Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated:
1
00:00:01,702 --> 00:00:03,735
BEN: Leaked documents revealed the scope of the NSA's
2
00:00:03,837 --> 00:00:05,704
mass surveillance program.
3
00:00:05,806 --> 00:00:09,741
We cannot prevent terrorist
attacks or cyber threats without
4
00:00:09,843 --> 00:00:13,512
some capability to penetrate
digital communications.
5
00:00:13,614 --> 00:00:17,516
Others unmasked a unit called Tailored Access Operations.
6
00:00:17,618 --> 00:00:18,817
I don't need mass surveillance.
7
00:00:18,919 --> 00:00:20,619
I need you to break
into that guy's computer.
8
00:00:20,721 --> 00:00:22,621
Their mission is to get the ungettable.
9
00:00:22,723 --> 00:00:25,757
If you want to hack
into systems lawfully,
10
00:00:25,859 --> 00:00:27,960
the only game in town
is the government.
11
00:00:28,062 --> 00:00:29,728
But their targets are secret.
12
00:00:29,830 --> 00:00:32,731
They are very important at
actually tracking down people
13
00:00:32,833 --> 00:00:34,866
who are then
subsequently killed.
14
00:00:34,969 --> 00:00:37,369
And there's almost nothing they can't hack.
15
00:00:38,606 --> 00:00:48,614
♪
16
00:00:57,424 --> 00:00:58,624
The National Security Agency
17
00:00:58,726 --> 00:01:01,360
is one of the world's largest intelligence agencies.
18
00:01:01,462 --> 00:01:03,362
Headquartered in Fort Meade, Maryland,
19
00:01:03,464 --> 00:01:06,732
the NSA's mandate is tocollect foreign intelligence.
20
00:01:06,834 --> 00:01:09,768
After 9/11, George W. Bushauthorized the NSA to collect
21
00:01:09,870 --> 00:01:12,471
even more, including American communications
22
00:01:12,573 --> 00:01:14,840
to and from foreign targets.
23
00:01:14,942 --> 00:01:17,676
(Cameras snapping)
24
00:01:17,778 --> 00:01:19,444
Good morning.
25
00:01:19,546 --> 00:01:22,748
This is a highly classified
program that is crucial
26
00:01:22,850 --> 00:01:24,483
to our national security.
27
00:01:26,320 --> 00:01:28,587
This program shocked an NSA senior executive
28
00:01:28,689 --> 00:01:30,856
named Thomas Drake.
29
00:01:30,958 --> 00:01:33,225
Drake is a decorated veteran who blew the whistle
30
00:01:33,327 --> 00:01:35,560
on NSA's activities to the press.
31
00:01:35,663 --> 00:01:38,630
He barely escaped 35 years in jail after being charged
32
00:01:38,732 --> 00:01:42,901
under the Espionage Act,a law first written in 1917.
33
00:01:43,003 --> 00:01:44,603
- Mr. Drake?
- Hi.
34
00:01:44,705 --> 00:01:46,571
- I'm Ben.
- Nice to meet you.
35
00:01:46,674 --> 00:01:49,975
The National Security Agency is
focused on foreign intelligence.
36
00:01:50,077 --> 00:01:51,643
It was formed in 1952.
37
00:01:51,745 --> 00:01:54,346
People don't realize it was not
formed by an act of Congress.
38
00:01:54,448 --> 00:01:58,450
It was literally
signed into existence
39
00:01:58,552 --> 00:02:00,485
by the stroke of a
secret presidential pen.
40
00:02:00,587 --> 00:02:03,288
In fact, the joke was
it was "No Such Agency"
41
00:02:03,390 --> 00:02:04,923
or "Never Say Anything".
42
00:02:05,025 --> 00:02:07,893
You never even referenced
the actual name.
43
00:02:07,995 --> 00:02:10,696
People who used to work there,
"Oh, I work at DOD."
44
00:02:10,798 --> 00:02:12,331
Now, accelerate forward.
45
00:02:12,433 --> 00:02:14,333
Internet explodes.
46
00:02:14,435 --> 00:02:16,735
You have this rapid transition
from analog to digital,
47
00:02:16,837 --> 00:02:22,274
and the explosion of
data became exponential.
48
00:02:22,376 --> 00:02:25,811
What do you think is the
easiest way to deal with it?
49
00:02:25,913 --> 00:02:27,679
Just suck it all.
50
00:02:27,781 --> 00:02:29,781
But what happened after 9/11?
51
00:02:29,883 --> 00:02:31,650
Was it the NSA should do better?
52
00:02:33,053 --> 00:02:36,888
Here's where you have culture
in secret meeting itself;
53
00:02:36,990 --> 00:02:39,458
realizing it had failed
but can't admit it failed.
54
00:02:39,560 --> 00:02:42,461
It had not prevented
the next Pearl Harbor.
55
00:02:42,563 --> 00:02:45,230
And now, NSA is
literally unleashed.
56
00:02:45,332 --> 00:02:47,632
It's unleashed on an
extraordinary scale,
57
00:02:47,735 --> 00:02:51,436
a scale we have never seen
in US history or the world.
58
00:02:51,538 --> 00:02:54,639
All means necessary to
confront the threat.
59
00:02:54,742 --> 00:02:56,742
Who cares about
the Constitution?
60
00:02:57,845 --> 00:02:59,378
Who cares about law?
61
00:02:59,480 --> 00:03:01,713
Who cares about the
rights of US persons?
