NSA Aiming To Infect 'Millions' Of Computers Worldwide With Its Malware; Targets Telco/ISP Systems Administrators

from the so,-telco-sys-admins-are-now-'national-security-threats'-or-did-I-miss-t dept

Wed, Mar 12th 2014 8:10am — Tim Cushing

The NSA is still working hard to make the world's computer usage less safe. The latest leak published by The Intercept shows the agency plans to infect "millions" of computers worldwide with malware, making it easier for the NSA to harvest data and communications from these compromised machines.

The classified files – provided previously by NSA whistleblower Edward Snowden – contain new details about groundbreaking surveillance technology the agency has developed to infect potentially millions of computers worldwide with malware “implants.” The clandestine initiative enables the NSA to break into targeted computers and to siphon out data from foreign Internet and phone networks.

The methods detailed include the agency masquerading as a Facebook server and sending out laced spam emails in order to subvert users' computers and give the NSA access to local files as well as control of webcams and microphones. Not only does the agency actively work to delay bug fixes in order to exploit systems, but its ongoing malware mission ensures that using a computer and/or accessing the web will always be more dangerous than it should be.

Mikko Hypponen, an expert in malware who serves as chief research officer at the Finnish security firm F-Secure, calls the revelations “disturbing.” The NSA’s surveillance techniques, he warns, could inadvertently be undermining the security of the Internet.

“When they deploy malware on systems,” Hypponen says, “they potentially create new vulnerabilities in these systems, making them more vulnerable for attacks by third parties.”

The NSA has argued previously that its malware targets are strictly national security threats. But the evidence provided here undermines this defense of NSA malware deployment.

In one secret post on an internal message board, an operative from the NSA’s Signals Intelligence Directorate describes using malware attacks against systems administrators who work at foreign phone and Internet service providers. By hacking an administrator’s computer, the agency can gain covert access to communications that are processed by his company. “Sys admins are a means to an end,” the NSA operative writes.

The internal post – titled “I hunt sys admins” – makes clear that terrorists aren’t the only targets of such NSA attacks. Compromising a systems administrator, the operative notes, makes it easier to get to other targets of interest, including any “government official that happens to be using the network some admin takes care of.”

The Intercept's report notes that the GCHQ has deployed similar tactics, hacking into computers owned by Belgacom system engineers. The malware attacks go far beyond end user computers, targeting routers and setting the agency up for man-in-the-middle attacks (something that has become far more necessary as fewer and fewer people actually open, much less click links in spam email). The NSA may view this all as fair game -- a means to an end -- but the ugly truth is that the agency's malware/hacking attempts are not limited to threats, but rather any person/service it believes can offer access to even more communications and data. At this point, the only thing slowing the agency down is the audacious size of its undertaking.

“One of the greatest challenges for active SIGINT/attack is scale,” explains the top-secret presentation from 2009. “Human ‘drivers’ limit ability for large-scale exploitation (humans tend to operate within their own environment, not taking into account the bigger picture).”

The program -- utilizing the previously discussed TURBINE (part of the agency's TAO - Tailored Access Operations), as well as several other NSA tools like SECONDDATE and WILLOWVIXEN -- is aimed at "Owning the Internet" according to the leaked documents. This internet "ownership" ultimately belongs to the American public, whether they want it or not -- the price tag (according to the leaked Black Budget) was $67.6 million last year. As the scope continues to broaden, the budget will expand as well. The end result is the US public funding the weakening of security standards and encryption worldwide, all in the name of "national security."

At this point, neither agency named (GCHQ, NSA) has offered anything more than canned "in accordance with policy/applicable laws" text in response to the latest leaks. (Only the GCHQ has responded so far.) The NSA may try pass these efforts off as "targeting" foreign subjects, deliberately ignoring the facts that the internet has no real borders, and that undermining the security of users worldwide -- no matter what the stated "goal" -- makes the computing world less safe for everyone involved, including domestic end users.

