Your Source for Leaks Around the World!

NSA Digital Arms: Documents on Network Attacks/Exploitation/Malware/Implants/Exfiltration/Botnet Takeovers

In Archive, CYBERCOM, Hacking, Military, NSA, NSA Files, ROC, Surveillance, TAO on February 6, 2015 at 12:29 PM

digital-arms

01/17/2015

h/t Jacob Appelbaum/Laura Poitras/SPIEGEL:

THE BIRTH OF D WEAPONS

According to top secret documents from the archive of NSA whistleblower Edward Snowden seen exclusively by SPIEGEL, intelligence agencies are planning for wars of the future in which the Internet will play a critical role, with the aim of being able to use the net to paralyze computer networks and, by doing so, potentially all the infrastructure they control, including power and water supplies, factories, airports or the flow of money.

During the 20th century, scientists developed so-called ABC weapons — atomic, biological and chemical. It took decades before their deployment could be regulated and, at least partly, outlawed. New digital weapons have now been developed for the war on the Internet. But there are almost no international conventions or supervisory authorities for these D weapons, and the only law that applies is the survival of the fittest.

Canadian media theorist Marshall McLuhan foresaw these developments decades ago. In 1970, he wrote, “World War III is a guerrilla information war with no division between military and civilian participation.” That’s precisely the reality that spies are preparing for today.

The US Army, Navy, Marines and Air Force have already established their own cyber forces, but it is the NSA, also officially a military agency, that is taking the lead. It’s no coincidence that the director of the NSA also serves as the head of the US Cyber Command. The country’s leading data spy, Admiral Michael Rogers, is also its chief cyber warrior and his close to 40,000 employees are responsible for both digital spying and destructive network attacks.

From a military perspective, surveillance of the Internet is merely “Phase 0” in the US digital war strategy. Internal NSA documents indicate that it is the prerequisite for everything that follows. They show that the aim of the surveillance is to detect vulnerabilities in enemy systems. Once “stealthy implants” have been placed to infiltrate enemy systems, thus allowing “permanent accesses,” then Phase Three has been achieved — a phase headed by the word “dominate” in the documents. This enables them to “control/destroy critical systems & networks at will through pre-positioned accesses (laid in Phase 0).” Critical infrastructure is considered by the agency to be anything that is important in keeping a society running: energy, communications and transportation. The internal documents state that the ultimate goal is “real time controlled escalation”.

One NSA presentation proclaims that “the next major conflict will start in cyberspace.” To that end, the US government is currently undertaking a massive effort to digitally arm itself for network warfare. For the 2013 secret intelligence budget, the NSA projected it would need around $1 billion in order to increase the strength of its computer network attack operations. The budget included an increase of some $32 million for “unconventional solutions” alone.

In recent years, malware has emerged that experts have attributed to the NSA and its Five Eyes alliance based on a number of indicators. They include programs like Stuxnet, used to attack the Iranian nuclear program. Or Regin, a powerful spyware trojan that created a furor in Germany after it infected the USB stick of a high-ranking staffer to Chancellor Angela Merkel. Agents also used Regin in attacks against the European Commission, the EU’s executive, and Belgian telecoms company Belgacom in 2011.

Given that spies can routinely break through just about any security software, virtually all Internet users are at risk of a data attack.

The new documents shed some new light on other revelations as well. Although an attack called QUANTUMINSERT has been widely reported by SPIEGEL and others, documentation shows that in reality it has a low success rate and it has likely been replaced by more reliable attacks such as QUANTUMDIRK, which injects malicious content into chat services provided by websites such as Facebook and Yahoo. And computers infected with STRAITBIZARRE (PDF/37MB) can be turned into disposable and non-attributable “shooter” nodes (PDF/2MB). These nodes can then receive messages from the NSA’s QUANTUM network, which is used for “command and control for very large scale active exploitation and attack.” The secret agents were also able to breach mobile phones by exploiting a vulnerability in the Safari browser in order to obtain sensitive data and remotely implant malicious code.

In this guerrilla war over data, little differentiation is made between soldiers and civilians, the Snowden documents show. Any Internet user could suffer damage to his or her data or computer. It also has the potential to create perils in the offline world as well. If, for example, a D weapon like BARNFIRE were to destroy or “brick” the control center of a hospital as a result of a programming error, people who don’t even own a mobile phone could be affected.

Intelligence agencies have adopted “plausible deniability” as their guiding principle for Internet operations. To ensure their ability to do so, they seek to make it impossible to trace the author of the attack.

It’s a stunning approach with which the digital spies deliberately undermine the very foundations of the rule of law around the globe. This approach threatens to transform the Internet into a lawless zone in which superpowers and their secret services operate according to their own whims with very few ways to hold them accountable for their actions.

TUTELAGE & DEFIANTWARRIOR: TRANSFORMING DEFENSES INTO ATTACKS

The search for foreign cyber attacks has long since been largely automated by the NSA and its Five Eyes partners. The TUTELAGE system can identify incursions and ensure that they do not reach their targets.

