by Shane Harris
He’d shake his head and think, You don’t see what I see.
FIVE
The Enemy Among Us
THE INTERNET WAS a battlefield. But the enemy was hiding in plain sight. Everywhere Keith Alexander looked in cyberspace, he saw threats. To banks. To the power grid. To military and intelligence computer networks. How would the NSA’s cyber warriors ever find them all?
The year after Alexander arrived at the NSA, he warned his staff that “the fight on the network” was coming. The agency had to evolve from its counterterrorism mission, which had been running full steam since after the 9/11 attacks, toward finding and fighting hackers, whether they were working with terrorist organizations, criminal rings, or nations. Alexander sent a memo to NSA personnel assigned to a secret program known as Turbulence. It was an early attempt to monitor hackers and malware around the world using a network of sensors, and in some cases to launch cyber attacks to neutralize a threat. Alexander informed the Turbulence team that there was “nothing more important in this agency” than their work.
To accomplish the mission, the NSA had to become more aggressive about implanting surveillance and monitoring devices on computers around the world. American hackers who had sworn an oath to defend the nation from cyber threats would start to think like their adversaries; they must be cunning and devious. Many of the same tactics they were trying to defend against, they would adopt. The cyber warriors were about to enter a gray zone, where in their quest to secure the Internet they would undermine its very foundations.
As the NSA’s cyber warriors scanned the horizon for threats, they realized that certain key attributes of cyberspace would become impediments to their mission. So they decided to remove those obstacles. Among the first they set their sights on was a popular routing system, called Tor, that allows people around the world to connect to the Internet anonymously. Tor isn’t a criminal enterprise, nor is it run by enemies of the United States. It was actually developed by the US Naval Research Laboratory in 2002, and it’s used today by democracy activists and dissidents to evade the surveillance of oppressive regimes. But it’s also favored by malicious hackers, spies, and crooks who use it to shield their location when conducting operations. Tor also provides an avenue to darker corners of the Internet, where people anonymously buy and sell illicit goods and services, including drugs, weapons, computer viruses, and hacking services, even murder-for-hire.
Anonymity is the bane of NSA’s cyber war operations. The hackers can’t hit a target if they don’t know where it is. So it was hardly surprising that the NSA began trying to undermine the anonymizing features of Tor as early as 2006. And it has kept trying for years.
Users of Tor, which stands for “The Onion Router,” download a free piece of software to their computer. Say a user wants to anonymously connect to a website. The software automatically directs him through a network of thousands of relay points, run mostly by volunteers. Traffic inside Tor is encrypted as it passes through various layers of the network—hence the onion metaphor. Once the user connects to the site, his data has been encrypted so many times, and he’s been bounced around so many different relay points, that it’s nearly impossible to know where he’s located. Anyone can use Tor—drug traffickers, child pornographers, hackers, terrorists, and spies, all of whom have found it a viable means for achieving anonymity online and evading detection by law enforcement and intelligence agencies.
For six days in February 2012, the NSA joined forces with its British counterpart, the Government Communications Headquarters, and set up eleven “relays” in the Tor system. A relay, also known as a router or node, receives and directs traffic in a system. The government-installed relays were dubbed Freedomnet.
Trying to set up a spying station in Tor seemed like a better alternative than attacking the Tor nodes outright and taking them offline—although the NSA hackers considered that, according to a top-secret briefing document. They decided against it, since they couldn’t always be sure whether a node was in the United States or abroad, and attacking equipment inside the United States posed a host of legal problems. Removing the nodes was also a foolhardy endeavor, since there are thousands of relays in Tor, and they could be brought back up in different locations. So, the NSA attempted to identify users once they were inside the network by tricking them into using its relay points. The NSA hackers also sent potential Tor users spear-phishing e-mails, messages that were designed to look as if they came from a trusted source—a friend, or someone in the users’ contacts list—but that actually contained a virus or a link that would take the victim to a website where spyware was implanted.
The hackers also considered trying to “disrupt” the Tor system, according the briefing document titled “Tor Stinks.” Maybe slow it down, or “set up a lot of really slow Tor nodes (advertised as high bandwidth) to degrade the overall stability of the network.” They contemplated making it harder or “painful” for someone to connect to Tor. The NSA would be like a gremlin, mischievously futzing with the machine.
The agency also tried to attack Tor users from outside the network, infecting or “tagging” computers with a kind of electronic marker as they went in and out of Tor. The NSA’s hackers looked for different avenues to break in to computers that might be using the network—or might not. Once, they discovered a particular weak spot in a version of the Internet browser Firefox, which made it easier to tag computers using that browser. Never mind that the same weakness, if left unprotected, could be used to harm people who’d never heard of Tor and had no desire to cover their online footprints.
The NSA’s anti-Tor campaign was exposed in 2013, through top-secret documents leaked by Edward Snowden. Those documents also revealed that the campaign was largely a failure. The NSA identified or located only a few dozen people using Tor. That was a testament to how well Tor worked. But the NSA’s attacks were still a measure of just how far the agency would go to get an advantage over its adversaries, regardless of the costs. Given that the NSA can’t always know the location of computers using Tor, it was almost certainly infecting computers used by Americans. Tor estimates that about four hundred thousand users are connecting directly to the system in the United States.
The NSA’s tactics also put it at odds with US foreign policy. Over the past few years the State Department has given millions of dollars to support Tor and has encouraged its use by activists and dissidents abroad, including rebels in Syria fighting a grueling civil war to overthrow the strongman Bashar al-Assad. The NSA knew that the State Department was promoting Tor, and it attacked Tor anyway. The United States now has two competing and directly opposed policies: trying to prop up Tor and at the same time tearing it down.
Former NSA director Michael Hayden put the dilemma in particularly blunt, NSA-centered terms. “The Secretary of State is laundering money through NGOs to populate software throughout the Arab world to prevent the people in the Arab street from being tracked by their government,” he said in 2012 at a Washington think tank, before NSA’s operations against Tor were disclosed. “So on the one hand we’re fighting anonymity, on the other hand we’re chucking products out there to protect anonymity on the net.”
US efforts to promote democracy and free access to the Internet are set back as a result of NSA’s actions. “The United States government is incredibly large with lots of diverse programs . . . and the employees shouldn’t all get lumped together as aligned with the NSA’s view of the world,” says Dan Meredith, director of Radio Free Asia’s Open Technology Fund, a private nonprofit that has received an annual grant from the United States for Internet anticensorship projects, including work with Tor. “You’ll try to explain that to activists in Sudan, but they don’t always take it that way. Sometimes I’ll spend fifteen minutes with people trying to convince them that I’m not [a spy].”
The NSA doesn’t work alone to undermine the Internet’s key security and privacy pillars. Under a secret program called the SIGINT Enabling Project, it strikes deals with
technology companies to insert backdoors into their commercial products. Congress allocated $250 million for the project in 2013. Working in conjunction with the FBI, the NSA got inside knowledge about a feature in Microsoft’s e-mail product, Outlook, that could have created obstacles to surveillance if left unaddressed. The agency also got access to Skype Internet phone calls and chats as well as Microsoft’s cloud storage service, SkyDrive, so that NSA analysts could read people’s messages before they were encrypted.
Classified documents also show that the NSA invites makers of encryption products to let the agency’s experts review their work, with the ostensible goal of making their algorithms stronger. But the NSA actually inserts vulnerabilities into the products, to use in its espionage and cyber warfare missions. One document states that this work allows the agency “to remotely deliver or receive information to and from target endpoints.” In other words, steal information from or implant malicious code on computers.
These footholds in technologies sold and used around the world allow the NSA to spy without being detected and, if need be, disable the technologies themselves. The Stuxnet computer worm that destroyed centrifuge equipment in the Iranian nuclear facility relied on a previously unknown weakness in a control system used by Siemens. Computer security experts have questioned whether the company knew about the vulnerability and agreed to keep it undefended. In any event, the NSA clearly had inside knowledge of some kind about the weakness and rolled it into Stuxnet’s design.
The military also trains its cyber warriors, who work through US Cyber Command, to hack some of the most widely used communications equipment in the world. The army has sent soldiers to courses that teach students how Cisco networking devices are built and used. This isn’t so they can maintain the equipment but so they can break in to it and defend it from others trying to do the same.
Under the SIGINT Enabling Project, the NSA also pays phone and Internet companies to build their networks in such a way that the agency can tap into them—or, to use the more opaque language of a classified budget document, “provide for continued partnerships with major telecommunications carriers to shape the global network to benefit other collection accesses.”
All this clandestine work underscores the degree to which the NSA is dependent on corporations that build software and hardware and that own and operate portions of the Internet. The agency would find itself generally out of the surveillance and cyber warfare business without the cooperation of these companies. But its efforts to dominate the “fifth domain” of warfare extend beyond deals struck with individual corporations.
For the past ten years the NSA has led an effort in conjunction with its British counterpart, the Government Communications Headquarters, to defeat the widespread use of encryption technology by inserting hidden vulnerabilities into widely used encryption standards. Encryption is simply the process of turning a communication—say, an e-mail—into a jumble of meaningless numbers and digits, which can only be deciphered using a key possessed by the e-mail’s recipient. The NSA once fought a public battle to gain access to encryption keys, so that it could decipher messages at will, but it lost that fight. The agency then turned its attention toward weakening the encryption algorithms that are used to encode communications in the first place.