62
00:03:01,815 --> 00:03:03,582
Hey, if you've done nothing
wrong - I even heard this -
63
00:03:03,684 --> 00:03:05,817
then it shouldn't matter.
64
00:03:05,919 --> 00:03:09,855
And the mantra was:
just get the data.
65
00:03:09,957 --> 00:03:12,023
Collect it all so
we can know it all.
66
00:03:13,293 --> 00:03:15,627
Collect it all so
we can know it all.
67
00:03:17,064 --> 00:03:20,332
Drake inspired another NSA worker to sound the alarm.
68
00:03:20,434 --> 00:03:22,200
RADIO: This afternoon, The Guardian newspapers
69
00:03:22,302 --> 00:03:24,636
revealed the name of their source.
70
00:03:24,738 --> 00:03:27,305
BEN: In 2013, Edward Snowden leaked tens of thousands
71
00:03:27,408 --> 00:03:29,541
of classified NSA documents.
72
00:03:29,643 --> 00:03:31,877
The first to get published was a secret court order
73
00:03:31,979 --> 00:03:34,446
forcing Verizon to fork over the call data
74
00:03:34,548 --> 00:03:36,748
of millions of US customers.
75
00:03:36,850 --> 00:03:38,917
The next big leak was a PowerPoint presentation
76
00:03:39,019 --> 00:03:41,620
about a program called Prism.
77
00:03:41,722 --> 00:03:45,223
The NSA boasted that Prism gavethem direct access to emails,
78
00:03:45,325 --> 00:03:48,226
video chats and more from some of America's
79
00:03:48,328 --> 00:03:49,428
biggest tech companies.
80
00:03:50,964 --> 00:03:52,964
The media was obsessed with Snowden and the leaks,
81
00:03:53,066 --> 00:03:54,666
but few people noticed information
82
00:03:54,768 --> 00:03:56,768
hidden in the documents about a top secret
83
00:03:56,870 --> 00:04:01,440
NSA unit called TAO, or Tailored Access Operations,
84
00:04:01,542 --> 00:04:03,608
until the German magazine Der Spiegel
85
00:04:03,710 --> 00:04:06,445
revealed more about it than ever before.
86
00:04:06,547 --> 00:04:07,712
Jorg Schindler is the magazine's
87
00:04:07,815 --> 00:04:10,215
award-winningnational security reporter.
88
00:04:10,317 --> 00:04:14,352
You can call them the highly
skilled plumbers of the NSA
89
00:04:14,455 --> 00:04:17,823
who are able to get into
every sort of pipe.
90
00:04:17,925 --> 00:04:20,859
What they are doing is
getting the ungettable.
91
00:04:20,961 --> 00:04:22,861
They're like the special
forces of the NSA essentially.
92
00:04:22,963 --> 00:04:24,463
Yeah, a special hacker force.
93
00:04:24,565 --> 00:04:27,632
I mean, the whole NSA is a
special force, but those are
94
00:04:27,734 --> 00:04:32,337
the highly skilled handymen who
create certain kinds of tools
95
00:04:32,439 --> 00:04:36,808
to infiltrate,
manipulate and sabotage
96
00:04:36,910 --> 00:04:39,744
every kind of digital device
you might think of.
97
00:04:39,847 --> 00:04:42,948
What's the relationship between
Tailored Access Operations
98
00:04:43,050 --> 00:04:44,950
by the NSA and their
mass surveillance?
99
00:04:45,052 --> 00:04:48,887
I mean, to explain it easily, I
would say that mass surveillance
100
00:04:48,989 --> 00:04:53,425
is like going into the ocean
with a huge fishing net
101
00:04:53,527 --> 00:04:56,995
and to draw everything out,
whatever you find.
102
00:04:57,097 --> 00:05:00,565
And what the Tailored Access
Operation units are doing
103
00:05:00,667 --> 00:05:03,802
is like using the harpoon to
find the special targets
104
00:05:03,904 --> 00:05:06,671
and the fishes they really need.
105
00:05:06,773 --> 00:05:08,673
So that might be the difference.
106
00:05:08,775 --> 00:05:11,276
So it's like going hand in hand.
107
00:05:11,378 --> 00:05:12,544
And TAO's pretty good at it.
108
00:05:12,646 --> 00:05:13,812
They're extremely
good at it, yes.
109
00:05:13,914 --> 00:05:14,946
(Laughing)
110
00:05:16,283 --> 00:05:17,849
The Snowden leaks revealed details about
111
00:05:17,951 --> 00:05:20,952
Tailored Access Operations, but a lot is still unknown.
112
00:05:23,624 --> 00:05:26,491
I wanted to talk to someone whoknows the NSA from the inside:
113
00:05:26,593 --> 00:05:30,462
an Air Force veteran and formerNSA exec named John Harbaugh.
114
00:05:32,466 --> 00:05:33,865
- I'm John Harbaugh.
- Nice to meet you, John.
115
00:05:33,967 --> 00:05:35,200
Please, come in.
116
00:05:35,302 --> 00:05:37,269
Let's see this place.
117
00:05:37,371 --> 00:05:38,370
- "root9B".
- Yeah.
118
00:05:38,472 --> 00:05:39,437
(Laughing)
119
00:05:39,540 --> 00:05:40,872
Why that name, by the way?
120
00:05:40,974 --> 00:05:43,742
So "root" is
system level access.
121
00:05:43,844 --> 00:05:46,711
"9B" is hexadecimal for 9/11.
122
00:05:46,813 --> 00:05:47,879
Ah.
