TAO: the NSA's hacker plumber-wunderkinds

A new Snowden leak disclosed in Der Spiegel details the operations of the NSA's Tailored Access Operations group (TAO), the "plumbers" of the spy agency who collect and deploy exploits to infiltrate computer systems. Reportedly, Edward Snowden turned down a chance join the group.

TAO's repertoire of attacks included unpublished exploits and back-doors for products from major US IT companies like Microsoft and Cisco, as well as foreign companies like Huawei. Spiegel reports that TAO infiltrated networks in 89 countries, including "the protected networks of democratically elected leaders of countries." They took special interest in Mexico's anti-terror efforts, running an operation called WHITETAMALE that compromised the Mexican Secretariat of Public Security.

The tactics deployed by TAO relied upon other NSA programs, like the infamous XKeyscore, which was used to passively intercept crash reports from computers running Windows in order to profile these systems and tailor attacks aimed at them. TAO also compromised the Blackberry's BES email servers, and were able to read mail sent and received by Blackberry users.

One interesting wrinkle: TAO used interception of ecommerce shipping reports to discover when a target ordered new computer equipment. These shipments would be intercepted and loaded with malware before delivery. I know an ex-MI5 whistleblower who only buys computers by walking into a store at random and plucking them off the shelf, to prevent this sort of attack. When I learned about this practice, it sounded a little paranoid to me, but it seems that it's actually a very reasonable precaution.

According to internal NSA documents viewed by SPIEGEL, these on-call digital plumbers are involved in many sensitive operations conducted by American intelligence agencies. TAO's area of operations ranges from counterterrorism to cyber attacks to traditional espionage. The documents reveal just how diversified the tools at TAO's disposal have become -- and also how it exploits the technical weaknesses of the IT industry, from Microsoft to Cisco and Huawei, to carry out its discreet and efficient attacks.

The unit is "akin to the wunderkind of the US intelligence community," says Matthew Aid, a historian who specializes in the history of the NSA. "Getting the ungettable" is the NSA's own description of its duties. "It is not about the quantity produced but the quality of intelligence that is important," one former TAO chief wrote, describing her work in a document. The paper seen by SPIEGEL quotes the former unit head stating that TAO has contributed "some of the most significant intelligence our country has ever seen." The unit, it goes on, has "access to our very hardest targets."

Inside TAO: Documents Reveal Top NSA Hacking Unit [Der Spiegel]