NSA Automates Cyber Crime Techniques For Mass Hacking

Thomas Brewster,
Airbus

Snowden leaks show NSA wanted to ramp up its hacking efforts with automation

The world already knew the National Security Agency (NSA) was using the same methods as digital criminals to hack people’s phones, but the latest Edward Snowden revelations have shown the agency has plans to automate many of the processes.

The system, known as Turbine, was designed to “allow the current implant network to scale to large size (millions of implants) by creating a system that does automated control implants by groups instead of individually”. Leaked slides also indicated the NSA had hijacked botnets to expand its surveillance.

GCHQ appears to have helped out with the mass malware operation, according to The Intercept, which based its report on more leaks from Edward Snowden. Its Menwith Hill Station centre was used to test many of the exploitation techniques.

Malware - Fotolia: skull button © alekup #34457353NSA hearts malware

In many cases, the NSA sent out reams of spam with malware attached. In other cases, it served up fake websites to users, such as a mock Facebook pages, performing man-in-the-middle attacks in an attempt to trick them into downloading malware.

In a slide from 2009, the NSA said it was clear humans alone could not reach the scale of electronic exploitation it wanted to achieve. “Human ‘drivers’ limit ability for large-scale exploitation (humans tend to operate within their own environment, not taking into account the bigger picture).”

Turbine, developed by the Tailored Access Operations group responsible for many of the NSA’s aggressive campaigns, would “relieve the user from needing to know/care about the details”.

Turbine was part of a wider project, known as Owning the Net. Various tools were used by NSA agents to take data from target machines, including those that recorded audio and took pictures via webcams. Foggybottom was used to steal passwords for online accounts of targets.

The NSA was keen to break into IT workers’ systems too. In an internal post, titled “I hunt sys admins”, an NSA employee talked of hacking machines running systems at Internet service providers. “Sys admins are a means to an end,” the operative wrote.

Two other injects used against routers are able to intercept and view data being sent over virtual private networks (VPNs).

Both GCHQ and the NSA declined to comment specifically on the attacks detailed in The Intercept.

What do you know about Internet security? Find out with our quiz!