Leaked Snowden Documents reveal the NSA’s grand plan to hack and steal data from millions of computers

NSA VPN exploit diagram

Yeah, you must have done a double take after seeing the headline. But it is true. Recently leaked Snowden documents reveal details about it. It was leaked by The Intercept. Read their article here.

Since the June of 2013, the public has been tense after Edward Snowden decided it was too much and risked his life to reveal the large scale spying programs of the NSA. They had been spying under our very nose. When they accused China of hacking their computers, they themselves were stealing information from countries worldwide and at times from their own citizens in the name of security.

At this year’s MWC , we saw the release of the privacy focused Blackphone and also the Freedom Pop ‘Snowden’ Privacy Phone as a tribute to the whistleblower and spread awareness about privacy.

Recently leaked documents by the Intercept show that the NSA was in the progress of automating the hacking process so that they can focus more on imminent threats.

The operation was codenamed TURBINE and it will dramatically improve the NSA’s hacking prowess and will allow it to steal data on a much larger scale (Read: millions) .

In 2013, it was revealed that the NSA had backdoors in many commmercial software and standards like encryption. This combined with fake Facebook webpages, spam mails with malicious links and and man-in-the-middle attacks that would “shoot” bogus data at a target’s computer when the NSA detected it was visiting a Web site the NSA could spoof (Last line from CNET) along with many others came together to form one single program which streamlined the work.

“A description of some implants from the Intercept:An implant plug-in named CAPTIVATEDAUDIENCE, for example, is used to take over a targeted computer’s microphone and record conversations taking place near the device. Another, GUMFISH, can covertly take over a computer’s webcam and snap photographs. FOGGYBOTTOM records logs of Internet browsing histories and collects login details and passwords used to access websites and email accounts. GROK is used to log keystrokes. And SALVAGERABBIT exfiltrates data from removable flash drives that connect to an infected computer.”

It also routinely hacked into some system administrators, as they are very valuable. Data from one sys-admin can reveal data about their network and the people using their network.

How easy was it?

Well, it is really simple. NSA officials just had to type in what they wanted to find (eg. the word bomb) and the program will do much of the hardwork. Hacking, extracting data, etc were all performed by the program automatically without human intervention and then the stolen data is forwarded to the NSA where it is analyzed and further action is taken.

How Effective?

In 2003 and 2004, when the NSA had just started putting these implants, they numbered between 100-150. But between 2010-2013, the number has grown up to tens of thousands of implants.

That is quite a number and allows the NSA to easily extract data from millions of computers without any human intervention whatsoever ( Unless you count the need to type the keywords. This will be automated in the future too and the whole spying will be automated with the NSA only being required to assess the dangers)

Since When?

The report shows that testing of TURBINE was going on since a few years and “after successful testing on about a dozen targets”, it was fully deployed in 2010.

The new revelations increases privacy concerns and show the potential of NSA. It brings together many NSA programs into one and streamlines them to make spying easier. So, yes, you have cause to fear. With just a click, all your data can be accessed by the NSA. It is THAT easy.

Advertisements

What are your Thoughts? Speak your Mind!

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s