The Swedish Kings of Cyberwar

DATE: 13/01/2017
SOURCE: NEW YORK REVIEW OF BOOKS

In 2011, the Swedes began sharing their surveillance data with the NSA, which included—as NSA officials described it at the time of the meeting—a “unique collection [of communications data] on high-priority Russian targets such as leadership, internal politics, and energy.”

Noting the Swedish spy agency’s unusual technical abilities and reputation for secrecy, NSA officials also viewed it as an ideal collaborator on its hacking and cyberwarfare project, called Quantum. One of the Quantum programs was an ambitious operation called WINTERLIGHT, which aimed at secretly hacking into high-value foreign computers and computer networks to obtain not only communications data but also any information stored on the hard drives or servers in question. Possible targets might be the administrators of foreign computer networks, government ministries, oil, defense, and other major corporations, as well as suspected terrorist groups or other designated individuals. Similar Quantum operations have targeted OPEC headquarters in Vienna, as well as Belgacom, a Belgian telecom company whose clients include the European Commission and the European Parliament.

According to NSA documents, WINTERLIGHT was using a complex attack strategy to secretly implant a malware program on the targeted computer or network. The NSA’s malware would then divert any signals between those computers and the Internet through “rogue” high-speed surveillance servers, called “FoxAcid” servers, allowing the NSA to access in stealth almost any of the user’s personal data—and even to tamper with data traveling from one user to another. The implications for both spying and offensive cyber operations were far-reaching. Wired has described how the attack on the Belgian telecom was able to

    [map] out the digital footprints of chosen workers, identifying the IP [internet protocol] addresses of work and personal computers as well as Skype, Gmail and social networking accounts such as Facebook and LinkedIn. Then they set up rogue pages, hosted on FoxAcid servers, to impersonate, for example, an employee’s legitimate LinkedIn profile page.


READ THE WHOLE ARTICLE @

http://www.nybooks.com/articles/2017/01/19/the-swedish-kings-of-cyberwar/