123
00:05:47,981 --> 00:05:52,784
So it's a nod to the fact
that the next 9/11 event
124
00:05:52,886 --> 00:05:55,453
is most likely gonna
be cyber-related.
125
00:05:55,556 --> 00:05:58,423
root9B, which has defense contracts, aims to hunt
126
00:05:58,525 --> 00:06:01,293
and pursue adversaries inside a client's network.
127
00:06:01,395 --> 00:06:04,162
This is where we do all
of our Hunt Operations,
128
00:06:04,264 --> 00:06:05,830
what we call it for our clients.
129
00:06:05,933 --> 00:06:09,401
So what this is showing you
is what the operator sees
130
00:06:09,503 --> 00:06:11,303
while they're doing
their op, right?
131
00:06:11,405 --> 00:06:13,905
So there'll be windows of time
where they're actually active
132
00:06:14,007 --> 00:06:16,775
inside the client's
network pursuing the adversary.
133
00:06:16,877 --> 00:06:18,743
And this was really driven
by our experiences
134
00:06:18,845 --> 00:06:19,744
in the government space.
135
00:06:19,846 --> 00:06:21,212
Does it look like
this in Fort Meade?
136
00:06:21,315 --> 00:06:22,314
This is better.
137
00:06:22,416 --> 00:06:23,582
(Laughing)
138
00:06:23,684 --> 00:06:26,751
In your bio, it says something
like you were the director of
139
00:06:26,853 --> 00:06:30,288
a super elite
cyber operation unit.
140
00:06:30,390 --> 00:06:32,824
So basically what that's about
141
00:06:32,926 --> 00:06:34,793
is what we've tried
to recreate here.
142
00:06:34,895 --> 00:06:37,796
So my time inside
the organization,
143
00:06:37,898 --> 00:06:41,800
I had the pleasure and the
fortune to be asked to run
144
00:06:41,902 --> 00:06:45,804
a team of about 8 individuals,
and that team was focused on
145
00:06:45,906 --> 00:06:48,873
the most challenging
problems in cyber.
146
00:06:48,976 --> 00:06:51,509
Was that Tailored
Access Operations?
147
00:06:51,612 --> 00:06:55,513
So you know, there is elements
of that space, right?
148
00:06:55,616 --> 00:06:57,616
'Cause if you're in cyber
and you do all of cyber,
149
00:06:57,718 --> 00:06:59,985
then you're doing all of
those types of things.
150
00:07:01,688 --> 00:07:03,288
And so the bosses
could come in and say,
151
00:07:03,390 --> 00:07:05,290
"We have a significant
national event.
152
00:07:05,392 --> 00:07:07,826
I need you guys to be able to
do this in the next 12 hours."
153
00:07:07,928 --> 00:07:09,494
I could walk into
that space and say,
154
00:07:09,596 --> 00:07:11,162
"Hey guys, I need 5 minutes."
155
00:07:11,264 --> 00:07:13,531
I would give them what we
would call the op order.
156
00:07:13,634 --> 00:07:14,733
"This is what we
need to achieve,
157
00:07:14,835 --> 00:07:17,602
we need to achieve it in
the next 12, 24, 48 hours,"
158
00:07:17,704 --> 00:07:19,504
and I could walk away.
159
00:07:19,606 --> 00:07:22,440
And I knew when I came back,
no matter what time of day,
160
00:07:22,542 --> 00:07:24,309
how long they were working
on it, they would get it done.
161
00:07:24,411 --> 00:07:26,177
And it was that kind of--
Again, it was that kind of...
162
00:07:26,279 --> 00:07:27,178
Teamwork?
163
00:07:27,280 --> 00:07:28,713
...teamwork that
really drew people.
164
00:07:28,815 --> 00:07:30,582
And it's a very similar thing
to the Special Ops community.
165
00:07:30,684 --> 00:07:32,851
It does sound like a
military chain of command.
166
00:07:32,953 --> 00:07:35,453
Yeah, I mean, NSA is a
very military organization.
167
00:07:38,358 --> 00:07:39,824
To build a team like TAO,
168
00:07:39,926 --> 00:07:42,227
the NSA has to hire highly skilled hackers.
169
00:07:42,329 --> 00:07:44,462
So how does it head hunt them?
170
00:07:44,564 --> 00:07:46,264
To find out, I ask Chris Soghoian.
171
00:07:46,366 --> 00:07:49,334
He's a privacy activist with theAmerican Civil Liberties Union.
172
00:07:53,807 --> 00:07:56,641
Who are they, and where's
the NSA recruiting them from?
173
00:07:56,743 --> 00:07:58,743
The government wants people who
can get us security clearance,
174
00:07:58,845 --> 00:08:00,545
more so than ever.
175
00:08:00,647 --> 00:08:04,783
Particularly after Snowden
and after Chelsea Manning,
176
00:08:04,885 --> 00:08:08,887
they want people who they know
are gonna play by the rules.
177
00:08:08,989 --> 00:08:11,690
They want people who
cannot be easily blackmailed.
178
00:08:11,792 --> 00:08:14,926
So I think NSA tries to recruit
the best and brightest
179
00:08:15,028 --> 00:08:17,295
from computer science
programs around the country,
180
00:08:17,397 --> 00:08:19,564
and in particular
computer security programs.
181
00:08:19,666 --> 00:08:20,565
like Carnegie Mellon,
182
00:08:20,667 --> 00:08:23,501
that have probably
183
00:08:23,603 --> 00:08:26,671
the most sophisticated offensive
cybersecurity programs
184
00:08:26,773 --> 00:08:29,507
in academia in the United
States, and their students are
185
00:08:29,609 --> 00:08:33,611
heavily recruited both by NSA,
but also by Silicon Valley.
