Since the June of 2013, the public has been tense after Edward Snowden decided it was too much and risked his life to reveal the large scale spying programs of the NSA. They had been spying under our very nose. When they accused China of hacking their computers, they themselves were stealing information from countries worldwide and at times from their own citizens in the name of security.
Recently leaked documents by the Intercept show that the NSA was in the progress of automating the hacking process so that they can focus more on imminent threats.
The operation was codenamed TURBINE and it will dramatically improve the NSA’s hacking prowess and will allow it to steal data on a much larger scale (Read: millions) .
In 2013, it was revealed that the NSA had backdoors in many commmercial software and standards like encryption. This combined with fake Facebook webpages, spam mails with malicious links and and man-in-the-middle attacks that would “shoot” bogus data at a target’s computer when the NSA detected it was visiting a Web site the NSA could spoof (Last line from CNET) along with many others came together to form one single program which streamlined the work.
“A description of some implants from the Intercept:An implant plug-in named CAPTIVATEDAUDIENCE, for example, is used to take over a targeted computer’s microphone and record conversations taking place near the device. Another, GUMFISH, can covertly take over a computer’s webcam and snap photographs. FOGGYBOTTOM records logs of Internet browsing histories and collects login details and passwords used to access websites and email accounts. GROK is used to log keystrokes. And SALVAGERABBIT exfiltrates data from removable flash drives that connect to an infected computer.”
It also routinely hacked into some system administrators, as they are very valuable. Data from one sys-admin can reveal data about their network and the people using their network.
How easy was it?
Well, it is really simple. NSA officials just had to type in what they wanted to find (eg. the word bomb) and the program will do much of the hardwork. Hacking, extracting data, etc were all performed by the program automatically without human intervention and then the stolen data is forwarded to the NSA where it is analyzed and further action is taken.
In 2003 and 2004, when the NSA had just started putting these implants, they numbered between 100-150. But between 2010-2013, the number has grown up to tens of thousands of implants.
That is quite a number and allows the NSA to easily extract data from millions of computers without any human intervention whatsoever ( Unless you count the need to type the keywords. This will be automated in the future too and the whole spying will be automated with the NSA only being required to assess the dangers)
The report shows that testing of TURBINE was going on since a few years and “after successful testing on about a dozen targets”, it was fully deployed in 2010.
The new revelations increases privacy concerns and show the potential of NSA. It brings together many NSA programs into one and streamlines them to make spying easier. So, yes, you have cause to fear. With just a click, all your data can be accessed by the NSA. It is THAT easy.