Secret NSA hackers from TAO Office have been pwning China for nearly 15 years

There’s a $23 billion price tag attached to protecting national infrastructure, computer networks, and developing cyber offensive capabilities, according to the Pentagon’s five year cybersecurity budget obtained by Bloomberg News. In March, the Intelligence Community said that the top national security threat to the US was no longer terrorism, but was instead in the cyber arena, cyber espionage and cyberattacks. The Pentagon’s budget through 2018 “shows ‘increased investment will be made in protecting critical infrastructures,’ cyber-attack capabilities ‘for use against our adversaries and enhancing overall security of DoD networks and systems’.” This spending “may benefit defense contractors.”

When President Obama and Chinese President Xi Jinping met, they discussed cybersecurity and the fact that North Korea’s nuclear program “must be dismantled.” White House national security adviser Tom Donilon said Obama talked to Xi about Chinese hackers targeting US secrets, weapon designs, and intellectual property before warning it “was going to be a very difficult problem in the economic relationship and was going to be an inhibitor to the relationship really reaching its full potential.”

In return, Xi’s senior policy advisor told The Associated Press, “Cybersecurity should not become the root cause of mutual suspicion and frictions between our two countries. Rather, it should be a new bright spot in our cooperation.”

Apparently “Beijing was furious about the sudden elevation of cybersecurity and Chinese espionage on the meeting’s agenda.” That’s when the director of China’s National Computer Network Emergency Response Technical Team claimed to have “mountains of data” about the US hacking China. The Chinese version of CERT also disclosed that between January 1 and May 31, “4,062 US-based control servers hijacked 2.91 million mainframes in China.” Another 3,551 “US-based mainframes” used backdoor programs to remotely control “27,818 websites in China.” 54 US-based IP addresses hijacked Chinese official websites, although China admitted “it’s hard to judge whether the US government supported or got involved in the hacking. Besides, hackers can easily hide their real location and identities.”

NSA whistleblower Edward Snowden told The Guardian, “We hack everyone everywhere. We like to make a distinction between us and the others. But we are in almost every country in the world. We are not at war with these countries.”

To that end, Foreign Policy ran an interesting article about an ultra-secret NSA office at Fort Meade that has been successfully hacking China’s computer and telecommunications systems for the nearly 15 years, “generating some of the best and most reliable intelligence information about what is going on inside the People’s Republic of China.”

Armed guards, a retinal scanner and a six-digit code on a keypad insure that only those “few” with special security clearance are allowed into the Office of Tailored Access Operations (TAO). The inner “sanctum” of TAO is “called the Remote Operations Center (ROC), which is where the unit’s 600 or so military and civilian computer hackers (they themselves CNE operators) work in rotating shifts 24 hours a day, seven days a week.” TAO “develops the information that would allow the United States to destroy or damage foreign computer and telecommunications systems with a cyberattack.”

Foreign Policy’s Matthew Aid wrote:

According to former NSA officials interviewed for this article, TAO’s mission is simple. It collects intelligence information on foreign targets by surreptitiously hacking into their computers and telecommunications systems, cracking passwords, compromising the computer security systems protecting the targeted computer, stealing the data stored on computer hard drives, and then copying all the messages and data traffic passing within the targeted email and text-messaging systems. The technical term of art used by NSA to describe these operations is computer network exploitation (CNE).

The TAO’s Remote Operations Center (ROC) is where US hackers break into targeted foreign systems by using special software developed by TAO’s Data Network Technologies Branch to “download the contents of the computers’ hard drives, and place software implants or other devices called ‘buggies’ inside the computers’ operating systems,” so TAO intercept operators can “continuously monitor the email and/or text-messaging traffic coming in and out of the computers or hand-held devices.”

Yet another small group inside TAO, the Access Technologies Operations Branch, is responsible for “off-net operations,” which Aid wrote, “is a polite way of saying that they arrange for CIA agents to surreptitiously plant eavesdropping devices on computers and/or telecommunications systems overseas so that TAO’s hackers can remotely access them from Fort Meade.”

China’s “mountains of data” comment about the US hacking them is believed to mean specifically the TAO. As Aid pointed out, “As any high-stakes poker player knows, you can only press your luck so far when the guy on the other side of the table knows what cards you have in your hand.”

Lots of people are upset about Snowden’s NSA revelations, but The Foreign Policy article is greatly interesting and I cannot urge you strongly enough to go read it in full.