186
00:08:33,714 --> 00:08:35,146
They're competing
for the same people?
187
00:08:35,248 --> 00:08:36,414
So they're competing
for the same people,
188
00:08:36,516 --> 00:08:38,149
and the problem that NSA has is
189
00:08:38,251 --> 00:08:40,318
they can't pay the same
kind of money, right?
190
00:08:40,420 --> 00:08:43,088
They're not gonna be able to
offer the smoothies and massages
191
00:08:43,190 --> 00:08:45,790
and sort of perks of life
that Google and Facebook can.
192
00:08:45,892 --> 00:08:48,026
But they have something
that those companies don't.
193
00:08:48,128 --> 00:08:50,628
What they have is a monopoly
on violence, right?
194
00:08:50,731 --> 00:08:52,297
In the same way that
if you wanna like
195
00:08:52,399 --> 00:08:54,432
repel out of helicopters
and shoot people in the head,
196
00:08:54,534 --> 00:08:56,801
you go join the Special Forces.
197
00:08:56,903 --> 00:09:00,105
If you wanna hack
into systems lawfully,
198
00:09:00,207 --> 00:09:02,273
the only game in town
is the government.
199
00:09:02,375 --> 00:09:06,244
In many other walks
of life, you would be...
200
00:09:06,346 --> 00:09:07,979
you would be a criminal,
you would be a stalker,
201
00:09:08,081 --> 00:09:09,280
you'd be a bad person.
202
00:09:09,382 --> 00:09:11,483
But when you go to NSA,
suddenly you get to
203
00:09:11,585 --> 00:09:13,752
wrap yourself in the flag
and do it for king and country.
204
00:09:16,356 --> 00:09:18,389
If TAO can legally do things no one else can,
205
00:09:18,492 --> 00:09:20,558
who are they hacking, and why?
206
00:09:26,867 --> 00:09:28,099
BEN: Not much is known about
207
00:09:28,201 --> 00:09:30,535
who Tailored Access Operationshacks, but the Snowden Leaks
208
00:09:30,637 --> 00:09:33,605
revealed one major target: Osama bin Laden.
209
00:09:35,408 --> 00:09:38,143
TAO hacked into the mobilephones of Al Qaeda operatives
210
00:09:38,245 --> 00:09:41,613
in the hunt for bin Laden, asreported by The Washington Post.
211
00:09:41,715 --> 00:09:44,149
The unit's work also led tothe capture of 40 insurgents
212
00:09:44,251 --> 00:09:45,617
in Afghanistan.
213
00:09:46,953 --> 00:09:48,720
Ryan Gallagher is an investigative reporter
214
00:09:48,822 --> 00:09:51,289
at The Intercept, where he has covered the role of surveillance
215
00:09:51,391 --> 00:09:52,891
in the ongoing war on terror.
216
00:09:54,461 --> 00:09:58,563
How did TAO and how does TAO
fit into the War on Terror?
217
00:09:59,733 --> 00:10:01,933
Well, they're very important.
218
00:10:02,035 --> 00:10:05,203
I mean, people don't
necessarily think of
219
00:10:05,305 --> 00:10:09,274
surveillance even as a thing
being integral to what
220
00:10:09,376 --> 00:10:12,510
the military is doing on
the ground, but it is.
221
00:10:12,612 --> 00:10:14,212
It's absolutely vital.
222
00:10:14,314 --> 00:10:16,881
What the Tailored Access
guys are doing for instance is,
223
00:10:16,983 --> 00:10:21,286
because they're so skilled at
actually breaking into systems
224
00:10:21,388 --> 00:10:23,888
and going after what they
would refer to as hard targets,
225
00:10:23,990 --> 00:10:28,226
people who are elusive or
skilled at dodging surveillance,
226
00:10:28,328 --> 00:10:31,396
they are very important at
actually tracking down people
227
00:10:31,498 --> 00:10:35,767
who are then subsequently killed
or captured, in past years
228
00:10:35,869 --> 00:10:40,638
probably rendered in through
the Black Sites program
229
00:10:40,740 --> 00:10:42,640
that was going on through
the Bush Administration.
230
00:10:42,742 --> 00:10:46,578
So they're very entwined
with these physical,
231
00:10:46,680 --> 00:10:48,880
kind of kinetic, they call it,
operations on the ground.
232
00:10:48,982 --> 00:10:51,616
So are they basically
the commandos of the NSA?
233
00:10:51,718 --> 00:10:53,585
You could put it
like that, yeah.
234
00:10:53,687 --> 00:10:56,821
I mean, it's maybe sort of
glorifying them a little bit.
235
00:10:56,923 --> 00:11:00,491
But I mean, essentially these
guys are just like geeky nerds,
236
00:11:00,594 --> 00:11:03,461
but they do kind of do that
sort of commando-type role.
237
00:11:03,563 --> 00:11:07,599
They're facilitating military
operations on the ground
238
00:11:07,701 --> 00:11:09,467
by hacking into targets.
239
00:11:09,569 --> 00:11:13,171
They are actually directly
able to track people
240
00:11:13,273 --> 00:11:15,306
who are then killed
in say a drone strike.
241
00:11:15,408 --> 00:11:18,309
So what they do, yeah, it
is kind of commando work,
242
00:11:18,411 --> 00:11:21,779
but they are also providing
assistance on the ground to
243
00:11:21,882 --> 00:11:25,316
real commando types who are out
there trying to kill people.
