Hacker Lexicon: What Are CNE and CNA?

FOR YEARS, THE US government’s offensive hacking operations were kept in dark shadows, neither acknowledged nor discussed. That changed with the discovery of Stuxnet in 2010—a computer sabotage operation reportedly conducted by the US and Israel to destroy machines used in Iran’s once-illicit nuclear program.

Stuxnet was the first US digital sabotage operation to be exposed, but it’s not the first government hacking operation ever conducted. Documents leaked by Edward Snowden in 2013 shone a light on a vast underground operation conducted by the NSA’s Tailored Access Operations team (TAO), responsible for what the government refers to as computer network exploitation and computer network attacks. Those may sound similar, but there are important differences between them.

Computer network exploitation, or CNE, refers to espionage and reconnaissance operations. These are conducted to steal data from a system or simply to obtain intelligence about networks, to understand how they work and are configured. Examples of CNE include Flame, a massive spy tool used to gather intelligence from Iran and other targets, and Regin, which was used to hack the European Commission and Belgium’s partially state-owned telecom Belgacom. The Regin operations have been attributed to the UK spy agency GCHQ.

A catalog of custom NSA hacking tools leaked to reporters in 2013 shows the vast capabilities available to TAO hackers. The tools, with names like PICASSO, IRATEMONKEY, COTTONMOUTH, and WATERWITCH, can subvert firewalls, servers, and routers, or impersonate GSM base stations to intercept mobile phone calls or siphon data from wireless networks. There are also bugging devices the TAO hackers plant in targeted computers to siphon data, via radio waves, to listening stations, sometimes located up to eight miles away from a victim’s machine.

In 2011, the NSA launched 231 offensive computer operations, according to Snowden documents. This included placing covert implants in more than 80,000 machines around the world.

If you think of CNE as the Ocean’s Eleven of cyberattacks, CNA is more like Die Hard.