A team of nine journalists including Jacob Appelbaum and Laura Poitras have just published another massive collection of classified records obtained by Edward Snowden. The trove of documents, published on Der Spiegel, show that the National Security Agency and its allies are methodically preparing for future wars carried out over the internet. Der Spiegel reports that the intelligence agencies are working towards the ability to infiltrate and disable computer networks — potentially giving them the ability to disrupt critical utilities and other infrastructure. And the NSA and GCHQ think they’re so far ahead of everyone else, they’re laughing about it.
We already know that the US is already capable of launching complex digital attacks that can cause physical damage to its enemies. A computer virus known as Stuxnet, discovered in 2010, was deployed as part of a joint operation between the US and Israel that ravaged Iran’s Natanz nuclear facility, destroying many of the country’s nuclear centrifuges. Since then, the NSA’s top brass has boasted of newer and more powerful digital weapons.
The new documents presented by Der Spiegel show that NSA surveillance programs are at the foundation of efforts to create sophisticated digital weapons. One of the major themes from the new documents involves the ability of Five Eyes intelligence agencies to exploit the methods of its adversaries — efforts to “steal their tools, tradecraft, targets, and take.” The NSA calls this impressive capability “fourth party collection.”
Fourth party collection appears so successful that agents of the NSA and GCHQ have cracked jokes about it in top secret slide decks. In an NSA presentation titled “fourth party opportunities,” the first slide references Daniel Day-Lewis’ infamous “I drink your milkshake” monologue from the 2007 film There Will Be Blood. In one instance, Der Spiegel reports, an NSA unit was able to trace an attack on the Department of Defense back to China and covertly listen in on future Chinese spying efforts, including one digital infiltration of the United Nations.
In another presentation, the GCHQ details efforts to exploit “leaky mobile apps” using a tool called “BADASS.” In it, the spy agency walks through its ability to glean personal information from metadata sent between users’ devices and mobile ad networks and analytics firms — data that’s not supposed to contain personally identifiable information. Several slides are titled “Abusing BADASS for Fun and Profit.” One slide boasts: “We know how bad you are at Angry Birds.”
The rest of Der Spiegel’s investigation suggests that spy agencies in the US and UK are behaving like you might expect in a predictable Brad Pitt thriller about counter-intelligence during the Cold War. “It’s absurd: as they are busy spying, the spies are spied on by other spies,” Der Spiegel writes. “In response, they routinely seek to cover their tracks or to lay fake ones instead.”
Our spies really enjoy their work.