Snowden Documents Reveal NSA Malware Push
March 13, 2014

New Details Surface On Reported NSA Malware Infiltration

Enid Burns for - Your Universe Online

The latest National Security Agency (NSA) efforts to surface from documents leaked by Edward Snowden include the agency reportedly using malware to infect computers, The Intercept reports.

Documents provided previously by Edward Snowden revealed new details of a spread of malware created by the agency. The NSA created an automated system, codenamed TURBINE, to aggressively install malware "implants" on targeted computers. The Intercept reports that the implants were originally reserved for a few hundred hard-to-reach target computers that are able to evade wiretaps and monitoring. It is believed that the spyware has been installed on as many as 100,00 systems since it was first deployed in mid-2010, SlashGear reports.

The NSA used several tactics in order to spread and operate the TURBINE malware. One such tactic was to create a fake Facebook server. "In some cases the NSA has masqueraded as a fake Facebook server, using the social media site as a launching pad to infect a target’s computer and exfiltrate files from a hard drive. In others, it has sent out spam emails laced with the malware, which can be tailored to covertly record audio from a computer’s microphone and take snapshots with its webcam. The hacking systems have also enabled the NSA to launch cyberattacks by corrupting and disrupting file downloads or denying access to websites," according to The Intercept's Ryan Gallagher and Glenn Greenwald.

TURBINE was operated from the NSA's headquarters in Fort Meade, Maryland as well as eavesdropping bases in the United Kingdom and Japan. While the NSA is the instigator in this case, there is evidence that the operation was carried out with cooperation from GCHQ, the British intelligence agency.

The malware was first distributed in 2010, and documents provided by Edward Snowden reveal that it was discussed at a top-secret presentation dated August 2009. The malware presented in the 2009 meeting is capable of performing automated actions, reducing the need for human operation. "The NSA describes a pre-programmed part of the covert infrastructure called the 'Expert System,' which is designed to operate 'like the brain.' The system manages the applications and functions of the implants and 'decides' what tools they need to best extract data from infected machines" wrote Gallagher and Greenwald.

The operation allowed for unprecedented access to "'industrial-scale exploitation' in a battle for Internet dominance," SlashGear's Chris Davies wrote.

"That, The Intercept's insiders say, makes it the perfect tool for broadly infecting a huge number of machines and casting a wide net for data collection. Rather than limit such actions to human operatives, TURBINE is an "intelligent command and control capability" that can run its own deployment and make its own decisions on which gathered data is important," wrote Davies.

The automated abilities of TURBINE made it possible to retain knowledge of the existence of the malware limited to just a few staffers. "What makes TURBINE particularly interesting for the NSA is how little staff would have to know technically about infected systems and software in order to extract information," Davies wrote.

It is reported that the NSA's "Owning the Net" initiative cost more than $67 million in 2013 alone.