Skip to main content

NSA infected over 50,000 networks with 'Computer Network Exploitation'

Time to break out the virus scanner – or, perhaps, to nuke your computer from orbit. (It's the only way to be sure.)

According to new documents provided by the National Security Agency's favourite foe, former employee-turned-whistleblower Edward Snowden, Dutch newspaper NRC Handelsblad is reporting that the NSA has infected more than 50,000 computer networks with malware in a process known as "Computer Network Exploitation."

The process itself is nothing new. These "implants," as they're known in NSA terms, are deployed by a department within the agency known as TAO, or "Tailored Access Operations." Software engineers within TAO allegedly break into various routers, switches, and firewalls – to name a few devices – in an effort to compromise networks and, thus, gain access to the data being transmitted by the devices connecting to them.

As of 2008, TAO was allegedly able to deploy approximately 21,252 of these implants, and it was estimated that as many as 85,000 or so could be deployed by the end of 2013. Since the numbers NRC Handelsblad is reporting are based on a mid-2012 count, it's certainly possible that the NSA has been able to achieve its goal.

"The malware can be controlled remotely and be turned on and off at will. The 'implants' act as digital 'sleeper cells' that can be activated with a single push of a button," described reporters Floor Boon, Steven Derix, and Huib Modderkolk.

However, if you're thinking of some kind of Mission Impossible-like setup whereby a team of hackers in a room somewhere are launching pretty, graphical attacks at enemy networks — something that could be straight out of the Uplink game, you'd be mistaken.

As we reported this month, the British intelligence agency "Government Communications Headquarters," or GCHQ, performed a similar bit of network infiltration within Belgacom, a telecommunications provider in Belgium. To hack its way into the network, however, the agency employed fake LinkedIn pages and Slashdot websites to ensnare employees within the company's security and maintenance divisions and dump malware on their systems.