The Nsa and Gchqs Quantumtheory Hacking Tactics (PDF)The Nsa and Gchqs Quantumtheory Hacking Tactics (Text)

Vpn and Voip Exploitation With Hammerchant And (PDF)Vpn and Voip Exploitation With Hammerchant And (Text)

There Is More Than One Way to Quantum (PDF)There Is More Than One Way to Quantum (Text)

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: attacks, gchq, infections, malware, man in the middle, nsa, own the web, privacy, seconddate, turbine, willowvixen
Companies: facebook

45 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

John Fenderson (profile), 12 Mar 2014 @ 8:14am

Inadvertently??
"Finnish security firm F-Secure, calls the revelations �disturbing.� The NSA�s surveillance techniques, he warns, could inadvertently be undermining the security of the Internet. "

There's nothing inadvertent about it. They are intentionally undermining the security of the internet. That's the whole point -- to undermine it so that they have greater access.
[ link to this | view in chronology ]
- Anonymous Coward, 12 Mar 2014 @ 8:20am
  
  Re: Inadvertently??
  Then they should be purged. With fire. And napalm. Lots and lots of napalm.
  [ link to this | view in chronology ]
Anonymous Coward, 12 Mar 2014 @ 8:22am

NSA: Kill the internet in order to protect the internet. The American way of life we destroyed already by surveiling everyone without suspicion.
[ link to this | view in chronology ]
- Anonymous Coward, 12 Mar 2014 @ 9:27am
  
  Re: Violent Pacification
  reminds me of a song called "Violent Pacification" by DRI
  
  "We'll force you to be nice to each other
  Kill you before you kill each other"
  [ link to this | view in chronology ]
Anonymous Coward, 12 Mar 2014 @ 8:31am

apart from the obvious consequences of this action by the NSA, anyone who has ever done something similar, and caught, has had to face serious reprisals! even DDoSing is a criminal offense with the punishments being imprisonment and yet here we are, with a national security agency, whose task is to protect the people, not just of it's own nation but of others as well, all ready to infect the millions of machines around the globe and to do so

a)expecting no complaints, even though there will be no selective targeting
b) to do so with immunity, ie, no punishment at all!

this has got to stop! this taking over of machines and accessing mail is bad enough, but to take over cameras as well and then keeping the snap shots taken is the sort of thing a pervert, a pedophile or similar would perhaps do and again, no specific targeting, just a random log in to see what is being done and said.

this is actually sickening!!
[ link to this | view in chronology ]
- AC, 12 Mar 2014 @ 12:10pm
  
  Re:
  Down With The NSA. Time to make them disappear.
  [ link to this | view in chronology ]
Anonymous Coward, 12 Mar 2014 @ 8:40am

Yet we continue to think the techs doing this for the NSA / CIA/ GCHQ are somehow hero's of the tech field.

They are the enablers for ALL of these issues. Without them, this level of crap could never have been achieved.

There is nothing to be proud of anymore about being a tech at the NSA.
[ link to this | view in chronology ]
- John Fenderson (profile), 12 Mar 2014 @ 8:57am
  
  Re:
  "Yet we continue to think the techs doing this for the NSA / CIA/ GCHQ are somehow hero's of the tech field."
  
  Huh?? Who thinks that?
  [ link to this | view in chronology ]
- Anonymous Coward, 12 Mar 2014 @ 9:43am
  
  Re:
  I am curious? If you were a tech would you do this? Then add on that if you don't do this the government will fire you and then make it difficult for you to ever get a decent job again. Would you still do this?
  [ link to this | view in chronology ]
  - John Fenderson (profile), 12 Mar 2014 @ 9:50am
    
    Re: Re:
    I am a tech (software engineer), and I would absolutely do this. In fact, I have turned down a number of job offers because the agencies offering the job were engaging in activities that I was not OK with, and have quite one job because I discovered they were doing things I disagreed with.
    
    "and then make it difficult for you to ever get a decent job again"
    
    It's hard to see how they could do a lot in that direction. In the current job market, anyway, there is a shortage of good, experienced engineers. Jobs are plentiful if you're willing to move to where they are. Competition for them is fierce.
    [ link to this | view in chronology ]
    - bshock, 12 Mar 2014 @ 12:03pm
      
      Re: Re: Re:
      With respect, please allow me to amend one of your assertions.
      
      There is a shortage of good, experience engineers... willing to work at the low wages that most employers want to offer.
      [ link to this | view in chronology ]
      - John Fenderson (profile), 12 Mar 2014 @ 3:24pm
        
        Re: Re: Re: Re:
        I dispute even that much. At least in my area, the median wage is very good -- it puts you in the top 10% of the income spectrum.
        [ link to this | view in chronology ]
    - Anonymous Coward, 12 Mar 2014 @ 3:05pm
      
      Re: Re: Re:
      My point was that it is the techs that implement these initiatives but not all will come forward and blow the whistle because of of government pressure. Thomas Drake is an example: The last I heard, he was only able to get a job at an apple store due to government pressure ruining his reputation. Fear is a powerful motivator especially if you have a family to support.
      [ link to this | view in chronology ]
      - John Fenderson (profile), 12 Mar 2014 @ 3:26pm
        
        Re: Re: Re: Re:
        Well, yes, it takes balls of brass to stand up to "authority figures". Nonetheless, failing to do so makes you complicit with the wrongdoing and deserving of disrespect.
        [ link to this | view in chronology ]
      - John Fenderson (profile), 12 Mar 2014 @ 3:28pm
        
        Re: Re: Re: Re:
        To clarify, I'm not saying that failing to blow the whistle condemns you. Blowing the whistle elevates you. But at a minimum, if the company/agency you work for is doing bad things and you continue to work for them in any capacity, then you are doing bad things.
        [ link to this | view in chronology ]
        
        Anonymous Coward, 12 Mar 2014 @ 8:11pm
        
        Re: Re: Re: Re: Re:
        With a company it is much easier. Once it is connected to the government it will make it harder. I do generally agree with you though, but then it still comes down to the type of pressure someone is under. I wouldn't work at a place that would compromise my morals, such as the NSA, but others may not think that when they take the job. Then family comes along and with the average American living paycheck to paycheck the government has a lot pressure they can put on that person. I believe this is one way how a lot of corruption happens and how it will keep happening. You also can't think that it will only affect you in the family. I am betting people close to Snowden are now flagged in order to make things rather difficult. No fly list being one of them. It also may be the fact that I have a very pessimistic view of the federal government.
        [ link to this | view in chronology ]
- Anonymous Coward, 12 Mar 2014 @ 9:46am
  
  Re:
  "Yet we continue to think the techs doing this for the NSA / CIA/ GCHQ are somehow hero's of the tech field."
  
  who thinks that? these scumbags are complicit in crimes against humanity.
  [ link to this | view in chronology ]
- Rob (profile), 12 Mar 2014 @ 10:56am
  
  Re:
  Who is this "we" you speak of?
  [ link to this | view in chronology ]
Geno0wl (profile), 12 Mar 2014 @ 8:43am

I am still waiting for the leak that shows the GCHQ has actually been actively using those same strats against US entities.
Can you imagine the feign outrage they will have over it?
[ link to this | view in chronology ]
me@me.net, 12 Mar 2014 @ 8:44am

its painfully obvious who the enemy is
moon your webcam every chance you get
[ link to this | view in chronology ]
- Anonymous Coward, 12 Mar 2014 @ 10:24am
  
  Re: its painfully obvious who the enemy is
  I wonder if one can make a program that when your webcam is turned on, unless the control key is held down, the input is a music video of "Never Gonna Give You Up".
  [ link to this | view in chronology ]
  - John Fenderson (profile), 12 Mar 2014 @ 10:36am
    
    Re: Re: its painfully obvious who the enemy is
    This would be pretty easy to do, but a better idea is to physically disable the camera and microphone. I do this with that universal tool: duct tape.
    [ link to this | view in chronology ]
    - jupiterkansas (profile), 12 Mar 2014 @ 12:36pm
      
      Re: Re: Re: its painfully obvious who the enemy is
      Not sure tape will disable the mic, and your solution isn't nearly as fun.
      [ link to this | view in chronology ]
      - John Fenderson (profile), 12 Mar 2014 @ 3:37pm
        
        Re: Re: Re: Re: its painfully obvious who the enemy is
        On my laptop, it does. :)
        [ link to this | view in chronology ]
    - Anonymous Coward, 12 Mar 2014 @ 3:17pm
      
