Friday, March 21, 2014
NSA’s Secret Efforts to Hunt and Hack System Administrators
The agency NSA tracks down the private email and Facebook accounts of system administrators (or sys admins, as they are often called), before hacking their computers to gain access to the networks they control.
An implant plug-in named CAPTIVATEDAUDIENCE, for example, is used to take over a targeted computer’s microphone and record conversations taking place near the device. Another, GUMFISH, can covertly take over a computer’s webcam and snap photographs. FOGGYBOTTOM records logs of Internet browsing histories and collects login details and passwords used to access websites and email accounts. GROK is used to log keystrokes. And SALVAGERABBIT exfiltrates data from removable flash drives that connect to an infected computer.
The mission, codenamed “Operation Socialist,” was designed to enable GCHQ to monitor mobile phones connected to Belgacom’s network. The secret files deem the mission a “success,” and indicate that the agency had the ability to covertly access Belgacom’s systems since at least 2010.
Infiltrating cellphone networks, however, is not all that the malware can be used to accomplish. The NSA has specifically tailored some of its implants to infect large-scale network routers used by Internet service providers in foreign countries. By compromising routers – the devices that connect computer networks and transport data packets across the Internet – the agency can gain covert access to monitor Internet traffic, record the browsing sessions of users, and intercept communications.
Two implants the NSA injects into network routers, HAMMERCHANT and HAMMERSTEIN, help the agency to intercept and perform “exploitation attacks” against data that is sent through a Virtual Private Network, a tool that uses encrypted “tunnels” to enhance the security and privacy of an Internet session.
99% BAD HARDWARE WEEK: