Pierluigi Paganini January 18, 2015

A new collection of document examined by Der Spiegel magazine reveals that the NSA is now preparing for future dominance in cyberspace.

Snowden‘s revelations on mass surveillance by the NSA have shocked the IT industry, but experts say the worst is yet to come. The NSA is working to significantly evolve its methods in relation to the public revelations of Snowden that triggered the countermeasures. The 2013 US secret intelligence budget for the improvement of cyber capabilities and to strengthen offensive operations required around $1 billion, in 2014 the budget was fivefold.

A new collection of document leaked by Snowden demonstrates that the US Intelligence is preparing for the future aiming to control the global network and infiltrate foreign infrastructure.

Der Spiegel magazine has viewed the secret documents and revealed that the NSA is preparing the USA for “Future Battle”, the Agency engaged a Digital Arms Race to build a new cyber arsenal to paralyze the enemy’s computer infrastructures.

The NSA analysis seems to have no doubts as explained in the documents analyzed by the Der Spiegel:

“the next major conflict will start in cyberspace.”

The US Government is heavily investing into the development of advanced cyber capabilities for the Information Warfare. The new generation of cyber weapon must be able to compromise any computer network in critical infrastructure of foreign countries, including facilities, telecommunications, banking systems, factories and transportation.

The leaked documents reveal that mass surveillance operated by the NSA was in the “Phase 0″ in America’s digital war strategy, the effort of the experts are oriented in to detection of critical vulnerabilities in enemy systems that could be exploited to inject “stealthy implants” that allow the Agency a “permanent accesses” on the target.

“According to top secret documents from the archive of NSA whistleblower Edward Snowden seen exclusively by SPIEGEL, they are planning for wars of the future in which the Internet will play a critical role, with the aim of being able to use the net to paralyze computer networks and, by doing so, potentially all the infrastructure they control, including power and water supplies, factories, airports or the flow of money.” states the magazine.

The name of the “Phase Three” is disturbing, it is labeled as “Dominate,” and enables the NSA to “control/destroy critical systems & networks at will through pre-positioned accesses (laid in Phase 0).” The US Intelligence is working to reach a “real time controlled escalation.”

“Phase Three has been achieved — a phase headed by the word “dominate” in the documents. This enables them to “control/destroy critical systems & networks at will through pre-positioned accesses (laid in Phase 0).” Critical infrastructure is considered by the agency to be anything that is important in keeping a society running: energy, communications and transportation. The internal documents state that the ultimate goal is “real time controlled escalation”.”

The Snowden documents have revealed an intense surveillance activity of the Agency and its allies, the Five Eyes. Malware development, sophisticated hardware implants, wiretapping of undersea cables are just a few sample of these activities.

The most concerning aspect the ongoing Information Warfare is that the digital conflict will make little differentiation between cyber units and Internet users, this means that we are all potentially at risk.

The post published by the Der Spiegel also reveals the existence of an hacking elite team, described as “just a bunch of hackers,” working for the Remote Operations Center (ROC), which uses the codename S321, at the agency’s headquarters in Fort Meade, Maryland.

“the unit responsible for covert operations. S321 employees are located on the third floor of one of the main buildings on the NSA’s campus. In one report from the Snowden archive, an NSA man reminisces about how, when they got started, the ROC people were “just a bunch of hackers.” Initially, people worked “in a more ad hoc manner,” the report states. Nowadays, however, procedures are “more systematic”. Even before NSA management massively expanded the ROC group during the summer of 2005, the department’s motto was, “Your data is our data, your equipment is our equipment.””

The documents also reveal another team working on the project of “global network dominance”, codenamed Transgression, and working for the department S31177. This department operates to track and prevent foreign cyber attacks.

“This form of “Cyber Counter Intelligence” counts among the most delicate forms of modern spying.”

We need a shared law framework that regulate operations in the cyberspace.

Pierluigi Paganini

(Security Affairs –  NSA, Information Warfare)