New Allegations Claim NSA Can Intercept Packages, Load Malware

A fresh set of allegations and disclosures by der Spiegel claim that the NSA operates a Tailored Access Operations program designed to dig into spy targets conventionally perceived as "ungettable" for the purpose of extending the institutions global reach. The program has targeted individuals, companies, government institutions, and infrastructure, with tentacles that allegedly reach into nearly every facet of modern life.

One facet of the program that's gotten quite a bit of attention is the NSA's ability to intercept packages shipped to targets, insert malware and other monitoring programs, and then ship the hardware to its intended destination. Der Spiegel reports that this interdiction gives the company the ability to passively gather signals intelligence from the infected PC at a later date.

TAO, however, is scarcely confined to individual systems. Earlier this year, the group enthusiastically reported that it had successfully bugged the SEA-ME-WE-4 cable system that connects Europe, North Africa, Pakistan, India, Malaysia, and Thailand. The cable originates in France, making it extremely unlikely that the French weren't aware of exactly what the NSA was doing.

The full scope of TAO within and outside the United States is staggering -- the program has operated extensively in Mexico, where it penetrated Mexico's Secretariat of Public Security. Internal NSA documentation claimed that the Secretariat was a "goldmine" of information. This was accomplished through a blizzard of activities, including backdoored equipment, email hacking, and old-fashioned monitoring of key employee home addresses. Malware distributed through more conventional means remains a favorite tactic. 

 Ironically, the first clue anyone had that the NSA was engaged in this sort of activity was in January 2010, when the garage door openers of people living in a specific part of town suddenly stopped working. After weeks of frustrated investigation, the NSA office in San Antonio copped to having caused the problem with a radio tower broadcasting on the same frequency as garage door openers. This was soon adjusted, and the problem solved, but it indicated just how pervasive the NSA's spying had become.

What's striking about many of these allegations is that they read like conspiracy theorist concepts. The idea that the government would monitor the sale of a laptop or desktop to a consumer, intercept that system, and then install malware on it? Ludicrous. Fanciful. Until, suddenly, it isn't. The NSA has made it clear that it's mission is to collect, analyze, and store as close to 100% of the data produced on Earth as is humanly possible. Privacy is something you give up as soon as you launch a web browser. It's turned from helping companies secure the Web to actively encouraging the use of broken standards.

This battle will be resolved no time soon. While one judge has ruled that the NSA's metadata collection is unconstitutional, another has reached the opposite conclusion. Unless one of the circuit courts rules against metadata collection, the Supreme Court could easily avoid taking up the case, leaving the NSA's actions constitutional by default.