Industry News

NSA’s Deployed Malware via Automated Tools to Enhance Spy Capabilities

The US National Security Agency is allegedly using automated tools to deploy malware on computers worldwide, according to The Intercept’s report based on the Snowden Revelations.

The technologies described in latest report allow “industrial-scale exploitation” of networks. CGHQ, the British equivalent of the NSA, seems to have also played an important role.


“In some cases the NSA has masqueraded as a fake Facebook server, using the social media site as a launching pad to infect a target’s computer and exfiltrate files from a hard drive,” the report said. “In others, it has sent out spam emails laced with the malware, which can be tailored to covertly record audio from a computer’s microphone and take snapshots with its webcam.”

NSA’s capabilities also enabled them to “launch cyberattacks by corrupting and disrupting file downloads or denying access to websites.”

 The agency has also used spam campaigns to plant audio recording malware or compromise webcams and take pictures.

The number of spying implants has grown from between 100 and 150 a decade ago to tens of thousands nowadays, as the NSA developed new tools and recruited hackers through Tailored Access Operations.

The spectrum of malware implants is very broad and allows the NSA to capture the data before it’s encrypted, as follows:

TURBINE can  manage all other malware implants in real time to perform “industrial-scale exploitation.” Also it is allegedly a part of the “Owning the Net” surveillance op funded by a budget of $67.6 million in 2013.

The UNITEDRAKE solution is used to completely take over a device using a certain number of “plug-ins” designed for narrow targeting. For example:

The CAPTIVATEDAUDIENCE “plug-in” hijacks the computer’s microphone and records conversations, GUMFISH takes over the webcam, FOGGYBOTTOM leaks internet data such as passwords and browsing history and GROK acts like a keylogger by capturing keystrokes. There is also a “plug-in” dubbed SALVAGERABBIT capable of siphoning data from removable flash drives.

System administrators from ISPs and phone providers have also been monitored by the agency, besides the usual potential threats to national security.

About the author

Lucian Ciolacu

Still the youngest Bitdefender News writer, Lucian is constantly after flash news in the security industry, especially when something is vulnerable or exploited. Besides digging for 'hacker' scoops and data leaks, he enjoys sports, such as football and tennis.
He has also combined an interest for social and political sciences, as a graduate of the Political Science Faculty, with a passion for guitar and computer games.