NSA Aiming To Infect 'Millions' Of Computers Worldwide With Its Malware; Targets Telco/ISP Systems Administrators

from the so,-telco-sys-admins-are-now-'national-security-threats'-or-did-I-miss-t dept

The NSA is still working hard to make the world’s computer usage less safe. The latest leak published by The Intercept shows the agency plans to infect “millions” of computers worldwide with malware, making it easier for the NSA to harvest data and communications from these compromised machines.

The classified files – provided previously by NSA whistleblower Edward Snowden – contain new details about groundbreaking surveillance technology the agency has developed to infect potentially millions of computers worldwide with malware “implants.” The clandestine initiative enables the NSA to break into targeted computers and to siphon out data from foreign Internet and phone networks.

The methods detailed include the agency masquerading as a Facebook server and sending out laced spam emails in order to subvert users’ computers and give the NSA access to local files as well as control of webcams and microphones. Not only does the agency actively work to delay bug fixes in order to exploit systems, but its ongoing malware mission ensures that using a computer and/or accessing the web will always be more dangerous than it should be.

Mikko Hypponen, an expert in malware who serves as chief research officer at the Finnish security firm F-Secure, calls the revelations “disturbing.” The NSA’s surveillance techniques, he warns, could inadvertently be undermining the security of the Internet.

“When they deploy malware on systems,” Hypponen says, “they potentially create new vulnerabilities in these systems, making them more vulnerable for attacks by third parties.”

The NSA has argued previously that its malware targets are strictly national security threats. But the evidence provided here undermines this defense of NSA malware deployment.

In one secret post on an internal message board, an operative from the NSA’s Signals Intelligence Directorate describes using malware attacks against systems administrators who work at foreign phone and Internet service providers. By hacking an administrator’s computer, the agency can gain covert access to communications that are processed by his company. “Sys admins are a means to an end,” the NSA operative writes.

The internal post – titled “I hunt sys admins” – makes clear that terrorists aren’t the only targets of such NSA attacks. Compromising a systems administrator, the operative notes, makes it easier to get to other targets of interest, including any “government official that happens to be using the network some admin takes care of.”

The Intercept’s report notes that the GCHQ has deployed similar tactics, hacking into computers owned by Belgacom system engineers. The malware attacks go far beyond end user computers, targeting routers and setting the agency up for man-in-the-middle attacks (something that has become far more necessary as fewer and fewer people actually open, much less click links in spam email). The NSA may view this all as fair game — a means to an end — but the ugly truth is that the agency’s malware/hacking attempts are not limited to threats, but rather any person/service it believes can offer access to even more communications and data. At this point, the only thing slowing the agency down is the audacious size of its undertaking.

“One of the greatest challenges for active SIGINT/attack is scale,” explains the top-secret presentation from 2009. “Human ‘drivers’ limit ability for large-scale exploitation (humans tend to operate within their own environment, not taking into account the bigger picture).”

The program — utilizing the previously discussed TURBINE (part of the agency’s TAO – Tailored Access Operations), as well as several other NSA tools like SECONDDATE and WILLOWVIXEN — is aimed at “Owning the Internet” according to the leaked documents. This internet “ownership” ultimately belongs to the American public, whether they want it or not — the price tag (according to the leaked Black Budget) was $67.6 million last year. As the scope continues to broaden, the budget will expand as well. The end result is the US public funding the weakening of security standards and encryption worldwide, all in the name of “national security.”

At this point, neither agency named (GCHQ, NSA) has offered anything more than canned “in accordance with policy/applicable laws” text in response to the latest leaks. (Only the GCHQ has responded so far.) The NSA may try pass these efforts off as “targeting” foreign subjects, deliberately ignoring the facts that the internet has no real borders, and that undermining the security of users worldwide — no matter what the stated “goal” — makes the computing world less safe for everyone involved, including domestic end users.

Filed Under: , , , , , , , , , ,
Companies: facebook

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “NSA Aiming To Infect 'Millions' Of Computers Worldwide With Its Malware; Targets Telco/ISP Systems Administrators”

Subscribe: RSS Leave a comment
John Fenderson (profile) says:


“Finnish security firm F-Secure, calls the revelations ?disturbing.? The NSA?s surveillance techniques, he warns, could inadvertently be undermining the security of the Internet. “

There’s nothing inadvertent about it. They are intentionally undermining the security of the internet. That’s the whole point — to undermine it so that they have greater access.

Anonymous Coward says:

apart from the obvious consequences of this action by the NSA, anyone who has ever done something similar, and caught, has had to face serious reprisals! even DDoSing is a criminal offense with the punishments being imprisonment and yet here we are, with a national security agency, whose task is to protect the people, not just of it’s own nation but of others as well, all ready to infect the millions of machines around the globe and to do so

a)expecting no complaints, even though there will be no selective targeting
b) to do so with immunity, ie, no punishment at all!

this has got to stop! this taking over of machines and accessing mail is bad enough, but to take over cameras as well and then keeping the snap shots taken is the sort of thing a pervert, a pedophile or similar would perhaps do and again, no specific targeting, just a random log in to see what is being done and said.

this is actually sickening!!

John Fenderson (profile) says:

Re: Re: Re:

I am a tech (software engineer), and I would absolutely do this. In fact, I have turned down a number of job offers because the agencies offering the job were engaging in activities that I was not OK with, and have quite one job because I discovered they were doing things I disagreed with.

“and then make it difficult for you to ever get a decent job again”

It’s hard to see how they could do a lot in that direction. In the current job market, anyway, there is a shortage of good, experienced engineers. Jobs are plentiful if you’re willing to move to where they are. Competition for them is fierce.

Anonymous Coward says:

Re: Re: Re: Re:

My point was that it is the techs that implement these initiatives but not all will come forward and blow the whistle because of of government pressure. Thomas Drake is an example: The last I heard, he was only able to get a job at an apple store due to government pressure ruining his reputation. Fear is a powerful motivator especially if you have a family to support.

Anonymous Coward says:

Re: Re: Re:3 Re:

With a company it is much easier. Once it is connected to the government it will make it harder. I do generally agree with you though, but then it still comes down to the type of pressure someone is under. I wouldn’t work at a place that would compromise my morals, such as the NSA, but others may not think that when they take the job. Then family comes along and with the average American living paycheck to paycheck the government has a lot pressure they can put on that person. I believe this is one way how a lot of corruption happens and how it will keep happening. You also can’t think that it will only affect you in the family. I am betting people close to Snowden are now flagged in order to make things rather difficult. No fly list being one of them. It also may be the fact that I have a very pessimistic view of the federal government.

Anonymous Coward says:

What about OUR families?

So the NSA targets me, a system administrator, and tries to compromise my system(s). The ones that I use from work and home and on the road. The ones that I use to log into my bank accounts. The ones full of pictures of my kids and correspondence with their teachers. The ones that I use to communicate with my kids. The ones that I use to IM with my wife. The ones that either hold or transit all kinds of personal information about my family. The ones that I’ve tried, very hard, to lock down via good software and strong encryption and careful use, because all of that information would be highly valuable to someone who intends to harm my family.

And the NSA has done its best to make that possible: to compromise my systems. To make it easier for rapists to find out when my wife’s alone. To make it easier for pedophiles to get pictures of my kids. To make it easier for scammers to empty my bank accounts. To make it easier for thieves to break into my home. To make it easier for every scumbag on the planet to turn them into victims.

Thanks a lot, NSA, from the burglars and rapists and kidnappers and murderers. I’m sure they appreciate your efforts.

thebusdriver (user link) says:

Re: Re: Re: CFAA

you have only scratched the surface on a super important problem. there really is no education for the american public, that needs to be done. Second. phase two again with the education part on this issue. people are scared…of what? If the majority of the public knew about this…..and they will… i really think there will be backlash big time. its the part of who is brave enough to do this, with facts straight out. snowden is just a fall guy used as detraction at the same time bengazi went down. this is what it will take. knowledge is power. information has more power. when the public finds the real truth behind the scenes, then…..fallout retribution will follow. just wait till google, microsoft. intel, HP, ATT oh boy, get busted. i believe this will happen and soon. this will be faster than the court system. everyone will see no laws, therefore no crimes, no law enforcement to enforce what? these politicians all suck, live in the past. however, silver lining in the cloud laws only for isp’s, google, microsoft, hp, facebook, etc. have immunity laws to protect them, however none for us.

madasahatter (profile) says:

Controlling viruses

The analogy of computer malware to biological viruses is more apt than often realized. In biological warfare controlling a virus or bacteria once it is in the wild is very difficult. There is a high risk the it could infect your own people. The same with computer malware, once in the wild there is a significant risk it can be used against you, whether it is accidental or deliberate. The problem is the dim-bulbs authorizing these attacks do not realize they are at risk.

John Fenderson (profile) says:

Re: Controlling viruses

You’re correct, but there’s an even more basic problem here. In order for a virus to work, it has to exploit a security flaw in the system it wants to infect. The NSA collects, keeps secret (as in doesn’t inform the companies making the hardware & software), and in at least one case introduces security flaws to enable their virii to work.

Even if they never produced a virus at all, they’ve already done great damage in just laying the groundwork for them.

ahow628 (profile) says:

Oops, wrong target...

Seems to me that trying to infect computers that aren’t patched and spamming infected email is targeting the wrong people altogether. The people with important information are typically patched and on the lookout for social engineering.

I’m not sure how much valuable information they will get from granny with her malware infected Windows XP box. Although maybe she’ll send them thousands of dollars in hopes they’ll send her millions in return.

Alan Wakefield (profile) says:


Sorcha Faal? Monday, September 26, 2011
Check this out Guys I finally broke through the information barrier. This Character is another fraud and CIA disinformation agent.” http://nesaranews.blogspot.com/2011/09/boothsorcha-fraud-from-cia.html
Lots of other sites on Booth/Faal. Note the date on the web site I posted above. Booth/Faal was first “outed” in 2011.
When is this computer “catastrophe” supposed to occur? IT AIN’T GONNA’ HAPPEN! YOU CAN TAKE THAT TO THE BANK!
Saw another site that DID NOT connect Faal/Boothe to either the NSA or the CIA. Is there a connection? Does it matter? Don’t they ALL lie to us?

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...