Feds Waged Hundreds Of Cyberattacks On Other Countries; Spent $25 Million Buying Vulnerabilities

from the we-are-the-cybersecurity-threat dept

Tue, Sep 3rd 2013 5:41am — Mike Masnick

It's pretty typical for companies and governments hoping to "bury" important bad news to release it late on a Friday evening, hoping to miss the news cycle. If you're extra lucky, that Friday happens to come right before a long weekend, such as Labor Day. But, for the life of me, I can't figure out why a major news publication, like the Washington Post would break a big story on a Friday night before Labor Day weekend, pretty much guaranteeing that it doesn't get very much attention at all. Very bizarre -- but we figured we'd try to bring this story to you guys on Tuesday, back after the week is underway so the story doesn't get lost. The details: as suspected, the US is actually one of the leading proponents of offensive cyberattacks. This isn't a huge surprise, since they've more or less admitted to having "broad powers" but there have been questions both about the rules of engagement and just how often the US uses these capabilities.

Wonder no more. The Washington Post's Barton Gellman has the story from the black budget, showing 231 offensive cyber-operations in 2011, a number that likely went up quite a bit in 2012 (and again in 2013). For all the hype about "cybersecurity" threats from abroad, it still looks like the biggest cybersecurity threat out there is our own government. And, yes, everyone already knows about Stuxnet, and it sounds like most of these offensive efforts aren't nearly as ambitious, but there's still a lot going on.

Separately, the story confirms earlier reports that the US government is a huge purchaser of exploits from various hackers, choosing to exploit them, rather than use them to help protect our systems. For 2013, the feds budgeted $25.1 million for the "additional covert purchases of software vulnerabilities." But, that's really on a fraction of the number of exploits. The report notes that most vulnerabilities the NSA uses actually are designed at home.

Also those few hundred attacks appear to downplay the capabilities of the NSA (and the CIA) should they want to do more, because it sounds like they've hacked into a variety of networks and have zombie machines at the ready:

By the end of this year, GENIE is projected to control at least 85,000 implants in strategically chosen machines around the world. That is quadruple the number — 21,252 — available in 2008, according to the U.S. intelligence budget.

The NSA appears to be planning a rapid expansion of those numbers, which were limited until recently by the need for human operators to take remote control of compromised machines. Even with a staff of 1,870 people, GENIE made full use of only 8,448 of the 68,975 machines with active implants in 2011.

For GENIE’s next phase, according to an authoritative reference document, the NSA has brought online an automated system, code-named TURBINE, that is capable of managing “potentially millions of implants” for intelligence gathering “and active attack.”

While the fact that the NSA is doing all of this isn't a huge surprise and merely confirms earlier reports, the actual scale of the operations is certainly quite eye-opening.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: black budget, cyberattacks, ed snowden, genie, nsa, nsa surveillance, offensive attacks, stuxnet, surveillance

21 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Anonymous Coward, 3 Sep 2013 @ 5:54am

The NSA is systematically weakening US computer security
That seems like a bold and non-obvious statement, so let me explain.

There are two ways to break into someone else's system: (1) break into it (2) wait for someone else to break into it, then exploit the opening they've graciously provided for you.

It's clear that the NSA is attacking large numbers of systems and doing so successfully. By doing that, they're punching holes in those systems' defenses, and of course those holes are now exploitable by anybody else who comes along equipped with sufficient knowledge.

There are plenty of people equipped with sufficient knowledge, including freelance security experts as well as those in the employ of other governments, not all of which are friendly to the US and none of which are guaranteed to be friendly to the US a year or a decade or a century from now.

But it gets worse: one of the secondary consequences of this strategy is that control of a compromised system doesn't only have value in terms of what that system holds (or transmits/receives); it has value in terms of what that system is and where it is. In a traditional military situation, "holding the high ground" is a desirable tactic; the same is true in computer security. Having control of a random Windows box on the far end of a DSL connection isn't particularly important; but having control of a Solaris server sitting on someone's corporate network is.

Thus, the NSA is, in essence, paving the way for others. They're making the task of gaining control of large numbers of strategic systems much easier than it should be.
[ link to this | view in chronology ]
- Sneeje (profile), 3 Sep 2013 @ 6:07am
  
  Re: The NSA is systematically weakening US computer security
  An interesting analysis. To continue the analogy about high-ground, in warfare a particular high-ground is scarce--it cannot be held by two competing parties. It seems less clear whether that particular constraint applies to vulnerabilities and compromised systems.
  [ link to this | view in chronology ]
  - PRMan, 3 Sep 2013 @ 10:00am
    
    Re: Re: The NSA is systematically weakening US computer security
    Well, according to Gary McKinnon, the Brit that was in the Pentagon system, the Chinese kept kicking him out.
    [ link to this | view in chronology ]
Anonymous Coward, 3 Sep 2013 @ 5:59am

usual situation, then. blame everyone else for doing something so it keeps attention off of the one that is doing it the most! again, as usual, it's the USA! oh, and dont forget to add on the UK government! it is so far into Obama's pants, it cant get out!
[ link to this | view in chronology ]
- Anonymous Coward, 3 Sep 2013 @ 8:43am
  
  Re:
  As we learned in kindergarten: He who smelt it dealt it.
  [ link to this | view in chronology ]
Peter (profile), 3 Sep 2013 @ 6:04am

You go girl... sorry, boy, uh man..
I know the subject line is pretty weak, I'll grant you that, but nonetheless I just want to say your doing a beautiful job, you really are. Please keep it up -- your one of the most important people we have -- for all of the stories about the NSA, not just one or two.
[ link to this | view in chronology ]
Anonymous Coward, 3 Sep 2013 @ 6:04am

I get the feeling that the predictions of a "Cyber-Pearl Harbor" are ever more likely to come true.

The US is building an offensive capability positioned to attack other nations. It's only a matter of time before someone gets scared and tries disable that capability.

Once that happens the revenge will be seen as justified. Personally I don't want to play the part of Japan...
[ link to this | view in chronology ]
This comment has been flagged by the community. Click here to show it

out_of_the_blue, 3 Sep 2013 @ 6:13am

Oh, MAYBE was overshadowed by possibility of ACTUAL WAR?
"But, for the life of me..." -- Really, Mike? Did you entirely MISS this weekend that US might launch attacks against Syria and touch off reactions by Iran, Russia, and maybe China that might lead to World War 3, even a nuclear exchange?

There's nothing really new here is another major point.

But speaking of Stuxnet, it seems possible that Fukushima was infected with it, from reports that metering indicated no problems while there clearly was. If so, then that US/Israeli attempt to sabotage Iran may be responsible for largest nuclear disaster in history.

Worse than being censored on the net is being advertised. You can escape censorship with your ideas intact; advertising explicitly has the goal of changing you.
[ link to this | view in chronology ]
- Anonymous Coward, 3 Sep 2013 @ 6:39am
  
  Re: Oh, MAYBE was overshadowed by possibility of ACTUAL WAR?
  No Blue, Fukushima was infected by an earthquake and a tsunami. Slightly beyond the capabilities of The Rich� I'm afraid.
  [ link to this | view in chronology ]
- Anonymous Coward, 3 Sep 2013 @ 6:50am
  
  Re: Oh, MAYBE was overshadowed by possibility of ACTUAL WAR?
  may be responsible for largest nuclear disaster in history
  
  Chernobyl rather predates Stuxnet a wide margin.
  [ link to this | view in chronology ]
halley (profile), 3 Sep 2013 @ 6:26am

Now that a few dozen smaller bombshell releases have been made in the press, it's time to start collecting them in an easy-to-digest format. People are going to get bombshell-fatigued; I'm sure I'm forgetting some of the revelations already. Infographics, bullet lists, executive summaries. Group related findings together; explain the implications of each. Make up a checklist of all the forms of communication, or a matrix if you want to break out everyone, residents, citizens, and other populations under surveillance.
[ link to this | view in chronology ]
Anonymous Coward, 3 Sep 2013 @ 6:30am

NSA likes to target routers with "implants", aka malware/spyware. Once the router is compromised, the NSA can then launch further attacks inside the LAN network that router is connected too.

Effectively bypassing firewalls and easily spreading their malware to unprotected LAN computers on that network.

I believe Snowden already mentioned routers are a high priority target for Unconstitutional NSA spies.
[ link to this | view in chronology ]
Anonymous Coward, 3 Sep 2013 @ 6:39am

I do not know about all this but to an old time controls engineer you seem to have a very compelling case of why an analog control system is inherently superior to a digital one impossible to crack.
[ link to this | view in chronology ]
art guerrilla (profile), 3 Sep 2013 @ 7:18am

i presume you were being droll...
...in wondering why the wapo released this during the normal 'bury the story' time frame...

as the wapo has LONG been working hand-in-glove with the -in general- powers that be, and -in particular- with the alphabet soup spooks...

limited hangouts, and all that...
they can't avoid ALL the slime that is being revealed, so they might as well control some portion of it from being presented in too revelatory fashion...

(oh, and -once again, for the umpteenth time- revelatory is TOO a fucking word, you useless spel czech crapware)

also, completely agree with the poster who talked about how this DECREASES computer security for EVERYONE (including the attackers!): you make a tool, someone is going to turn it against you, sure as night follows day...

art guerrilla
aka ann archy
eof
[ link to this | view in chronology ]
Jesse (profile), 3 Sep 2013 @ 7:38am

We need cybersecurity laws because after we're done pissing the whole world off they will be coming after us!
[ link to this | view in chronology ]
Chronno S. Trigger (profile), 3 Sep 2013 @ 9:10am

So this "Cyber War" the US government has been warning us about is a real thing and they are the ones waging it. Why am I not surprised?

It's only a matter of time before someone turns around and gives the schoolyard bully a black eye. I've seen it quite a few times when I was in school, and sometimes you just have to stand back and let it happen. But I say this to the rest of the world, I and most of my fellow citizens are not involved nor condone these practices. Go ahead, give the bully a black eye, just leave us out of it.
[ link to this | view in chronology ]
- Zem, 3 Sep 2013 @ 4:49pm
  
  Re:
  Sometimes the bully doesn't get a black eye. Instead they get to grow old, alone, wondering why they have no friends.
  [ link to this | view in chronology ]
gorehound (profile), 3 Sep 2013 @ 11:56am

More than just one person is going to go after this Corrupted POS Government.Not only do they use illegal unconstitutional methods against us, the Citizens, but one can only imagine what they are doing to others who are not in our Nation.
[ link to this | view in chronology ]
Edward Teach, 3 Sep 2013 @ 1:04pm

Which Botnet does this 85,000 correspond to?
[ link to this | view in chronology ]
That Anonymous Coward (profile), 3 Sep 2013 @ 3:24pm

And the funny question is, how long had they been doing this type of work before someone realized it could be done to us?
I guess that whole cyber pearl harbor thing, where we were just innocents who were going to be attacked was a bigger lie than first thought.
[ link to this | view in chronology ]
Too far from DC, 3 Sep 2013 @ 3:52pm

These are ALL just SYMPTOMS, must excise the problem
How am I supposed to be capable of building ANY kind of decent life when......

....the government has DEFINITELY BEEN INFILTRATED (via encroachment) by the lowest form of human life (the Fascists) and once again are attempting to take over the world?

....the people in elected government positions refuse to comply with their official duties and execute their oaths of office sworn to God and man alike?

...when a previously "fair" Supreme Court (with similar timing to both other branches of govt) by its recent decisions does willfully demonstrate their "opinions" are for sale just like in Congress. (If money is speech, and corporations are people so must bullets be, and murder no longer a crime as no corporation can be incarcerated for its crimes)

...when POTUS (BOTH terms) refuses to open his personal records AT ANY TIME or ANY REASON since 2007?

...when POTUS illegitimately pursues acts of blatant terrorism against his own population, then claims "for my security" he has no option but burn three Constitution & Bill of Rights?

...when the NSA, TSA, DHS etc. so filled with hubris to vacate their charters for ego driven "control" they prove by deed their priority is government security, NOT national security?

....We The People can only count on one thing from a government usurped by those whose actions define them as psychopathic, THE ABSOLUTE NECESSITY FOR MILLIONS of We The People, to travel to DC and bodily capture these worst of all criminals, and put them on public trial with public disposition of sentences.

I'm near the West Coast, and have already been bled dry of even the resources needed to travel to DC, or I would be happy for History to remember me as the man who began the American Revolution v. 2.0
[ link to this | view in chronology ]