The National Security Agency (NSA) is reportedly hacking into corporate servers and attacking global ISPs as part of its effort to map the entire Internet according to a report Sunday in Der Spiegel, a German daily, citing new documents leaked by NSA whistleblower Edward Snowden.
The spy agency is also placing under surveillance the CEOs and other employees at telecom companies it considers vital to the infrastructure of the Internet, the documents reportedly reveal.
According to the paper, the map has close to real-time tracking abilities, allowing intelligence agencies belonging to the so-called “Five Eyes," the U.S., the U.K., Canada, Australia and New Zealand, unprecedented access to devices that consumers take with them every day.
NSA's Treasure Map Includes You
The mapping project, called “Treasure Map” by the NSA, was first reported on by The New York Times in November. Although the paper reported at the time that the operation was part of the agency’s efforts to be able to surveil “anyone, anytime, anywhere,” the NSA told the NYT that Treasure Map was only used to map foreign and U.S. Department of Defense networks in an effort to better understand computer networks.
The documents cited by Der Spiegel, however, paint a much different picture. According to a presentation to analysts included in the leaked documents, intelligence operatives are instructed to “map the entire Internet -- any device, anywhere, all the time."
The initiative is also far from passive in nature. On the contrary, the documents explicitly state that Treasure Map is designed to prepare for "Computer Attack/Exploit Planning,” in the agency’s words. The documents also detail which networks the NSA has already managed to attack, including Deutsche Telekom, which has more than 60 million customers, including in the U.S. and the U.K. Revelations of the attack on Deutsche Telekom could spur a second criminal case against the NSA, which is already being investigated for hacking into German Chancellor Angela Merkel’s cell phone.
Spying on CEOs
We reached out to Greg Nojeim, Senior Counsel and Director of the Project on Freedom, Security & Technology at the Center for Democracy & Technology, to get his take on the latest NSA revelations.
"The Treasure Map documents reveal the enormous technical scope of NSA surveillance -- it seems that almost no computer is secure from it," Nojeim told us. "Other documents show that the legal constraints on NSA surveillance of people abroad are minimal at best. It's like the perfect storm of risks to privacy."
Hacking Deutsche Telekom may only be the tip of the iceberg. The documents also reveal an attack by GCHQ, the U.K.’s equivalent of the NSA, against Stellar PCS, a German company that that provides satellite communications services across the globe. According to engineers at Stellar, the attack against them by the NSA and GCHQ has given those agencies the ability to effectively block entire countries from the Internet if they so choose.
The information the agencies stole included businesses secrets and sensitive technical data, according to the company. In one case, Stellar engineers were able to identify a listing for the central server of one of their clients. The only way the spy agencies could have gained access to that information was to hack into them by first penetrating Stellar’s own firewall, the company said.
Alan Butler, senior counsel at the Electronic Privacy Information Center, told us that the Treasure Map documents reveal that the NSA's infiltration of global networks is even broader than previously assumed. The report shows "the need for additional oversight of NSA’s infiltration of private communications networks," Butler said. "It also underscores the inherent conflict between NSA’s signals intelligence activities and its role in securing information technology."
The document also details how GCHQ targeted specific employees at Stellar for “tasking,” a bit of intelligence jargon for putting someone under surveillance. Among the targets were Stellar CEO Christian Steffen and nine other employees the agency considered to be high-value. The attack is similar to an earlier hack the GCHQ carried out against Belgian service provider Belgacon that was revealed last year. In that attack, the spy agency hacked into individual employee computers.