244
00:11:27,654 --> 00:11:28,786
In the hunt for bin Laden,
245
00:11:28,889 --> 00:11:31,322
TAO reportedly used what the unit calls "implants",
246
00:11:31,424 --> 00:11:34,993
spy devices installed in mobile phones or other hardware.
247
00:11:36,696 --> 00:11:38,663
Implants are just someof the tools that appear
248
00:11:38,765 --> 00:11:40,932
in a leaked document called the ANT Catalog,
249
00:11:41,034 --> 00:11:43,468
which lists other spy gear at TAO's disposal.
250
00:11:45,071 --> 00:11:46,671
Security researchers Michael Ossmann,
251
00:11:46,773 --> 00:11:48,506
Joe FitzPatrick and Dean Pierce
252
00:11:48,608 --> 00:11:50,808
decided to build some ofthese spy tools themselves.
253
00:11:51,878 --> 00:11:54,779
The media kinda saw it and
reported on bits and pieces
254
00:11:54,881 --> 00:11:56,214
of it and said, "Oh,
look at this thing!
255
00:11:56,316 --> 00:11:57,515
This is magic!"
256
00:11:57,617 --> 00:11:58,850
And I think all of us
looked at it and said,
257
00:11:58,952 --> 00:12:00,418
"Oh, yeah, I know
how to do that.
258
00:12:00,520 --> 00:12:01,753
Yeah, I know how to do that."
259
00:12:01,855 --> 00:12:04,255
Joe recreated a graphics card that can see what's running
260
00:12:04,357 --> 00:12:07,592
on a computer's active memory, and Dean rigged a phone
261
00:12:07,694 --> 00:12:10,628
so it picks up the mobile traffic in the area.
262
00:12:10,730 --> 00:12:14,465
Mike reproduced Ragemaster, a tiny chip implanted in
263
00:12:14,567 --> 00:12:17,835
a computer video cable toreflect information via radar.
264
00:12:18,905 --> 00:12:22,240
When this is installed, I
can point one antenna at it,
265
00:12:22,342 --> 00:12:24,208
and that's
transmitting a signal.
266
00:12:24,311 --> 00:12:26,377
And then my other antenna's
also pointed at it,
267
00:12:26,479 --> 00:12:28,613
and it's receiving a reflection.
268
00:12:28,715 --> 00:12:32,517
By measuring that reflection,
I can, on my laptop,
269
00:12:32,619 --> 00:12:36,254
recover information
that's going over the cable.
270
00:12:36,356 --> 00:12:39,557
And what I get is a video image,
271
00:12:39,659 --> 00:12:43,528
a screen image from the
target computer system.
272
00:12:43,630 --> 00:12:46,631
And this is an example
of something where
273
00:12:46,733 --> 00:12:48,333
an implant is required.
274
00:12:48,435 --> 00:12:50,802
Getting an implant into a piece of hardware,
275
00:12:50,904 --> 00:12:54,439
like a video cable, requires physical access.
276
00:12:54,541 --> 00:12:57,442
But planting bugs into terrorists' cell phones
277
00:12:57,544 --> 00:12:59,711
isn't the only thing TAO does.
278
00:12:59,813 --> 00:13:00,912
Some of their activity has jeopardized
279
00:13:01,014 --> 00:13:02,780
internet security at large.
280
00:13:05,618 --> 00:13:08,820
One Snowden leak shows howTAO found a vulnerability
281
00:13:08,922 --> 00:13:11,389
- a software bug - in Mozilla Firefox.
282
00:13:13,326 --> 00:13:15,860
TAO used the bug to try toidentify some users also running
283
00:13:15,962 --> 00:13:18,429
an anonymizing software called Tor.
284
00:13:19,265 --> 00:13:21,899
Not only did TAO need to be able to monitor and hijack
285
00:13:22,002 --> 00:13:24,502
internet traffic to pull of its attack,
286
00:13:24,604 --> 00:13:26,637
but hundreds of millionsof Firefox users were left
287
00:13:26,740 --> 00:13:30,274
vulnerable to the software bug,which has since been patched.
288
00:13:34,881 --> 00:13:35,980
- Claudio.
- Hey, man.
289
00:13:37,050 --> 00:13:40,952
Hacker Claudio Guarnieri hashelped expose TAO's activities.
290
00:13:41,054 --> 00:13:44,622
I met him in an old Stasi surveillance tower that
291
00:13:44,724 --> 00:13:48,426
still stands in what used to beSoviet-controlled East Berlin.
292
00:13:48,528 --> 00:13:51,295
A lot of the mass surveillance
and bulk collection capability
293
00:13:51,398 --> 00:13:54,966
of the NSA is empowered
by some of the break-ins
294
00:13:55,068 --> 00:13:56,534
that TAO is able to do.
295
00:13:56,636 --> 00:14:02,273
For example, they would ask TAO
to break into some core parts
296
00:14:02,375 --> 00:14:05,576
of the internet infrastructure,
of the whole global backbone.
297
00:14:05,678 --> 00:14:08,813
You know, from an
internet structure perspective,
298
00:14:08,915 --> 00:14:11,916
when you connect from Germany
to Google, you move through
299
00:14:12,018 --> 00:14:15,353
a number of hubs, 10, 15
nodes that relay your message
300
00:14:15,455 --> 00:14:18,890
from Berlin to, you know,
Hamburg and Frankfurt, and then
301
00:14:18,992 --> 00:14:21,626
to who knows, Netherlands,
wherever the cables are.
