The National Security Agency, which has billed itself as merely an agency that collects and analyzes foreign signals intelligence and seeks to protect U.S. communications and computer networks from surveillance, has embarked on missions that take it into the territory of lawlessness and rogue operations.
In the 1998 Hollywood thriller «Enemy of the State», Jason Robards played fictional U.S. Representative Phillip Hammersley. The chairman of a key House of Representatives committee, Hammersley is opposed to a USA PATRIOT Act-like bill that sanctions massive telecommunications surveillance throughout the United States. Hammersley is subsequently confronted by U.S. government agents on the shore of the Chesapeake Bay. The agents give Hammersley a deadly injection and prescription pills are then scattered on the floor of his car. Hammersley and his car are pushed into the bay. The news reports then claim that Hammersley tragically committed suicide. The NSA’s deputy chief, Thomas Reynolds, who is played by Jon Voight, heads an agency that has gone rogue and routinely violates laws that ensure that NSA’s operations are within the bounds of the U.S. Constitution.
As a result of the latest release of classified NSA documents provided by whistleblower Edward Snowden, the last three NSA directors – Michael Hayden, Keith Alexander, and the present one, Mike Rogers – have adopted the fictional policies of Thomas Reynolds in «Enemy of the State» and have taken the agency and its so-called «information warriors» into rogue status. Rogers, who is director of the NSA, also wears the hat of the Commander of the U.S. Cyber Command, which is located with NSA at the agency’s Fort Meade, Maryland headquarters. There was initial opposition from some members of Congress to combining the two positions under a single military officer because of the power that such a position could amass. Those initial reservations were justified considering the depth to which NSA has sunk in carrying out offensive information warfare operations around the world.
The most recent revelations about NSA’s «Fourth Party» operations carried out primarily from the NSA’s base at Menwith Hill, England in concert with the United Kingdom’s Government Communications Headquarters (GCHQ) in Cheltenham, describes how the NSA uses hostile hackers to break into the systems of not only other hostile targets but also neutrals and friendlies. By implanting special surveillance devices in network routers, servers, firewalls, wireless bridges, and other equipment manufactured by U.S. and foreign companies, the NSA and its FIVE EYES surveillance partners in Britain, Canada, Australia, and New Zealand have managed to turn the computer hackers employed by hostile intelligence agencies, as well as non-state players, such as hacker groups, into «Fourth Party» collectors of meta-data for the NSA. The system implantations permit NSA to «piggyback» on to hacking operations being conducted by unwitting foreign cyber-warfare data plunderers without being detected by the hackers. These Counter Computer Network Exploitation operations involve active and passive meta-data acquisition by NSA from Fourth Parties and «re-purposing» the meta-data collected by Fourth Parties.
In other words, there is no reason to believe that recent stories about Chinese government hackers breaking into the databases of the U.S. Office of Personnel Management (OPM) and downloading the sensitive personnel records of millions of present and past U.S. government employees, are entirely true. Considering the fact that NSA is able to piggyback on the efforts of foreign hackers, including those in China, Russia, and Iran, there is the likelihood that it was not the Chinese who gained access to the OPM files but NSA’s offensive information warfare teams working within the Tailored Access Operations (TAO) branch who ultimately obtained the millions of files as a way to alarm Congress and receive additional budgetary funding.
The U.S. Cyber Command includes elements that do nothing but maliciously attack foreign computers and networks and the mask the true point of origin of the hacking attacks by routing them through Russian, Chinese, and other servers. The NSA’s use of the phrase «leveraging victims» of computer network exploitation (CNE) activities suggests that NSA and the Central Intelligence Agency are involved in «dirty tricks» operations to amass as many witting or unwitting Fourth Party «victims» as necessary. There are no guarantees that Fourth Parties are all nation states, but that they may include friendly hacker groups — known as «White Hats» – and political organizations, in addition to covertly-implanted devices.
One NSA slide on Fourth Party operations illustrates an NSA «listening post» being embedded as part of the VOYEUR program within the servers of the Iranian Ministry of Intelligence and Security (MOIS) in Tehran and those used by Hezbollah in Lebanon. One NSA operation is to piggyback on Iranian hackers working for the MOIS and «steal, through a «redirector» program the data that the Iranians are able to download from hacking targets. The NSA refers to such targets as «victims». One NSA PowerPoint slide bullet point states that a priority for NSA is to «identify victims for 4th Party Collection Opportunities». «Victims» are nations or other entities that the NSA and its partners believe have been the targets of cyber-attacks from hostile nations or groups.
It is clear how NSA and its Israeli partner, Unit 8200, were able to infect Iranian computer networks involved in that nation’s nuclear power program with the destructive Stuxnet virus. NSA and its allies are able to penetrate foreign computer networks through implanted Fourth Party devices, some known as «beacons», placed clandestinely inside systems manufactured by Microsoft, Cisco, IBM, Dell, Apple, Juniper Networks, Motorola, Seagate, Western Digital, and others.
A Fourth Party decision tree prepared by NSA asks the question, «Is 4P (4th Party) data enough?» If the answer is «no, we need direct access», the NSA decision tree directs the NSA operator to «steal» data from the «victim» of a hacking attack.
Fourth Party data acquisition sites are integrated with NSA’s XKEYSCORE metadata collection system, which operates from worldwide foreign satellite and undersea cable signals intercept stations, as well as from Special Source Offices (SSOs) located in U.S. and other FIVE EYES embassies and missions. SSO sites are operated by the Special Collection Service (SCS), a joint NSA and CIA operation that is known within NSA as «F6». SCS is known as the «black bag» component of NSA.
A PowerPoint slide on NSA's Tailored Access Operations (TAO) activities and Fourth Party operations indicates that China, Egypt, Brazil, Venezuela, Angola, Kenya, Uganda, Thailand, Malaysia, South Korea, and Oman are major Fourth Party players. One Fourth Party collection operation is codenamed DEADSEA but it is not clear where the operation is located. Another Fourth Party operation is codenamed BADASS. NSA’s Menwith Hill Station in England is described as a focal point for «MENA (Middle East/North Africa) 4th Party Collection opportunities».
The Middle East/North Africa (MENA) Fourth Parties that likely passed signals intercepts to NSA, but were generally considered hostile to U.S. interests, likely included Libya under Muammar Qaddafi and the Syrian government of Bashar al-Assad, both of which cooperated with U.S. intelligence in holding as prisoners and interrogating and torturing a number of Al Qaeda suspects. If Libya under Qaddafi and the Assad government in Syria had cooperated as Fourth Parties with the NSA, did the agency later turn around and use Fourth Party access rights to help overthrow the two governments? If the answer is yes, as it seems to be, NSA has embarked on a path of unprecedented deception and guile in its supposed national security-related responsibilities.
In «Enemy of the State», the good guys eventually won out over the evil NSA. In the real world, NSA continues to engage in roguish practices, from wiretapping «Der Spiegel» in Germany to reading the private e-mails of United Nations Secretary General Ban Ki-moon. In the wilds of Africa, «rogue» elephants are often killed by hunters tasked to carry out the job in order to protect public safety. NSA is a virtual rogue elephant but there are no congressional budgetary «hunters» willing to take the fatal shots to put down the wild intelligence agency beast.