I think the assaults on your sanity are likely more the result of sensationalized/incomplete reporting. The biggest issue I have with most of the Snowden reporting is that if the article doesn't outright jump to assumptions that aren't supported by the source material, they usually have unanswered questions and written in such a way that would cause the reader to jump to the worst possible conclusion. I'm not sure on the entirety of what's actually going on, but the only hard facts I can gleam from the original article[1] are: 1) GCHQ has an nmap/zmap-like tool (not surprising) 2) the various intelligence agencies hack their targets (not surprising) 3) they apparently gain control of relays to obscure their tracks (potentially disconcerting, but makes sense...) 4) the only criteria that was discussed was the fact that the relays can't be located in Five-Eyes countries (Slide 18).
Bruce Schneier made a couple of observations on the slide decks[2]:
24 people were able to identify "a list of 3000+ potential ORBs" in 5-8 hours. The presentation does not go on to say whether all of those computers were actually infected.
...
The slides never say how many of the "potential ORBs" CSEC discovers or the computers that register positive in GCHQ's "Orb identification" are actually infected
Despite this, the article authors have no problem tossing in assertions not made in their source material, such as: "these spy agencies try to attack every possible system they can, presumably as it might provide access to further systems. Systems may be attacked simply because they might eventually create a path towards a valuable espionage target, even without actionable information indicating this will ever be the case." or "Thus, system and network administrators now face the threat of industrial espionage, sabotage and human rights violations created by nation-state ad- versaries indiscriminately attacking network infrastructure and breaking into services." Heck, as far as I can tell they apparently threw in Slide 9-16 (what appears to generic description of network hacking) solely so that they could include the phrase "The NSA presentation makes it clear that the agency embraces the mindset of criminals." (Neglecting to mention that the supposed "tools to support this criminal process" are a Wireshark dump of an ICMP ping response [Slide 14], what looks to be an FTP session labelled "Iraqi Ministry of Finance" showing an attempt at brute forcing the administrator account [Slide 15], and a screenshot of a freshly opened cmd.exe [Slide 16])
If the average person reads through this without looking at the text critically, they're going to walk away thinking "holy crap, they're hacking everyone!", which would indeed be terrifying. The problem is that the evidence needed to reach that conclusion isn't actually there. Nothing is shown regarding any actual process for selecting hosts to use as relays, or any actual number of hosts that they hack into. One commenter on the Schneier article[3] points out that they can't just indiscriminately gain control of hosts - the host isn't necessarily going to be reliable and the chances of them getting caught increase quickly as the number of hacked hosts increases. Nor do they mention if there is any effort to assess the potential political damage that may arise from the target selection. I'd be pretty pissed if I found out that my laptop was being covertly used to hack on their behalf, but on the other end of the scale I don't care if some random open SMTP server in Nigeria is being used by the NSA to spy on North Korea.
Nothing is shown regarding any actual process for selecting hosts to use as relays, or any actual number of hosts that they hack into
To quote parts of figure 18 in the Heise story:
CSECS Operational Relay Box (ORB) ... subsequently used for exploits... 2/3 times a year, 1 day focused effort to acquire as many new ORBs as possible in as many non 5-Eyes countries as possible.
I interpret this as "hack many hosts as possible in a given short timeframe".
But it's still not a number - how many are actually being hacked in this manner? Hundreds? Thousands? Millions? Five? There's not enough context given to tell. That picture on slide 18 with all of the redactions just below the quote you cite shows 63 egg-shaped (or maybe "orb" shaped?) icons with various colored halos and warning symbols next to them. If I were to make an educated guess based on that slide, I'd guess that CSEC controls a total of 63 relays. If I only read the article, I'd assume several orders of magnitude more.
The point that I was trying to make in my earlier comment is that when we read an article like that we tend to instinctively ask more questions, and if the answers to our questions aren't there we tend to make assumptions. Depending on both our own biases and the biases of the author presenting the information, our assumptions are often way off the mark (in either direction).
Here's some questions I would pose to the authors of that article that aren't answered:
How many hosts are being hacked?
Who owns the hosts being hacked? Have the authors taken steps to inform the owners? If not, what is the reason they chose not to?
What are those hosts normally used for and by whom? What is the scale of the privacy implications associated with NSA/GCHQ/CSEC using this host?
What criteria are considered when they select a host to hack to use as a relay?
Thanks, this is the kind of response I was looking for. I was under the assumption, after reading a couple of articles that they were more or less hacking anything they could, and creating a network of vulnerable machines that could then be used as a relays.
I appreciate you taking the time to write this up - I will have to invest some time into going over these sources more carefully.
http://www.nsa.gov/about/mission/index.shtml