302
00:14:21,728 --> 00:14:24,862
If the NSA is able to break
into any one of these points,
303
00:14:24,964 --> 00:14:28,466
then they're able to see you
communicating with Google.
304
00:14:28,568 --> 00:14:30,334
When they're able
to observe that,
305
00:14:30,437 --> 00:14:32,170
they're also able to hijack it.
306
00:14:32,272 --> 00:14:35,406
So pretend like you're
getting a response from Google,
307
00:14:35,508 --> 00:14:37,875
while instead you're getting
a response from the NSA.
308
00:14:37,977 --> 00:14:39,477
None of this comes cheap.
309
00:14:39,579 --> 00:14:41,679
Claudio and I went inside to look through a Snowden leak
310
00:14:41,781 --> 00:14:43,481
known as the Black Budget.
311
00:14:43,583 --> 00:14:46,617
The NSA spends morethan $600 million a year
312
00:14:46,719 --> 00:14:49,754
for just the kind ofoffensive hacks TAO conducts.
313
00:14:49,856 --> 00:14:51,456
Yeah, this is what...
314
00:14:51,558 --> 00:14:52,757
it's being called
the Black Budget.
315
00:14:52,859 --> 00:14:56,227
And the trend that we see is
that again, the balance between
316
00:14:56,329 --> 00:14:58,496
how much is invested in breaking
things and how much is invested
317
00:14:58,598 --> 00:15:00,832
in protecting things is uneven.
318
00:15:00,934 --> 00:15:03,634
You know, part of the mandate
of intelligence services
319
00:15:03,736 --> 00:15:05,369
is to keep the country secure.
320
00:15:05,472 --> 00:15:07,572
At the same time, from a
technological perspective,
321
00:15:07,674 --> 00:15:09,707
they're undermining the
security of the country.
322
00:15:09,809 --> 00:15:12,877
And like you said, we all
use the exact same internet.
323
00:15:12,979 --> 00:15:15,346
Once it's broken for one,
it's broken for all.
324
00:15:15,448 --> 00:15:18,850
So the question is: is it
worth it to break something
325
00:15:18,952 --> 00:15:22,520
and keep it broken for
catching one or two terrorists
326
00:15:22,622 --> 00:15:24,589
that you probably
could catch otherwise?
327
00:15:24,691 --> 00:15:26,824
Breaking into the internet or hacking into phones
328
00:15:26,926 --> 00:15:28,559
might make us all less secure.
329
00:15:28,661 --> 00:15:30,995
So is TAO's hacking really all that targeted?
330
00:15:36,803 --> 00:15:38,669
BEN: To find out more about who TAO targets,
331
00:15:38,771 --> 00:15:40,805
I met up with Robert M. Lee.
332
00:15:40,907 --> 00:15:42,907
He'd been out of the military for only a week.
333
00:15:43,009 --> 00:15:45,676
He was an Air Force cyber officer and also worked for
334
00:15:45,778 --> 00:15:49,413
an intelligence agency; heconfirm or deny that's the NSA.
335
00:15:50,016 --> 00:15:51,449
- Prost.
- Cheers.
336
00:15:51,551 --> 00:15:53,684
(Chattering)
337
00:15:53,786 --> 00:15:57,221
How did you get into
being a hacker?
338
00:15:57,323 --> 00:15:59,257
So, the Air Force has
a wonderful program
339
00:15:59,359 --> 00:16:01,225
where it volunteers
you to do shit.
340
00:16:01,327 --> 00:16:04,795
And I joined the Air Force,
341
00:16:04,898 --> 00:16:06,831
said, "Here I am, Lord.
What would you like me to do?"
342
00:16:06,933 --> 00:16:09,500
And they said,
"Go be a cyber guy."
343
00:16:11,204 --> 00:16:14,138
So if you were to take Snowden's
slides completely seriously,
344
00:16:14,240 --> 00:16:15,773
you'd think that it's
all mass surveillance.
345
00:16:15,875 --> 00:16:18,476
I actually for the first time
ended up seeing slides
346
00:16:18,578 --> 00:16:20,745
that I had actually seen
before in real life.
347
00:16:20,847 --> 00:16:23,414
I was like holy shit,
like I've seen these ones!
348
00:16:23,516 --> 00:16:26,417
But once you bring something
into the intelligence community,
349
00:16:26,519 --> 00:16:28,719
you don't delete files,
like everything is stored.
350
00:16:28,821 --> 00:16:31,789
And so there were some files
that like get translated out,
351
00:16:31,891 --> 00:16:34,158
like their truth, and
they were just remnants
352
00:16:34,260 --> 00:16:36,227
of product pitches or
something like that.
353
00:16:36,329 --> 00:16:39,163
And so I think that you can't
take all the slides seriously.
354
00:16:39,265 --> 00:16:42,800
We also know that there is
something called TAO in the NSA.
355
00:16:44,437 --> 00:16:45,603
What is that team?
356
00:16:45,705 --> 00:16:46,704
Like what are they doing?
357
00:16:46,806 --> 00:16:48,439
Yeah, so I think
when you look at TAO,
358
00:16:48,541 --> 00:16:50,308
that's actually the thing that
I think most of the community
359
00:16:50,410 --> 00:16:51,709
should be cool with, right?
360
00:16:51,811 --> 00:16:53,477
So I'm actually a
huge privacy advocate.
361
00:16:53,580 --> 00:16:54,712
And ironically enough,
362
00:16:54,814 --> 00:16:56,914
I hate the idea of any sort
of mass surveillance.
