Skip to main content

New leaks reveal broad scope of US cyber offensive

New leaks reveal broad scope of US cyber offensive

Share this story

black budget
black budget

Yesterday, The Washington Post revealed that US spy agencies proposed a $52 billion "black budget" for 2013. What would they do with all that cash? Among other things, they could spend $1 billion on cyberwarfare, with two-thirds of that funding hundreds of digital preemptive strikes to turn foreign networks into the computer equivalent of sleeper agents for the US. That's precisely what happened in 2011, according to The Washington Post's latest scoop, when US intelligence agencies carried out 231 offensive cyber-ops, using a program called GENIE to place "covert implants" into what the publication reports are "tens of thousands of machines every year."

Striking from afar with software

According to the Post, nearly 75 percent of the operations carried out under the $652 million GENIE program were aimed at top-priority targets: countries like Iran, Russia, North Korea, and China. The documents also provide a clearer view of how many of these programs are carried out. There are reference to "field operations" — basically, sending agents out to a physical location to modify software or hardware at a given site — but the more common scenario is to use custom software tools put together by the NSA's Tailored Access Operations (TAO). The documents reveal that TAO has its own set of software templates that allow it to break into common brands of routers, firewalls, and switches, and that its implants are designed to be resistant to software updates and other upgrades. They can copy stored data, "harvest" communications, and work their way into any connected networks as well.

The documents reveal that TAO is currently working on a new generation of software implants that can actually identify specific voice communications and secretly send out excerpts as desired. According to the budget, GENIE is projected to control at least 85,000 implants by the end of 2013 — up from 21,252 in 2008.

'TURBINE' may automate future attacks

Scaling the number of implants up introduces a different set of issues, however, as individual people were needed to take control of machines that had been compromised. GENIE reportedly had a staff of 1,870 in 2011, but was able to make use of only 8,448 of the nearly 69,000 compromised machines it had at the time. According to the Post, the solution to that problem is an automated system known as "TURBINE" that may be able to manage millions of GENIE implants for attack and intelligence gathering — essentially creating a gigantic, NSA-controlled botnet.

Funding these cyber-initiatives is a 2013 budget of $1.02 billion — of which about one-third is said to have gone to defensive measures such as protecting sensitive US computer networks from attack. The proactive efforts under the GENIE program, on the other hand, took up nearly two-thirds of the budget: $651.7 million. $25.1 million also went towards the purchase of software vulnerabilities on the grey market.

Though the US government didn't officially address most of the Post's scoop, an NSA spokesman did confirm that the United States "does engage" in network exploitation behavior. However, the agency did seek to distance itself from the allegations of economic espionage that have been directed towards China as of late. "The department does ***not*** (emphasis his) engage in economic espionage in any domain, including cyber," the spokesman told the Post.