The National Security Agency has an elite spying division called Tailored Access Operations (TAO) that gets the “ungettable,” according to a lengthy report provided by the German magazine Spiegel.
News of the elite team is based on recently acquired classified documents and presentations from an unknown source, which reveal the great lengths TAO will go through to spy on individuals.
As an example, TAO will allegedly intercept shipping deliveries if a target person, company or agency orders a computer of related accessories. The group will reportedly divert the shipping delivery to its own secret workshops to load up malware and possibly hardware, providing these hackers a backdoor entrance to the device.
This growing arm of the NSA is stationed in Wahiawa, Hawaii; Fort Gordon, Georgia; at the NSA’s outpost at Buckley Air Force Base, near Denver, Colorado; at its headquarters in Fort Meade; San Antonio, Texas; and a possible affiliate in Germany. The San Antonio outpost, which is the focus of the report, resides in a former Sony computer chip plant, and is part of a massive expansion the agency began immediately after the 9/11 attacks. One of two buildings play host to this elite team of hackers.
The documents show that TAO’s area of operations spans from counterterrorism to cyber-attacks to traditional espionage. The TAO groups have contributed “some of the most significant intelligence our country has ever seen”, as described by a former TAO chief. In 2005, they gained access to 258 targets in 89 countries, and by 2010, TAO carried out 279 operations worldwide.
Spiegel’s report states that the elite teams residing in TAO units are considerably younger than the average NSA staff member. “Their job is breaking into, manipulating and exploiting computer networks, making them hackers and civil servants in one. Many resemble geeks — and act the part, too,” the report states.
TAO also has its own development department that creates and tests new technologies. One such example is a hack that allows them to capture data from Windows-based crash reports. Once the group selects a target located somewhere on the globe, they enter the target’s unique identifier (IP address, Mac address, etc) into the corresponding database, which in turn will alert the group when Windows crashes on that specific PC. The group then uses the XKeyscore tool to fish the crash report data out of the flood of Internet traffic.
The report states that around 85,000 computers worldwide will likely be infiltrated by the NSA specialists by the end of 2013. The majority of these implants — Trojans such as ANGRYNEIGHBOR, WATERWITCH and more — are conducted by TAO teams via the World Wide Web.
To read the full report in English, head here.