NSA document reveals enthusiastic hacker targeting sys admins

Now it’s system administrators the NSA is spying on.

According to another secret document from Edward Snowden’s huge collection, the National Security Agency (NSA) hacks the computers of sys admins in other countries in order to tap into their phone and Internet networks.

The document, released through investigative site The Intercept, is composed of several posts apparently written by an NSA network specialist and posted in 2012 on a discussion forum inside the agency. The Intercept said it was withholding the employee’s name.

The author describes the posts as “a short series (affectionately titled ‘I hunt…’) on things I’m trying to do with data that wouldn’t normally be interesting by itself, but by thinking about it in a new way, makes it extremely valuable.”

Topics include hacking sys admins and routers. The posts are titled “the utility of ‘security conferences,'” “I hunt SIGINTs [signals intelligence data] (part 1),” “I hunt sys admins (part 2),” “I hunt admins that use telnet (part 3),” “I hunt admins that use SSH (part 4),” “I hunt people who hack routers (part 5).”

What was the NSA looking for? The posts mention network maps, login credentials, customer lists, dedicated IP addresses, email that reveals how the network connects to the Net and “pictures of cats in funny poses with amusing captions.”

Written in a chatty, tech-savvy style, the posts appear to be the work of an enthusiastic hacker who loves his day job.

At one point, the author invites the reader to imagine the creation of a database of targeted, foreign sys admins that would make it simpler to quickly access calls and emails on those networks.

At another point, the writer waxes enthusiastically about his line of work:

“[Signals intelligence] is down right cool. As much as we complain about our ‘Big Data Problem’, collection/processing issues, dismal infrastructure/outdated browsers/OSs, our ability to pull bits out of random places of the internet, bring them back to the mother-base to evaluate and build intelligence off of is just plain awesome!”

And then he acknowledges the very thing that has gotten the NSA into hot water – collecting oceans of data:

“One of the coolest things about [signals intelligence] is how much data we have at our fingertips. If we only collected the data we knew we wanted … yeah, we’d fill some of our requirements, but this is a whole world of possibilities we’d be missing! It would be like going on a road-trip, but wearing a blindfold the entire time and, and only removing it when you’re at one of your destinations … yeah, you’ll still see stuff, but you’ll be missing out on the entire journey!”

The Intercept, whose cofounding journalist Glenn Greenwald has been a champion for NSA document leaker Edward Snowden, notes that “the document makes clear that the admins are not suspected of any criminal activity – they are targeted only because they control access to networks the agency wants to infiltrate.”

This is a point that the posts’ author also acknowledges, but from a different perspective:

“Up front, sys admins generally are not my end target. My end target is the extremist/terrorist or government official that happens to be using the network some admin takes care of. Sys admins are a means to an end.”