iTnews
  • Home
  • News
  • Technology
  • Security

NSA spreads malware 'on an industrial scale'

By Juha Saarinen on Mar 13, 2014 5:15AM
NSA spreads malware 'on an industrial scale'

VPNs and VoIP sessions targetted.

The United States National Security Agency appears to be engaged in a massive malware disseminating campaign to infect computer systems and networks around the world, according to leaked top secret documents.

A PowerPoint presentation provided to The Intercept by Snowden purports to show how the NSA plans to spread malware on systems automatically, using the TURBINE system and fake Facebook servers, so as to infect millions of computers.

NSA's efforts started ten years ago through its Tailored Acces Operations (TAO) unit, whose mission is to "aggressively scale" electronic infiltration methods for "industrial-scale exploitation".

The spy agency utilises a large arsenal of imaginatively named malware to remotely control computers and to capture data from them, as well as to interrupt their operation:

  • UNITEDRAKE is modular malware that can take complete control of infected computers.
  • CAPTIVATEDAUDIENCE hijacks computer microphones and records conversations.
  • FOGGYBOTTOM snatches web browser history files, and login details for sites and email accounts.
  • GUMFISH controls webcams and takes photographs.
  • SALVAGERABBIT can capture data from external drives and send it to the NSA.
  • GROK is a keylogger.
  • QUANTUMSKY blocks access to specific websites.
  • QUANTUMCOPPER corrupts targets' file downloads.

By using malware deployed in network routers, the NSA may be able to access data passing through virtual private networks. The HAMMERSTEIN man in the middle malware appears to attack the Internet Key Exchange (IKE) phase used to set up secure VPN sessions, and attempts decryption of content.

In a similar manner, the HAMMERCHANT router implant can compromise Voice over Internet Protocol communications, capturing Session Initiation Protocol (SIP/H.323) signalling used to set up calls as well the Real Time Protocol (RTP) data streams for the content.

How the NSA Secretly Masqueraded as Facebook to Hack Computers for Surveillance.

According to the presentation, NSA exploits vulnerabilities in web browsers, the Oracle Java and Adobe Flash frameworks, and router software to infect devices. The malware is said to be able to hide itself from anti-virus programs and can delete itself after a set time if needed.

The NSA's favoured attack method to implant malware is the "man in the middle" (MITM) technique, whereby software is secretely placed on networks between computers communicating with each other. MITM allows multiple devices to be targeted and also makes it easier to capture the data they transmit.

The exact scale of NSA's malware dissemination campaign remains unknown as the US government refuses to provide detail on the operations, but the agency is believed to have successfully compromised as many as 100,000 systems around the world.

Digital liberties group the Centre for Democracy and Technology senior counsel Harley Geiger said "if this report is accurate, the NSA is acting like a spambot."

"The use of malware implants should be targeted against specific threats in tightly controlled situations, but this kind of mass automated surveillance would put countless Internet users at risk," Geiger said.

Australian and New Zealand intelligence agencies were privy to the information in the NSA presentation, along with their equivalents in Canada and Britain, and are believed to participate in the programme itself.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
gchqinfosecmalwarensasecurityskypesnowdensurveillancevoipvpn

Partner Content

Why Genworth Australia embraced low-code software development
Promoted Content Why Genworth Australia embraced low-code software development
Accenture and Google Cloud team up to create a loveable, Australian-first, renewable energy product
Promoted Content Accenture and Google Cloud team up to create a loveable, Australian-first, renewable energy product
Why rethinking your CMS is crucial for customer retention
Promoted Content Why rethinking your CMS is crucial for customer retention
Security: Understanding the fundamentals of governance, risk & compliance
Promoted Content Security: Understanding the fundamentals of governance, risk & compliance

Sponsored Whitepapers

Free eBook: Digital Transformation 101 – for banks
Free eBook: Digital Transformation 101 – for banks
Why financial services need to tackle their Middle Office
Why financial services need to tackle their Middle Office
Learn: The latest way to transfer files between customers
Learn: The latest way to transfer files between customers
Extracting the value of data using Unified Observability
Extracting the value of data using Unified Observability
Planning before the breach: You can’t protect what you can’t see
Planning before the breach: You can’t protect what you can’t see

Events

  • Forrester Technology & Innovation Asia Pacific 2022
By Juha Saarinen
Mar 13 2014
5:15AM
0 Comments

Related Articles

  • Chinese researchers attribute 'top-tier' backdoor to NSA Equation Group
  • Don't remove PowerShell: US, UK and NZ security agencies
  • VMware, F5, Log4j added to EnemyBot attack targets
  • Zyxel firewalls vulnerable to remote code execution
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

Telstra deregisters 900MHz sites “hindering” Optus 5G rollout

Telstra deregisters 900MHz sites “hindering” Optus 5G rollout

Aussie Broadband nears end of NBN PoI fibre rollout

Aussie Broadband nears end of NBN PoI fibre rollout

Defence, DEWR drop $160m on Microsoft software, Azure

Defence, DEWR drop $160m on Microsoft software, Azure

Transport for NSW exits Global Switch data centre

Transport for NSW exits Global Switch data centre

Digital Nation

Case Study: Swinburne University overhauls student management system
Case Study: Swinburne University overhauls student management system
Case Study: Multicloud business drivers at MLC Life Insurance
Case Study: Multicloud business drivers at MLC Life Insurance
COVER STORY: What happens when Google changes its algorithm?
COVER STORY: What happens when Google changes its algorithm?
Personalisation strategies need to be built from the ground up
Personalisation strategies need to be built from the ground up
COVER STORY: Multiple cloud models make security more complex
COVER STORY: Multiple cloud models make security more complex
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.