German magazine tells NSA’s spying methods

LONDON - A German magazine lifted the lid on the operations of the National Security Agency’s hacking unit Sunday, reporting that American spies intercept computer deliveries, exploit hardware vulnerabilities, and even hijack Microsoft’s internal reporting system to spy on their targets.

Der Spiegel’s revelations relate to a division of the National Security Agency known as Tailored Access Operations, which is painted as an elite team of hackers specializing in stealing data from the toughest of targets.

Citing internal agency documents, the magazine said Sunday that Tailored Access Operations’ mission was “Getting the ungettable,” and quoted an unnamed intelligence official as saying that the operation had gathered “some of the most significant intelligence our country has ever seen.”

Der Spiegel said Tailored Access Operations had a catalog of high-tech gadgets for particularly hard-to-crack cases, including computer monitor cables specially modified to record what is being typed across the screen, USB sticks secretly fitted with radio transmitters to broadcast stolen data over the airwaves, and fake base stations intended to intercept mobile phone signals on the go.

The National Security Agency doesn’t just rely on James Bond-style spy gear, the magazine said. Some of the attacks described by Der Spiegel exploit weaknesses in the architecture of the Internet to deliver malicious software to specific computers. Otherstake advantage of weaknesses in hardware or software distributed by some of the world’s leading information technology companies, including Cisco Systems, Inc. and China’s Huawei Technologies Ltd., the magazine reported.

Der Spiegel cited a 2008 mail order catalog-style list of vulnerabilities that agency spies could exploit from companies such as Irvine, Calif.-based Western Digital Corp. or Round Rock, Texas-based Dell Inc. The magazine said that suggested the agency was “compromising the technology and products of American companies.”

Old-fashioned methods get a mention too. Der Spiegel said that if the agency tracked a target ordering a new computer or other electronic accessories, Tailored Access Operations could tap its allies in the FBI and the CIA, intercept the hardware in transit, and take it to a secret workshop where it could be discreetly fitted with espionage software before being sent on its way.

Intercepting computer equipment in such a way is among the National Security Agency’s “most productive operations,” and has helped harvest intelligence from across the world, one document cited by Der Spiegel stated.

One of the most striking reported revelations concerned the agency’s purported ability to spy on Microsoft Corp.’s crash reports, familiar to many users of the Windows operating system as the dialogue box that pops up when a game freezes or a Word document dies. The reporting system is intended to help Microsoft engineers improve their products and fix bugs, but Der Spiegel said the agency was also sifting through the reports to help spies break into machines running Windows. One document cited by the magazine appeared to poke fun at Microsoft’s expense, replacing the software giant’s standard error report message with the words: “This information may be intercepted by a foreign sigint [signals intelligence] system to gather detailed information and better exploit your machine.”

Microsoft said that information sent by customers about technical issues in such a manner is limited.

“Microsoft does not provide any government with direct or unfettered access to our customers’ data,” a company representative said in an email Sunday. “We would have significant concerns if the allegations about government actions are true.”

Microsoft is one of several U.S. firms that have demanded more transparency from the agency - and worked to bolster their security - in the wake of the revelations of former intelligence worker Edward Snowden, whose disclosures have ignited an international debate over privacy and surveillance.

Another company mentioned by Der Spiegel, though not directly linked with any National Security Agency activity, was Juniper Networks Inc., a computer network equipment maker in Sunnyvale, Calif.

“Juniper Networks recently became aware of, and is currently investigating, alleged security compromises of technology products made by a number of companies, including Juniper,” the company said in an email. “We take allegations of this nature very seriously and are working actively to address any possible exploit paths.”

If necessary, Juniper said, it would “work closely with customers to ensure they take any mitigation steps.”

Der Spiegel did not explicitly say where its cache of National Security Agency documents had come from, although the magazine has previously published a series of stories based on documents leaked by Snowden, and one of Snowden’s key contacts- American documentary filmmaker Laura Poitras - was listed among the article’s six authors.

No one was immediately available at Der Spiegel to clarify whether Snowden was the source for the latest story.

Meanwhile, members of Congress said Sunday they weren’t impressed with Snowden’s recent publicity blitz calling for an end to mass surveillance and declaring that he’s already accomplished his mission.

Democratic Rep. Adam Schiff of California acknowledged that Snowden has kindled an important public debate, but he said the former National Security Agency leaker should have stayed in the United States to demonstrate the courage of his convictions.

Republican Rep. Mike Rogers of Michigan, chairman of the House Intelligence Committee, said Snowden’s release of classified documents jeopardized the safety of troops in Afghanistan and gave nations such as China and Russia valuable insight into how America’s intelligence services operate.

The two, speaking on Fox News Sunday, were responding to Snowden’s recent comments from Russia in an interview with The Washington Post that he was working to make the agency better, not tear it down.

Ben Wizner of the ACLU, who said he speaks regularly with Snowden over encrypted channels, said Snowden hopes to one day return to the United States. He said the charges brought against Snowden for espionage don’t distinguish between leaks to the press and the selling of state secrets to a foreign enemy. If the law allowed him to make a defense that he acted in the public’s interest, “he would face trial in that kind of system,” Wizner said.

Snowden declared in the newspaper interview he’d “already won” and achieved what he set out to do - to bring the public, the courts and lawmakers into a conversation about the agency’s work.

Information for this article was contributed by Geir Moulson, Ryan Nakashima and Kevin Freking of The Associated Press.

Front Section, Pages 1 on 12/30/2013

Upcoming Events