Modern field guide to security and privacy

NSA mimics criminals in bid to infect millions of computers, report says

The NSA is moving far beyond the collection of data in an attempt to implant malicious software on potentially millions of computers worldwide, mimicking a criminal 'botnet,' according to the newest Edward Snowden leak.

Jack Plunkett/Invision/AP
Edward Snowden talks during a simulcast conversation during the SXSW Interactive Festival on Monday in Austin, Texas. Mr. Snowden has leaked a new set of NSA documents.

The National Security Agency is attempting to dramatically expand its espionage activities, implanting malicious software on potentially millions of computers worldwide, according to a new batch of leaked top secret documents.

They show the agency moving far beyond the collection of data flowing across the Internet to include “industrial scale espionage” that directly targets computer networks and backbone Internet systems like routers.

Such a sweeping campaign to infect millions of users would be so broad that it couldn’t possibly be a “targeted” program against specific individuals. Instead, it suggests that the NSA program is yet another potent part of a global mass-surveillance campaign that has roiled Congress, technology companies, and the public.

“This is not about targeted surveillance anymore, but wholesale mass surveillance – the legality of which has been questioned by some of its participants,” writes John Shier, a security adviser at Sophos, a global cloud-security provider in Oxford, England, in an e-mail interview. “The rapid growth of this program seems to further support the idea that the NSA’s definition of targeted surveillance is not quite the same as the rest of the world’s.”

The documents come from Edward Snowden, the former NSA contractor who has unveiled many other programs now under scrutiny. Those have included large-scale cyberespionage operations as well as the collection of billions of American’s phone-call records on Americans.

The new leaks suggest the NSA is “dramatically expanding its ability to covertly hack into computers on a mass scale by using automated systems that reduce the level of human oversight in the process,” says the analysis, which appeared Wednesday in The Intercept, an online news outlet run by Glenn Greenwald.

The move represented “a major tactical shift” toward “a new frontier of surveillance operations,” the story co-written by Mr. Greenwald says.

A top-secret August 2009 presentation suggested that one part of the operation (code-named TURBINE) was designed to operate “like the brain,” the Intercept reported. It manages the various tools in TURBINE and decides which ones to deploy in each machine it infects.

Targets weren’t limited to foreign adversaries, the report says. They included system administrators of Internet services, foreign phone companies, and backbone routers relied upon by Internet users worldwide. By hacking these routers – which link computer networks and convey data across the Internet – the NSA would get secret access to monitor Internet traffic.

The NSA refused to answer questions regarding so-called implants, but referred to a new presidential policy directive.

“Signals intelligence shall be collected exclusively where there is a foreign intelligence or counterintelligence purpose to support national and departmental missions, and not for any other purposes,” the NSA told The Intercept.

But that may not quell public and political anxiety over the NSA’s surveillance techniques. Also of note: Signs suggest that overseas agencies including Britain’s Government Communications Headquarters (GCHQ) were involved, too.

Part of the problem is that such programs not only make infected systems more vulnerable to criminal malware but also undermine public confidence in the Internet.

“Lots of innocent US citizens will be ensnared as a side-effect,” writes Andrew Jaquith, chief technology officer at SilverSky, a cloud-based cybersecurity company, in an e-mail interview. “Implantation of malware is useful in targeted cases... If true, [it] would certainly qualify as mass surveillance in my book.”

Other cybersecurity experts say the leaked documents show the NSA is appearing to mimic criminal computer “botnet” techniques that infiltrate, infect, and then enslave computers – turning those “zombies” into a computer army that can be used for criminal activity, espionage, or attacks.

“The TURBINE system detailed by the classified NSA documents does not propose a unique approach to mass exploitation, but instead details a federally funded botnet,” writes Michael Sutton, vice president of security research for Zscaler, a global cloud-based cybersecurity company, in an e-mail interview.

“It is simply not possible to infect millions of devices for intelligence gathering and not negatively impact innocent victims along the way,” he adds. “In doing so, the NSA is placing those individuals at risk by lowering the security of their devices and opening them to further attack by third parties.”

You've read  of  free articles. Subscribe to continue.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.