The NSA's New Code Breakers - By Matthew M. Aid | Foreign Policy
Jared Sperli stashed this in cyber
Stashed in: National Security
According to sources familiar with the organization's operations, TAO has been enormously successful over the past 12 years in covertly inserting highly sophisticated spyware into the hard drives of over 80,000 computer systems around the world, although this number could be much higher. And according to the sources, these implants are designed in such a way that they cannot be detected by currently available commercial computer security software. It has been suggested to me by a reliable source that "this is not an accident," with the insinuation being that many of the biggest commercially available computer security software systems made in the United States and overseas have been compromised by the NSA, either covertly or with the knowledge and consent of the companies that manufacture these systems.
Former agency personnel confirm that in innumerable instances, these TAO implants have allowed NSA analysts to copy and read all of the unencrypted documents stored on the targeted computer's hard drive, as well as copy every document and email message produced and/or transmitted by the machine. But more importantly, TAO has helped NSA cryptanalysts solve several hundred foreign government and commercial encryption systems because these spyware implants, if properly inserted into the computer, can covertly alter its security software as well as copy the encryption system's technical parameters, especially the system's encryption algorithm and access passwords, in a way that cannot be detected. These implants can compromise the encryption systems used by not only the targeted computer, but also by all other computer systems that it communicates with using encryption technology.
According to confidential sources familiar with TAO's operations, many of the NSA's cryptanalytic "success stories" against high-priority targets such as Russia and the People's Republic of China in recent years have been the direct result of TAO's cyberespionage efforts. For example, sources confirm that much of what the U.S. intelligence community knows about China's computer-hacking efforts against targets in the United States, Europe, and Asia stems from TAO's intelligence collection efforts since 2005, when TAO reportedly achieved a major technical breakthrough against a Chinese target.
But TAO doesn't just spy on America's rivals. In 2012, the group reportedly compromised the encryption system used by an important G-8 country to transmit sensitive diplomatic communications via satellite to its embassies around the world. The same is true with a number of countries in the Middle East and South Asia, including Egypt, Syria, Iran, and Pakistan, although the details of these successes are not yet known. And finally, sources report that TAO has successfully compromised the privacy protection systems currently used on a range of 4G cell phones and hand-held devices, thanks in large part to help from a major American telecommunications company.