      Re: Re: Re: its painfully obvious who the enemy is
      1. physically disable a system, yes (camera + tape)
      2. Music Video Irritant, yes. slow down the adversary, waste their time and resources, like the uninvited door-to-door salesman, not my problem I didn't answer the phone because I'm at work.
      [ link to this | view in chronology ]
Anonymous Coward, 12 Mar 2014 @ 9:10am

I wonder what Sen. Diane Feinstein thinks ?
[ link to this | view in chronology ]
- Anonymous Coward, 12 Mar 2014 @ 9:46am
  
  Re:
  Whatever her corporate paymasters tell her to.
  [ link to this | view in chronology ]
jupiterkansas (profile), 12 Mar 2014 @ 9:11am

�When they deploy malware on systems,� Hypponen says, �they potentially create new vulnerabilities in these systems, making them more vulnerable for attacks by third parties.�

NSA malware is an attack by a third party.
[ link to this | view in chronology ]
zip, 12 Mar 2014 @ 9:12am

It seems that governments rarely think about the long-term consequences of their actions. Just as it shouldn't surprise anyone that the US/Israeli-government-developed Stuxnet virus has infected many computers around the world, not just the originally-targeted Iranian ones that Stuxnet was designed to sabotage.
[ link to this | view in chronology ]
Anonymous Coward, 12 Mar 2014 @ 9:31am

Now we know who can shut down electricity grids and other critical infrastructure.
[ link to this | view in chronology ]
Anonymous Coward, 12 Mar 2014 @ 9:56am

What about OUR families?
So the NSA targets me, a system administrator, and tries to compromise my system(s). The ones that I use from work and home and on the road. The ones that I use to log into my bank accounts. The ones full of pictures of my kids and correspondence with their teachers. The ones that I use to communicate with my kids. The ones that I use to IM with my wife. The ones that either hold or transit all kinds of personal information about my family. The ones that I've tried, very hard, to lock down via good software and strong encryption and careful use, because all of that information would be highly valuable to someone who intends to harm my family.

And the NSA has done its best to make that possible: to compromise my systems. To make it easier for rapists to find out when my wife's alone. To make it easier for pedophiles to get pictures of my kids. To make it easier for scammers to empty my bank accounts. To make it easier for thieves to break into my home. To make it easier for every scumbag on the planet to turn them into victims.

Thanks a lot, NSA, from the burglars and rapists and kidnappers and murderers. I'm sure they appreciate your efforts.
[ link to this | view in chronology ]
- alan turing, 12 Mar 2014 @ 8:52pm
  
  Re: What about OUR families?
  If you've got pictures of your kids that would turn a pedophile on, Allah help you anyway, just sayin'
  [ link to this | view in chronology ]
  - Anonymous Coward, 14 Mar 2014 @ 9:41am
    
    Re: Re: What about OUR families?
    Are you saying you never take your phone into the bathroom?
    
    ^ This guy....clearly not a system admin that understands the impacts.
    [ link to this | view in chronology ]
- Anonymous Coward, 14 Mar 2014 @ 9:40am
  
  Re: What about OUR families?
  That's OK. I'm pretty sure in a few years they will figure out a way to make all of us existing system admins get tossed in a concentration camp so they can input their own system admins across the infrastructure.
  [ link to this | view in chronology ]
edpo, 12 Mar 2014 @ 9:59am

�Sys admins are a means to an end.�
And yet I still see sys admins on various tech boards shrugging their shoulders at being made idiots of by the NSA.
[ link to this | view in chronology ]
Anonymous Coward, 12 Mar 2014 @ 10:01am

CFAA
http://en.wikipedia.org/wiki/Computer_Fraud_and_Abuse_Act

This applies directly and everyone involved needs to be prosecuted to the maximum extent of the law.
[ link to this | view in chronology ]
- Anonymous Coward, 12 Mar 2014 @ 10:39am
  
  Re: CFAA
  It was my understanding that the nsa is exempt from cfaa
  [ link to this | view in chronology ]
  - That One Guy (profile), 12 Mar 2014 @ 1:37pm
    
