NSA Has A 50,000 Computer Botnet From Secretly Installing Malware Around The Globe
from the keeping-us-safe...? dept
Over the weekend, the Dutch media operation NRC published yet another Ed Snowden slide, showing how the NSA had infected 50,000 computer networks with malware. The only really new thing here is the number. We already knew the NSA’s TAO (Tailored Access Operations) group was infecting computers around the globe using packet injection, via a system it calls “quantum injection”, and that it’s used these to install malware on key computers inside Belgacom, the Belgian telco giant. However, the latest report basically shows that the NSA has been able to compromise computers and networks in the same manner all around the globe:
Filed Under: malware, nsa, nsa surveillance
Comments on “NSA Has A 50,000 Computer Botnet From Secretly Installing Malware Around The Globe”
I wonder if AV Companies white list it?
If they do it would only take one hacker to cause freaking pandemonium on a global scale…
Re: Re:
Peter Norton has stated previously he was willing to white-list carnivore. Symantec would be a good place to start.
Re: Re: Re:
Of course, Peter only sold his business to Symantec, but it wouldn’t surprise me in the slightest if they didn’t share a common philosophy.
Re: Re:
Hackers? They’re not the big worry, the big problem with the NSA infecting as many important networks/computers as they can is ‘What happens if the public and government turns against them, demand they step down and are prosecuted for their actions, and they don’t feel like going quietly?’
With so many compromised systems, they are in a position to make things very ugly to any government or group that challenges them, and given their actions so far, I wouldn’t put it past them at all, to if not perform such an action, at least hint at it to discourage any potential opposition.
Re: Re:
I wouldn’t be surprised to find that AV companies are cooperating with the NSA to actually infect machines.
Re: Re: Re:
Why even bother with infecting a machine with malware when the AV scanner is already installed? It will work just fine as a trojan by itself.
Checked the EULA coming with your AV package lately? Have a look under the header “Privacy” or something similar. You’ll find that they have essentially given themselves the right to send just about anything off your system to their databases. Files, programs, personally identifiable information, MAC addresses, IP number – everything.
How many other US companies besides Apple, Google, Microsoft, Verizon, etc were listed in Snowdens documents? 100+ that weren’t named IIRC. Want to bet some money there are a few AV companies involved? I wouldn’t.
Re: Re: Re: Re:
Speaking of Microsoft, in the past Microsoft has built an NSA key directly into Windows. Google windows nsa key.
Re: Re:
The NSA is a black-hat hacker.
Re: Re:
How would the AV respond to the infection.
“3 infected files found to be infected with the NSA Botnet Spyware. Please contact the NSA for removal instructions”
Re: Re: Re:
more like
“3 files found to be infected with [redacted].”
So can we get some arrests made under the various computing fraud acts they must have violated?
Oh and the title needs some love.
Re: Re:
Apparently, they are above the law.
Re: Re: Re:
i wonder if they are above lead poisoning?
Snail mail and filing cabinets full of paper are about to make a comeback, at least for anything that people wish to keep secret from governments.
Re: Re:
I’m sure they have teams of people armed with kettles waiting to open up your mail enroute!
Re: Re: Re:
Waterproof glue is available, or heat sealed plastic bags.
Re: Re: Re: Re:
PGP is probably safer.
Re: Re: Re:2 Re:
A one time pad is unbreakable even in theory, and can be used by hand. It remains secure so long as the keys are kept secure, and exchanged in a secure fashion.
Re: Re:
This and one time pad solutions, not matter how wearisome they may be.
Re: Re:
I do miss the days of the 56k modem.
Re: Re: Re:
Apparently Fidonet is still in use in some of the remote parts of the world.
Re: Re: Re: Re:
To clarify, I meant the times, the atmosphere, not merely the internet speed. More free, less intrusive. It was new and fun. People didn’t have to worry about ham-fisted, draconian rules and regulations, take-down notices and lawsuits. It was awesome.
I think around a little after 9/11 is when things began to go downhill.
Re: Re: Re:2 Re:
No, things began to go downhill after the Napster lawsuit.
“The botnet population is huge. According to a study by McAfee, “at least 12 million computers around the world (are) compromised by botnets.”
I did not think 50,000 seemed like a very big botnet.
NSA needs to lift their game, I am sure Anonymous could easy do better than 50k bots !!!!
Re: Re:
Read beyond the title, 50k NETWORKS infected, that’s substantially more than 50k computers.
Re: Re: Re:
that’s why they call them “botNETS” !!!
Re: Re: Re:
Title says:
“NSA Has A 50,000 Computer Botnet From Secretly Installing Malware Around The Globe”
and they call it a BOTnet because IT is a network of BOTS
interesting !!!
10 most wanted American botnets..
No. 1: Zeus
Compromised U.S. computers: 3.6 million
No. 2: Koobface
Compromised U.S. computers: 2.9 million
No. 3: TidServ
Compromised U.S. computers: 1.5 million
.
.
.
No. 10: Conficker
Compromised U.S. computers: 210,000
Again, I find it hard to get all excited that NSA has a 50k botnet, and would have expected better from them..
Re: interesting !!!
50 K NETWORKS
Not computers
Network > Computer
Re: interesting !!!
The NSA compromised machines are not a bot net, but rather machines that are individually accessed to find files of interest, gain access to metadata etc. Use of these machines will require thousands of NSA employees to give the interesting ones the individual attention they need.
Re: interesting !!!
The only thing that gets darryl excited is suing dead grandmothers so he can fuck their corpses with DMCA notices.
Re: These all only infect WINDOWS!
Stop using Windows, for the love of Pete, just STOP Using Windows. Why is it that no one ever points out the obvious problem: It’s Windows, ALL VERSIONS, so stop using it.
Seriously, just say no to Windows.
This is just simply terrifying.
If they want to convince people that they’re the good guys, they need to stop acting like supervillains.
Re: Re:
Big Brother presented himself as a good guy too.
Re: Re:
The old saw about the road to Hell being paved with good intentions applies here.
and yes i have proof
but your not seeing it
But. Terrorism.
What a waste of taxpayer money
Ditch anti-virus software
Firstly, their infections would be noticed and removed, and computers are continuously upgraded so the 50000 would be the current count of how many servers they seized control of, minus how many they lost control of.
So 50000 is likely to be the current RECENT number done in the last few years.
Secondly, your anti-virus didn’t catch these, and I see some of them (Symantec) sheepishly mentioning there’s a backdoor that listens on the SSH port for special encrypted commands (looks like NSA work, because NSA would know who sent those commands, it would be in their logs! It would be in GCHQ logs!).
Either the anti-virus companies didn’t catch it (incompetence), or they were complicit in not catching it, or maybe they are one of the backdoors.
Thirdly, so much for Obama being in control. He’s clearly not in charge here, the NSA is busy setting all kinds of illegal agendas and he’s not in the loop.
Re: Ditch anti-virus software
Serious question –
Got a link or two showing where an AV company, like Symantec, has indicated that they will or will not detect government spyware?
I’d love to read up more.
Re: Ditch anti-virus software
Um, who says he isn’t the one in charge? Him?
If he truly wasn’t “in charge” I would have expected him to be clipping a lot of wings by now, and that isn’t happening. He is sitting there say “I didn’t know” but he isn’t doing a damn thing about it.
The NSA operates under the jurisdiction of the Department of Defense and reports to the Director of National intelligence.
The Director of National Intelligence (DNI) is the United States government official ? subject to the authority, direction, and control of the President ? required by the Intelligence Reform and Terrorism Prevention Act of 2004 to:
Serve as principal advisor to the President, the National Security Council, and the Homeland Security Council about intelligence matters related to national security;
Serve as head of the sixteen-member Intelligence Community; and
Direct and oversee the National Intelligence Program.
Re: Re: Ditch anti-virus software
If he truly wasn’t “in charge” I would have expected him to be clipping a lot of wings by now,
How would he clip wings if he wasn’t in charge?
Re: Re: Re: Ditch anti-virus software
Well obviously from the chain of command, as I showed above, that puts him in the position to be “In Charge”, and therefore able to clip wings.
