NSA Has A 50,000 Computer Botnet From Secretly Installing Malware Around The Globe

from the keeping-us-safe...? dept

Over the weekend, the Dutch media operation NRC published yet another Ed Snowden slide, showing how the NSA had infected 50,000 computer networks with malware. The only really new thing here is the number. We already knew the NSA’s TAO (Tailored Access Operations) group was infecting computers around the globe using packet injection, via a system it calls “quantum injection”, and that it’s used these to install malware on key computers inside Belgacom, the Belgian telco giant. However, the latest report basically shows that the NSA has been able to compromise computers and networks in the same manner all around the globe:

As NRC notes, the earlier reports from the Washington Post had estimated about 20,000 successful “implants” in 2008. So it appears that the NSA has more than doubled its malware installations in the past four or five years. Of course, looking at the chart, you can see some interesting tidbits. The blue dots are “Large Cable,” which appears to be key fiber optic cable endpoints that they’ve tapped into. From the description it appears some of those taps are “covert,” while others are “cooperative” (thanks, AT&T!). CNE is “Computer Network Exploitation” and you can see that targeted in areas of interest. A bunch in China and India. A lot in the Middle East. A bunch in Russia and then Mexico and South America. Basically, the NSA has access to… just about anything it wants.

Filed Under: , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “NSA Has A 50,000 Computer Botnet From Secretly Installing Malware Around The Globe”

Subscribe: RSS Leave a comment
That One Guy (profile) says:

Re: Re:

Hackers? They’re not the big worry, the big problem with the NSA infecting as many important networks/computers as they can is ‘What happens if the public and government turns against them, demand they step down and are prosecuted for their actions, and they don’t feel like going quietly?’

With so many compromised systems, they are in a position to make things very ugly to any government or group that challenges them, and given their actions so far, I wouldn’t put it past them at all, to if not perform such an action, at least hint at it to discourage any potential opposition.

Anonymous Coward says:

Re: Re: Re:

Why even bother with infecting a machine with malware when the AV scanner is already installed? It will work just fine as a trojan by itself.
Checked the EULA coming with your AV package lately? Have a look under the header “Privacy” or something similar. You’ll find that they have essentially given themselves the right to send just about anything off your system to their databases. Files, programs, personally identifiable information, MAC addresses, IP number – everything.
How many other US companies besides Apple, Google, Microsoft, Verizon, etc were listed in Snowdens documents? 100+ that weren’t named IIRC. Want to bet some money there are a few AV companies involved? I wouldn’t.

The Real Michael says:

Re: Re: Re: Re:

To clarify, I meant the times, the atmosphere, not merely the internet speed. More free, less intrusive. It was new and fun. People didn’t have to worry about ham-fisted, draconian rules and regulations, take-down notices and lawsuits. It was awesome.

I think around a little after 9/11 is when things began to go downhill.

Anonymous Coward says:

interesting !!!

10 most wanted American botnets..

No. 1: Zeus
Compromised U.S. computers: 3.6 million

No. 2: Koobface
Compromised U.S. computers: 2.9 million

No. 3: TidServ
Compromised U.S. computers: 1.5 million
No. 10: Conficker
Compromised U.S. computers: 210,000

Again, I find it hard to get all excited that NSA has a 50k botnet, and would have expected better from them..

Anonymous Coward says:

Ditch anti-virus software

Firstly, their infections would be noticed and removed, and computers are continuously upgraded so the 50000 would be the current count of how many servers they seized control of, minus how many they lost control of.
So 50000 is likely to be the current RECENT number done in the last few years.

Secondly, your anti-virus didn’t catch these, and I see some of them (Symantec) sheepishly mentioning there’s a backdoor that listens on the SSH port for special encrypted commands (looks like NSA work, because NSA would know who sent those commands, it would be in their logs! It would be in GCHQ logs!).
Either the anti-virus companies didn’t catch it (incompetence), or they were complicit in not catching it, or maybe they are one of the backdoors.

Thirdly, so much for Obama being in control. He’s clearly not in charge here, the NSA is busy setting all kinds of illegal agendas and he’s not in the loop.

