Your Source for Leaks Around the World!

NSA’s QWERTY Keylogger Source Code

In Archive, ASD, Hacking, NSA, NSA Files, Surveillance on February 6, 2015 at 2:26 PM

01/17/2015

h/t Jacob Appelbaum/Laura Poitras/SPIEGEL:

Source code of a NSA keylogger named QWERTY is contained in documents from the Snowden archive published by Der Spiegel. It’s a piece of software designed to surreptitiously intercept all keyboard keys pressed by the victim and record them for later inspection. It is an ordinary, indeed rather dated, keylogger. Similar software can already be found in numerous applications, so it doesn’t seem to pose any acute danger — but the source code contained in it does reveal some interesting details. They suggest that this keylogger might be part of the large arsenal of modules that that belong to the WARRIORPRIDE program, a kind of universal Esperanto software used by all the Five Eyes partner agencies that at times was even able to break into iPhones, among other capabilities. The documents published by SPIEGEL include sample code from the keylogger to foster further research and enable the creation of appropriate defenses.

PDF (<1MB)

via @botherder:

Strings in one of the QWERTY binaries suggest that the Australian Defense Signals Directorate (DSD), now known as Australian Signals Directorate (ASD), might have had a part in the development:

qwerty-dsd

via @craiu:

Our analysis of the QWERTY malware published by Der Spiegel indicates it is a plugin designed to work part of the Regin platform.  The QWERTY keylogger doesn’t function as a stand-alone module, it relies on kernel hooking functions which are provided by the Regin module 50225.  Considering the extreme complexity of the Regin platform and little chance that it can be duplicated by somebody without having access to its source codes, we conclude the QWERTY malware developers and the Regin developers are the same or working together.

qwerty-regin-1

qwerty-regin-2

qwerty-regin-3

Related Link: NSA’s XKeyscore Source Code Targets Tor and Tails Users

  1. […] Sample code of a malware program from the Five Eyes alliance (<1MB) (See: NSA’s QWERTY Keylogger Source Code) […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: