Last week, journalists linked to renegade NSA contractor Edward Snowden made public an NSA road map used to catalogue and categorize information ranging from unclassified to top-secret information related to its computer and network penetrations, the use of spies to steal encryption keys, and methods used to track foreign cyber attacks, among other secret operations.
The documents were posted on the website The Intercept, an anti-NSA outlet launched by Snowden confidents Glenn Greenwald and Lora Poitras.
The documents reveal the information security program code-named Sentry Eagle, a joint NSA-Strategic Command initiative aimed at “protecting the highest and most sensitive level of information” used to support government efforts to protect cyberspace.
Under Sentry Eagle, NSA is charged with protecting American cyberspace through “the combination of all abilities to detect national and non-nation attacks on U.S. cyberspace via active and passive SIGINT and Information Assurance means,” an NSA briefing sheet [https://firstlook.org/theintercept/?p=6634]on the program says.
Strategic Command, according to the document, has to role of conducting offensive cyber operations by “efforts to plan, synchronize and when tasked, attack an adversary’s cyber space via computer network attack.”
The draft document was produced in 2004 and contains few details of the programs. One of the documents states that NSA operations are conducted using operatives in China, Germany and South Korea.
The document predated the creation of the Strategic Command subcommand known as U.S. Cyber Command, which is not the lead U.S. military and defense component for both network attack and defense.
The combined NSA and Stratcom program is outlines what are termed “core computer network operations secrets.”
The briefing document states that unauthorized disclosure of the information would “critically compromise” highly sensitive code-breaking ties to foreign entities, NSA multi-year investments, and the ability to penetrate foreign enemies’ cyber space while undermining protection for U.S. cyberspace.
That appears to have been the motive for publishing the documents about Sentry Eagle. Poitras, one of the authors of an article on the documents, stated that some of the newly-disclosed documents appear in a new documentary she produced on Snowden’s treachery, called CitizenFour, the code-name Snowden used in collaborating with Greenwald, Poitras and others in revealing NSA secrets.
The documents disclosed in the latest leak likely will permit all the targets – ranging from foreign governments, to telecommunications equipment makers and service providers, to software and hardware manufactures and encryption and security product makers – to take steps to prevent NSA exploitation.
Stratcom and Cybercom, for their part, likely will be hampered from their mission of conducting cyber warfare, a growing military capability increasing a concern as many foreign adversaries, notably China, Russia and Iran develop strategic capabilities to criple U.S. networks and infrastructure.
The compromise also will weaken NSA, the United States’ premiere intelligence-gathering organization whose capabilities in protecting U.S. national security since the first Snowden disclosues have been severely undermined. Snowden is believed to have stolen an estimated 1.7 million secret and top-secret documents, only a portion of which have been made public.
In outlining the Sentry Eagle program, the briefing document states that NSA works with both U.S. and foreign commercial entities to conduct electronic spying, and also to cooperate in modifying various equipment and components “to make them exploitable for SIGINT.”
A sub-program of Sentry Eagle called Sentry Hawk reveals NSA work with the CIA and FBI in conducting computer attacks, specifically the use of cyber vulnerabilities in firewalls, operating systems, software applications and other means. Additionally, the subprogram is where NSA conducts the mission of providing targeting data for computer network attacks.
Another sub-compartment of Sentry Eagle called Sentry Raven is NSA’s foreign code-breaking program — an NSA specialty – through supercomputers and other cryptanalytic hardware and software. It reveals that NSA has worked with U.S. companies to modify U.S.-made encryption products “to make them exploitable” for NSA spying.
Also, NSA is investing “hundreds of millions of dollars” in advanced computers that are used to attack mainly foreign commercial encryption systems.
The Sentry Falcon subprogram reveals new data on NSA’s ability to detect computer intruders, including a program called “Bluesash” designed to detect hostile state and non-state cyber attacks against U.S. classified computer gateways.
Activities within Sentry Falcon involve counter-intelligence operations used in attributing attacks to foreign states, along with “honey-pot, watermarking, data-tagging activities” used to determine the source of sophisticated cyber attacks.
A cyber honeypot is a decoy server used to lure cyber attackers, usually inside a computer network firewall, to trace the hacker’s identity and activities. Digital watermarking is a method of secretly inserting identifying information within data so that those who use it can be followed. Data-tagging is another method of tracking and tracing cyber attacks and attackers.
Under Sentry Falcon, NSA also is engaged in secret operations to deceive network users and to redirect network data.
NSA released a statement in response to the latest Snowden document dump asserting that that “it should come as no surprise that NSA conducts targeted operations to counter increasingly agile adversaries.”
The latest disclosures will likely further undermine NSA’s ability to do both its electronic intelligence-gathering mission and its code-breaking – both functions urgently required in an increasingly dangerous world.
— Bill Gertz
Oct. 12, 2014