a lot more documents that will be covered. It’s important that we understand what it is we’re publishing, so what we say about them is accurate.”