Noah J Nelson on Thursday, Mar. 13th
Glenn Greenwald’s The Intercept has become the focal point for the continuing slow revelation of the files National Security Agency whistleblower Edward Snowden released to journalists.
The latest breakdown tells of how the NSA planned to infect millions of computers with malware, and in the process create an automated spy-net:
In some cases the NSA has masqueraded as a fake Facebook server, using the social media site as a launching pad to infect a target’s computer and exfiltrate files from a hard drive. In others, it has sent out spam emails laced with the malware, which can be tailored to covertly record audio from a computer’s microphone and take snapshots with its webcam. The hacking systems have also enabled the NSA to launch cyberattacks by corrupting and disrupting file downloads or denying access to websites.
The implants being deployed were once reserved for a few hundred hard-to-reach targets, whose communications could not be monitored through traditional wiretaps. But the documents analyzed by The Intercept show how the NSA has aggressively accelerated its hacking initiatives in the past decade by computerizing some processes previously handled by humans. The automated system – codenamed TURBINE – is designed to “allow the current implant network to scale to large size (millions of implants) by creating a system that does automated control implants by groups instead of individually.”
Even if a portion of the surveillance targets would be deemed legitimate by lay observers a larger issue hangs over the practice: the blind reliance on automation. Security experts note that the malware creates opportunities for exploitation that can be used by just about anyone. The Internet as a whole becomes less stable secure as such malware spreads. In short: the NSA was using a sledgehammer where a scalpel would have sufficed.