NSA bots monitor millions of Internet users

News by Steve Gold

Former CIA contractor Edward Snowden has alleged that NSA's surveillance is even more widespread than first thought.

The latest documents released by Snowden, first published on Glenn Greenwald's new Intercept website, suggest that the NSA's approach to monitoring targets' computers using eavesdropping malware has been on a near industrial scale, rather than carefully targeted.

Amongst the many tools used to carry out the targeted attacks - via compromised routers or Facebook - is an automated infection application known as ‘TURBINE' that can scale to millions of infection attempts a day.

TURBINE is complimented, says Snowden, by a platform called ‘QUANTUMHAND' which generates fake Facebook servers - presumably using DNS spoofing - which hapless users log into and so release their credentials.

Using these approaches, says Snowden, allows the NSA to take a highly automated approach to compromising the many elements of the Internet, even stretching to assuming control over cyber-criminal botnets, as well as creating their own botnet swarms.

Snowden's assertions add credence to reports last year that the NSA had Tier One ISP level access to various servers on the Internet, including backdoor - but direct - access to the systems of Facebook and Google.

The use of an automated approach to infection may help to explain why Facebook, Google and others have vehemently denied collusion with the US Government in allowing access to their servers.

Perhaps more worryingly from a UK perspective, Snowden's assertions continue to suggest that GCHQ has played a close role in working with NSA in its various activities. Last month, the UK intelligence agency was accused of harvesting Yahoo users' explicit Webcam images, and in January it was also accused of analysing Facebook likes and YouTube views. 

Professor John Walker, a Visiting Professor with Nottingham-Trent University's School of Science and Technology, said the latest assertions from Snowden were quite logical and suggest that the NSA's strategy in monitoring most aspects of the Internet is a long-term project for the agency.

"In the current security climate I actually think we should be supporting such actions," he said, adding that he does not have a problem with the level of surveillance taking place, nor the NSA's methodology.

You could argue, he told SCMagazineUK.com, that we are reaching the stage where George Orwell's `1984' novel - with Big Brother monitoring everyone's move - has become a reality, but there is also an argument to say that the NSA's actions are required. 

Digital forensics specialist Professor Peter Sommer - who is a Visiting Professor at Leicester's de Montfort University - was a lot more critical of the NSA's claimed activities, saying there is no way in which this sort of anticipatory activity can be justified - any more than the action of planting audio bugs in everyone's homes is justified, in case someone is thinking of conspiring against the state. 

"Each action of intrusion needs to be separately justified and authorised," he said. 

"It is difficult to look at today's global threats either to the US or the UK and believe that they could be coming from `millions' of sources. How can these global surveillance programmes ever get started within the Agencies if there is any sort of proper oversight?," he added.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Webcasts and interviews 

Interview - Everyone has an Achilles heel: The new security paradigm

How can we defend networks now that the perimeter has all but disappeared?
Brought to you in partnership with ExtraHop