Just when you thought the NSA couldn’t get any more detestable, new information released yesterday reveals that the agency has expanded its hacking capabilities and can infect millions of computers with malware “imprints”.
Documents provided by NSA whistleblower Edward Snowden provide details about the groundbreaking technology, which uses automated systems to hack into computers on a mass scale without much human oversight.
The documents also revealed that the NSA has pretended to be Facebook to install its malware, according to The Intercept:
In some cases the NSA has masqueraded as a fake Facebook server, using the social media site as a launching pad to infect a target’s computer and exfiltrate files from a hard drive. In others, it has sent out spam emails laced with the malware, which can be tailored to covertly record audio from a computer’s microphone and take snapshots with its webcam. The hacking systems have also enabled the NSA to launch cyberattacks by corrupting and disrupting file downloads or denying access to websites.
The automated system the NSA is using is codenamed TURBINE and is designed to “allow the current implant network to scale to large size (millions of implants) by creating a system that does automated control implants by groups instead of individually.” TURBINE is listed as part of a larger NSA surveillance plan called “Owning the Net.”
Taxpayer money in the amount of $67.6 million was sought by the agency in 2013, with some specifically designated for expansion of TURBINE for “a wider variety” of networks and “enabling greater automation of computer network exploitation.”
The Intercept explained how TURBINE works:
TURBINE was designed to make deploying malware much easier for the NSA’s hackers by reducing their role in overseeing its functions. The system would “relieve the user from needing to know/care about the details,” the NSA’s Technology Directorate notes in one secret document from 2009. “For example, a user should be able to ask for ‘all details about application X’ and not need to know how and where the application keeps files, registry entries, user application data, etc.”
In practice, this meant that TURBINE would automate crucial processes that previously had to be performed manually – including the configuration of the implants as well as surveillance collection, or “tasking,” of data from infected systems. But automating these processes was about much more than a simple technicality. The move represented a major tactical shift within the NSA that was expected to have a profound impact – allowing the agency to push forward into a new frontier of surveillance operations.
The ramifications are starkly illustrated in one undated top-secret NSA document, which describes how the agency planned for TURBINE to “increase the current capability to deploy and manage hundreds of Computer Network Exploitation (CNE) and Computer Network Attack (CNA) implants to potentially millions of implants.” (CNE mines intelligence from computers and networks; CNA seeks to disrupt, damage or destroy them.)
According to the secret files, the system has been in use since at least July 2010, and the NSA has already deployed between 85,000 and 100,000 implants worldwide.
The NSA has employed the use of spam emails that trick users into clicking on malicious links. This “back-door implant”, codenamed WILLOWVIXEN, infects computers within 8 seconds. This method isn’t working as well as it used to, according to documents, because people have become more careful about clicking links in emails.
Enter QUANTUMHAND, the system the NSA uses to pose as Facebook:
In one man-on-the-side technique, codenamed QUANTUMHAND, the agency disguises itself as a fake Facebook server. When a target attempts to log in to the social media site, the NSA transmits malicious data packets that trick the target’s computer into thinking they are being sent from the real Facebook. By concealing its malware within what looks like an ordinary Facebook page, the NSA is able to hack into the targeted computer and covertly siphon out data from its hard drive.
Facebook has denied any knowledge of the program, and told the National Journal that the site is now protected from such attacks:
“We have no evidence of this alleged activity. In any case, this method of network level disruption does not work for traffic carried over HTTPS, which Facebook finished integrating by default last year.
“If government agencies indeed have privileged access to network service providers, any site running only HTTP could conceivably have its traffic misdirected.”
Matt Blaze, a surveillance and cryptography expert at the University of Pennsylvania, told The Intercept he has concerns about the NSA using TURBINE and QUANTUMHAND together:
“As soon as you put this capability in the backbone infrastructure, the software and security engineer in me says that’s terrifying.
“Forget about how the NSA is intending to use it. How do we know it is working correctly and only targeting who the NSA wants? And even if it does work correctly, which is itself a really dubious assumption, how is it controlled?”
Malware installed by the NSA is capable of performing different tasks on infected computers, as this list compiled by the LA Times outlines:
- Use a computer’s microphone to record audio
- Use a computer’s webcam to take photos
- Record a computer’s Internet browsing history
- Record login details and passwords use for Web services
- Log users’ keystrokes
- Extract data from flash drives when they are plugged into infected computers
- Block users from accessing certain websites
- Corrupt files that computers attempt to download
In response to the story, the NSA provided the following statement:
“Signals intelligence shall be collected exclusively where there is a foreign intelligence or counterintelligence purpose.”
Do they really expect us to believe that?
Lily Dane is a staff writer for The Daily Sheeple. Her goal is to help people to “Wake the Flock Up!”