NSA mimics criminals in bid to infect millions of computers, report says

The NSA is moving far beyond the collection of data in an attempt to implant malicious software on potentially millions of computers worldwide, mimicking a criminal 'botnet,' according to the newest Edward Snowden leak.

The National Security Agency is attempting to dramatically expand its espionage activities, implanting malicious software on potentially millions of computers worldwide, according to a new batch of leaked top secret documents.

They show the agency moving far beyond the collection of data flowing across the Internet to include “industrial scale espionage” that directly targets computer networks and backbone Internet systems like routers.

Such a sweeping campaign to infect millions of users would be so broad that it couldn’t possibly be a “targeted” program against specific individuals. Instead, it suggests that the NSA program is yet another potent part of a global mass-surveillance campaign that has roiled Congress, technology companies, and the public.

“This is not about targeted surveillance anymore, but wholesale mass surveillance – the legality of which has been questioned by some of its participants,” writes John Shier, a security adviser at Sophos, a global cloud-security provider in Oxford, England, in an e-mail interview. “The rapid growth of this program seems to further support the idea that the NSA’s definition of targeted surveillance is not quite the same as the rest of the world’s.”

The documents come from Edward Snowden, the former NSA contractor who has unveiled many other programs now under scrutiny. Those have included large-scale cyberespionage operations as well as the collection of billions of American’s phone-call records on Americans.

The new leaks suggest the NSA is “dramatically expanding its ability to covertly hack into computers on a mass scale by using automated systems that reduce the level of human oversight in the process,” says the analysis, which appeared Wednesday in The Intercept, an online news outlet run by Glenn Greenwald.

The move represented “a major tactical shift” toward “a new frontier of surveillance operations,” the story co-written by Mr. Greenwald says.

A top-secret August 2009 presentation suggested that one part of the operation (code-named TURBINE) was designed to operate “like the brain,” the Intercept reported. It manages the various tools in TURBINE and decides which ones to deploy in each machine it infects.

Targets weren’t limited to foreign adversaries, the report says. They included system administrators of Internet services, foreign phone companies, and backbone routers relied upon by Internet users worldwide. By hacking these routers – which link computer networks and convey data across the Internet – the NSA would get secret access to monitor Internet traffic.

The NSA refused to answer questions regarding so-called implants, but referred to a new presidential policy directive.

“Signals intelligence shall be collected exclusively where there is a foreign intelligence or counterintelligence purpose to support national and departmental missions, and not for any other purposes,” the NSA told The Intercept.

But that may not quell public and political anxiety over the NSA’s surveillance techniques. Also of note: Signs suggest that overseas agencies including Britain’s Government Communications Headquarters (GCHQ) were involved, too.

Part of the problem is that such programs not only make infected systems more vulnerable to criminal malware but also undermine public confidence in the Internet.

“Lots of innocent US citizens will be ensnared as a side-effect,” writes Andrew Jaquith, chief technology officer at SilverSky, a cloud-based cybersecurity company, in an e-mail interview. “Implantation of malware is useful in targeted cases... If true, [it] would certainly qualify as mass surveillance in my book.”

Other cybersecurity experts say the leaked documents show the NSA is appearing to mimic criminal computer “botnet” techniques that infiltrate, infect, and then enslave computers – turning those “zombies” into a computer army that can be used for criminal activity, espionage, or attacks.

“The TURBINE system detailed by the classified NSA documents does not propose a unique approach to mass exploitation, but instead details a federally funded botnet,” writes Michael Sutton, vice president of security research for Zscaler, a global cloud-based cybersecurity company, in an e-mail interview.

“It is simply not possible to infect millions of devices for intelligence gathering and not negatively impact innocent victims along the way,” he adds. “In doing so, the NSA is placing those individuals at risk by lowering the security of their devices and opening them to further attack by third parties.”