NSA's automated hacking engine offers hands-free pwning of the world

[InfoSec News <alerts () infosecnews org>]

http://arstechnica.com/information-technology/2014/03/nsas-automated-hacking-engine-offers-hands-free-pwning-of-the-world/

By Sean Gallagher
Ars Technica
March 12, 2014

Since 2010, the National Security Agency has kept a push-button hacking 
system called Turbine that allows the agency to scale up the number of 
networks it has access to from hundreds to potentially millions. The news 
comes from new Edward Snowden documents published by Ryan Gallagher and 
Glenn Greenwald in The Intercept today. The leaked information details how 
the NSA has used Turbine to ramp up its hacking capacity to "industrial 
scale," plant malware that breaks the security on virtual private networks 
(VPNs) and digital voice communications, and collect data and subvert 
targeted networks on a once-unimaginable scale.

Turbine is part of Turbulence, the collection of systems that also 
includes the Turmoil network surveillance system that feeds the NSA's 
XKeyscore surveillance database. While it is controlled from NSA and GCHQ 
headquarters, it is a distributed set of attack systems equipped with 
packaged "exploits" that take advantage of the ability the NSA and GCHQ 
have to insert themselves as a "man in the middle" at Internet 
chokepoints. Using that position of power, Turbine can automate functions 
of Turbulence systems to corrupt data in transit between two Internet 
addresses, adding malware to webpages being viewed or otherwise attacking 
the communications stream.

Since Turbine went online in 2010, it has allowed the NSA to scale up from 
managing hundreds of hacking operations each day to handling millions of 
them. It does so by taking people out of the loop of managing attacks, 
instead using software to identify, target, and attack Internet-connected 
devices by installing malware referred to as "implants." According to the 
documents, NSA analysts can simply specify the type of information 
required and let the system figure out how to get to it without having to 
know the details of the application being attacked.

The "selectors" that analysts can use to target victims through Turbine 
are significant. Using Turmoil as a targeting system, Turbine can look for 
identifying cookies from a number of Web services, including Google, 
Yahoo, Twitter, Facebook, Hotmail, and DoubleClick, as well as those from 
the Russian services Mail.ru, Rambler, and Yandex. Those cookies are all 
available for targeting purposes, as is user account information from a 
whole host of services.

[...]



--
Find the best IT Security talent without breaking your recruiting budget.
Jobs cross-posted to Simply Hired, Facebook and LinkedIn.
Hot InfoSec Jobs - http://www.hotinfosecjobs.com/