Dutch News Agency Reports NSA Infected 50,000 Networks With Malware

A new report from the Dutch news site NRC Handelsblad (NRC for short) is claiming that the NSA has used its own malware to infect and compromise some 50,000 additional networks. The revelation apparently comes courtesy of the treasure trove of documents Snowden released, though the NSA has refused to confirm or deny its capabilities.

According to the report, the techniques used to disseminate the malware across thousands of networks are similar to an already-leaked story concerning Belgian ISP Belgacom. The GCHQ and NSA are accused of loading malware into Belgacom's servers allowing them to spy on the traffic running across the network without permission or legal authority to do so.

The bulk of the NSA accusation is that the organization runs a department called TAO (Tailored Access Operations) with more than a thousand hackers on the payroll. TAO has ballooned from over 20,000 installations in 2008 to better than 50,000 in 2012. Exactly what the NSA malware is capable of accomplishing is still unclear, the government could be using the networks for simple data collection, or could have more aggressive capabilities to shut down entire networks.

National Security Agency headquarters, Fort Meade, Maryland
National Security Agency Headquarters - Fort Meade, Maryland

The long-term damage to the NSA's capabilities by leaks like this could be significant. Countries like Brazil are pushing ahead with plans to build linkages to the Internet in other countries that entirely bypass the United States. That's not guaranteed protection, since the NSA has clearly had a great deal of success breaching the security of other organizations, but the amount of total Internet traffic routed through the United States could drop precipitously in the next few years.

Ill-timed Mission Statement

The revelations concerning the agency's broad spying efforts, come on the heels of another document leak. In February 2012, the NSA reportedly authored a four-year strategy document and mission statement that pledged to "“aggressively pursue legal authorities and a policy framework mapped more fully to the information age." That paper declared the NSA's intent to revolutionize operations on both the data collection and data analysis sides of its business with a goal of harnessing still greater amounts of information and sifting through it more efficiently.

The document does state that "The culture of compliance [meaning the NSA's being subject to oversight]... will not be compromised in the face of so many demands, even as we aggressively pursue legal authorities and a policy framework mapped more fully to the information age."

Unfortunately, it seems the organization's PR efforts have failed on that front. Few Americans these days feel the NSA has operated in an entirely excusable manner, and the public's perception has shifted significantly since the Snowden leaks began.