Mention the National Security Agency (NSA) and visions of mathematicians and computer scientists working in windowless offices somewhere spring to mind. But according to documents leaked by Edward Snowden, a former contractor who obtained classified information about U.S. domestic spy operations, the NSA also employs agents who work in foreign companies and physically compromise devices and computer networks.

The materials, published by The Intercept, show that the NSA has agents working in China, Germany and South Korea to accomplish this mission. So-called TAREX (target exploitation) personnel are also stationed at NSA centers in Hawaii, Texas and Georgia as well as at U.S. embassies.

“It’s something that many people have been wondering about for a long time,” Chris Soghoian, principal technologist for the American Civil Liberties Union, told The Intercept. “I’ve had conversations with executives at tech companies about this precise thing. How do you know the NSA is not sending people into your data centers?”

The overall name of the project is Sentry Eagle. Under that label, there are six programs:

·         Sentry Hawk, which covers activities involving computer network exploitation

·         Sentry Falcon, which works on computer network defense

·         Sentry Osprey, in which NSA personnel share their expertise with the CIA and other intelligence agencies

·         Sentry Raven, which breaks or modifies encryption systems so they can be exploited

·         Sentry Condor, which focuses on computer network operations and attacks

·         Sentry Owl, in which the NSA collaborates with private companies

The Sentry Eagle papers reference agents infiltrating undercover into private companies. It’s unclear whether these are foreign or American companies.

Matthew Prince, chief executive of server company CloudFlare, told The Intercept that he doesn’t think the agency is infiltrating U.S. companies because of political and legal issues. “I would be surprised if that were the case within any U.S. organization without at least a senior executive like the CEO knowing it was happening,” he said, but added that as far as penetrating foreign firms goes, “I would be more surprised if they didn’t.”

All the materials made public were referred to as “very highly classified,” and were supposed to be shared with a limited number of people and then only with the approval of a high-level intelligence official such as the head of the NSA.

Snowden’s leak wasn’t the only clue that the NSA was engaged in such operations. In December 2013, documents obtained by the German news magazine Der Spiegel indicated that the NSA had an office of Tailored Access Operations that performed tasks such as intercepting computer equipment on its way to a targeted organization, installing hardware or software to allow the agency to access the device, and sending it on its way.

-Steve Straehley

To Learn More:

Core Secrets: NSA Saboteurs in China and Germany (by Peter Maass and Laura Poitras, The Intercept)

NSA May Have Undercover Operatives in Foreign Companies (by Kim Zetter, Wired)

NSA National Initiative Protection Program: Sentry Eagle (The Intercept)

NSA Target Exploitation Classification Guide (The Intercept)

NSA Exceptionally Controlled Information Listing, 12 September 2003 (The Intercept)

Lawmakers Seek to Prevent NSA from Weakening Online Encryption via Reform Bill Amendment (by Steve Straehley, AllGov)

NSA Unit Intercepts Computer Shipments for Secret Access Modifications (by Noel Brinkerhoff, AllGov)

Computer Security Firm Accepted $10 Million Payoff to Give NSA Backdoor Access (by Noel Brinkerhoff, AllGov)

NSA Teamed with U.K. and Tech Companies to Override Global Internet Privacy (by Danny Biederman and Noel Brinkerhoff, AllGov)