The latest documents leaked by Edward Snowden have hit the wire. The bombshell is that the NSA has developed programs that enabled "industrial-scale exploitation" of computer networks. The latest documents leaked by Edward Snowden have hit the wire, and as expected, it’s worse than previously thought on some levels. Moreover, NSA analysts seem to take great pleasure in mirroring the actions of the very criminals that security professionals fight on a regular basis. The bombshell is that the NSA has developed programs that enabled “industrial-scale exploitation” of computer networks. The automated process, part of an initiative called “Owning the Net” allows the TAO to manage massive amounts of malware installs automatically. The types of malware managed, or implants as they’re called, range from general keylogging software, to malware that monitors a computer’s camera or microphone, or malware designed to monitor network traffic and capture credentials. Worse, the malware itself is designed to bypass protections such as encryption, and the TAO operators have a high-degree of confidence that they’ll get their mark when he/she is selected. “If we can get the target to visit us in some sort of web browser, we can probably own them. The only limitation is the ‘how’,” one NSA analyst bragged in a document tagged as secret. So does all of that sound like the NSA is running their own government sanctioned botnet? It should, because that’s exactly what they do On top of automated malware control, the NSA also reported co-opting 140,000 bots. So in addition to the endpoints they compromised themselves, the NSA will take the endpoints compromised by criminals too. A project called QUANTUMBOT takes control of idle IRC bots, and finds computers that belong to botnets in order to hijack them as well. According to the leaked documents, the project started in 2007, it’s ongoing, and has been highly successful. [I wonder what the government salary is for a botmaster anyway?] As always, the NSA maintains that these programs are used to monitor terrorists and extremists. However, according to one NSA presentation leaked by Snowden, that isn’t entirely true: The internal post – titled “I hunt sys admins” – makes clear that terrorists aren’t the only targets of such NSA attacks. Compromising a systems administrator, the operative notes, makes it easier to get to other targets of interest, including any “government official that happens to be using the network some admin takes care of.” The irony here being that Edward Snowden was a Systems Admin for the NSA when he obtained the documents he later leaked. Oops. The full story is worth reading, as are the slides. Related content news Gwinnett Medical Center investigating possible data breach After being contacted by Salted Hash, Gwinnett Medical Center has confirmed they're investigating a security incident By Steve Ragan Oct 02, 2018 6 mins Regulation Data Breach Hacking news Facebook: 30 million accounts impacted by security flaw (updated) In a blog post, Facebook’s VP of product management Guy Rosen said the attackers exploited a flaw in the website's 'View As' function By Steve Ragan Sep 28, 2018 4 mins Data Breach Security news Scammers pose as CNN's Wolf Blitzer, target security professionals Did they really think this would work? By Steve Ragan Sep 04, 2018 2 mins Phishing Social Engineering Security news Congress pushes MITRE to fix CVE program, suggests regular reviews and stable funding After a year of investigation into the Common Vulnerabilities and Exposures (CVE) program, the Energy and Commerce Committee has some suggestions as to how it can be improved By Steve Ragan Aug 27, 2018 3 mins Vulnerabilities Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe