A group of nine journalists, with Jacob Appelbaum and Laura Poitras, just published another huge collection of records leaked by Edward Snowden. The secret documents were published in the Der Spiegel magazine, and show that the National Security Service (NSA) and its allies are methodologically preparing for future wars to be conducted over the internet.
Der Spiegel reports that the secret services have the ability to infiltrate and disable computer networks - which allows them to disrupt basic utilities and other infrastructure. And the NSA and GCHQ they think they are so much ahead of everyone else, they laugh about it.
We already know that the US is already in a position to launch complex digital attacks that can cause major material damage to their enemies. A virus known as Stuxnet, and discovered 2010, was developed as part of a joint venture between the US and Israel to ravage Iran's nuclear facilities, destroying many of the country's nuclear centrifuge devices. Since then, NSA has, to date, boasted about its newer and strongest digital weapons.
New documents published by Der Spiegel show that NSA surveillance programs are the foundation of their efforts to develop sophisticated digital weapons. One of the main issues in the leaked new documents is the ability of Five Eyes services. The platform uses the methods of US rivals to "steal their tools, their constructions, and their goals." These impressive abilities are called by the NSA "fourth party collection."
The success of the fourth party collection seems to be so great that NSA and GCHQ agents seem to be having fun through the top secret slides. In fact, in a presentation of the NSA entitled "fourth party opportunities," the first slide mentions the famous attack of Daniel Day-Lewis "I drink your milkshake" from the 2007 film There Will Be Blood. Der Spiegel reports that an NSA unit was able to detect a Chinese attack on the Ministry of Defense and secretly "hear" about China's future espionage efforts, including a digital intrusion into the United Nations.
NSA Docs on Fourth Party Access (PDF)
- Description of an NSA employee on the fifth party access / When the targeted fourth party has someone under surveillance who puts others under surveillance
- 4th party collection / Taking advantage of non-partner computer network exploitation activity
- Combination of offensive and defensive missions / How fourth-party missions are being performed
- Overview of the TRANSGRESSION program to analyze and exploit foreign CNA / CNE exploits
- NSA example SNOWGLOBE, in which a suspected French government trojan is analyzed to find out if it can be helpful for own interests
- ΝSA fourth party access / “I drink your milkshake”
- NSA TUTELAGE program to instrumentalize third party attack tools
- Codename BYZANTINE HADES / NSA research on the targets of Chinese network exploitation tools, targets and actors
- CSEC document on the handling of existing trojans when trojanizing computers
- Analysis of Chinese methods and activities performed in the context of computer network exploitation
In another presentation, GCHQ details their efforts to exploit mobile apps using a tool called "BADASS." With this tool, the service has the ability to collect personal data, from metadata sent between users' devices, advertising networks and analytics. This information is not intended to contain any personally identifiable information. But a slide titled "Abusing BADASS for Fun and Profit" or "Abusing BADASS for Fun and Profit" boasts: "We know how bad you are at Angry Birds."
NSA Docs on Botnet Takeovers (PDF)
In the rest of the research, Der Spiegel suggests that the US and UK intelligence services behave as you would expect in a Cold War warfare thriller with Brad Pitt.