US intelligence services carried out 231 offensive cyber-operations in 2011, the leading edge of a clandestine campaign that embraces the Internet as a theater of spying, sabotage and war, according to the classified intelligence budget provided by NSA leaker Edward Snowden. That disclosure provides new evidence that the Obama administrations growing ranks of cyberwarriors infiltrate and disrupt foreign computer networks in Russia, China, Iran, and North Korea.
Under an extensive effort code-named GENIE, US computer specialists break into foreign networks so that they can be put under surreptitious US control. Budget documents say the $652 million project has placed covert implants, sophisticated malware transmitted from far away, in computers, routers and firewalls on tens of thousands of machines every year, with plans to expand those numbers into the millions.
The documents provided by Snowden and interviews with former US officials describe a campaign of computer intrusions that is far broader and more aggressive than previously understood. The Obama administration treats all such cyber-operations as clandestine and declines to acknowledge them.
The scope and scale of offensive operations represent an evolution in policy, which in the past sought to preserve an international norm against acts of aggression in cyberspace, in part because US economic and military power depend so heavily on computers.
The policy debate has moved so that offensive options are more prominent now, said former deputy defense secretary William J. Lynn III, who has not seen the budget document and was speaking generally. I think theres more of a case made now that offensive cyberoptions can be an important element in deterring certain adversaries.
Of the 231 offensive operations conducted in 2011, the budget said, nearly three-quarters were against top-priority targets, which former officials say includes adversaries such as Iran, Russia, China and North Korea and activities such as nuclear proliferation. The document provided few other details about the operations.
US agencies define offensive cyber-operations as activities intended to manipulate, disrupt, deny, degrade, or destroy information resident in computers or computer networks, or the computers and networks themselves, according to a presidential directive issued in October 2012.