Edward Snowden, the infamous ex-NSA employee, is still creating waves with his leaked documents. The latest evidence sheds light on the NSA’s hacking capabilities and the extent of the damage done. Tailored Access Operations (TAO), a special unit with a task-force of more than a thousand hackers, orchestrated the cyber-attacks.
The American Intelligence Service has made extensive use of Computer Network Exploitation (CNE), planting “dormant digital agents” in more than 50,000 computers and compromising entire networks. The Washington Post reported earlier this year that these cyber-espionage activities have been going on since 1998.
NSA’s management presentation slide from 2012 includes a detailed world map with CNE access points distributed in various strategic locations. The worrying revelations prove yet again that nobody is immune to cyber-attacks. This is an effective and inexpensive way to monitor suspects and fetch sensitive information.
Spyware was planted in the targeted computers using backdoors, loopholes and other system vulnerabilities. The NSA then activated the remotely controlled files at the push of a button, taking control of the hacked computers and harvesting the desired information. Over 200 offensive cyber-operations were carried out in 2011 only.
The dangerous malware is still active in computers all around the world. Thousands of users are still unaware of the existence of the Worms and Trojans, which are lurking around in their systems. NSA officials were approached by Dutch media outlet NRC.nl before the story was released, but they refused to comment on the revelations.
British intelligence service GCHQ has also been involved in similar hacking activity over the years. The episode surfaced in September 2013, when spyware was detected by the Belgian telecom giant Belgacom. The infiltrations took place after unsuspecting employees clicked on planted links after they were lured into a fictive LinkedIn page.
The bottom line is that all computers and networks are vulnerable to attack. But not only hacktivists, cyber-criminals and commercial concerns indulge in this wrong and unethical practice. Intelligence agencies are often overlooked and underestimated, but pose a huge security risk to people, networks, organizations and even countries.
Source 1 – NSA Cyber-Operations
Source 2 – NSA Infected 50,000 Computer Networks
Sign up today & never miss an update from the Checkmarx blog
Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.
Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.