The National Security Agency impersonates Facebook Inc (NASDAQ:FB) to inject malware on people’s computers, according to the latest article from Ryan Gallagher and Glenn Greenwald at The Intercept, who continue to release information from the classified files leaked by former NSA contractor Edward Snowden.
In the past, the NSA has used infected links in spam emails to send out malware, but growing awareness not to trust emails from people you don’t know and not to click on links or download files without knowing what they are in advance has made this ineffective. To make up for that, the NSA uses both man-on-the-side and man-in-the-middle attacks that allow its servers to impersonate Facebook Inc (NASDAQ:FB) and install malware in a fraction of a second.
TURBINE scales malware infection to millions
According to Greenwald, the documents indicate that this method was originally used only on especially hard to reach targets, which is basically what the NSA was created to do, but this and other techniques have been automated under a program called TURBINE that scales the malware infection techniques to attack millions of targets instead of hundreds so that agents can later use the implants if the necessity arises. One classified document says that the purpose of TURBINE is to “increase the current capability to deploy and manage hundreds of Computer Network Exploitation (CNE) and Computer Network Attack (CNA) implants to potentially millions of implants.” Greenwald explains that CNE implants extract information from infected computers, while CNA implants destroy or disrupt the computers instead.
“When they deploy malware on systems… they potentially create new vulnerabilities in these systems, making them more vulnerable for attacks by third parties, writes Mikko Hypponen, chief research officer at F-Secure. “It couldn’t possibly be targeted and named. It sounds like wholesale infection and wholesale surveillance.”
In addition to the civil rights concerns over mass surveillance, Hypponen worries that wholesale infection of computers and routers also jeopardizes cybersecurity because it creates new vulnerabilities for hackers to exploit.
Other nations involved in NSA’s mass surveillance
While the NSA has taken the most flack about mass surveillance, it is clear that they aren’t the only game in town, they’re just the ones we have the most information about. The NSA’s counterparts in the United Kingdom, Canada, New Zealand, and Australia were aware of the use of TURBINE implants, and the UK in particular cooperated heavily with the system’s deployment, says the report. But it’s not only American allies that are involved in mass surveillance.
“Hacking routers has been good business for us and our 5-eyes partners for some time,” wrote one NSA analyst in a classified memo. “But it is becoming more apparent that other nation states are honing their skillz [sic] and joining the scene.”