If things were happening “without his knowledge” in other words the NSA had gone rouge, then he would start replacing those if charge of keeping the NSA in check. That hasn’t happened. Therefore, I conclude one of two possibilities.
1. He didn’t know what is going on, but agrees with it, therefore he will not reprimand anyone.
2. He knows exactly what is going on and is not being honest with the people.
The first option seems rather unlikely as I believe part of his campaign was about reining in the spying. Obama has failed the people he is supposed to serve.
Congress is no better as they have the purse strings and and ability to pass legislation. They too knew, or had a duty to find out what was going on and take the appropriate steps to protect the American people. They have failed the people they are supposed to serve.
They have all disgraced themselves, their families and in fact all Americans.
Re: Ditch anti-virus software
A good firewall would stop it before your antivirus program even notices it.
Re: Re: Ditch anti-virus software
Most AV software comes with it’s own firewall .. so it defeats the purpose for which you intend it to be, as the AV would whitelist the port that is listening.
So the Aussies and Kiwis are to boring to infect?
Re: Re:
That’s not it… It’s because they are part of Five Eyes just like Canada and England… See at the bottom of the slide.. Each country runs its own domestic program which is clearly not in the scope of this one slide….
not a botnet
Calling the 50,000 networks a botnet is mischaracterizing what is going on here. The NSA only achieves its purpose when infecting a router or switch. This is what gives them access to all the data communicated on the attached network. Recall that with Belgacom the infection of IT staff computers was only an interim step, with the ultimate goal of infecting the GRX routers. A router does not run much of the software which makes botnets so useful to their controllers. The NSA would also not ever risk their surveillance capability by using control of a router for other purposes. If the router was not functioning well or doing very strange things then network IT staff are going to notice it and start investigating. Unless there was a stealthy root-kit (not an impossibility) on the router, the malware will be discovered and removed. The OS for routers has less of an attack surface than standard computer OSs. Even if Linux, or some other variation of UNIX is used then a lot of the capability, and thus attack surface, is disabled.
Once a router is infected, if a user’s computer or server was infected that malware isn’t so important anymore. Those, non-router, computers are updated much more frequently than routers or switches. Also, anti-virus software is not installed on routers. The NSA may even remove malware from non-routers to avoid detection. Then again, they may have achieved some very stealthy malware. I think it is less likely that arrangements are made with major AV companies to whitelist NSA malware. A whitelist is visible to too many people.
This particular leak is going to have an enormous impact on NSA capability. It would behoove any security executive for telecoms, or ISPs around the world to take a close look at their routers.
And the beast grows
Supposing this:
The NSA has a network of Botnets in other countries, then the owners of those infected computers decide to run their own BotNet networks infecting other computers, and then the FBI, and Microsoft go on the hunt for these computers-installing malware to get the botnets captured.
Could it be true? That the FBI and Microsoft have been doing this all along? Capturing and shutting down BotNet servers that began with the NSA?
It boggles the mind completely. Total insanity, and that’s why the NSA should be shut down.
They infecting everyone’s computers with malware that has to be cleaned up by others. Such nice guys.
Speaking of legalities, I’m pretty sure this would qualify under several international laws as electronic terrorism, plus our own laws against it.. Ah, gee whiz..the NSA can’t do anything right!
I count at least two countries who sent troops to fight and die in Afghanistan when the US bit off more than it could chew there.
This is going to stick in people’s memories come the next war.
sORRY TO SEE THIS
NOW consider that WINDOWS is the most populous Operating system out there..
Lets even think SIDE WAYS, and say its FLASH based..
HOW about JAVA?
And since they are all customized to the OS…
any other reason NOT to use Windows products??
Windows must HIDe the program very well, also..
windows SERVER? WINDOWS 7? 8?
Someone GET me to linux..
Re: sORRY TO SEE THIS
How about Java? It’s disabled on my computer, along with Javascript and Active X.
Headline
I think the editor needs to take a look at this headline: “NSA Has A 50,000 Computer Botnet From Secretly Installing Malware Around The Globe”. The “From” needs to be taken out.