NSA has infected more than 50,000 networks worldwide

Dutch newspaper NRC Handelsblad publishes a new batch of documents from a former NSA employee Edward Snowden . The slide of the NSA presentation from 2012 shows ways to obtain information from around the world, including via the so-called. CNE ( Computer Network Exploitation - a method of obtaining information from closed computer networks by infecting individual machines). According to the information on the slide, already in 2012, more than 50 thousand worldwide were compromised in this way, some of which, judging by the presented map, are located in Russia.

To implement such computer attacks, a special TAO unit ( Tailored Access Operations ) was created in the NSA. According to open sources, over a thousand professional hackers work in this division. In an anonymous interview with Bloomberg Businessweek, former US officials said that the unit uses an automated system for hacking and collecting information from compromised networks, the “catch” of which is about 2 Pbytes per hour.


In August 2013, The Washington Post published an article on special operations of the Tailored Access Operations division, in which the number of infiltrations was estimated at 20,000 cases in 2008 alone. It turns out that by 2012 the number of successful attacks increased to 50,000. Cyber ​​operations divisions all TAO are becoming increasingly important for the NSA. Computer hacks are relatively inexpensive and make it possible to obtain information to which the special services would otherwise have no access.
')


One example of this method was already discovered in September 2013 in the Belgian telecommunications company Belgacom. For several years, the British Intelligence Service ( GCHQ ) used the Trojan on the Belgacom network to intercept communications of the company's customers. The Belgacom network was compromised by infecting individual computers of the company's employees who were lured to get infected on a specially crafted Linkedin fake page.

Recent data suggests that the NSA's network compromise programs operate in many countries around the world, including those that are rather poorly developed in the field of IT security, such as Venezuela and Brazil. In such countries, attacks on key government resources may simply go unnoticed for years. This has already happened, for example, in Iran, where the Stuxnet virus has been spreading for a long time and successfully completed its task of disabling centrifuges for separating uranium isotopes in a factory in Natanz.