Former NSA contractor also says the U.S. was working on an automated cyberattack response system in WIRED interview
National Security Agency leaker Edward Snowden has claimed a team of NSA hackers was responsible for effectively knocking the entire country of Syria offline two years ago during a period of intense fighting in its still-ongoing civil war.
Snowden’s claim is significant because many observers believed one of several other parties to be responsible for the outage, including Syrian President Bashar Assad’s government, hackers aligned with but perhaps not a part of Assad’s government, or Israel.
Snowden’s story, as revealed in an interview with Snowden published Wednesday in WIRED, goes like this: The NSA team essentially tried to get access to a primary component of Syria’s main Internet Service Provider. Syria only has one big ISP, making it a particularly inviting target for electronic snooping; setting up that backdoor would have given the U.S. unparalleled access to nearly all digital communications within Syria, a major intelligence advantage.
But the plan backfired as the NSA team accidentally fried the very equipment it was trying to tap. The hardware was so vital to Syria’s Internet infrastructure that its loss essentially plunged the country into digital darkness — ironic, because other parts of the U.S. government were trying to keep Syria connected. Writer James Bamford describes Snowden’s claim:
“One day an intelligence officer told him that TAO—a division of NSA hackers—had attempted in 2012 to remotely install an exploit in one of the core routers at a major Internet service provider in Syria, which was in the midst of a prolonged civil war. This would have given the NSA access to email and other Internet traffic from much of the country. But something went wrong, and the router was bricked instead—rendered totally inoperable. The failure of this router caused Syria to suddenly lose all connection to the Internet—although the public didn’t know that the U.S. government was responsible.”
WIRED‘s Snowden story has another cybersecurity scoop: The former NSA contractor claims for the first time that the U.S. government was (or still is) working on a cybersecurity response program that automatically detects and blocks incoming cyberattacks. However, the program — dubbed “MonsterMind” — isn’t just defensive: Once it blocks an attack, it then automatically carries out a counter-attack against what it thinks was the source, Snowden says.
That could be an issue, says Snowden, as good hackers can — and typically do — make their online attacks look like they’re coming from somewhere else. “You could have someone sitting in China, for example, making it appear that one of these attacks is originating in Russia. And then we end up shooting back at a Russian hospital,” he explains.
The NSA did not comment to WIRED on Snowden’s claims about Syria’s Internet outage or MonsterMind, but it’s possible that MonsterMind or programs like it would be designed to circumvent such spoofing by detecting a rerouted address and either standing down or switching targets.