New revelations about the activities of the NSA and their cohorts in the UK’s GCHQ reveal a clandestine plan to infect millions of computers worldwide with malware implants. In some cases the NSA masqueraded as a Facebook server.
Classified files revealed by whistleblower Edward Snowden include details about plans to infect millions of computers with malware with the purpose of spying on them.
The eavesdropping technology, or spyware, would infect computers whose users think they are accessing legitimate websites and web servers.
According to The Intercept, the covert infrastructure would be managed from the NSA’s Maryland headquarters and from bases in the UK and Japan.
The UK’s Government Communications Headquarters (GCHQ) is understood to have played a key role in formulating the implants tactic.
According to the LA Times, the National Security Agency (NSA) has been using a software program called Turbine to contaminate computers and networks with the implant software.
Spies like us
In one case, the NSA pretended to be social network Facebook by masquerading as a Facebook server – a tactic known as a ‘man-on-the-side’ attack – and then launched the implant to exfiltrate files from its hard drive.
And according to The Intercept, spam emails laced with malware once installed on a user’s machine would covertly record audio from a computer’s microphone, as well as take snapshots with its webcam.
It is believed that between 85,000 and 100,000 implants have been deployed worldwide so far.
Facebook has said this method of attack will no longer work on its servers and especially does not work for traffic carried over HTTPS, which became default on Facebook last year.
A nasty side effect of the NSA and GCHQ’s ambitious eavesdropping plan is the likelihood the software in turn opens up computers’ new security vulnerabilities.
“When they deploy malware on systems,” F-Secure expert Mikko Hypponen said in The Intercept article, “they potentially create new vulnerabilities in these systems, making them more vulnerable for attacks by third parties.”
Spyware image via Shutterstock