NSA Aiming To Infect 'Millions' Of Computers Worldwide With Its Malware; Targets Telco/ISP Systems Administrators

from the so,-telco-sys-admins-are-now-'national-security-threats'-or-did-I-miss-t dept

The NSA is still working hard to make the world's computer usage less safe. The latest leak published by The Intercept shows the agency plans to infect "millions" of computers worldwide with malware, making it easier for the NSA to harvest data and communications from these compromised machines.

The classified files – provided previously by NSA whistleblower Edward Snowden – contain new details about groundbreaking surveillance technology the agency has developed to infect potentially millions of computers worldwide with malware “implants.” The clandestine initiative enables the NSA to break into targeted computers and to siphon out data from foreign Internet and phone networks.

Mikko Hypponen, an expert in malware who serves as chief research officer at the Finnish security firm F-Secure, calls the revelations “disturbing.” The NSA’s surveillance techniques, he warns, could inadvertently be undermining the security of the Internet.



“When they deploy malware on systems,” Hypponen says, “they potentially create new vulnerabilities in these systems, making them more vulnerable for attacks by third parties.”

In one secret post on an internal message board, an operative from the NSA’s Signals Intelligence Directorate describes using malware attacks against systems administrators who work at foreign phone and Internet service providers. By hacking an administrator’s computer, the agency can gain covert access to communications that are processed by his company. “Sys admins are a means to an end,” the NSA operative writes.



The internal post – titled “I hunt sys admins” – makes clear that terrorists aren’t the only targets of such NSA attacks. Compromising a systems administrator, the operative notes, makes it easier to get to other targets of interest, including any “government official that happens to be using the network some admin takes care of.”

“One of the greatest challenges for active SIGINT/attack is scale,” explains the top-secret presentation from 2009. “Human ‘drivers’ limit ability for large-scale exploitation (humans tend to operate within their own environment, not taking into account the bigger picture).”

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community. Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis. While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

The methods detailed include the agency masquerading as a Facebook server and sending out laced spam emails in order to subvert users' computers and give the NSA access to local files as well as control of webcams and microphones. Not only does the agency actively work to delay bug fixes in order to exploit systems, but its ongoing malware mission ensures that using a computer and/or accessing the web will always be more dangerous than it should be.The NSA has argued previously that its malware targets are strictly national security threats. But the evidence provided here undermines this defense of NSA malware deployment.The Intercept's report notes that the GCHQ has deployed similar tactics, hacking into computers owned by Belgacom system engineers. The malware attacks go far beyond end user computers, targeting routers and setting the agency up for man-in-the-middle attacks (something that has become far more necessary as fewer and fewer people actually, much less click links in spam email). The NSA may view this all as fair game -- a means to an end -- but the ugly truth is that the agency's malware/hacking attempts are not limited to threats, but rather any person/service it believes can offer access to even more communications and data. At this point, the only thing slowing the agency down is the audacious size of its undertaking.The program -- utilizing the previously discussed TURBINE (part of the agency's TAO - Tailored Access Operations), as well as several other NSA tools like SECONDDATE and WILLOWVIXEN -- is aimed at "Owning the Internet" according to the leaked documents. This internet "ownership" ultimately belongs to the American public, whether they want it or not -- the price tag (according to the leaked Black Budget) was $67.6 million last year. As the scope continues to broaden, the budget will expand as well. The end result is the US public funding the weakening of security standards and encryption worldwide, all in the name of "national security."At this point, neither agency named (GCHQ, NSA) has offered anything more than canned "in accordance with policy/applicable laws" text in response to the latest leaks. (Only the GCHQ has responded so far.) The NSA may try pass these efforts off as "targeting" foreign subjects, deliberately ignoring the facts that the internet has no real borders, and that undermining the security of users worldwide -- no matter what the stated "goal" -- makes the computing world less safe for everyone involved, including domestic end users.

Filed Under: attacks, gchq, infections, malware, man in the middle, nsa, own the web, privacy, seconddate, turbine, willowvixen

Companies: facebook