Mr. Applegate says:

Re: Ditch anti-virus software

Thirdly, so much for Obama being in control. He’s clearly not in charge here, the NSA is busy setting all kinds of illegal agendas and he’s not in the loop.

Um, who says he isn’t the one in charge? Him?

If he truly wasn’t “in charge” I would have expected him to be clipping a lot of wings by now, and that isn’t happening. He is sitting there say “I didn’t know” but he isn’t doing a damn thing about it.

The NSA operates under the jurisdiction of the Department of Defense and reports to the Director of National intelligence.

The Director of National Intelligence (DNI) is the United States government official ? subject to the authority, direction, and control of the President ? required by the Intelligence Reform and Terrorism Prevention Act of 2004 to:
Serve as principal advisor to the President, the National Security Council, and the Homeland Security Council about intelligence matters related to national security;
Serve as head of the sixteen-member Intelligence Community; and
Direct and oversee the National Intelligence Program.

Mr. Applegate says:

Re: Re: Re: Ditch anti-virus software

Well obviously from the chain of command, as I showed above, that puts him in the position to be “In Charge”, and therefore able to clip wings.

If things were happening “without his knowledge” in other words the NSA had gone rouge, then he would start replacing those if charge of keeping the NSA in check. That hasn’t happened. Therefore, I conclude one of two possibilities.

1. He didn’t know what is going on, but agrees with it, therefore he will not reprimand anyone.

2. He knows exactly what is going on and is not being honest with the people.

The first option seems rather unlikely as I believe part of his campaign was about reining in the spying. Obama has failed the people he is supposed to serve.

Congress is no better as they have the purse strings and and ability to pass legislation. They too knew, or had a duty to find out what was going on and take the appropriate steps to protect the American people. They have failed the people they are supposed to serve.

They have all disgraced themselves, their families and in fact all Americans.

aldestrawk says:

not a botnet

Calling the 50,000 networks a botnet is mischaracterizing what is going on here. The NSA only achieves its purpose when infecting a router or switch. This is what gives them access to all the data communicated on the attached network. Recall that with Belgacom the infection of IT staff computers was only an interim step, with the ultimate goal of infecting the GRX routers. A router does not run much of the software which makes botnets so useful to their controllers. The NSA would also not ever risk their surveillance capability by using control of a router for other purposes. If the router was not functioning well or doing very strange things then network IT staff are going to notice it and start investigating. Unless there was a stealthy root-kit (not an impossibility) on the router, the malware will be discovered and removed. The OS for routers has less of an attack surface than standard computer OSs. Even if Linux, or some other variation of UNIX is used then a lot of the capability, and thus attack surface, is disabled.

Once a router is infected, if a user’s computer or server was infected that malware isn’t so important anymore. Those, non-router, computers are updated much more frequently than routers or switches. Also, anti-virus software is not installed on routers. The NSA may even remove malware from non-routers to avoid detection. Then again, they may have achieved some very stealthy malware. I think it is less likely that arrangements are made with major AV companies to whitelist NSA malware. A whitelist is visible to too many people.

This particular leak is going to have an enormous impact on NSA capability. It would behoove any security executive for telecoms, or ISPs around the world to take a close look at their routers.

FM Hilton (profile) says:

And the beast grows

Supposing this:

The NSA has a network of Botnets in other countries, then the owners of those infected computers decide to run their own BotNet networks infecting other computers, and then the FBI, and Microsoft go on the hunt for these computers-installing malware to get the botnets captured.

Could it be true? That the FBI and Microsoft have been doing this all along? Capturing and shutting down BotNet servers that began with the NSA?

It boggles the mind completely. Total insanity, and that’s why the NSA should be shut down.

They infecting everyone’s computers with malware that has to be cleaned up by others. Such nice guys.

Speaking of legalities, I’m pretty sure this would qualify under several international laws as electronic terrorism, plus our own laws against it.. Ah, gee whiz..the NSA can’t do anything right!

ECA (profile) says:


NOW consider that WINDOWS is the most populous Operating system out there..
Lets even think SIDE WAYS, and say its FLASH based..
HOW about JAVA?
And since they are all customized to the OS…

any other reason NOT to use Windows products??
Windows must HIDe the program very well, also..
windows SERVER? WINDOWS 7? 8?

Someone GET me to linux..

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...