Skip to comments.How The NSA Deploys Malware: An In-Depth Look at the New Revelations
Posted on 10/09/2013 10:34:00 AM PDT by shego
We've long suspected that the NSA, the world's premiere spy agency, was pretty good at breaking into computers. But now, thanks to an article by security expert Bruce Schneierwho is working with the Guardian to go through the Snowden documentswe have a much more detailed view of how the NSA uses exploits in order to infect the computers of targeted users. The template for attacking people with malware used by the NSA is in widespread use by criminals and fraudsters, as well as foreign intelligence agencies, so it's important to understand and defend against this threat to avoid being a victim to the plethora of attackers out there....
In order to accomplish the first step of getting a user to visit a site under your control, an attacker might email the victim text that contains a link to the website in question, in a so-called phishing attack. The NSA reportedly uses phishing attacks sometimes, but we've learned that this step usually proceeds via a so-called "man-in-the-middle" attack. The NSA controls a set of servers codenamed Quantum that sit on the Internet backbone, and these servers are used to redirect targets away from their intended destinations to still other NSA-controlled servers that are responsible for the injection of malware. So, for example, if a targeted user visits "yahoo.com", the target's browser will display the ordinary Yahoo! landing page but will actually be communicating with a server controlled by the NSA. This malicious version of Yahoo!'s website will tell the victim's browser to make a request in a background to another server controlled by the NSA which is used to deploy malware....
(Excerpt) Read more at eff.org ...
So basically they’re using the same methods that criminals and scammers use. If you’re intelligent enough to protect yourself with proper browser configuration and extensions/add-ons, the NSA has to work that much harder to get to you.
I’m sorry, I consider the web no different than the outside world; ergo I carry a pistol on my hip in public and I make my browsing experience as painful as possible to prevent unauthorized garbage getting on my machine.
So basically they are engaged in criminal enterprise for the enrichment of federal control.
>> If youre intelligent enough to protect yourself with proper browser configuration and extensions/add-ons, the NSA has to work that much harder to get to you.
Maybe; the unknown variable is to what extent Adobe, Sun, Microsoft, etc. create, with NSA sponsorship, intentional exploitable backdoors in their software that your anti-virus software doesn’t know about.
And remember that these vendors have privileged access to most peoples’ computers so they can install updates regularly. Wonder if any of those updates ever include NSA-requested back doors?
Bump for later
Even if you are browsing on a Windows machine, you can run your browser remotely on a Unix box under an ID that has no privileges, and just display the output as an X-window.
So they break the law to ‘enforce’ the law.
This site’s security certificate is not trusted!
You attempted to reach www.eff.org, but the server presented a certificate issued by an entity that is not trusted by your computer’s operating system...
Easy solutions to all of those vendors: don’t use them.
Adobe and Java are not MANDATORY to browse the web. You don’t need them for FR, for example. Likewise, Microsoft may have a stranglehold on the new PC market, but that doesn’t mean you can’t blow away the OS on your shiny new laptop and install Ubuntu or some other variant of Linux.
I’ve gone over to Linux almost exclusively. The one exception is my gaming PC, but I’ve configured that machine to not permit communication with the rest of my network and I do not browse the web with it nor access email or other private information.
There are hundreds of roadblocks and dead ends any competent person can place on their private home networks and on their machines. If you’ve gone so far as to change your default SSID on your wireless router, configure your home network devices with complex passwords/phrases, and implement restrictions in modern web browsers, the NSA isn’t going to be snooping on you anytime soon.
Just note what Schneier is saying here: the NSA is not directly tapping your home Internet connections... yet. They still MUST get a warrant to watch your communications across “secure” subscribed lines such as those provided by your ISP. The NSA is essentially snooping on anyone using insecure browsers, not practicing safe browsing, and/or otherwise putting their personal data out there through social networking and insecure personal communication (i.e. not using HTTPS). They’re no more cloak-and-dagger than your average Russian or Chinese scammer... for now.
Maybe; the unknown variable is to what extent Adobe, Sun, Microsoft, etc. create, with NSA sponsorship, intentional exploitable backdoors in their software that your anti-virus software doesnt know about.
This article and your comment brought up yet another possibility.
While there are plenty of “ads” that are created to look like the “free downloadable” software that you actually want, you only need to be tricked by them once before being more careful.
I would not be surprised if the NSA is running a “front company”, something similar to “My Clean PC” in order to infect machines.
You have good points.
For me personally, the inconvenience of not using Adobe products or running Linux vs. Windows is not worth avoiding the (small, in my judgment) risk of NSA spying on me. (I haven’t been using Java for some time now so that one’s moot.)
Of course, all that could change next month. I have been on probation in the deep cover cell of my local right-wing paramilitary group, and they’re voting on my full membership at the next meeting. Once I’m a full member I’ll have access to their weapons cache and be in on the operational plan, so I’ll probably want to be much more careful with my personal computing.
(Just seeing if the NSA guy is awake.)
We already knew that; the fact that they use the same dirty tricks as phishing-scam artists just makes the issue a bit clearer.
I’m nervous even responding to your post...
Adobe products are bug-ridden crap. I wish we could go back to the old days of Lynx, but then all of the multimedia aspects of the web would be gone.
Linux is just as compromised as OSx or Windows. It’s foolish to consider it secure.
>> Adobe products are bug-ridden crap.
Yeah, but there’s so much PDF material out there and I need it regularly for work. It’s been awhile since I looked at Reader alternatives; I just did a quick search and noted there are some highly recommended ones to try. So pat yourself on the back — you may have won a partial convert. :-)
>> Im nervous even responding to your post...
You have nothing to fear if you haven’t done anything wrong... heh heh
Compromised how? Please provide any substantiation of this claim if possible.
Every major security organization, every Black Hatter, every Certified Ethical Hacker, every non-Windows, non-retail-branded operating system on everything from firewalls to mail gateways to secure laptop uses some flavor of Linux or at least large portions of the core kernel. The Linux community is the world’s largest group of programmers coding to a single source in history.
While there have been revelations that portions of secure channel sub-components were compromised with NSA salts, I would challenge you to find a compromised component in the core Nix kernel. It doesn’t exist. Linux isn’t a multinational conglomerate or a big business. Linux is an idea fostered by a worldwide community, and as such, the community ensures that the systems are as secure as they can be. That’s the reason why legitimately signed and hashed versions of Linux are guaranteed by the community to be more secure out of the box than Windows or OSX.
I’ve been to several black hat conferences and can tell you that you would be incredibly hard pressed to find a legitimate hacker, coder, or security expert using a Windows machine, and for good reasons. Linux, like any OS, is as secure as what you install on it. If you go to compromised websites and install dubious software, you’re compromising yourself. That doesn’t mean the core isn’t secure, it means that the human element has the ability to screw up anything.
And as a codicil to this, read the article. It explains pretty definitively that the NSA is only using the same tricks as scammers to compromise your machine. If you know how to avoid the bad stuff, you’re as anonymous as you can be outside of actually being snooped on due to a warranted tracking operation.
The NSA has openly stated that doing anything behind a "veil of security" is considered suspicious to them, and since the vast majority of my private dealings are done with 1024-bit encryption and immensely complex passwords, I have to assume I'm on someone's radar somewhere.
Me, I’m hiding behind a sophisticated, multi-level veil of apparent normalcy.
THAT tactic drives ‘em NUTS. They’re SURE I’m up to *something* but damned if they can figure out what! :-)
Plus, if you google my FR nick or my real name, you get so many hits that it’d take the computing power of the entire Russian underground botnet to sift through ‘em all.
My laptop died Monday and my PC is sick. I believe it’s obama and the NSA, I have been critical of both of them and it’s obvious obama can’t handle criticism and that he’s vindictive.
My name is unique enough that a Google search gives you some information about me, but given that all of that information is public record and there are no traces of me on social media, ever, I don’t worry too much about it. I just enjoy my privacy and work hard to maintain it. That means maintaining an enterprise-class server, software licensing, and all of the electricity bills associated with it.
Oh, that's amusing. Your browser is implicitly suggesting that someone might be trying a man-in-the-middle attack on you. Are you at an airport or some other public place? I constantly have to guard against government controlled access points trying to compromise my certificate chains so they can sniff all my traffic. However browser distributions are onto this tactic and will usually give you an opportunity to say, hey wait a minute here...
Who gets to define "wrong"?