the agency’s Tailored Access Operations group has extraordinary capabilities to hack into and “exfiltrate” data from specific computers, even if those computers are highly secured and not connected to the Internet.
the nation-state techniques we’re seeing work against classified and unconnected networks as well.
How do you attack an unconnected network? (Outside of having physical access, obviously.) I wish he'd explained that, or at least linked to a page that lists those techniques. Some time ago there was a security researcher who'd made a similar claim, about a virus that could infect a computer not connected to the internet, but it was met with a lot of scepticism. Schneier is considered one of the top experts on matters of security, so I assume he knows what he's talking about. If he's right, things are even worse than I thought.
I am reminded of a comment made to me in confidence by a US intelligence official. I asked him what he was most worried about, and he replied: “I know how deep we are in our enemies’ networks without them having any idea that we’re there. I’m worried that our networks are penetrated just as deeply.”
So basically, all the top players probably know each other's secrets. Classified technology, classified programs, classified personal information, etc. While it's a little comforting to know that not even intelligence agencies have much privacy any more, should we be worried about that?