The NSA’s Hacking Operation

In the latest Snowden revelation, Ryan Gallagher and Glenn Greenwald report that the NSA is planning to infect millions of computers with malware:

In some cases the NSA has masqueraded as a fake Facebook server, using the social media site as a launching pad to infect a target’s computer and exfiltrate files from a hard drive. In others, it has sent out spam emails laced with the malware, which can be tailored to covertly record audio from a computer’s microphone and take snapshots with its webcam. The hacking systems have also enabled the NSA to launch cyberattacks by corrupting and disrupting file downloads or denying access to websites.

The implants being deployed were once reserved for a few hundred hard-to-reach targets, whose communications could not be monitored through traditional wiretaps. But the documents analyzed by The Intercept show how the NSA has aggressively accelerated its hacking initiatives in the past decade by computerizing some processes previously handled by humans. The automated system – codenamed TURBINE – is designed to “allow the current implant network to scale to large size (millions of implants) by creating a system that does automated control implants by groups instead of individually.”

Joshua Kopstein explains why this matters:

This revelation suggests that the NSA’s tailored-access platform is becoming a bit more like the un-targeted dragnets everyone has been so upset about: stuff like the mass-collection of phone metadata, and the tapping of undersea Internet cables, which allows the agency to filter through raw communications for keywords.

Of course, the question is whether having the capability to “target” people en-masse means that the NSA and GCHQ will necessarily do so. But based on what we know so far from the Snowden files, it’s hard to imagine what would stop them.

Sean Gallagher points out the dangers of such broad surveillance:

All of these capabilities give the NSA and GCHQ considerable reach. But they also run the risk of allowing others to stand on the agencies’ shoulders and take advantage of the exploits the NSA has already seeded into parts of the Internet’s infrastructure. Regardless of the scope of the NSA’s ongoing surveillance, the chance that someone else could hijack or repackage a capability like Hammerstein or SecondDate for criminal or other malicious means poses a risk to the entire Internet.

Meanwhile, Henry Farrell makes the case that Snowden’s leaks are actually helping the US by advertizing our cybersecurity capabilities:

Snowden’s revelations may provide a much more credible signal about the strength of the U.S. cybersecurity apparatus than anything that the government itself could say. Clearly, Snowden did not leak his information in order to puff up the reputation of the U.S. cybersecurity apparatus. His leaks have provoked fury among senior government officials. Equally, the material published to date has not been nearly as harmful to the U.S. government as it could have been. It has suggested that the U.S. and its close allies have strong and sophisticated capabilities, while providing only limited information on how those capacities are used against states like China and Russia. And these suggestions are taken seriously by other states. Snowden’s disagreements with the U.S. government makes him a much more credible messenger about the extent of U.S. cyber capabilities than any U.S. official. He doesn’t have the same incentives to bluff, exaggerate or misrepresent. Paradoxically, Snowden’s public conflict with the burgeoning U.S. cybersecurity state makes him a far better spokesman for the deterrent capabilities of that state than any US official could be.