One NSA "implant," once installed could bypass
encryption by making a secret copy of calls made over Skype or other
voice-over-Internet Protocol communications, according to a document
leaked by Edward Snowden.
(Credit:
The Intercept)
According to documents published by The Intercept on Wedesday, Turbine created "implants" that let it gain access to peoples' computers. Getting the implants onto machines involved an array of deceptions: fake Facebook Web pages, spam emails with malicious links, and man-in-the-middle attacks that would "shoot" bogus data at a target's computer when the NSA detected it was visiting a Web site the NSA could spoof.
Once the National Security Agency implants were installed, they could be used to gain access to data before it was encrypted. As the article describes some of the work:
An implant plug-in named CAPTIVATEDAUDIENCE, for example, is used to take over a targeted computer's microphone and record conversations taking place near the device. Another, GUMFISH, can covertly take over a computer's webcam and snap photographs. FOGGYBOTTOM records logs of Internet browsing histories and collects login details and passwords used to access websites and email accounts. GROK is used to log keystrokes. And SALVAGERABBIT exfiltrates data from removable flash drives that connect to an infected computer.
Attacking system administrators at foreign telecommunications and Internet service providers apparently was one broader group, for example. "Sys admins are a means to an end," according to one document, since they make it easier to target a "government official that happens to be using the network some admin takes care of."
In a statement to The Intercept, the NSA didn't comment on specifics but said, "As the president made clear on 17 January, signals intelligence shall be collected exclusively where there is a foreign intelligence or counterintelligence purpose to support national and departmental missions, and not for any other purposes."
No comments:
Post a Comment