Skip to main content

NSA team spies, hacks to gather intelligence on targets, report says

By Dugald McConnell and Brian Todd, CNN
December 31, 2013 -- Updated 1217 GMT (2017 HKT)
  • NSA unit called Tailored Access Operations combines spying and hacking to track its targets
  • Techniques include installing spyware, setting up fake websites to gather usernames
  • TAO works "in support of foreign intelligence collection," an NSA spokeswoman says
  • German magazine reported on the group based on internal agency documents

(CNN) -- A top-secret National Security Agency team uses spyware and hacking to gather intelligence on targets, according to a new report based on internal agency documents.

According to Der Spiegel, a German magazine that published some of the documents, the unit's interception techniques are worthy of James Bond: intercepting a computer being shipped to a target and installing spyware before it is delivered; supplying an altered monitor cable that transmits everything on a computer's screen to the NSA; or planting a USB plug with a secret radio transmitter.

The unit, called Tailored Access Operations, also uses hacking in addition to spy craft. The most basic method involves phishing, sending an e-mail that lures a target into clicking on it and unknowingly downloading NSA spyware. More sophisticated techniques include identifying exploitable computer vulnerabilities by eavesdropping on a target's error messages; tracking a target's cookies to shadow their Internet use; and even surreptitiously diverting a target's web surfing to phony replica web pages of commonly used sites such as LinkedIn and Facebook.

Agents could use such fake sites both to see what a target is typing and to try to insert spyware on the target's computer, according to cybersecurity expert Michael Sutton at ZScaler, a California-based information technology security company.

"Now they have my username and password, they can get into my account and help them in other attacks," said Sutton. "But in this particular scenario, what they really want to do is infect my machine" by transferring malware to it.

"From an eavesdropping perspective, this is a gold mine," he said. "If I can 'own' your computer, if I can gain access to it and gain a foothold into it, now I have access to all of your secrets."

An NSA spokeswoman declined to discuss specific reports about the unit but said in a statement, "Tailored Access Operations (TAO) is a unique national asset that is on the front lines of enabling NSA to defend the nation and its allies."

She added that "its work is centered on computer network exploitation in support of foreign intelligence collection."

The documents in Der Spiegel named targets that were penetrated successfully, including Mexico's security service and an underwater communications cable network. In 2010, TAO counted 279 active operations worldwide.

"This is NSA's hacking organization," said Matthew Aid, who wrote a book about the NSA and said he has spoken to members or former members of the unit. "It's 1,600 men and women, military and civilians, average age mid-20s, maybe early 30s, so it's a very young, very tech-savvy organization."

The hackers focus on foreign militaries, governments and corporations, he said, and they are protected by multiple levels of secrecy.

"Cypher-locked doors. Retinal scanners. You have to have a special need-to-know clearance for access to the TAO spaces at NSA. And the people who work there can't talk to any other NSA employees about what they do and how they do it."

This report follows a string of revelations leaked by former NSA contractor Edward Snowden about privacy and spying, from the tracking of millions of overseas cell phones, to the monitoring of foreign leaders' phones, to the global bulk scanning of e-mails.

President Barack Obama commissioned a panel to review the NSA's tactics, and he is expected to address their findings in January.

According to the documents posted online by Der Spiegel, TAO programmers develop spyware to infiltrate everything from smartphones and computers to routers, servers, hard drives and firewalls to access global communications traffic. But there is no indication that the companies whose products were targeted, such as Samsung, Dell, and Cisco, cooperated with the NSA's spyware or were even aware of it.

"No commercially available security system can detect a bug implanted by TAO," said Aid. "That's its reputation."

Part of complete coverage on
Data mining & privacy
June 23, 2013 -- Updated 1425 GMT (2225 HKT)
He's a high-school dropout who worked his way into the most secretive computers in U.S. intelligence as a defense contractor.
May 29, 2014 -- Updated 1226 GMT (2026 HKT)
Traitor or patriot? Low-level systems analyst or highly trained spy?
May 29, 2014 -- Updated 1927 GMT (0327 HKT)
What are the takeaways from Snowden's NBC interview? You might be surprised.
April 18, 2014 -- Updated 1152 GMT (1952 HKT)
Months after accepting asylum in Russia, Snowden asked Putin about Moscow's own surveillance practices.
March 12, 2014 -- Updated 1643 GMT (0043 HKT)
A federal judge has refused the Obama administration's request to extend storage of classified NSA telephone surveillance data beyond the current five-year limit.
March 10, 2014 -- Updated 0044 GMT (0844 HKT)
From his sanctuary in the Ecuadorian embassy in London, Julian Assange said that everyone in the world will be just as effectively monitored soon -- at least digitally.
March 11, 2014 -- Updated 0039 GMT (0839 HKT)
In a rare public talk via the Web, fugitive NSA leaker Edward Snowden urged a tech conference audience to help "fix" the U.S. government's surveillance of its citizens.
August 2, 2013 -- Updated 0355 GMT (1155 HKT)
The White House is "very disappointed" that National Security Agency leaker Edward Snowden has been granted temporary asylum in Russia.
December 10, 2013 -- Updated 1357 GMT (2157 HKT)
Spies with surveillance agencies in the U.S. and U.K. infiltrated video games like "World of Warcraft" in a hunt for terrorists "hiding in plain sight" online.
August 2, 2013 -- Updated 1139 GMT (1939 HKT)
Bradley Manning and Edward Snowden both held jobs that gave them access to some of their country's most secret and sensitive intelligence. They chose to share that material with the world and are now paying for it.
August 1, 2013 -- Updated 1435 GMT (2235 HKT)
The NSA's controversial intelligence-gathering programs have prevented 54 terrorist attacks around the world, including 13 in the United States.
August 1, 2013 -- Updated 1854 GMT (0254 HKT)
You've never heard of XKeyscore, but it definitely knows you. The National Security Agency's top-secret program essentially makes available everything you've ever done on the Internet.
August 18, 2013 -- Updated 1304 GMT (2104 HKT)
You may have never heard of Lavabit and Silent Circle. That's because they offered encrypted (secure) e-mail services, something most Americans have probably never thought about needing.
July 24, 2013 -- Updated 1854 GMT (0254 HKT)
"Any analyst at any time can target anyone. Any selector, anywhere ... I, sitting at my desk, certainly had the authorities to wiretap anyone."
July 2, 2013 -- Updated 1356 GMT (2156 HKT)
President Barack Obama responds to outrage by European leaders over revelations of alleged U.S. spying.
August 29, 2014 -- Updated 1954 GMT (0354 HKT)
Browse through a history of high-profile intelligence leaking cases.
July 2, 2013 -- Updated 1437 GMT (2237 HKT)
Former President George W. Bush talks Snowden, AIDS, Mandela and his legacy.
June 26, 2013 -- Updated 1304 GMT (2104 HKT)
Edward Snowden took a job with an NSA contractor in order to gather evidence about U.S. surveillance programs.
June 19, 2013 -- Updated 1047 GMT (1847 HKT)
With reports of NSA snooping, many people have started wondering about their personl internet security.
August 14, 2013 -- Updated 1352 GMT (2152 HKT)
Click through our gallery to learn about other major leaks and what happened in the aftermath.
June 9, 2013 -- Updated 2002 GMT (0402 HKT)
What really goes on inside America's most secretive agency? CNN's Chris Lawrence reports.