The U.S. developed a cyberwarfare tool called MonsterMind that would automatically “fire back” if it thought it detected an attempted attack on the U.S., NSA whistleblower Edward Snowden has revealed.
In an interview published Wednesday in Wired, Snowden also said an intelligence officer had told him the U.S. was responsible for the 2012 disconnection of Syria from the internet, albeit by accident. He also said the U.S. had “crossed lines” by attacking civilian infrastructure in China.
MonsterMind seems to have been one of the triggers for Snowden’s decision to blow the whistle, along with the construction of a massive new data storage facility in Bluffdale, Utah.
The tool was, according to Snowden, partly designed to look for internet traffic patterns that could denote incoming cyber-attacks, and to block such attacks. However, it would also “automatically fire back, with no human involvement.” This raises serious ethical implications because attacks are often routed through other countries, making it possible that automated counter-attacks could target the wrong people, perhaps civilian facilities such as hospitals.
Snowden also expressed discomfort with the implications of MonsterMind for U.S. citizens communicating outside the country, telling reporter James Bamford: “The only way we can identify these malicious traffic flows and respond to them is if we’re analyzing all traffic flows…that means we have to be intercepting all traffic flows. That means violating the Fourth Amendment, seizing private communications without a warrant, without probable cause or even a suspicion of wrongdoing.”
Syria and China
When Syria briefly dropped off the internet in late 2012, it was widely assumed to be the doing of President Bashar al-Assad – the country was, after all, descending into civil war.
Not so, according to Snowden, who told Bamford that, when he was working for the NSA, he’d been told it was down to U.S. intelligence. Specifically, the NSA’s Tailored Access Operations group (TAO) — the agency’s hardcore hacking team – had tried to install infiltration software on a router at a major Syrian ISP. The operation went horribly wrong, bricking the router and cutting off the country’s internet access. The Syrians never found the software, much to the NSA’s relief, Snowden said.
And then there’s China, with which the U.S. is currently engaged in a vicious spat over hacking and spying. Earlier this year, the U.S. indicted five Chinese army officials over industrial espionage, claiming they’d hacked into the systems of U.S. firms.
Snowden’s leaks had already told us that the NSA had hacked Chinese telecommunications equipment supplier Huawei – a program that may have been limited to making sure Huawei equipment is exploitable. However, Snowden said in the new interview that the U.S. had “crossed lines” in its aggressive hacking of Chinese interests.
“We’re hacking universities and hospitals and wholly civilian infrastructure rather than actual government targets and military targets. And that’s a real concern,” he said.