NSA Bears Ability to Compromise and Re-use Intermediate Malicious Programs

Along with owning its own cyber-weapons, NSA of USA performs compromising operations and repurposing of intermediate malicious software, published computerworld.com, January 19, 2015.

By utilizing numerous servers NSA maintains worldwide, the agency keeps track of botnets comprising innumerable contaminated PCs. When required, it resorts to those botnets' features for injecting more malware created at NSA into the already-hijacked PCs via certain methodology codenamed Quantumbot, published Der Spiegel a news magazine in Germany.

A confidential document, which Edward Snowden an erstwhile contractor of NSA exposed as also which Der Spiegel published, has a thorough description of stealthy software from NSA known as DEFIANTWARRIOR which's utilized for compromising botnet PCs that are then utilized as "throw-away computer network attack (CAN) source points of non-attributable nature" and "all-encompassing vantage points for network analysis."

This implies when any user's PC contracts malware, the NSA may perform an own malware deployment on that PC and subsequently utilize the device for attacking targets. Since there's already a previous malware on the infected machine, the NSA attacks wouldn't be identified as coming from the same machine.

The central components aiding NSA's capability of spotting, misleading, blocking as well as repurposing other's cyber-assaults are Turmoil and Turbine, reveals the document. These components belong to NSA's Turbulence group that's used for Internet exploitation and monitoring. The components are further linked with Tutelage, a system of NSA utilized for intercepting e-traffic flowing across America's military networks for saving systems of Defense Department from assaults.

If an assault targeting a PC-network of the Department gets spotted via slow surveillance (maybe via warnings from Turmoil monitoring software alternatively via handling by a database named Xkeyscore), NSA may manage in recognizing the elements working within the assault followed with proceeding to halt it, alternatively perform more operations for duping else disrupting the attacker. All of this though occurs outside the Department's internal networks and on people's common Internet via utilization of "Quantum" assaults thrust inside any routing point of network-traffic.

During past few years, Internet security specialists associated plentiful unearthed malware as originating from NSA along with the agency's Five Eyes partnering countries-Canada, UK, US, New Zealand and Australia.

» SPAMfighter News - 1/27/2015