The NSA is home to the world’s best code makers, who are regularly consulted by public organizations, including government agencies, on how to make encryption algorithms stronger. That’s what happened in 2006—a year after Alexander arrived—when the NSA helped developed an encryption standard that was eventually adopted by the National Institute of Standards and Technology, the US government agency that has the last word on weights and measures used for calibrating all manner of tools, industrial equipment, and scientific instruments. NIST’s endorsement of an encryption standard is a kind of Good Housekeeping Seal of approval. It encourages companies, advocacy groups, individuals, and government agencies around the world to use the standard. NIST works through an open, transparent process, which allows experts to review the standard and submit comments. That’s one reason its endorsement carries such weight. NIST is so trusted that it must approve any encryption algorithms that are used in commercial products sold to the US government.
But behind the scenes of this otherwise open process, the NSA was strong-arming the development of an algorithm called a random-number generator, a key component of all encryption. Classified documents show that the NSA claimed it merely wanted to “finesse” some points in the algorithm’s design, but in reality it became the “sole editor” of it and took over the process in secret. Compromising the number generator, in a way that only the NSA knew, would undermine the entire encryption standard. It gave the NSA a backdoor that it could use to decode information or gain access to sensitive computer systems.
The NSA’s collaboration on the algorithm was not a secret. Indeed, the agency’s involvement lent some credibility to the process. But less than a year after the standard was adopted, security researchers discovered an apparent weakness in the algorithm and speculated publicly that it could have been put there by the spy agency. The noted computer security expert Bruce Schneier zeroed in on one of four techniques for randomly generating numbers that NIST had approved. One of them, he wrote in 2007, “is not like the others.”
For starters, it worked three times more slowly than the others, Schneier observed. It was also “championed by the NSA, which first proposed it years ago in a related standardization project at the American National Standards Institute.”
Schneier was alarmed that NIST would encourage people to use an inferior algorithm that had been enthusiastically embraced by an agency whose mission is to break codes. But there was no proof that the NSA was up to no good. And the flaw in the number generator didn’t render it useless. As Schneier noted, there was a workaround, though it was unlikely anyone would bother to use it. Still, the flaw set cryptologists on edge. The NSA was surely aware of their unease, as well as the growing body of work that pointed to its secret intervention, because it leaned on an international standards body that represents 163 countries to adopt the new algorithm. The NSA wanted it out in the world, and so widely used that people would find it hard to abandon.
Schneier, for one, was confused as to why the NSA would choose as a backdoor such an obvious and now public flaw. (The weakness had first been pointed out a year earlier by employees at Microsoft.) Part of the answer may lie in a deal that the NSA reportedly struck with one of the world’s leading computer security vendors, RSA, a pioneer in the industry. According to a 2013 report by Reuters, the company adopted the NSA-built algorithm “even before NIST approved it. The NSA then cited the early use . . . inside the government to argue successfully for NIST approval.” The algorithm became “the default option for producing random numbers” in an RSA security product called the bSafe toolkit, Reuters reported. “No alarms were raised, former employees said, because the deal was handled by business leaders rather than pure technologists.” For its compliance and willingness to adopt the flawed algorithm, RSA was paid $10 million, Reuters reported.
It didn’t matter that the NSA had built an obvious backdoor. The algorithm was being sold by one of the world’s top security companies, and it had been adopted by an international standards body as well as NIST. The NSA’s campaign to weaken global security for its own advantage was working perfectly.
When news of the NSA’s efforts broke in 2013, in documents released by Edward Snowden, RSA and NIST both distanced themselves from the spy agency—but neither claimed that the backdoor hadn’t been installed.
In a statement following the Reuters report, RSA denied that it had entered into a “secret contract” with the NSA, and asserted that “we have never entered into any contract or engaged in any project with the intention of weakening RSA’s products, or introducing potential ‘backdoors’ into our products for anyone’s use.” But it didn’t deny that the backdoor existed, or may have existed. Indeed, RSA said that
years earlier, when it decided to start using the flawed number-generator algorithm, “the NSA had a trusted role in the community-wide effort to strengthen, not weaken, encryption.” Not so much anymore. When documents leaked by Snowden confirmed the NSA’s work, RSA encouraged people to stop using the number generator—as did NIST.
The standards body issued its own statement following the Snowden revelations. It was a model of carefully calibrated language. “NIST would not deliberately weaken a cryptographic standard,” the organization said in a public statement, clearly leaving open the possibility—without confirming it—that the NSA had secretly installed the vulnerability or done so against NIST’s wishes. “NIST has a long history of extensive collaboration with the world’s cryptography experts to support robust encryption. The [NSA] participates in the NIST cryptography development process because of its recognized expertise. NIST is also required by statute to consult with the NSA.”
The standards body was effectively telling the world that it had no way to stop the NSA. Even if it wanted to shut the agency out of the standards process, by law it couldn’t. A senior NSA official later seemed to support that contention. In an interview with the national security blog Lawfare in December 2013, Anne Neuberger, who manages the NSA’s relationships with technology companies, was asked about reports that the agency had secretly handicapped the algorithm during the development process. She neither confirmed nor denied the accusation. Neuberger called NIST “an incredibly respected close partner on many things.” But, she noted, it “is not a member of the intelligence community.