The US government designed computerized hacking tools to automate the process of compromising computers with attacks that let it harvest data before it is encrypted, new documents show.
March 12, 2014 8:28 AM PDT
One NSA “implant,” once installed could bypass encryption by making a secret copy of calls made over Skype or other voice-over-Internet Protocol communications, according to a document leaked by Edward Snowden.
(Credit: The Intercept)
Through an operation called Turbine, the NSA crafted an automated system designed to hack “millions” of computers, new documents from Edward Snowden’s leaks on government surveillance reveal.
According to documents published by The Intercept on Wedesday, Turbine created “implants” that let it gain access to peoples’ computers. Getting the implants onto machines involved an array of deceptions: fake Facebook Web pages, spam emails with malicious links, and man-in-the-middle attacks that would “shoot” bogus data at a target’s computer when the NSA detected it was visiting a Web site the NSA could spoof.
Once the National Security Agency implants were installed, they could be used to gain access to data before it was encrypted.
As the article describes some of the work:
An implant plug-in named CAPTIVATEDAUDIENCE, for example, is used to take over a targeted computer’s microphone and record conversations taking place near the device.
Another, GUMFISH, can covertly take over a computer’s webcam and snap photographs. FOGGYBOTTOM records logs of Internet browsing histories and collects login details and passwords used to access websites and email accounts. GROK is used to log keystrokes.
And SALVAGERABBIT exfiltrates data from removable flash drives that connect to an infected computer.
Google paves the way for more wearable apps
Snowden: Mass surveillance doesn’t work, encryption does
In most-anticipated SXSW talk in years, Snowden fires up Austin
Though the system was designed to work at large scale, through automated attack mechanisms that don’t require human intervention, it’s not clear exactly how broadly it actually was used. However, it appears the NSA was interested in more people than just the direct targets.
Attacking system administrators at foreign telecommunications and Internet service providers apparently was one broader group, for example. “Sys admins are a means to an end,” according to one document, since they make it easier to target a “government official that happens to be using the network some admin takes care of.”
In a statement to The Intercept, the NSA didn’t comment on specifics but said, “As the president made clear on 17 January, signals intelligence shall be collected exclusively where there is a foreign intelligence or counterintelligence purpose to support national and departmental missions, and not for any other purposes.”