The US National Security Agency is allegedly using automated tools to deploy malware on computers worldwide, according to The Interceptâ€™s report based on the Snowden Revelations.
The technologies described in latest report allow â€œindustrial-scale exploitationâ€ of networks. CGHQ, the British equivalent of the NSA, seems to have also played an important role.
â€œIn some cases the NSA has masqueraded as a fake Facebook server, using the social media site as a launching pad to infect a targetâ€™s computer and exfiltrate files from a hard drive,â€ the report said. â€œIn others, it has sent out spam emails laced with the malware, which can be tailored to covertly record audio from a computerâ€™s microphone and take snapshots with its webcam.â€
NSAâ€™s capabilities also enabled them to â€œlaunch cyberattacks by corrupting and disrupting file downloads or denying access to websites.â€
Â The agency has also used spam campaigns to plant audio recording malware or compromise webcams and take pictures.
The number of spying implants has grown from between 100 and 150 a decade ago to tens of thousands nowadays, as the NSA developed new tools and recruited hackers through Tailored Access Operations.
The spectrum of malware implants is very broad and allows the NSA to capture the data before itâ€™s encrypted, as follows:
TURBINE can Â manage all other malware implants in real time to perform â€œindustrial-scale exploitation.â€ Also it is allegedly a part of the â€œOwning the Netâ€ surveillance op funded by a budget of $67.6 million in 2013.
The UNITEDRAKE solution is used to completely take over a device using a certain number of â€œplug-insâ€ designed for narrow targeting. For example:
The CAPTIVATEDAUDIENCE â€œplug-inâ€ hijacks the computerâ€™s microphone and records conversations, GUMFISH takes over the webcam, FOGGYBOTTOM leaks internet data such as passwords and browsing history and GROK acts like a keylogger by capturing keystrokes. There is also a â€œplug-inâ€ dubbed SALVAGERABBIT capable of siphoning data from removable flash drives.
System administrators from ISPs and phone providers have also been monitored by the agency, besides the usual potential threats to national security.