Your Source for Leaks Around the World!

Shhh. Be Vewy Vewy Quiet, NSA Hunting Sys Admins

In Archive, NSA, NSA Files, Surveillance on March 21, 2014 at 1:21 PM
fudd-nsa-hunt-sys-admins

ELMER FUDD IMAGE NOT IN ORIGINAL SLIDE

03/20/2014

Ryan Gallagher/Peter Maass/TheIntercept:

Across the world, people who work as system administrators keep computer networks in order – and this has turned them into unwitting targets of the National Security Agency for simply doing their jobs. According to a secret document provided by NSA whistleblower Edward Snowden, the agency tracks down the private email and Facebook accounts of system administrators (or sys admins, as they are often called), before hacking their computers to gain access to the networks they control.

The document consists of several posts – one of them is titled “I hunt sys admins” – that were published in 2012 on an internal discussion board hosted on the agency’s classified servers. They were written by an NSA official involved in the agency’s effort to break into foreign network routers, the devices that connect computer networks and transport data across the Internet. By infiltrating the computers of system administrators who work for foreign phone and Internet companies, the NSA can gain access to the calls and emails that flow over their networks.

The classified posts reveal how the NSA official aspired to create a database that would function as an international hit list of sys admins to potentially target. Yet the document makes clear that the admins are not suspected of any criminal activity – they are targeted only because they control access to networks the agency wants to infiltrate. “Who better to target than the person that already has the ‘keys to the kingdom’?” one of the posts says.

The NSA wants more than just passwords. The document includes a list of other data that can be harvested from computers belonging to sys admins, including network maps, customer lists, business correspondence and, the author jokes, “pictures of cats in funny poses with amusing captions.” The posts, boastful and casual in tone, contain hacker jargon  (pwn, skillz, zomg, internetz) and are punctuated with expressions of mischief. “Current mood: devious,” reads one, while another signs off, “Current mood: scheming.”

The author of the posts, whose name is being withheld by The Intercept, is a network specialist in the agency’s Signals Intelligence Directorate, according to other NSA documents. The same author wrote secret presentations related to the NSA’s controversial program to identify users of the Tor browser – a privacy-enhancing tool that allows people to browse the Internet anonymously.

More…

Related Links:

REVEALED: How NSA Infects Computers with Malware

Sysadmins of the World, Unite! – Julian Assange, Jacob Appelbaum, Sarah Harrison @ 30c3

  1. […] internal post – titled “I hunt sys admins” – makes clear that terrorists aren’t the only targets of such NSA attacks. Compromising a […]

  2. […] from prosecution, and compelled collaboration by companies from Five Eyes countries. As a result, every system or network administrator needs to worry about protecting his system against this unprecedented threat level. In particular, citizens of […]

  3. […] HACIENDA to scan for vulnerable potential access points in the Belgacom’s networks; it then went hunting for particular engineers or administrators that it could infect with […]

  4. […] which it claims it can sometimes decrypt the Secure Shell protocol (SSH). This is typically used by systems administrators to log into employees’ computers remotely, largely for use in the infrastructure of […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: