The NSA used on a large scale malware to infect computers. This is clear from documents from NSA whistleblower Edward Snowden. On the use of bugs in web browsers, plug-ins and router firmware.
Just before the turn of the year, it appeared from documents from NSA whistleblower Snowden that the NSA internet traffic manipulates, for example, by their own packets to inject at certain points on the internet. Now seems to be happening not only in individual cases; the NSA adjusts the capacities on a large scale. That reports The Intercept, the new website of journalist Glenn Greenwald, that the majority of the Snowden-revelations to the outside.
The infecting computers, and then gathering information is to a large extent automated, as evidenced by the revelations. Therefore, would it be possible to have millions of implants, such as the NSA, the infections calls, to manage. Ten years ago, managed the NSA at a given time, only 100 to 150 implants. How many there exactly are, is not clear.
The attacks are carried out on the choke points on the internet; points where large amounts of traffic passing by, such as internet nodes. In those places you can to everyone who visits to be infected, according to an internal NSA presentation. This is done by a man-in-the-middle attack, whereby the user without his notice, can’t connect to the site that he is looking for, but with a server of the NSA.
Also, would the NSA on software to make encrypted connections to vpn servers, to be able to crack. It is unclear to what type of vpn connections it is; some protocols, such as pptp, contain serious security vulnerabilities.
The intelligence agency makes use of vulnerabilities in browsers such as Firefox and Internet Explorer, but also in plug-ins as Java and Flash. Also be vulnerabilities in routers abused. The vulnerabilities would be difficult to detect and the hackers of the NSA have confidence that they anti-virus and firewalls can work around. “If we have a target as far as can get to us in a web browser to visit, we can probably ownen,” said the hackers in internal NSA documents. “It is a matter of how.”
The NSA would be under more occur if the servers of Facebook for malware to inject. Also be spam-mails, but they would in the last few years less successful, because users today have become about emails from strangers. Another method is to take control of botnets to spread malware.
Although it is possible to everyone that connects to inject malware, also can a selection be made. That may, for example, on the basis of the cookies that someone to the server sends, but in the case of phones to imei’s, claims to be the NSA, though it is unclear how that works. Imei’s are not sent during the web browsing.
The NSA would be under more routers of internet service providers, hacking to drive traffic to intercept. It also sysadmins of the isp to a target. Through them try to use the NSA to penetrate in the networks of the providers. Such tactics would also have been used in the attack on the Belgian internet service provider Belgacom, which by the GCHQ was carried out. From the Snowden-revelations show that the NSA since 2010, access to the servers of telco.
The intelligence turn, according to The Intercept under more malware in to someone’s pc-microphone to drain. Also the webcam can be drained and there is malware that tracks what websites are visited. Will also be entered usernames and passwords are stored. The secret service also has keyloggers and malware to transfer files from pc’s to pick up.
How the NSA themselves posing as a Facebook server