When the NSA bugs Facebook spying
Glenn Greenwald, a political journalist, lawyer and blogger, worked with Edward Snowden on the revelations about the surveillance program of the American National Security Agency (NSA). He is the one who published the information gathered from Snowden’s documents in the British newspaper The Guardian. On his website The Intercept, Greenwald gives a list of spying techniques used by the NSA to watch users.
Some weeks ago, during the series of conferences of the South by Southwest (SXSW) festival in Austin (Texas, USA), Snowden pleaded for all internet users to use encryption (a service offered free of charge by some secure email websites) in order to protect themselves from intelligence agencies. However, Snowden explained that the NSA could target a particular user, and in this case “infiltrate his computer”.
The NSA is conscious about the risk it faces with these protection attempts; this is why it has dedicated important funds (taxpayers’ money) to try to bug on a massive scale millions of computers with spiteful software, which could eventually make NSA the “owner of the net” according to Zero Hedge. “NSA’s surveillance techniques could unwillingly endanger internet security” warned Mikko Hypponen, a malware expert.
The agency has widened its hacking capability by automating its systems and reducing human surveillance. In some instances, the NSA has used a fake Facebook server to highjack the social network in order to use it as a “launching ramp” allowing it to bug targeted computers and extract information from their hardware. It also sent spams with “malware implants” which are able to hack a computer in a number of ways. These implants were developed in an automated program named Turbine, which allows the implantation of malware on a large scale. In 2004, we were only talking about 100 to 150 implants but lately their number has grown to tens of thousands. Snowden’s reports state that between 85,000 and 100,000 implants have already been sent onto computers and within social networks across the world. Some $67.6 million were invested in the development of the Turbine program in order to allow it to extend to “a great variety of networks”.
Codename “Unitedrake” implant may be used with a variety of plugins, software extensions modules which allow total control of the infected computer. “Captivatedaudience” records conversations from the computer’s microphone. “Gumfish” takes pictures from the webcam. “Foggybottom” records the whole navigation history and gathers information about connections and passwords. “Grok” is used to record keystrokes and all user’s activities. “Salvagerabbit” steals data thanks to removable disks connected to the infected computer.
Furthermore, these implants also allegedly enable the NSA to override encryption tools used to surf the web anonymously and encrypt email contents. That is made possible by the fact that the agency’s malware gives unlimited access to the targeted computer as long as the user does not protect his communications by encrypting them. “Quantumsky”, a malware developed in 2004, allows blocking the computer’s access to certain websites and “Quantumcopper” tested in 2008, is used to corrupt the target’s downloaded files.
These techniques have not only been used to track suspects in terrorism affairs. Spiteful software has also been used against system administrators for phone and internet services suppliers in order to access/spy on company’s secret communications. According to a 2012 top secret document, in order to deploy these implants, the NSA sends thousands of spams inviting users to click on links that activate the spiteful software. Once activated, the computer is infected within 8 seconds. The attack technique “man-in-the-middle” redirects the user’s internet browser towards the NSA’s servers trying to bug the computer. The tactic “man-on-the-side”, codenamed “Quantumhand” allows the NSA to disguise itself as a fake Facebook server and to transfer a spiteful data when the target attempts to connect to the social network. By using this malware which resembles an ordinary Facebook page, the NSA can hack the user’s computer, access data on the hardware and can modify the communication. This all has heightened up the Facebook spying immensely via such sophisticated tactics.
Firewalls and other conventional security measures don’t seem to bother the NSA. Actually, the agency’s hackers seem confident they can circumvent all protections and infect any computer or network. “If we can manage for the targeted computer to visit us in a sort of web browser, we can probably control it” said one of the agency’s hackers quoted in one of the secret documents.
The NSA has denied using social networks in order to infect several thousands of computers with spiteful software. According to the NSA, its technical capabilities are used for appropriate and legitimate operations regarding foreign intelligence.
– Mailfence Team
Patrick is the co-founder of Mailfence. He’s been a serial entrepreneur and startup investor since 1994 and launched several pioneering internet companies such as Allmansland, IP Netvertising or Express.be. He is a strong believer and advocate of encryption and privacy. You can follow @pdeschutter on Twitter and LinkedIn.