San Antonio’s NSA facility includes ‘elite hackers’

WASHINGTON — Documents from fugitive former government contractor Edward Snowden spell out new details of AT&T’s cooperation with National Security Agency spying and an NSA operation with teams of elite hackers in San Antonio breaking into computers around the world.

NSA Texas hackers aimed at Mexico, Cuba, Columbia, Venezuela and unspecified targets in the Middle East, documents showed. An offensive targeting Mexican leaders — called “WhiteTamale” — proved especially productive.

Documents from Snowden’s archive disclosed this month by the New York Times and ProPublica detailed AT&T’s involvement in NSA’s interception of email traffic at a time when AT&T made its headquarters in San Antonio. AT&T moved its corporate offices to Dallas in 2008.

Among those documents, a slide presentation shows San Antonio among the hubs of fiber-optic circuitry used in data interception under an NSA program called Fairview.

Together, the disclosures underscore San Antonio’s central role in intelligence gathering over the years.

The Snowden documents related to hacking started trickling out 20 months ago. They confirm one of the missions of NSA Texas in San Antonio — a growing role in Tailored Access Operations, the program of gathering intelligence by penetrating computers of foreign targets.

A slide presentation labeled top secret disclosed in December 2013 by Der Spiegel, the German news magazine, projected that in San Antonio, the operation known as TAO would expand from a staff of 57 in 2008 to 270 this year.

Documents describe TAO missions beyond hunting terrorists. The “WhiteTamale” offensive was directed at the former Mexican Public Security Secretariat, the federal ministry of the Mexican Executive Cabinet dissolved by President Enrique Peña Nieto in a 2013 reorganization.

Another document, an NSA memo from November 2010, tells how, in May of that year, TAO “successfully exploited” an email server to gain access in Mexico to then-President Felipe Calderón’s public email account. The intrusion was first made public by Der Spiegel.

The memo said the domain penetrated “contained diplomatic, economic and leadership communications which continue to provide insights into Mexico’s political system and internal stability.”

“Your data is our data, your equipment is our equipment — any time, any place by any legal means,” was an NSA motto noted in a 2006 internal newsletter, another of the documents taken by Snowden and revealed earlier this year by the German magazine.

The NSA has transformed the former Sony chip plant on San Antonio’s Northwest Side into one of the largest government intelligence hubs outside of Fort Meade, Maryland, while offering scant information on its operations.

The NSA did not respond to inquiries about NSA Texas or the leaked documents.

The agency’s San Antonio facility, along with agency operations in Hawaii and at Fort Gordon, Georgia, are part of a network of military and civilian hackers centered in Fort Meade in a suite of offices called the Remote Operations Center.

Among the leaked documents is an internal NSA newsletter trumpeting the cyber force as critical in pursuing the goal of “global network dominance.” The newsletter notes expansions in Texas, Hawaii and Georgia.

As recently as last month, the NSA posted job openings in San Antonio and Hawaii for a “very important mission” described as network defense and computer network exploitation.

“In order to carry out these functions, NSA is looking for people who are highly skilled and impassioned about winning the war in cyberspace. These are NOT your average computer science or engineering jobs,” ads published on the NSA website read.

An NSA internal newsletter from September 2006 posted in January on Der Spiegel’s website describes the allure of being a government hacker.

“What if your job was to exploit a target’s computer, collect voice cuts from an adversaries (sic) phone system, use a terrorist’s web-based email account to infect them with a Trojan Horse (malicious program) and assist the military in locating a high-value terrorist target for capture — all in a day’s work? Then you would be working at the Remote Operations Center.”

Another slide points to the breadth of the mission by noting needs of U.S. agencies “for intelligence on drug trafficking, people smuggling and border security issues,” calling the spying a potential “gold mine for multiple customers.”

In 2009, four years before the purloined documents came to light, intelligence historian Matthew Aid disclosed TAO’s existence in his book, “The Secret Sentry.” He wrote that the NSA is “secretly tapping into thousands of foreign computer systems and accessing password-protected hard drives and email accounts of targets around the world.”

In an interview, Aid said the operation continues to be highly successful even if prominent foreign targets have stiffened computer defenses.

“TAO remains one of the biggest, if not the biggest, producer of intelligence in President (Barack) Obama’s daily briefing,” he said.