See: NSA Document: Combating Anonymous’ Use of Low Orbit Ion Cannon (LOIC)

The NSA is also able to transform its defenses into an attack of its own. The method is described as “reverse engineer, repurpose software” and involves botnets, sometimes comprising millions of computers belonging to normal users onto which software has been covertly installed. They can thus be controlled remotely as part of a “zombie army” to paralyze companies or to extort them. If the infected hosts appear to be within the United States, the relevant information will be forwarded to the FBI Office of Victim Assistance. However, a host infected with an exploitable bot could be hijacked through a QUANTUMBOT attack and redirected to the NSA. This program is identified in NSA documents as DEFIANTWARRIOR and it is said to provide advantages such as “pervasive network analysis vantage points” and “throw-away non-attributable CNA (eds: computer network attack) nodes.” This system leaves people’s computers vulnerable and covertly uses them for network operations that might be traced back to an innocent victim. Instead of providing protection to private Internet users, QUANTUMBOT uses them as human shields in order to disguise its own attacks.

It’s not just computers, of course, that can be systematically broken into, spied on or misused as part of a botnet. Mobile phones can also be used to steal information from the owner’s employer. The unwitting victim, whose phone has been infected with a spy program, smuggles the information out of the office. The information is then retrieved remotely as the victim heads home after work. Digital spies have even adopted drug-dealer slang in referring to these unsuspecting accomplices. They are called “unwitting data mules.”

INTELLIGENCE WORLD IS SCHIZOPHRENIC & NEEDS TO BE TREATED

The intelligence world is a schizophrenic one. The NSA’s job is to defend the Internet while at the same time exploiting its security holes. It is both cop and robber, consistent with the motto adhered to by spies everywhere: “Reveal their secrets, protect our own.”

As a result, some hacked servers are like a bus during rush hour, with people constantly coming and going. The difference, though, is that the server’s owner has no idea anyone is there. And the presumed authorities stand aside and do nothing.

NSA agents aren’t concerned about being caught. That’s partly because they work for such a powerful agency, but also because they don’t leave behind any evidence that would hold up in court. And if there is no evidence of wrongdoing, there can be no legal penalty, no parliamentary control of intelligence agencies and no international agreement. Thus far, very little is known about the risks and side-effects inherent in these new D weapons and there is almost no government regulation.

Edward Snowden has revealed how intelligence agencies around the world, led by the NSA, are doing their best to ensure a legal vacuum in the Internet. In a recent interview with James Bamford for an upcoming PBS NOVA special, the whistleblower voiced his concerns that “defense is becoming less of a priority than offense.”

Snowden finds that concerning. “What we need to do,” he said, “is we need to create new international standards of behavior.”

More:

NSA Hacking Unit Remote Operations Center (ROC)

“Steal Their Tools, Tradecraft, Targets and Take”: How NSA Uses Other Countries’ Cyber Attacks to Their Advantage

  1. […] addition to providing a view of the US’s own ability to conduct digital attacks, Snowden’s archive also reveals the capabilities of other countries. The TRANSGRESSION team […]

  2. […] specialists at the Remote Operations Center (ROC) have an entire palette of digital skeleton keys and crowbars created by the Tailored Access Operations (TAO) unit, enabling access to even the best protected […]

  3. […] and the Low Orbit Ion Cannon (LOIC) are mentioned in a new NSA document from the Snowden trove published by Der Spiegel. LOIC is software that has been used in the past by the hacktivist collective Anonymous to disable […]

  4. […] code of a NSA keylogger named QWERTY is contained in documents from the Snowden archive published by Der Spiegel. It’s a piece of software designed to surreptitiously intercept all keyboard keys pressed by […]

  5. […] document, included in a trove of Snowden material released by Der Spiegel on January 17, outlines a secret program run by the intelligence agencies called BADASS. The […]

  6. […] NSA Digital Arms: Documents on Network Attacks/Exploitation/Malware/Implants/Exfiltration/Botnet Tak…. […]

  7. […] Related Link: NSA Digital Arms: Documents on Network Attacks/Exploitation/Malware/Implants/Exfiltration/Botnet Tak… […]

  8. […] years have been filled with revelations about NSA surveillance activities and the sophisticated spy tools the agency uses to take control of everything from individual systems to entire networks. Now it […]

  9. […] network exploitation, or mass hacking, is a technique through which computer networks are used to infiltrate target computers’ networks […]

  10. […] called EONBLUE. According to documents (1) (2) leaked by whistleblower Edward Snowden,  ​and published by Der Spiegel last month, the program is designed to “track known threats,” “discover unknown […]

  11. […] Previous Snowden leaks have disclosed that the CSE uses the highly sophisticated WARRIORPRIDE malware to target cellphones, and maintains a network of infected private computers — what’s called a botnet ​— that it uses to disguise itself when hacking targets. […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: