News

GCHQ helped NSA with spy malware, Snowden docs show

Warwick Ashford

UK intelligence agency GCHQ played an integral role in developing a surveillance malware campaign by the US National Security Agency (NSA), documents leaked by whistleblower Edward Snowden show.

The documents outline how the NSA performs “industrial-scale exploitation” of computer networks around the world using automated systems that reduce human oversight, reports The Intercept.

Spy.jpg

Together, the NSA and GCHQ developed groundbreaking surveillance technology that works through infecting potentially millions of computers worldwide with malware “implants” the documents reveal.

These implants enable the NSA to break into targeted computers, access data on target computers before it is encrypted, and harvest data from foreign internet and phone networks.

The NSA hacking operation is supported by infrastructure operating from the NSA’s headquarters in Fort Meade, Maryland and bases in the UK and Japan.

Presentations classified as top secret show that the NSA has used a fake Facebook server to infect a target’s computer and copy files from the machine.

In other cases, the NSA has sent emails laced with the malware that can be configured to record audio from a computer’s microphone and take photographs with its webcam.

The files reveal that the hacking system has also enabled the NSA to launch cyber attacks by corrupting and disrupting file downloads or denying access to websites.

Analysis of the documents reveals that while the implants were initially used for only a few hundred hard-to-reach targets, the NSA has accelerated its hacking initiatives in the past decade.

Some processes originally carried out by humans such as implant configuration have become automated since 2010 through a system codenamed Turbine that can control millions of implants on a group basis.

The NSA’s “Black Budget” for 2013, obtained by Snowden, lists Turbine as part of a broader NSA surveillance initiative named “Owning the Net” and indicates plans to expand its capabilities.

Leaked documents show that an NSA satellite eavesdropping base in the UK operated in close co-operation with GCHQ is a component of the Turbine malware infrastructure that has been used to experiment with implant “exploitation” attacks against users of Yahoo and Hotmail.

GCHQ cooperated with some hacking attacks despite having reservations about their legality, the documents reveal.

A presentation dated August 2009 describes a part of the covert infrastructure that manages the applications and functions of the implants and “decides” what tools are required to extract data.

Security experts have warned that the NSA’s surveillance techniques could inadvertently undermine the security of the internet by creating new vulnerabilities that could be exploited by cyber criminals.

The NSA has reportedly declined to answer questions about the implants. Instead the agency issued a statement pointing to a new directive issued by US president Barack Obama in January.

The directive states that: “Signals intelligence shall be collected exclusively where there is a foreign intelligence or counterintelligence purpose to support national and departmental missions.”

Similarly, GCHQ has refused to comment on its involvement in the covert hacking operations, giving its standard response.

In a statement, the agency said that “all of GCHQ’s work is carried out in accordance with a strict legal and policy framework which ensures that our activities are authorised, necessary and proportionate, and that there is rigorous oversight.”


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy