The NSA has been brought into a new wave of scrutiny and criticism following recent allegations that they are increasingly resorting to illegal and criminal methods to achieve their objectives. The key issue is that their techniques are not restricted only to the surveillance of U.S enemies and criminals, but also the ordinary innocent.
In a detailed analysis, Ryan Gallagher and Glenn Greenwald write in the Intercept on How the NSA Plans to Infect ‘Millions’ of Computers with Malware: “Top-secret documents reveal that the National Security Agency is dramatically expanding its ability to covertly hack into computers on a mass scale by using automated systems that reduce the level of human oversight in the process.
The classified files – provided previously by NSA whistleblower Edward Snowden – contain new details about groundbreaking surveillance technology the agency has developed to infect potentially millions of computers worldwide with malware “implants.”
The clandestine initiative enables the NSA to break into targeted computers and to siphon out data from foreign Internet and phone networks. The covert infrastructure that supports the hacking efforts operates from the agency’s headquarters in Fort Meade, Maryland, and from eavesdropping bases in the United Kingdom and Japan. GCHQ, the British intelligence agency, appears to have played an integral role in helping to develop the implants tactic.”
This bombshell is followed by an analysis of tactics reportedly used extensively by the NSA, which among others includes use of social media, electronic communication, automation of manual processes to facilitate hacking and counter encryption tools and techniques. The intention is essentially two-pronged: gather intelligence and disrupt its gathering. Some of those techniques listed by The Intercept are:
The NSA masquerading as a fake Facebook server, using the social media site as a launching pad to infect a target’s computer and ‘exfiltrate’ files from a hard drive.
NSA sending out spam emails laced with the malware, which can be tailored to covertly record audio from a computer’s microphone and take snapshots with its webcam. The hacking systems have also enabled the NSA to launch cyber attacks by corrupting and disrupting file downloads or denying access to websites.
This would include the notorious “man-in-the-middle” tactic that for instance can covertly change the content of a message as it is being sent between two people, without either knowing that any change has been made by a third party. The same technique is sometimes used by criminal hackers to defraud people.
Documents analyzed by The Intercept show how the NSA has aggressively accelerated its hacking initiatives in the past decade by computerizing some processes previously handled by humans. The automated system – codenamed TURBINE – is designed to “allow the current implant network to scale to large size (millions of implants) by creating a system that does automated control implants by groups instead of individually.”
TURBINE is said to be part of a broader NSA surveillance initiative named “Owning the Net.”
Another aspect to this approach is the use of ‘botnets’. Based on sources quoted in a recent trunews.com report, while US law enforcement agencies have long tried to stamp out networks of compromised computers used by cybercriminals, the National Security Agency has been hijacking the so-called botnets as a resource for spying, “co-opting” more than 140,000 computers since August 2007 for the purpose of injecting them with spying software.
Botnets are typically used by criminals to steal financial information from infected machines, to relay spam messages, and to conduct “denial-of-service” attacks against websites by having all the computers try to connect simultaneously, thereby overwhelming them.
Counter-encryption tools with codenames such as UNITEDRAKE, which enables the agency to gain total control of an infected computer. CAPTIVATEDAUDIENCE, for example, is used to take over a targeted computer’s microphone and record conversations taking place near the device. Skype and other Voice Over IPs (VOIPs) are easily targeted. Not even the highly secure Virtual Private Networks (VPN) encryption technologies appear to be immune from the advanced hacking arsenal at the NSA’s disposal.
Mikko Hypponen, an expert in malware who serves as chief research officer at the Finnish security firm F-Secure, calls the revelations “disturbing…when they deploy malware on systems, they potentially create new vulnerabilities in these systems, making them more vulnerable for attacks by third parties……. It sounds like wholesale infection and wholesale surveillance.”
Such tools and methods are disturbingly, considered advanced enough to circumvent anti-virus programs and firewalls. Which is not that surprising, especially given the high caliber of human and technical skills and tools that the NSA has available to it.
The NSA , in its defense reportedly declined to answer questions about its deployment of implants, pointing to a new presidential policy directive announced by President Obama on 17th January stating that “signals intelligence shall be collected exclusively where there is a foreign intelligence or counterintelligence purpose to support national and departmental missions, and not for any other purposes.”
And neither are these nefarious tactics limited to the U.S. The Intercept reports that similar tactics have been adopted by Government Communications Headquarters (GCHQ), the NSA’s British counterpart. As the German newspaper Der Spiegel reported in September, GCHQ hacked computers belonging to network engineers at Belgacom, the Belgian telecommunications provider.
The mission, codenamed “Operation Socialist,” was designed to enable GCHQ to monitor mobile phones connected to Belgacom’s network. The secret files deem the mission a “success,” and indicate that the agency had the ability to covertly access Belgacom’s systems since at least 2010.
According to Tyler’s report:”… the GCHQ cooperated with the hacking attacks despite having reservations about their legality. One of the Snowden files, previously disclosed by Swedish broadcaster SVT, revealed that as recently as April 2013, GCHQ was apparently reluctant to get involved in deploying the QUANTUM malware due to “legal/policy restrictions.”
A representative from a unit of the British surveillance agency, meeting with an obscure telecommunications standards committee in 2010, separately voiced concerns that performing “active” hacking attacks for surveillance “may be illegal” under British law.” Tyler aptly concludes: “When even the GCHQ is questioning the legality of a surveillance program you know you’ve gone too far. Way too far.”
Other governments, some of which are reported to have participated in malware attacks include other members of the so-called Five Eyes surveillance alliance other than the U.S and the U.K– Canada, New Zealand, and Australia.
So is there any hope for those wishing to protect their privacy at any level? According to Tyler Durden, writing for zerohedge.com, during a talk at SXSW, Edward Snowden pleaded with people to use encryption. While he admitted that if the NSA targeted you individually they could almost certainly “own your computer,” he stated that if people use encryption on a massive scale it makes the NSA’s attempts to monitor everyone at the same time much more difficult.
Based on these reports, the NSA over-surveillance antics may have already hit rock bottom. Any chance that things will get better at some point? Don’t hold your breath.