Friday, June 14, 2013

Spy vs Spy

You'd have to be very naive to think that national intelligence agencies don't have dedicated hacking and information security penetration operations. In fact, if the US lacked this capability our spymasters would be derelict in their duty. Most of the complaining about foreign hacking or signals intelligence is just playing to (the dumb or naive part of) the domestic audience.

It was always amusing to play spot the Fed at Def Con ;-)

The manpower necessary to practice traditional SIGINT can be found in well-defined places -- you need people with CS, EE, Physics and Math backgrounds. For crypto you need very smart guys with math ability. But hacking/cracking involves a certain obsessive-compulsive personality component: you have to focus really hard on ugly bits of (often poorly designed) code and immerse yourself in the inelegant details. There's also an associated anti-authoritarian streak, which clashes with the nature of government service. So it's challenging for the spooks to recruit and retain hacker/cracker talent. The suits coexist uneasily with the "wild-type" found at places like Def Con. (Did I ever mention I almost accepted a summer job offer from the Institute for Defense Analysis after I graduated from Caltech? That's yet another story ...)

Here's something about TAO ("Tailored Access Operations"!), within the NSA.
Foreign Policy: ... By the time Obama became president of the United States in January 2009, TAO had become something akin to the wunderkind of the U.S. intelligence community. "It's become an industry unto itself," a former NSA official said of TAO at the time. "They go places and get things that nobody else in the IC [intelligence community] can."

Given the nature and extraordinary political sensitivity of its work, it will come as no surprise that TAO has always been, and remains, extraordinarily publicity shy. Everything about TAO is classified top secret codeword, even within the hypersecretive NSA. Its name has appeared in print only a few times over the past decade, and the handful of reporters who have dared inquire about it have been politely but very firmly warned by senior U.S. intelligence officials not to describe its work for fear that it might compromise its ongoing efforts. According to a senior U.S. defense official who is familiar with TAO's work, "The agency believes that the less people know about them [TAO] the better."

The word among NSA officials is that if you want to get promoted or recognized, get a transfer to TAO as soon as you can. The current head of the NSA's SIGINT Directorate, Teresa Shea, 54, got her current job in large part because of the work she did as chief of TAO in the years after the 9/11 terrorist attacks, when the unit earned plaudits for its ability to collect extremely hard-to-come-by information during the latter part of George W. Bush's administration. We do not know what the information was, but sources suggest that it must have been pretty important to propel Shea to her position today. But according to a recently retired NSA official, TAO "is the place to be right now."

There's no question that TAO has continued to grow in size and importance since Obama took office in 2009, which is indicative of its outsized role. In recent years, TAO's collection operations have expanded from Fort Meade to some of the agency's most important listening posts in the United States. There are now mini-TAO units operating at the huge NSA SIGINT intercept and processing centers at NSA Hawaii at Wahiawa on the island of Oahu; NSA Georgia at Fort Gordon, Georgia; and NSA Texas at the Medina Annex outside San Antonio, Texas; and within the huge NSA listening post at Buckley Air Force Base outside Denver.

The problem is that TAO has become so large and produces so much valuable intelligence information that it has become virtually impossible to hide it anymore. The Chinese government is certainly aware of TAO's activities. The "mountains of data" statement by China's top Internet official, Huang Chengqing, is clearly an implied threat by Beijing to release this data. Thus it is unlikely that President Obama pressed President Xi too hard at the Sunnydale summit on the question of China's cyber-espionage activities. As any high-stakes poker player knows, you can only press your luck so far when the guy on the other side of the table knows what cards you have in your hand.


5371 said...

All right, I give up. What does TAO stand for?

gide07 said...

Alexander has four MSs. What's that about?

gide07 said...

I went to school with a Chinese girl named Tao. She had a huge crush on me, had one of her girlfriends send her my picture when she moved away. So sad.

gide07 said...

Steve is a very smart guy, but still how does a concentrator in theoretical physics just pick up expertise in software engineering? Did he decide one day to acquire such expertise or was it a long time curiosity or avocation before it became his millions making vocation?

David Coughlin said...

Probably Tactical Action Office.

tractal said...

States are expected to spy on each other. They aren't expected to use espionage to steal massive amounts of intellectual property.

"In addition, experts accuse China of making no distinction between hacking to steal intellectual property and the traditional pursuit of foreign military secrets." -economist.

I guess I'm just dumb or naive to be annoyed at that, though.

gide07 said...

The French are known for their industrial espionage.

5371 said...

You should read up on the 19th century US attitude to "intellectual property", and what people in England thought about it.

5371 said...

Also, surprisingly enough, Chinese "experts" accuse the US of the same thing.

tractal said...

Yeah, and tbh I wouldn't be surprised if we do to some degree, though obviously China will be the greater beneficiary in an all out IP theft war. Nonetheless the stealing has been ambitious and blatant, and possibly not reciprocated (if anyone actually knows please correct me, but it seems like China's state sponsored theft program is unusual at least in scale.) Anyway, my point was that our leaders should be trying to curb this program with political pressure if they can, and that pressure has more standing than sheer hypocrisy. This isn't hysterical Chinese bashing, it's billions of dollars and a significant competitive advantage. Not bring pressure to bear would be incompetent as hell, not that they aren't.

David Coughlin said...

Steve updated "Tailored Access Operations". At least they aren't beating around the bush.

Al_Li said...

I like the TAO Nightclub in Venetian in Las Vegas, lots skanky girls.

yulva said...

The CIA was handed a memo authored by Russian Intelligence regarding the Boston bombing suspects. The FBI was handed a memo authored by Russian intelligence regarding the Boston bombing suspects.

NSA, TAO, multi billion dollar operations Stellar Wind, Trailblazer, ThinThread, football field size multi billion dollar data storage centers, DHS, ODNI, MIP, IARPA, ISE, NCPC, NCTC, ONC, ONCIX, EPIC, ICE, DEA, ATF, Border Patrol, Coast Guard, Marine Corps Pentagon, Air Force, Army, Navy, Seal Team 6, Special Ops, Delta Force, every email tracked, every call tracked, FISA courts, FISA warrants, FISA courts and on and on and on.

Total failure. People died.

A couple of NY city first grade detectives would of had those two Boston brothers in custody and under indictment within a week.

gide07 said...

And 10,000 times more people die in gun violence. See:

Why does anyone f---ing care? The US is a JOKE. Billions and billion to defend against enemies the US has made for itself.

Blog Archive