A team of nine journalists, with Jacob Appelbaum and Laura Poitras just published another huge collection from the files leaked by Edward Snowden. The classified documents were published in Der Spiegel magazine, and show that the National Security Agency (NSA) and its allies are methodically preparing for future wars to be waged over the Internet.
Der Spiegel reports that the secret services have the ability to infiltrate and disable computer networks - which allows them to disrupt basic utilities and other infrastructure. And the NSA and GCHQ they think they are so much ahead of everyone else, they laugh about it.
We already know that the US is already in a position to launch complex digital attacks that can cause major material damage to their enemies. A virus known as Stuxnet, and discovered 2010, was developed as part of a joint venture between the US and Israel to ravage Iran's nuclear facilities, destroying many of the country's nuclear centrifuge devices. Since then, NSA has, to date, boasted about its newer and strongest digital weapons.
New documents published by Der Spiegel show that the programs NSA surveillance is the foundation of their efforts to create sophisticated digital weapons. One of the main themes in the newly leaked documents involves the capability of Five Eyes' services. The platform exploits the methods of US adversaries to "steal their tools, their structures, and their targets." These impressive capabilities are called by the NSA “fourth party collection.”
Η επιτυχία του fourth party collection φαίνεται να είναι τόσο μεγάλη επιτυχία που οι πράκτορες της ΝSA και της GCHQ φαίνεται να το διασκεδάζουν μέσα από τις άκρως απόρρητες διαφάνειες. Σε μια παρουσίαση μάλιστα της ΝSA με τίτλο “fourth party opportunities,” η πρώτη διαφάνεια αναφέρει την περίφημη ατάκα του Daniel Day-Lewis “I drink your milkshake” από την ταινία του 2007 There Will Be Blood. Το Der Spiegel αναφέρει, ότι μια μονάδα της NSA ήταν σε θέση να ανιχνεύσει μια attack from China on Ministry Άμυνας και να “ακούσει” κρυφά για τις μελλοντικές προσπάθειες κατασκοπείας της Κίνας, μεταξύ των οποίων και μία ψηφιακή διείσδυση στα Ηνωμένα Έθνη.
NSA Docs on Fourth Party Access (PDF)
- Description of an NSA employee on the fifth party access / When the targeted fourth party has someone under surveillance who puts others under surveillance
- 4th party collection / Taking advantage of non-partner computer network exploitation activity
- Combination of offensive and defensive missions / How fourth-party missions are being performed
- Overview of the TRANSGRESSION program to analyze and exploit foreign CNA / CNE exploits
- NSA example SNOWGLOBE, in which a suspected French government trojan is analyzed to find out if it can be helpful for own interests
- NSA fourth party access / “I drink your milkshake”
- NSA TUTELAGE program to instrumentalize third party attack tools
- Codename BYZANTINE HADES / NSA research on the targets of Chinese network exploitation tools, targets and actors
- CSEC document on the handling of existing trojans when trojanizing computers
- Analysis of Chinese methods and activities performed in the context of computer network exploitation
In another presentation, GCHQ details their efforts to exploit mobile apps using a tool called "BADASS." With this tool, the service has the ability to collect personal data, from metadata sent between users' devices, advertising networks and analytics. This information is not intended to contain any personally identifiable information. But a slide titled "Abusing BADASS for Fun and Profit" or "Abusing BADASS for Fun and Profit" boasts: "We know how bad you are at Angry Birds."
NSA Docs on Botnet Takeovers (PDF)
In the rest of the research, Der Spiegel suggests that the US and UK intelligence services behave as you would expect in a Cold War warfare thriller with Brad Pitt.