Information Security News
mailing list archives
NSA's automated hacking engine offers hands-free pwning of the world
From: InfoSec News <alerts () infosecnews org>
Date: Thu, 13 Mar 2014 05:47:54 +0000 (UTC)
By Sean Gallagher
March 12, 2014
Since 2010, the National Security Agency has kept a push-button hacking
system called Turbine that allows the agency to scale up the number of
networks it has access to from hundreds to potentially millions. The news
comes from new Edward Snowden documents published by Ryan Gallagher and
Glenn Greenwald in The Intercept today. The leaked information details how
the NSA has used Turbine to ramp up its hacking capacity to "industrial
scale," plant malware that breaks the security on virtual private networks
(VPNs) and digital voice communications, and collect data and subvert
targeted networks on a once-unimaginable scale.
Turbine is part of Turbulence, the collection of systems that also
includes the Turmoil network surveillance system that feeds the NSA's
XKeyscore surveillance database. While it is controlled from NSA and GCHQ
headquarters, it is a distributed set of attack systems equipped with
packaged "exploits" that take advantage of the ability the NSA and GCHQ
have to insert themselves as a "man in the middle" at Internet
chokepoints. Using that position of power, Turbine can automate functions
of Turbulence systems to corrupt data in transit between two Internet
addresses, adding malware to webpages being viewed or otherwise attacking
the communications stream.
Since Turbine went online in 2010, it has allowed the NSA to scale up from
managing hundreds of hacking operations each day to handling millions of
them. It does so by taking people out of the loop of managing attacks,
instead using software to identify, target, and attack Internet-connected
devices by installing malware referred to as "implants." According to the
documents, NSA analysts can simply specify the type of information
required and let the system figure out how to get to it without having to
know the details of the application being attacked.
The "selectors" that analysts can use to target victims through Turbine
are significant. Using Turmoil as a targeting system, Turbine can look for
identifying cookies from a number of Web services, including Google,
Yahoo, Twitter, Facebook, Hotmail, and DoubleClick, as well as those from
the Russian services Mail.ru, Rambler, and Yandex. Those cookies are all
available for targeting purposes, as is user account information from a
whole host of services.
Find the best IT Security talent without breaking your recruiting budget.
Jobs cross-posted to Simply Hired, Facebook and LinkedIn.
Hot InfoSec Jobs - http://www.hotinfosecjobs.com/
- NSA's automated hacking engine offers hands-free pwning of the world InfoSec News (Mar 13)