363
00:16:57,016 --> 00:17:00,384
From a perspective of TAO or
whoever would be breaking into
364
00:17:00,486 --> 00:17:03,354
those networks, that's
targeted, retained intelligence.
365
00:17:03,456 --> 00:17:05,556
And so privacy activists
should actually enjoy that.
366
00:17:05,658 --> 00:17:08,793
They should say, "Hey,
mass surveillance sucks.
367
00:17:08,895 --> 00:17:10,761
We need more targeted
surveillance, we need more--"
368
00:17:10,863 --> 00:17:12,663
If you're gonna do
intelligence, do the kind
369
00:17:12,765 --> 00:17:15,399
that you put resources into
and have to think about,
370
00:17:15,501 --> 00:17:17,201
and have to prioritize
your own efforts
371
00:17:17,303 --> 00:17:19,103
so it's not gonna be some
dissident or accidentally
372
00:17:19,205 --> 00:17:20,638
picking up somebody
else's communications.
373
00:17:20,740 --> 00:17:22,406
So who are TAO's targets?
374
00:17:22,508 --> 00:17:23,841
I don't know exactly
their targets, right?
375
00:17:23,943 --> 00:17:25,276
And I wouldn't be able
to speak on it anyway,
376
00:17:25,378 --> 00:17:27,712
but I would say that it
would be asinine to assume
377
00:17:27,814 --> 00:17:30,147
that anything in our
national policy of interest
378
00:17:30,250 --> 00:17:31,582
isn't one of their
targets, right?
379
00:17:31,684 --> 00:17:34,118
So if we say... if the
president says global terrorism
380
00:17:34,220 --> 00:17:35,686
is something we're
concerned with, well,
381
00:17:35,788 --> 00:17:37,388
then TAO's not doing their job,
like the government's
382
00:17:37,490 --> 00:17:39,290
not doing their job if
they don't go after it.
383
00:17:39,392 --> 00:17:41,192
Anything that the president
wakes up in the morning and
384
00:17:41,294 --> 00:17:43,594
says, "Hey, this is important to
me," anybody in the government
385
00:17:43,696 --> 00:17:46,397
who's not supporting his
needs is not doing their job.
386
00:17:46,499 --> 00:17:48,566
So I would, just
off virtue of that,
387
00:17:48,668 --> 00:17:50,468
say that TAO has to be
doing that stuff,
388
00:17:50,570 --> 00:17:53,437
or they're incompetent and
they're wasting taxpayer money.
389
00:17:53,539 --> 00:17:55,506
So you can't have it both ways.
390
00:17:55,608 --> 00:17:57,141
Rob made a pretty convincing case
391
00:17:57,243 --> 00:17:59,710
for the so-called targeted surveillance TAO conducts,
392
00:17:59,812 --> 00:18:03,180
but investigative reporter Ryan Gallagher disagrees.
393
00:18:03,283 --> 00:18:05,783
He says the problem is that unit's methods
394
00:18:05,885 --> 00:18:08,152
aren't as targeted as they seem.
395
00:18:08,254 --> 00:18:12,256
TAO is doing some of the most
aggressive work that NSA does.
396
00:18:12,358 --> 00:18:16,127
The traditional eavesdropping
where they're listening in on
397
00:18:16,229 --> 00:18:19,130
a phone call just by
like wiretapping a cable,
398
00:18:19,232 --> 00:18:21,232
which they call kind of
passive surveillance,
399
00:18:21,334 --> 00:18:24,568
that's actually becoming
almost secondary now
400
00:18:24,671 --> 00:18:27,805
to the active surveillance
they call it, which is
401
00:18:27,907 --> 00:18:30,574
attacking and hacking systems.
402
00:18:30,677 --> 00:18:32,810
And part of the reason
for that is because,
403
00:18:32,912 --> 00:18:36,147
increasingly, networks
and technologies adopting
404
00:18:36,249 --> 00:18:39,583
encryption, and so they can't
listen to it by just tapping
405
00:18:39,686 --> 00:18:42,253
the queue because then you
can't read it or listen to it.
406
00:18:42,355 --> 00:18:43,654
It's just, you know, jargon.
407
00:18:43,756 --> 00:18:46,657
Going forward, especially with
this sort of boom in encryption,
408
00:18:46,759 --> 00:18:49,260
you're gonna see more and more
of these hacking attacks
409
00:18:49,362 --> 00:18:51,796
to the point that there may
come a stage in the future
410
00:18:51,898 --> 00:18:55,633
where it's described as a mass
surveillance kind of technique.
411
00:18:57,303 --> 00:19:00,338
TAO's hacking skills may be inhigher demand than ever before.
412
00:19:00,440 --> 00:19:02,406
And while the group goes after terrorists,
413
00:19:02,508 --> 00:19:04,275
that's not all they do.
414
00:19:08,247 --> 00:19:11,048
BEN: How does TAO decide who to target?
415
00:19:11,150 --> 00:19:13,517
And are they really legitimate threats?
416
00:19:13,619 --> 00:19:17,121
The elite unit has gone afteral-Qaeda and Taliban fighters,
417
00:19:17,223 --> 00:19:19,690
but the Snowden leaks alsorevealed the group hacked into
418
00:19:19,792 --> 00:19:22,159
the president of Mexico's emails.
419
00:19:22,261 --> 00:19:24,829
And workers at a Belgian telecommunications company
420
00:19:24,931 --> 00:19:28,566
were spied on by the British,possibly with help from TAO.
421
00:19:28,668 --> 00:19:31,235
Generally there is a consensus
that mass surveillance
422
00:19:31,337 --> 00:19:34,705
is a bad thing, while targeted
surveillance is tolerable
423
00:19:34,807 --> 00:19:37,575
because they go after
very specific individuals
424
00:19:37,677 --> 00:19:38,943
or very specific groups.
425
00:19:40,213 --> 00:19:41,445
However, there is
multiple things
426
00:19:41,547 --> 00:19:42,513
that you need to consider.
427
00:19:42,615 --> 00:19:46,450
One is: what makes
a legitimate target?
428
00:19:46,552 --> 00:19:50,421
You know, ultimately the
NSA only has to respond to...
429
00:19:50,523 --> 00:19:52,356
somehow to the US government.
430
00:19:52,458 --> 00:19:55,359
But they have no respect
whatsoever towards foreigners.
431
00:19:55,461 --> 00:19:58,162
And so we have cases where
they spied on UNICEF,
432
00:19:58,264 --> 00:20:00,131
they spied on
foreign ministries,
433
00:20:00,233 --> 00:20:03,534
they spied on private companies,
energy companies, you know.
434
00:20:03,636 --> 00:20:05,770
So what, at that point,
makes it legitimate to
435
00:20:05,872 --> 00:20:08,305
hack directly and target
a certain organization?
436
00:20:08,408 --> 00:20:09,607
We don't know.
437
00:20:12,545 --> 00:20:14,845
One of the Snowden documents
that came out about the Tailored
438
00:20:14,947 --> 00:20:19,617
Access group is one of the guys
from within the unit is saying,
439
00:20:19,719 --> 00:20:22,486
"Look, we don't just do
terrorism, we do everything.
440
00:20:22,588 --> 00:20:25,890
We do all operations, we're
here to support any operations."
441
00:20:25,992 --> 00:20:28,726
I think it's one of
the common misconceptions
442
00:20:28,828 --> 00:20:31,629
that the government has
managed to build up around
443
00:20:31,731 --> 00:20:33,197
a lot of these revelations.
444
00:20:33,299 --> 00:20:35,733
So it's like, "Don't worry about
it, we're only going after
445
00:20:35,835 --> 00:20:38,335
these extreme terrorists,
people who are, you know...
446
00:20:38,438 --> 00:20:40,371
We're just trying to
protect you," and all that.
447
00:20:40,473 --> 00:20:42,873
But that's kind of
disingenuous because
448
00:20:42,975 --> 00:20:44,608
that's not at all
just what they're doing.
449
00:20:44,710 --> 00:20:45,910
They're doing a lot
more than that.
450
00:20:46,012 --> 00:20:48,779
Ultimately, it seems TAO may be just one more tool
451
00:20:48,881 --> 00:20:51,248
in the NSA's mass surveillance arsenal.
452
00:20:51,350 --> 00:20:53,484
What happens in a mass
surveillance regime,
453
00:20:53,586 --> 00:20:55,586
you sweep up
essentially everybody.
454
00:20:55,688 --> 00:20:59,457
Everybody by definition
becomes a target,
455
00:20:59,559 --> 00:21:00,791
which means there's no target.
456
00:21:00,893 --> 00:21:02,860
The problem is that
when you do this in secret
457
00:21:02,962 --> 00:21:05,596
and you protect
your secret powers,
458
00:21:05,698 --> 00:21:07,865
this usually doesn't end well
in terms of history.
459
00:21:07,967 --> 00:21:09,667
It just doesn't.
460
00:21:09,769 --> 00:21:13,237
You know, in 1984,
the extraordinary
461
00:21:13,339 --> 00:21:16,307
George Orwell novel,
the only place Winston...
462
00:21:18,511 --> 00:21:22,379
the only place he
could go to, out of sight,
463
00:21:22,482 --> 00:21:24,715
was in the corner,
because that's where
464
00:21:24,817 --> 00:21:26,617
the surveillance cameras
couldn't reach.
465
00:21:26,719 --> 00:21:28,652
Which meant what?
They knew where he was.
466
00:21:28,754 --> 00:21:31,655
And remember, people
forget even in 1984,
467
00:21:31,757 --> 00:21:33,257
he didn't prevail.
468
00:21:33,359 --> 00:21:34,592
He basically cried uncle.
469
00:21:37,230 --> 00:21:39,864
If you can't fight them, you
can't beat them, join them.
470
00:21:39,966 --> 00:21:42,266
So you're a whistleblower,
you cried uncle to some extent,
471
00:21:42,368 --> 00:21:43,767
or you cried out.
472
00:21:43,870 --> 00:21:45,636
Do you think it was worth it?
473
00:21:45,738 --> 00:21:47,238
Yeah.
474
00:21:47,340 --> 00:21:48,873
History was at stake.
475
00:21:52,979 --> 00:21:55,145
We know the NSA's elitehacking unit has helped capture
476
00:21:55,248 --> 00:21:58,415
terrorists, but they've alsotargeted friendly nation states.
477
00:22:00,253 --> 00:22:02,319
So who else have they gone after?
478
00:22:02,421 --> 00:22:05,489
For now, much of TAO's workremains shrouded in secrecy.
479
00:22:05,591 --> 00:22:08,259
But privacy activists, whistleblowers and others
480
00:22:08,361 --> 00:22:10,728
aren't giving up on the fight to know more,
481
00:22:10,830 --> 00:22:12,563
and to live surveillance free.
44664
Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.