The Hacker News Logo
Subscribe to Newsletter

Project TURBINE: NSA spreads sophisticated Malware Worldwide

NSA's Project TURBINE Spread sophisticated Malware worldwide
Besides collecting metadata and inserting backdoor to the devices and softwares, the US National Security Agency (NSA) has an eye on each post, picture, message you have ever sent on Facebook. I know you won’t be feeling free considering your privacy, but, this is what the NSA is doing to you.

The new revelation from the Glenn Greenwald’s desk remove the mask from one more secret surveillance operation carried out by the US intelligence agency NSA, the extensive program dubbed as ‘TURBINE’, according to the classified files provided previously by NSA whistleblower Edward Snowden.

Yes, the NSA, who has been working with its dedicated hacking unit, Tailored Access Operations (TAO) from the past several years on enlarging its caliber to infect devices with spyware and creating its own command-and-control servers to manage millions of infected systems at a time.

The secret documents presented by The Intercept website shows that the NSA with its British counterpart GCHQ are spreading a surveillance malware on computers and networking devices, “implants” that is capable to spam out millions of pieces of sophisticated malware at a time, that has been successively deployed over 50,000 Computer Network Exploitation (CNE) around the world and their number was expected to reach 85,000 by the end of 2013.

CHALLENGE FOR NSA - One presentation from 2009, marked top secret explained that the agency was dealing with a great challenge for an active SIGINT/attack is ‘scale’, and infecting a huge number of machines and casting a wide net for data collection, the Human drivers limit the ability for large-scale exploitation, because humans tend to operate within their own environment, not taking into account the bigger picture.

PROJECT TURBINE, THE NSA's SOLUTION - Top-secret documents reveal that the National Security Agency is dramatically expanding its ability to covertly hack into computers on a mass scale by using automated systems that reduce the level of human oversight in the process,” wrote the journalist.

So, Rather than limit such actions to human operatives, an automated system that was capable of managing malware implants is codenamed TURBINE in the revealed document, which was designed to allow the current implant network to scale to large size, i.e., millions of implants, this would be possible by creating a system that does automated control implants by groups instead of individual.

NSA TARGETED FACEBOOK - The NSA allegedly used a ‘man-on-the-side’ attack to target and infect millions of computers. The NSA also used “man-in-the-middle” attack to spread the malware, rather than relying on old tactics like Spamming links via emails.

The agency disguises itself as a fake Facebook server and trick unsuspecting users to log in thinking they were connecting to real Facebook’s server. So that the NSA could hack into users' systems and covertly stole out data from its hard drive.

In some cases the NSA has masqueraded as a fake Facebook server, using the social media site as a launching pad to infect a target’s computer and exfiltrate files from a hard drive. In others, it has sent out spam emails laced with the malware, which can be tailored to covertly record audio from a computer’s microphone and take snapshots with its webcam. The hacking systems have also enabled the NSA to launch cyber attacks by corrupting and disrupting file downloads, or denying access to websites.

MALWARE PLUGIN: NSA has also developed multiple plug-ins or add-ons for their malware:
  • UNITEDRAKE - capable to gain complete control of an infected computer.
  • CAPTIVATEDAUDIENCE- can hack computer’s microphone to record conversations taking place near the device.
  • GUMFISH - can covertly take over a computer’s web cam and snap photographs.
  • FOGGYBOTTOM - records logs of Internet browsing histories and collects login details and passwords used to access websites and email accounts.
  • GROK - a Keylogger Trojan, that logs keystrokes.
  • SALVAGERABBIT - to access data on removable flash drives that connect to an infected computer.
"It is unclear how many of the implants are being deployed on an annual basis or which variants of them are currently active in computer systems across the world." Glenn Greenwald said.

I HUNT SYS ADMINS, NOT TERRORISTS: According to the documents, an internal post titled as “I hunt sys admins”, makes it very clear that, terrorists are not the primary target of the NSA and this could be in the context of the attacks such as - Belgacom hacks, where GCHQ (Government Communications Headquarters) duped those Belgian based telecoms workers with bogus LinkedIn pages that infected their computers.

For much more technical detail, check out Greenwald's full report at First Look's The Intercept.

Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.
SHARE
Comments
Latest Stories
Best Deals

Newsletter — Subscribe for Free

Join over 500,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.