It Gets Worse: NSA Hacking Operations Revealed


As if the revelations of NSA data mining released by Edward Snowden weren’t already disturbing enough, now Glenn Greenwald reports on new information from the documents he turned over that show the NSA is potentially hacked into millions of computers.

Top-secret documents reveal that the National Security Agency is dramatically expanding its ability to covertly hack into computers on a mass scale by using automated systems that reduce the level of human oversight in the process.

The classified files – provided previously by NSA whistleblower Edward Snowden – contain new details about groundbreaking surveillance technology the agency has developed to infect potentially millions of computers worldwide with malware “implants.” The clandestine initiative enables the NSA to break into targeted computers and to siphon out data from foreign Internet and phone networks.

The covert infrastructure that supports the hacking efforts operates from the agency’s headquarters in Fort Meade, Maryland, and from eavesdropping bases in the United Kingdom and Japan. GCHQ, the British intelligence agency, appears to have played an integral role in helping to develop the implants tactic.

In some cases the NSA has masqueraded as a fake Facebook server, using the social media site as a launching pad to infect a target’s computer and exfiltrate files from a hard drive. In others, it has sent out spam emails laced with the malware, which can be tailored to covertly record audio from a computer’s microphone and take snapshots with its webcam. The hacking systems have also enabled the NSA to launch cyberattacks by corrupting and disrupting file downloads or denying access to websites.

The implants being deployed were once reserved for a few hundred hard-to-reach targets, whose communications could not be monitored through traditional wiretaps. But the documents analyzed by The Intercept show how the NSA has aggressively accelerated its hacking initiatives in the past decade by computerizing some processes previously handled by humans. The automated system – codenamed TURBINE – is designed to “allow the current implant network to scale to large size (millions of implants) by creating a system that does automated control implants by groups instead of individually.”…

Mikko Hypponen, an expert in malware who serves as chief research officer at the Finnish security firm F-Secure, calls the revelations “disturbing.” The NSA’s surveillance techniques, he warns, could inadvertently be undermining the security of the Internet.

“When they deploy malware on systems,” Hypponen says, “they potentially create new vulnerabilities in these systems, making them more vulnerable for attacks by third parties.”

Hypponen believes that governments could arguably justify using malware in a small number of targeted cases against adversaries. But millions of malware implants being deployed by the NSA as part of an automated process, he says, would be “out of control.”

“That would definitely not be proportionate,” Hypponen says. “It couldn’t possibly be targeted and named. It sounds like wholesale infection and wholesale surveillance.”

Which is exactly the problem with the cell phone metadata collection. It’s one thing to target a specific person, gather evidence, get a warrant and do this kind of surveillance. That’s a legitimate and necessary tool against terrorism. But it can’t possibly be either legitimate or necessary to surveil millions of people, only a tiny percentage of whom could possibly be a danger. It’s like claiming that there are some bad guys in New York City, so we’re just going to tap everyone’s phone there and install hidden cameras in every house and apartment there.

Comments

  1. lippard says

    I believe this part is incorrect: “In some cases the NSA has masqueraded as a fake Facebook server”

    Rather, the NSA’s (& GCHQ’s) “QUANTUMINSERT” capability works by injecting traffic into an existing HTTP session, such as interactions with Facebook and LinkedIn. Most of the media reports on the “QUANTUMINSERT” technique wrongly describe it as using fake websites. No, they use the *real* websites, and insert additional content into them by manipulating the traffic stream so that the client web browser pulls exploit content from a “FOXACID” exploit server. FOXACID doesn’t masquerade as Facebook or LinkedIn, it just serves malware.

    It is a “man in the middle” attack, but it’s a bit more sophisticated than a fake website.

  2. karmacat says

    All these procedures are just adding more hay to the haystack. So they are not only violating our privacy rights, they are being stupid. The more data you have the longer the analysis. It’s not like computers come with a warning light “look at me, I’m a terrorist.”

  3. Olav says

    Karmacat #2:

    All these procedures are just adding more hay to the haystack. So they are not only violating our privacy rights, they are being stupid. The more data you have the longer the analysis. It’s not like computers come with a warning light “look at me, I’m a terrorist.”

    I believe that may be a misunderstanding. From the NSA’s perspective it does make sense what they are doing, collecting any amount of data they can get their hands on. As soon as they have someone’s identifying information (an IP address, a phone number, a credit card, or some other kind of “digital fingerprint”) they can easily search their giant data store for who else this someone has interacted with. In that sense, all this untargeted surveillance is done because “you never know when you might need it”. And because their capabilities are so widespread, they can correlate many kinds of different data to form a complete picture of almost everyone.

    So the more data they have, the quicker the analysis.

  4. D. C. Sessions says

    As it is, traffic analysis shows that known terrorist supporters and I get e-mail, phone calls, and other communications from the same sources.

  5. says

    I’ve said it before, but I, for one, am all for all of these great and wonderful things the NSA is doing to protect America and Freedom and America and I look forward to nobody paying any attention to those, or indeed any other, things.

  6. says

    I can still imagine authoritarians supporting this by saying that if we oppose privacy invasion, we’re tying their hands to catch terrorists. Catching terrorists can be done without such extreme measures. The problem is that all this can so easily be repurposed for politically motivated blackmail. Or any kind of blackmail, really. Ubiquitous or vaguely defined crimes can be selectively prosecuted if everyone’s guilty. If you’re embarrassed by your innocent online activities, you’re a target for blackmail. If you’ve ever stood naked in front of your computer camera that’s been secretly recording, that image can be taken out of context to manufacture a convenient scandal.

    This power makes me more afraid of politicians than terrorists.

  7. Olav says

    Bronze #7:

    If you’ve ever stood naked in front of your computer camera that’s been secretly recording, that image can be taken out of context to manufacture a convenient scandal.

    “But if you have nothing to hide you have nothing to fear…” Or so they keep telling us.

    Personally, I build and install/configure all my computers myself and I have a fairly good idea which bits and bytes go over my internet line. So I am cautiously confident that no unfortunate webcam pictures will leak out here. But most people who depend on the stuff that is on offer by big brand corporations are really prey for the predators.

    This power makes me more afraid of politicians than terrorists.

    Of course, this kind of surveillance was never about terrorists. It is about control. But I don’t believe that the politicians are the ones in control. The intelligence agencies are making their own rules.

  8. says

    Olav “Personally, I build and install/configure all my computers myself and I have a fairly good idea which bits and bytes go over my internet line. So I am cautiously confident that no unfortunate webcam pictures will leak out here.”
    Really? I have a webcam that’s on all the time. The way I figure it, if they’re going to take the time to watch me, I’d might as well give ‘em a show. Plus I classed my internet connection and computer costs as all tax deductible*. I mean, what are they going to do, deny them? That would require them to admit watching my show in the first place, using the government programs that don’t exist, making them the perverts. My show really is quite disturbing*.

     
    * Costumes, too.

  9. says

    I have two computers with webcams. I have gone to great lengths and employed some startlingly high tech tools to make sure that my cameras only record what I want them to record.

    On my old notebook I’ve employed a blocking technique known TPET (Tiny Piece Electrical Tape) and on my newer computer, a desktop, I use the FOBKR gambit (Folded Over Burger King Receipt). I have found that both of these safeguards can be used without slowing down my computer or causing it to crash. If anyone would like directions on how to fabricate these devices I will be happy to send them for $49.99 apiece or $129.99 for the pair. You’re welcome.

  10. zmidponk says

    democommie:

    On my old notebook I’ve employed a blocking technique known TPET (Tiny Piece Electrical Tape) and on my newer computer, a desktop, I use the FOBKR gambit (Folded Over Burger King Receipt). I have found that both of these safeguards can be used without slowing down my computer or causing it to crash.

    For my desktop with webcam, I’ve gone for the very effective NPII procedure (Not Plugging It In), and have found a similar lack of any performance issues.

  11. eoleen says

    Well, folks, if you want someone to blame you can pick on those people – working for DARPA – who invented the Internet. (Berners-Lee invented the World-Wide-Web, which is a protocol built on top of the Internet.) They, in their wisdom decided that the intended users of the web, (at that time), weren’t to be relied upon to apply software updates either properly or on-and-in time. And lets face it: the early internet wasn’t too user-friendly.

    So they built in the capacity for remote updating…

    Opening the door to the mass distribution of Malwear, to our sorrow.

    And the NSA is simply piggy-backing on that “feature”, same as all the hackers out there.

    That is why you shouldn’t commit anything you want to keep secret to the internet.

    Have fun folks…

Leave a Reply