Budget Documents Detail Extent of U.S. Cyberoperations

Newly disclosed budget documents for America’s intelligence agencies show how aggressively the United States is now conducting offensive cyberoperations against other nations, even as the Obama administration protests attacks on American computer networks by China, Iran and Russia.

David E. Sanger New York Times
Printer friendly  
Papers that The Washington Post got from Edward J. Snowden indicate that America conducted 231 cyberoperations in 2011. ,The Guardian, via Associated Press

WASHINGTON — Newly disclosed budget documents for America’s intelligence agencies show how aggressively the United States is now conducting offensive cyberoperations against other nations, even as the Obama administration protests attacks on American computer networks by China, Iran and Russia.

The documents, obtained by The Washington Post from Edward J. Snowden, the former National Security Agency contractor, and described by the paper in its Saturday editions, indicate 231 such operations in 2011, a year after the first evidence emerged of an American- and Israeli-led cyberattack against Iran’s nuclear-enrichment center.

That number suggests that President Obama was not deterred by the disclosure of the Iranian operation, which became evident because of a technological error, and is pressing ahead on using cyberweapons against a variety of targets.

The Post did not publish the documents. Last week, it said it had withheld most of the 178 pages of documents at the request of government officials because of the sensitivities of the spying operations they describe.

Unlike drone attacks, which the administration has begun to acknowledge publicly and provide legal justifications for, cyberattacks are still regarded as part of a secret arsenal that officials will not discuss.

The attacks described in the budget documents appear to be on a far smaller scale than the series of attacks on Iran, which were part of a classified operation called Olympic Games.

The Post reported a parallel effort, code-named GENIE, which it described as an effort by American intelligence officials working for the N.S.A. and the military’s Cyber Command to insert surreptitious controls into foreign computer networks. That computer code, a form of malware, allows American officials to hijack the computers or route some of their data to servers that enable American espionage.

It is unclear how many, if any, of those 231 operations were merely for espionage or data manipulation, and how many may have been intended to destroy or disable infrastructure. Computerized espionage is not new, though the sophistication and scale of it has increased in recent years.

Offensive operations intended to alter data, turn off networks or destroy machines — which is what made the Iran operation so complex and unusual — are a far newer phenomenon. President Obama, in an executive order signed last year, has reserved the right to decide when the United States should conduct such operations. It is not clear how many of the 231 he approved.

If you like this article, please sign up for Snapshot, Portside's daily summary.

(One summary e-mail a day, you can change anytime, and Portside is always free.)

Diplomatically, the disclosure of the latest Snowden documents poses a new challenge to Mr. Obama. He has pressed China to cease its own cyberoperations in the United States, many of which are aimed at the theft of intellectual property including corporate secrets and the plans for the F-35 Joint Strike Fighter, the country’s most expensive new weapons system.

The Chinese have responded that America also conducts extensive cyberoperations, including against China, and will doubtless use the most recent disclosures to press that case. So far, Mr. Obama’s effort to get the Chinese engaged in a deeper dialogue on cyberissues has yielded discussions, but little fruit.

The Pentagon has insisted that the United States does not engage in economic espionage, the specialty of Chinese forces like Unit 61398, a People’s Liberation Army operation behind many of the intrusions into American systems.

But it does conduct what specialists call “network exploitation,” which it distinguishes from “attacks,” to obtain military or intelligence secrets and intercept cell and digital communications. Attacks, at least as defined by the military, would involve destruction of computer equipment or the facilities those networks run.

The Post said a budget document defined network exploitation as “surreptitious virtual or physical access to create and sustain a presence inside targeted systems or facilities.” That appears to be part of the offensive operations, and can often pave the way to “facilitate future access,” the document said.

The documents indicate that the N.S.A. spent $25 million on “covert purchases of software vulnerabilities.” These are often flaws in commercial software, often in the near-ubiquitous Windows operating system, that make it possible to secretly enter and manipulate data.

The bulk of the work inside the N.S.A. is conducted by the Tailored Access Operations group, one of the most secretive units in a secretive agency.

Recently, Gen. Keith B. Alexander, who directs the N.S.A. and commands the military’s Cyber Command, spoke publicly of creating 40 cyberteams, including 13 focused on offensive operations.

The defensive operations include protections for the American military and other government agencies, and efforts to detect broad cyberattacks launched on the United States.