    Re: Re: CFAA
    As long as the 'justice' system continues with their 'see no evil, hear no evil' stance, the NSA, as well as pretty much every major governmental agency, is effectively exempt from essentially every law.
    [ link to this | view in chronology ]
    - thebusdriver, 27 Mar 2014 @ 11:45pm
      
      Re: Re: Re: CFAA
      you have only scratched the surface on a super important problem. there really is no education for the american public, that needs to be done. Second. phase two again with the education part on this issue. people are scared...of what? If the majority of the public knew about this.....and they will... i really think there will be backlash big time. its the part of who is brave enough to do this, with facts straight out. snowden is just a fall guy used as detraction at the same time bengazi went down. this is what it will take. knowledge is power. information has more power. when the public finds the real truth behind the scenes, then.....fallout retribution will follow. just wait till google, microsoft. intel, HP, ATT oh boy, get busted. i believe this will happen and soon. this will be faster than the court system. everyone will see no laws, therefore no crimes, no law enforcement to enforce what? these politicians all suck, live in the past. however, silver lining in the cloud laws only for isp's, google, microsoft, hp, facebook, etc. have immunity laws to protect them, however none for us.
      [ link to this | view in chronology ]
madasahatter (profile), 12 Mar 2014 @ 10:39am

Controlling viruses
The analogy of computer malware to biological viruses is more apt than often realized. In biological warfare controlling a virus or bacteria once it is in the wild is very difficult. There is a high risk the it could infect your own people. The same with computer malware, once in the wild there is a significant risk it can be used against you, whether it is accidental or deliberate. The problem is the dim-bulbs authorizing these attacks do not realize they are at risk.
[ link to this | view in chronology ]
- Anonymous Coward, 12 Mar 2014 @ 10:52am
  
  Re: Controlling viruses
  or they don't care. because they only see associated costs and it is not their money that is spent.
  [ link to this | view in chronology ]
- John Fenderson (profile), 12 Mar 2014 @ 10:52am
  
  Re: Controlling viruses
  You're correct, but there's an even more basic problem here. In order for a virus to work, it has to exploit a security flaw in the system it wants to infect. The NSA collects, keeps secret (as in doesn't inform the companies making the hardware & software), and in at least one case introduces security flaws to enable their virii to work.
  
  Even if they never produced a virus at all, they've already done great damage in just laying the groundwork for them.
  [ link to this | view in chronology ]
Anonymous Coward, 12 Mar 2014 @ 12:32pm

I'm sure they don't limit themselves to Facebook. I believe we already heard about them performing a MITM attack posing as LinkedIn? I'm sure they also have or will target Twitter, Tumblr, LinkedIn, Instagram; any major congregation of people.

If this doesn't foster a SOPA-level protest, what will?
[ link to this | view in chronology ]
ahow628 (profile), 12 Mar 2014 @ 1:22pm

Oops, wrong target...
Seems to me that trying to infect computers that aren't patched and spamming infected email is targeting the wrong people altogether. The people with important information are typically patched and on the lookout for social engineering.

I'm not sure how much valuable information they will get from granny with her malware infected Windows XP box. Although maybe she'll send them thousands of dollars in hopes they'll send her millions in return.
[ link to this | view in chronology ]
Alan Wakefield, 18 Apr 2017 @ 3:11pm

NSA TO DESTROY COMPUTERS WORLDWIDE--NOT!
Sorcha Faal? Monday, September 26, 2011
"Booth/Sorcha - A FRAUD DISINFO AGENT FROM THE CIA
Check this out Guys I finally broke through the information barrier. This Character is another fraud and CIA disinformation agent." http://nesaranews.blogspot.com/2011/09/boothsorcha-fraud-from-cia.html
Lots of other sites on Booth/Faal. Note the date on the web site I posted above. Booth/Faal was first "outed" in 2011.
When is this computer "catastrophe" supposed to occur? IT AIN'T GONNA' HAPPEN! YOU CAN TAKE THAT TO THE BANK!
Saw another site that DID NOT connect Faal/Boothe to either the NSA or the CIA. Is there a connection? Does it matter? Don't they ALL lie to us?
[ link to this | view in chronology ]