Barton Gellman. Aug 30, 2013. U.S. spy agencies mounted 231 offensive cyber-operations in 2011, documents show. Washington Post.
U.S. intelligence services carried out 231 offensive cyber-operations in 2011 according to top-secret documents obtained by The Washington Post. About 75% of these were against adversarial countries like Iran, Russia, China, North Korea.
U.S. computer specialists also break into foreign networks to put them under surreptitious U.S. control. These sophisticated malware implants are placed in computers, routers and firewalls on tens of thousands of machines every year, eventually there will be millions planted every year for intelligence gathering “and active attack.” The vast majority of these operations are done remotely, but there are also physical placements of hardware and software by CIA agents working abroad.
Most offensive operations have immediate effects only on data or the proper functioning of an adversary’s machine: slowing its network connection, filling its screen with static or scrambling the results of basic calculations. Any of those could have powerful effects if they caused an adversary to botch the timing of an attack, lose control of a computer or miscalculate locations.
U.S. intelligence services are making routine use around the world of government-built malware that differs little in function from the “advanced persistent threats” that U.S. officials attribute to China. The principal difference, U.S. officials told The Post, is that China steals U.S. corporate secrets for financial gain.
These malware implants will persist through software and equipment upgrades, to copy stored data, “harvest” communications and tunnel into other connected networks, and that “can identify select voice conversations of interest within a target network”. Sometimes, a single compromised device opens the door to hundreds or thousands of others. Sometimes an implant’s purpose is to create a back door for future access.
“The United States is moving toward the use of tools short of traditional weapons that are unattributable — that cannot be easily tied to the attacker — to convince an adversary to change their behavior at a strategic level,” said another former senior U.S. official
China and Russia are regarded as the most formidable cyberthreats, and it is not always easy to tell who works for whom. China’s offensive operations are centered in the Technical Reconnaissance Bureau of the People’s Liberation Army, but U.S. intelligence has come to believe that those state-employed hackers by day return to work at night for personal profit, stealing valuable U.S. defense industry secrets and selling them.
Iran is a distant third in capability but is thought to be more strongly motivated to retaliate for Stuxnet with an operation that would not only steal information but erase it and attempt to damage U.S. hardware.