Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

NSA Has ‘Industrial Scale’ Malware for Spying: Report

WASHINGTON – The National Security Agency has developed malware that allows it to collect data automatically from millions of computers worldwide, a report based on leaked documents showed Wednesday.

WASHINGTON – The National Security Agency has developed malware that allows it to collect data automatically from millions of computers worldwide, a report based on leaked documents showed Wednesday.

The report co-authored by former Guardian reporter Glenn Greenwald for the online news site The Intercept said the program has dramatically expanded the US spy agency’s ability to covertly hack into computers on a mass scale.

The report is based on classified documents provided by former NSA contractor Edward Snowden.

It said the surveillance technology allows the NSA to infect potentially millions of computers worldwide with malware “implants” which can help the agency extract data from overseas Internet and phone networks.

The report by Greenwald and reporter Ryan Gallagher said these implants were once reserved for a few hundred hard-to-reach targets whose communications could not be monitored through traditional wiretaps but that the NSA has expanded this to “industrial scale,” according to the documents.

The automated system codenamed TURBINE expands the ability to gather intelligence with less human oversight, according to the report.

The report was the first by Greenwald based on leaked documents since he joined First Look Media, an organization backed by tech entrepreneur Pierre Omidyar that includes The Intercept.

Greenwald was among the first journalists to publish documents leaked by Snowden describing the vast surveillance programs of the NSA and other intelligence services, sparking a massive outcry.

Wednesday’s report said the covert infrastructure that supports TURBINE operates from the NSA headquarters in Maryland, and from eavesdropping bases in Britain and Japan and that the British intelligence agency GCHQ appears to have played an important role in the effort.

The report said that in some cases the NSA has used a decoy Facebook server to infect a target’s computer and exfiltrate files.

It said the malware can also covertly record audio from a computer’s microphone and take snapshots with its webcam.

The Intercept said the malware has been in existence since 2004 but that the automated program expanding its use appears to have begun in 2010.

The malware can be installed in as little as eight seconds, according to the documents.

Because people have become suspicious of email attachments, the report said the NSA has had to resort to new tools to install the malware such as “man-in-the-middle” and “man-on-the-side” attacks through Internet browsers.

The NSA, queried by AFP, did not directly respond to the report. But an NSA official reiterated policy that its operations are conducted “exclusively where there is a foreign intelligence or counterintelligence purpose to support national and departmental missions, and not for any other purposes.”

Written By

AFP 2023

Click to comment

Expert Insights

Related Content

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Ransomware

The Hive ransomware website has been seized as part of an operation that involved law enforcement in 10 countries.

Cybercrime

CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.

Cybercrime

Chinese threat actor DragonSpark has been using the SparkRAT open source backdoor in attacks targeting East Asian organizations.

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Malware & Threats

Norway‎-based DNV said a ransomware attack on its ship management software impacted 1,000 vessels.

Malware & Threats

Cybercrime in 2017 was a tumultuous year "full of twists and turns", with new (but old) infection methods, a major return to social engineering,...