NSA Aiming To Infect 'Millions' Of Computers Worldwide With Its Malware; Targets Telco/ISP Systems Administrators (Techdirt)
Thursday March 13th, 2014
The NSA is still working hard to make the world's computer usage less safe. The latest leak published by The Intercept shows the agency plans to infect "millions" of computers worldwide with malware, making it easier for the NSA to harvest data and communications from these compromised machines.
The classified files – provided previously by NSA whistleblower Edward Snowden – contain new details about groundbreaking surveillance technology the agency has developed to infect potentially millions of computers worldwide with malware “implants.” The clandestine initiative enables the NSA to break into targeted computers and to siphon out data from foreign Internet and phone networks. The methods detailed include the agency masquerading as a Facebook server and sending out laced spam emails in order to subvert users' computers and give the NSA access to local files as well as control of webcams and microphones. Not only does the agency actively work to delay bug fixes in order to exploit systems, but its ongoing malware mission ensures that using a computer and/or accessing the web will always be more dangerous than it should be.
Mikko Hypponen, an expert in malware who serves as chief research officer at the Finnish security firm F-Secure, calls the revelations “disturbing.” The NSA’s surveillance techniques, he warns, could inadvertently be undermining the security of the Internet. The NSA has argued previously that its malware targets are strictly national security threats. But the evidence provided here undermines this defense of NSA malware deployment.
“When they deploy malware on systems,” Hypponen says, “they potentially create new vulnerabilities in these systems, making them more vulnerable for attacks by third parties.”
In one secret post on an internal message board, an operative from the NSA’s Signals Intelligence Directorate describes using malware attacks against systems administrators who work at foreign phone and Internet service providers. By hacking an administrator’s computer, the agency can gain covert access to communications that are processed by his company. “Sys admins are a means to an end,” the NSA operative writes. The Intercept's report notes that the GCHQ has deployed similar tactics, hacking into computers owned by Belgacom system engineers. The malware attacks go far beyond end user computers, targeting routers and setting the agency up for man-in-the-middle attacks (something that has become far more necessary as fewer and fewer people actually open, much less click links in spam email). The NSA may view this all as fair game -- a means to an end -- but the ugly truth is that the agency's malware/hacking attempts are not limited to threats, but rather any person/service it believes can offer access to even more communications and data. At this point, the only thing slowing the agency down is the audacious size of its undertaking.
The internal post – titled “I hunt sys admins” – makes clear that terrorists aren’t the only targets of such NSA attacks. Compromising a systems administrator, the operative notes, makes it easier to get to other targets of interest, including any “government official that happens to be using the network some admin takes care of.”
“One of the greatest challenges for active SIGINT/attack is scale,” explains the top-secret presentation from 2009. “Human ‘drivers’ limit ability for large-scale exploitation (humans tend to operate within their own environment, not taking into account the bigger picture).” The program -- utilizing the previously discussed TURBINE (part of the agency's TAO - Tailored Access Operations), as well as several other NSA tools like SECONDDATE and WILLOWVIXEN -- is aimed at "Owning the Internet" according to the leaked documents. This internet "ownership" ultimately belongs to the American public, whether they want it or not -- the price tag (according to the leaked Black Budget) was $67.6 million last year. As the scope continues to broaden, the budget will expand as well. The end result is the US public funding the weakening of security standards and encryption worldwide, all in the name of "national security."
At this point, neither agency named (GCHQ, NSA) has offered anything more than canned "in accordance with policy/applicable laws" text in response to the latest leaks. (Only the GCHQ has responded so far.) The NSA may try pass these efforts off as "targeting" foreign subjects, deliberately ignoring the facts that the internet has no real borders, and that undermining the security of users worldwide -- no matter what the stated "goal" -- makes the computing world less safe for everyone involved, including domestic end users.
The Nsa and Gchqs Quantumtheory Hacking Tactics (PDF)
Vpn and Voip Exploitation With Hammerchant And (PDF)
There Is More Than One Way to Quantum (PDF)