Over the past two months, parts of the program have been disclosed in documents from the trove leaked by former NSA contractor Edward Snowden. A Dutch newspaper published the map of areas where the US has inserted spy software, sometimes in cooperation with local authorities, often covertly. Der Spiegel, a German news magazine, published the NSA’s catalog of hardware products that can secretly transmit and receive digital signals from computers, a program called ANT. The New York Times withheld some of those details, at the request of US intelligence officials, when it reported, in the summer of 2012, on US cyberattacks on Iran.
US President Barack Obama on Friday announced a plan to reform NSA practices, following a report from an advisory panel on changing how the NSA collects and stores information. The panel agreed with Silicon Valley executives that some of the techniques developed by the agency to find flaws in computer systems undermine global confidence in a range of US-made information products like laptop computers and cloud services.
Embracing Silicon Valley’s critique of the NSA, the panel has recommended banning, except in extreme cases, the NSA practice of exploiting flaws in common software to aid in US surveillance and cyberattacks. It also called for an end to government efforts to weaken publicly available encryption systems, and said the government should never develop secret ways into computer systems to exploit them, which sometimes include software implants.
Richard Clarke, an official in the Clinton and Bush administrations who served as one of the five members of the advisory panel, explained the group’s reasoning in an email last week, saying that “it is more important that we defend ourselves than that we attack others.”
“Holes in encryption software would be more of a risk to us than a benefit,” he said, adding: “If we can find the vulnerability, so can others. It’s more important that we protect our power grid than that we get into China’s.”
From the earliest days of the Internet, the NSA had little trouble monitoring traffic because a vast majority of messages and searches were moved through servers on US soil. As the Internet expanded, so did the NSA’s efforts to understand its geography. A program named Treasure Map tried to identify nearly every node and corner of the Web, so that any computer or mobile device that touched it could be located.
A 2008 map, part of the Snowden trove, notes 20 programs to gain access to big optic fiber cables — it calls them “covert, clandestine or cooperative large accesses” — not only in the US but also in places like Hong Kong, Indonesia and the Middle East. The same map indicates that the US had already conducted “more than 50,000 worldwide implants,” and a more recent budget document said that by the end of last year that figure would rise to about 85,000. A senior official, who spoke on the condition of anonymity, said the actual figure was most likely closer to 100,000.
That map suggests how the US was able to speed ahead with implanting malicious software on the computers around the world that it most wanted to monitor — or disable before they could be used to launch a cyberattack.