UPDATED 18:30 EST / NOVEMBER 28 2013

NEWS

NSA malware infects 50,000 worldwide computer with 1,000 hackers

Another week, more NSA developments, well allegations really.  Somehow perhaps people are getting numb to these things as they come out there is less and less surprise left.  Last week news emerged that the NSA had infected more than 50,000 computer networks around the world with a specialized piece of malicious hardware that was designed and deployed to collect sensitive information.  This latest revelation comes again from the trove of documents acquired by former government contractor Edward Snowden.

At the center of the release is a leaked presentation slight intended for management.  Dated 2012, the presentation shows one of the ways how the agency collects information from throughout the world.  It demonstrates the use of what is called ‘Computer Network Exploitation’ or CNE, comprised of the 50,000 infected endpoints.  Those endpoints participate in the system because they are malware infected.  The tactic is reminiscent of command-and-control networks with its botnet components and infected hosts.   It’s a hallmark methodology employed in cybercrime, hacktivism, ransomware and cyberespionage.  The NSA is not the only agency in this game however.  Allegations surrounding agencies around the world have been the topic of conversation for some time.  One example points the finger at the GCHQ, the British intelligence service agency.  Techniques discovered recently show how the agency used phishing page attacks to implant malicious software on target systems to the ultimate goal of gathering information.  The target was reported to be the Belgian telecom provider, Belgacom.

One-Button Sleeper Cells

 

This malware can be brought online and controlled remotely instantly with a simple command.  That’s because embedded in the malware is a wake up sequence that is standing by to be brought online, a sort of digital ‘sleeper cell’ ready at the touch of a button.   These types of cyber operations are becoming the norm around the world, with any number of states seeking to quickly develop powerful tools and operations to conduct their surveillance goals.  As we find out more about NSA operations and the operations of other closely associated agencies, it seems that a model is emanating that any number of nation-states may try to emulate.  Officially the NSA of course has not and will not comment on these operations, but a reality has emerged that includes various upstarts and non-friendly groups entering into the Cyberwar arena.

These types of ops are critical to a number of these agencies and becoming more central to the tactical abilities of the organization.  Computer ops carry a relatively low continued operating costs and it opens up a world of intelligence opportunities.  In the case of CNE, it can be readily seen that the operations extend worldwide and ostensibly can take new territories with relative ease.  Additionally, once a host is infected, as we have seen in a great deal of other cases, it can remain undetected and dormant for years before it is ever called on to operate, if ever.

 HACK Central

 

The behavior we’ve been witnessing is absolutely hacker in behavior, black hat, grey hat and even white hat techniques.  Malware, social engineering, back doors and so on – everything on the list is the kind of methodology and behavior you would attribute to hackers.  This CNE operation is tied to a special department that goes by the name TAO (Tailored Access Operations).  That department, according to public records employs over one thousand personnel.  That’s over a thousand hackers, a significant, very large operation.

The other stories we are reading on revolve on revelations of who was targeted and where.  The most recent report says the G20 summit in 2010 was heavily bugged by the agency.  Ops launched against another country, friend or foe – those things are hardly a surprise, but they are certainly embarrassing to this country in addition to being a long-term security risk.

photo credit: José Goulão via photopin cc

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU