Facebook Twitter Google+ Shout YouTube SoundCloud RSS

Even Dirtier: NSA Plan to Infect Millions of Computers with ‘Malware Implant’

21st Century Wire says…

The NSA leaks coming out of the Snowden camp are getting worse and sounding more pernicious by the week.

When we saw the GCHQ training guide to professional trolling, honey-potting online, targeting businesses and running slander campaigns online.

Indeed, we assumed that this was the apex of criminality, until now…


This is perhaps the dirtiest and most offensive government-sanctioned crime emporium yet, although we won’t close the betting window just yet.

What some might refer to as ‘groundbreaking surveillance technology’, we’ll simply call it what it is – another thing coming out of the NSA that has nothing to do with the ‘national security’ of the USA, and everything to do with intentionally ruining this present version of the internet.

These revelations from Ed Snowden were not conjured up out of thin air – because all of these shady programs were put in play for a reason, and it’s a safe bet that it has nothing to do with catching Islamic terrorists. This is about the nature and structure of the internet as we know it. There are many corporate firms who stand to benefit should the confidence and the functionality of the current Internet become compromised beyond repair – and one can only guess how many current NSA corporate contractors stand to gain from such redundancies, and transitions to new platforms. Such a crisis or ‘transition’ could net hundreds of billions of dollars. Out of chaos… comes order, and in that order is where you can make a serious buck.

Their objective here couldn’t be anymore insidious: to infect potentially millions of computers worldwide with specially designed malware “implants.”

“The clandestine initiative enables the NSA to break into targeted computers and to siphon out data from foreign Internet and phone networks.”

The public should really be under no illusions as to what we are looking at here – an agency out of control, with no meaningful oversight – acting as a law onto itself.

The agency should be disbanded, and all of its lucrative corporate contractors it uses to circumvent fundamental US laws and violate Americans and others’ rights – should be put out to pasture…

Ryan Gallagher and Glenn Greenwald
First Look/ The Intercept

Top-secret documents reveal that the National Security Agency is dramatically expanding its ability to covertly hack into computers on a mass scale by using automated systems that reduce the level of human oversight in the process.

The classified files – provided previously by NSA whistleblower Edward Snowden – contain new details about groundbreaking surveillance technology the agency has developed to infect potentially millions of computers worldwide with malware “implants.” The clandestine initiative enables the NSA to break into targeted computers and to siphon out data from foreign Internet and phone networks.

The covert infrastructure that supports the hacking efforts operates from the agency’s headquarters in Fort Meade, Maryland, and from eavesdropping bases in the United Kingdom and Japan. GCHQ, the British intelligence agency, appears to have played an integral role in helping to develop the implants tactic.

In some cases the NSA has masqueraded as a fake Facebook server, using the social media site as a launching pad to infect a target’s computer and exfiltrate files from a hard drive. In others, it has sent out spam emails laced with the malware, which can be tailored to covertly record audio from a computer’s microphone and take snapshots with its webcam. The hacking systems have also enabled the NSA to launch cyberattacks by corrupting and disrupting file downloads or denying access to websites.

The implants being deployed were once reserved for a few hundred hard-to-reach targets, whose communications could not be monitored through traditional wiretaps. But the documents analyzed by The Intercept show how the NSA has aggressively accelerated its hacking initiatives in the past decade by computerizing some processes previously handled by humans. The automated system – codenamed TURBINE – is designed to “allow the current implant network to scale to large size (millions of implants) by creating a system that does automated control implants by groups instead of individually.”

In a top-secret presentation, dated August 2009, the NSA describes a pre-programmed part of the covert infrastructure called the “Expert System,” which is designed to operate “like the brain.” The system manages the applications and functions of the implants and “decides” what tools they need to best extract data from infected machines.

Mikko Hypponen, an expert in malware who serves as chief research officer at the Finnish security firm F-Secure, calls the revelations “disturbing.” The NSA’s surveillance techniques, he warns, could inadvertently be undermining the security of the Internet.

“When they deploy malware on systems,” Hypponen says, “they potentially create new vulnerabilities in these systems, making them more vulnerable for attacks by third parties.”

Hypponen believes that governments could arguably justify using malware in a small number of targeted cases against adversaries. But millions of malware implants being deployed by the NSA as part of an automated process, he says, would be “out of control.”

“That would definitely not be proportionate,” Hypponen says. “It couldn’t possibly be targeted and named. It sounds like wholesale infection and wholesale surveillance.”

The NSA declined to answer questions about its deployment of implants, pointing to a new presidential policy directive announced by President Obama. “As the president made clear on 17 January,” the agency said in a statement, “signals intelligence shall be collected exclusively where there is a foreign intelligence or counterintelligence purpose to support national and departmental missions, and not for any other purposes.”

“Owning the Net”

The NSA began rapidly escalating its hacking efforts a decade ago. In 2004, according to secret internal records, the agency was managing a small network of only 100 to 150 implants. But over the next six to eight years, as an elite unit called Tailored Access Operations (TAO) recruited new hackers and developed new malware tools, the number of implants soared to tens of thousands.

To penetrate foreign computer networks and monitor communications that it did not have access to through other means, the NSA wanted to go beyond the limits of traditional signals intelligence, or SIGINT, the agency’s term for the interception of electronic communications. Instead, it sought to broaden “active” surveillance methods – tactics designed to directly infiltrate a target’s computers or network devices.

In the documents, the agency describes such techniques as “a more aggressive approach to SIGINT” and says that the TAO unit’s mission is to “aggressively scale” these operations.

But the NSA recognized that managing a massive network of implants is too big a job for humans alone.

“One of the greatest challenges for active SIGINT/attack is scale,” explains the top-secret presentation from 2009. “Human ‘drivers’ limit ability for large-scale exploitation (humans tend to operate within their own environment, not taking into account the bigger picture).”

The agency’s solution was TURBINE. Developed as part of TAO unit, it is described in the leaked documents as an “intelligent command and control capability” that enables “industrial-scale exploitation.”

TURBINE was designed to make deploying malware much easier for the NSA’s hackers by reducing their role in overseeing its functions. The system would “relieve the user from needing to know/care about the details,” the NSA’s Technology Directorate notes in one secret document from 2009. “For example, a user should be able to ask for ‘all details about application X’ and not need to know how and where the application keeps files, registry entries, user application data, etc.”

In practice, this meant that TURBINE would automate crucial processes that previously had to be performed manually – including the configuration of the implants as well as surveillance collection, or “tasking,” of data from infected systems. But automating these processes was about much more than a simple technicality. The move represented a major tactical shift within the NSA that was expected to have a profound impact – allowing the agency to push forward into a new frontier of surveillance operations.

The ramifications are starkly illustrated in one undated top-secret NSA document, which describes how the agency planned for TURBINE to “increase the current capability to deploy and manage hundreds of Computer Network Exploitation (CNE) and Computer Network Attack (CNA) implants to potentially millions of implants.” (CNE mines intelligence from computers and networks; CNA seeks to disrupt, damage or destroy them.)

Eventually, the secret files indicate, the NSA’s plans for TURBINE came to fruition. The system has been operational in some capacity since at least July 2010, and its role has become increasingly central to NSA hacking operations.

Earlier reports based on the Snowden files indicate that the NSA has already deployed between 85,000 and 100,000 of its implants against computers and networks across the world, with plans to keep on scaling up those numbers.

The intelligence community’s top-secret “Black Budget” for 2013, obtained by Snowden, lists TURBINE as part of a broader NSA surveillance initiative named “Owning the Net.”

The agency sought $67.6 million in taxpayer funding for its Owning the Net program last year. Some of the money was earmarked for TURBINE, expanding the system to encompass “a wider variety” of networks and “enabling greater automation of computer network exploitation.”

Circumventing Encryption

The NSA has a diverse arsenal of malware tools, each highly sophisticated and customizable for different purposes.

One implant, codenamed UNITEDRAKE, can be used with a variety of “plug-ins” that enable the agency to gain total control of an infected computer.

An implant plug-in named CAPTIVATEDAUDIENCE, for example, is used to take over a targeted computer’s microphone and record conversations taking place near the device. Another, GUMFISH, can covertly take over a computer’s webcam and snap photographs. FOGGYBOTTOM records logs of Internet browsing histories and collects login details and passwords used to access websites and email accounts. GROK is used to log keystrokes. And SALVAGERABBIT exfiltrates data from removable flash drives that connect to an infected computer.

The implants can enable the NSA to circumvent privacy-enhancing encryption tools that are used to browse the Internet anonymously or scramble the contents of emails as they are being sent across networks. That’s because the NSA’s malware gives the agency unfettered access to a target’s computer before the user protects their communications with encryption…

Continue this story at First Look

READ MORE NSA NEWS AT: 21st Century Wire NSA Files

21wire

21wire

We are a North American and European-based, grass-roots, independent blog offering geopolitical news and media analysis, working with an array of volunteer contributors who write and help to analyse news and opinion from around the world.
21wire

@21WIRE

Independent journalist trying to keep it real in an epoch of great mainstream deception... #SundayWire
CLOAKED IN #CONSPIRACY: An Overview of #JFK files Reopens Door to Coup D’État Claims & Cold War Era #FalseFlaghttps://t.co/H1wwJ7U3GP - 43 mins ago
21wire