NSA Aiming To Infect 'Millions' Of Computers Worldwide With Its Malware; Targets Telco/ISP Systems Administrators
from the so,-telco-sys-admins-are-now-'national-security-threats'-or-did-I-miss-t dept
The NSA is still working hard to make the world's computer usage less safe. The latest leak published by The Intercept shows the agency plans to infect "millions" of computers worldwide with malware, making it easier for the NSA to harvest data and communications from these compromised machines.
The classified files – provided previously by NSA whistleblower Edward Snowden – contain new details about groundbreaking surveillance technology the agency has developed to infect potentially millions of computers worldwide with malware “implants.” The clandestine initiative enables the NSA to break into targeted computers and to siphon out data from foreign Internet and phone networks.The methods detailed include the agency masquerading as a Facebook server and sending out laced spam emails in order to subvert users' computers and give the NSA access to local files as well as control of webcams and microphones. Not only does the agency actively work to delay bug fixes in order to exploit systems, but its ongoing malware mission ensures that using a computer and/or accessing the web will always be more dangerous than it should be.
Mikko Hypponen, an expert in malware who serves as chief research officer at the Finnish security firm F-Secure, calls the revelations “disturbing.” The NSA’s surveillance techniques, he warns, could inadvertently be undermining the security of the Internet.The NSA has argued previously that its malware targets are strictly national security threats. But the evidence provided here undermines this defense of NSA malware deployment.
“When they deploy malware on systems,” Hypponen says, “they potentially create new vulnerabilities in these systems, making them more vulnerable for attacks by third parties.”
In one secret post on an internal message board, an operative from the NSA’s Signals Intelligence Directorate describes using malware attacks against systems administrators who work at foreign phone and Internet service providers. By hacking an administrator’s computer, the agency can gain covert access to communications that are processed by his company. “Sys admins are a means to an end,” the NSA operative writes.The Intercept's report notes that the GCHQ has deployed similar tactics, hacking into computers owned by Belgacom system engineers. The malware attacks go far beyond end user computers, targeting routers and setting the agency up for man-in-the-middle attacks (something that has become far more necessary as fewer and fewer people actually open, much less click links in spam email). The NSA may view this all as fair game -- a means to an end -- but the ugly truth is that the agency's malware/hacking attempts are not limited to threats, but rather any person/service it believes can offer access to even more communications and data. At this point, the only thing slowing the agency down is the audacious size of its undertaking.
The internal post – titled “I hunt sys admins” – makes clear that terrorists aren’t the only targets of such NSA attacks. Compromising a systems administrator, the operative notes, makes it easier to get to other targets of interest, including any “government official that happens to be using the network some admin takes care of.”
“One of the greatest challenges for active SIGINT/attack is scale,” explains the top-secret presentation from 2009. “Human ‘drivers’ limit ability for large-scale exploitation (humans tend to operate within their own environment, not taking into account the bigger picture).”The program -- utilizing the previously discussed TURBINE (part of the agency's TAO - Tailored Access Operations), as well as several other NSA tools like SECONDDATE and WILLOWVIXEN -- is aimed at "Owning the Internet" according to the leaked documents. This internet "ownership" ultimately belongs to the American public, whether they want it or not -- the price tag (according to the leaked Black Budget) was $67.6 million last year. As the scope continues to broaden, the budget will expand as well. The end result is the US public funding the weakening of security standards and encryption worldwide, all in the name of "national security."
At this point, neither agency named (GCHQ, NSA) has offered anything more than canned "in accordance with policy/applicable laws" text in response to the latest leaks. (Only the GCHQ has responded so far.) The NSA may try pass these efforts off as "targeting" foreign subjects, deliberately ignoring the facts that the internet has no real borders, and that undermining the security of users worldwide -- no matter what the stated "goal" -- makes the computing world less safe for everyone involved, including domestic end users.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: attacks, gchq, infections, malware, man in the middle, nsa, own the web, privacy, seconddate, turbine, willowvixen
Companies: facebook
Reader Comments
Subscribe: RSS
View by: Time | Thread
Inadvertently??
There's nothing inadvertent about it. They are intentionally undermining the security of the internet. That's the whole point -- to undermine it so that they have greater access.
[ link to this | view in thread ]
Re: Inadvertently??
[ link to this | view in thread ]
[ link to this | view in thread ]
a)expecting no complaints, even though there will be no selective targeting
b) to do so with immunity, ie, no punishment at all!
this has got to stop! this taking over of machines and accessing mail is bad enough, but to take over cameras as well and then keeping the snap shots taken is the sort of thing a pervert, a pedophile or similar would perhaps do and again, no specific targeting, just a random log in to see what is being done and said.
this is actually sickening!!
[ link to this | view in thread ]
They are the enablers for ALL of these issues. Without them, this level of crap could never have been achieved.
There is nothing to be proud of anymore about being a tech at the NSA.
[ link to this | view in thread ]
Can you imagine the feign outrage they will have over it?
[ link to this | view in thread ]
its painfully obvious who the enemy is
[ link to this | view in thread ]
Re:
Huh?? Who thinks that?
[ link to this | view in thread ]
[ link to this | view in thread ]
NSA malware is an attack by a third party.
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: Violent Pacification
"We'll force you to be nice to each other
Kill you before you kill each other"
[ link to this | view in thread ]
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re:
who thinks that? these scumbags are complicit in crimes against humanity.
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: Re:
"and then make it difficult for you to ever get a decent job again"
It's hard to see how they could do a lot in that direction. In the current job market, anyway, there is a shortage of good, experienced engineers. Jobs are plentiful if you're willing to move to where they are. Competition for them is fierce.
[ link to this | view in thread ]
What about OUR families?
And the NSA has done its best to make that possible: to compromise my systems. To make it easier for rapists to find out when my wife's alone. To make it easier for pedophiles to get pictures of my kids. To make it easier for scammers to empty my bank accounts. To make it easier for thieves to break into my home. To make it easier for every scumbag on the planet to turn them into victims.
Thanks a lot, NSA, from the burglars and rapists and kidnappers and murderers. I'm sure they appreciate your efforts.
[ link to this | view in thread ]
“Sys admins are a means to an end.”
[ link to this | view in thread ]
CFAA
This applies directly and everyone involved needs to be prosecuted to the maximum extent of the law.
[ link to this | view in thread ]
Re: its painfully obvious who the enemy is
[ link to this | view in thread ]
Re: Re: its painfully obvious who the enemy is
[ link to this | view in thread ]
Re: CFAA
[ link to this | view in thread ]
Controlling viruses
[ link to this | view in thread ]
Re: Controlling viruses
[ link to this | view in thread ]
Re: Controlling viruses
Even if they never produced a virus at all, they've already done great damage in just laying the groundwork for them.
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: Re: Re:
There is a shortage of good, experience engineers... willing to work at the low wages that most employers want to offer.
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
If this doesn't foster a SOPA-level protest, what will?
[ link to this | view in thread ]
Re: Re: Re: its painfully obvious who the enemy is
[ link to this | view in thread ]
Oops, wrong target...
I'm not sure how much valuable information they will get from granny with her malware infected Windows XP box. Although maybe she'll send them thousands of dollars in hopes they'll send her millions in return.
[ link to this | view in thread ]
Re: Re: CFAA
[ link to this | view in thread ]
Re: Re: Re:
[ link to this | view in thread ]
Re: Re: Re: its painfully obvious who the enemy is
2. Music Video Irritant, yes. slow down the adversary, waste their time and resources, like the uninvited door-to-door salesman, not my problem I didn't answer the phone because I'm at work.
[ link to this | view in thread ]
Re: Re: Re: Re:
[ link to this | view in thread ]
Re: Re: Re: Re:
[ link to this | view in thread ]
Re: Re: Re: Re:
[ link to this | view in thread ]
Re: Re: Re: Re: its painfully obvious who the enemy is
[ link to this | view in thread ]
Re: Re: Re: Re: Re:
[ link to this | view in thread ]
Re: What about OUR families?
[ link to this | view in thread ]
Re: What about OUR families?
[ link to this | view in thread ]
Re: Re: What about OUR families?
^ This guy....clearly not a system admin that understands the impacts.
[ link to this | view in thread ]
Re: Re: Re: CFAA
[ link to this | view in thread ]
NSA TO DESTROY COMPUTERS WORLDWIDE--NOT!
"Booth/Sorcha - A FRAUD DISINFO AGENT FROM THE CIA
Check this out Guys I finally broke through the information barrier. This Character is another fraud and CIA disinformation agent." http://nesaranews.blogspot.com/2011/09/boothsorcha-fraud-from-cia.html
Lots of other sites on Booth/Faal. Note the date on the web site I posted above. Booth/Faal was first "outed" in 2011.
When is this computer "catastrophe" supposed to occur? IT AIN'T GONNA' HAPPEN! YOU CAN TAKE THAT TO THE BANK!
Saw another site that DID NOT connect Faal/Boothe to either the NSA or the CIA. Is there a connection? Does it matter? Don't they ALL lie to us?
[ link to this | view in thread ]