Forgot your password?
typodupeerror
Government Botnet Security United States

US Mounted 231 Offensive Cyber-operations In 2011, Runs Worldwide Botnet 367

Posted by Soulskill
from the distributed-denial-of-espionage-attack dept.
An anonymous reader sends this news from the Washington Post: "U.S. intelligence services carried out 231 offensive cyber-operations in 2011, the leading edge of a clandestine campaign that embraces the Internet as a theater of spying, sabotage and war, according to top-secret documents [from Edward Snowden]. Additionally, under an extensive effort code-named GENIE, U.S. computer specialists break into foreign networks so that they can be put under surreptitious U.S. control. Budget documents say the $652 million project has placed 'covert implants,' sophisticated malware transmitted from far away, in computers, routers and firewalls on tens of thousands of machines every year, with plans to expand those numbers into the millions. ... The implants that [an NSA group called Tailored Access Operations (TAO)] creates are intended to persist through software and equipment upgrades, to copy stored data, 'harvest' communications and tunnel into other connected networks. This year TAO is working on implants that “can identify select voice conversations of interest within a target network and exfiltrate select cuts,” or excerpts, according to one budget document. In some cases, a single compromised device opens the door to hundreds or thousands of others."
This discussion has been archived. No new comments can be posted.

US Mounted 231 Offensive Cyber-operations In 2011, Runs Worldwide Botnet

Comments Filter:
  • wow (Score:5, Funny)

    by alienzed (732782) on Saturday August 31, 2013 @11:11PM (#44728157) Homepage
    that is so cool.
    • Re:wow (Score:5, Insightful)

      by Zaldarr (2469168) on Saturday August 31, 2013 @11:23PM (#44728209) Homepage
      Not to mention fucking terrifying.
      • Yeah, I was wondering how they can get away with charging $100 for a years worth of Norton 360 that is completely worthless against their root kit? Meet the U.S., it's not illegal if it's classified, we're the "good guys" -cough...
      • Re:wow (Score:5, Insightful)

        by tragedy (27079) on Sunday September 01, 2013 @12:53AM (#44728701)

        Considering that the US has been, in recent years espousing the theory that cyber-attacks should be treated as real acts of war, suitable for real retaliation with real weapons, I would say it's pretty terrifying.

        • by Phroggy (441)

          Considering that the US has been, in recent years espousing the theory that cyber-attacks should be treated as real acts of war, suitable for real retaliation with real weapons, I would say it's pretty terrifying.

          I wonder if it has occurred to anyone that the NSA's actions in other countries could be construed as acts of war....

    • by c0lo (1497653)

      that is so cool.

      GENIE's free from the lamp! And one wonders, were the Chinese showing where this TAO leads to?

  • Allies? (Score:4, Insightful)

    by rtb61 (674572) on Saturday August 31, 2013 @11:23PM (#44728213) Homepage

    Allies, "ALLIES", we don't need no stinkin' Allies. All of it, ALL OF IT, ours, we, want it all, exploit it, burn it, the whole world, it's ours, Ours, OURS.

    Seriously out of control. Looks like Chinese hardware is the least of the worlds problems. With the US Stupidity Services trying to purposefully break everyone's networks and insert back doors that only they, and their contractors, and anyone who wants to pay those contractors knows about.

    Morons there is no such thing as an exclusive back door. Once you broken the security of other countries networks, you leave access for anyone waiting to exploit, bet anything you like those morons did not at all to monitor and ensure those back doors were not exploited by others. I wonder how many times now the US government has blatantly lied about cyber attacks they launched that have been discovered and then blamed on other countries and pseudo organisation like Anonymous.

    How many attacks have they launched they were designed to do nothing else but increase their budget?

    • Re:Allies? (Score:5, Interesting)

      by NoKaOi (1415755) on Saturday August 31, 2013 @11:41PM (#44728303)

      Personally, I take comfort in knowing that this will only be used against foreigner's computers, since I am a US citizen. Just like how we were assured the collection of phone data only applied to foreigners. Damn it, why does my CPU usage keep spiking?

      • by AmiMoJo (196126) *

        Maybe some of those foreigners whose rights the US doesn't give a shit about are retaliating. Suddenly all those claims of Chinese state sponsored hacking look like self defence, with ordinary US citizens and businesses on the front line.

    • I wonder how many times now the US government has blatantly lied about cyber attacks they launched that have been discovered and then blamed on other countries and pseudo organisation like Anonymous.

      I myself have always regarded Anonymous as perhaps the ultimate expression of the old saying, "When four sit down to conspire, three are fools and the fourth is a government agent."

  • by elucido (870205) on Saturday August 31, 2013 @11:33PM (#44728255)

    Who believes the US government had something to do with it?
    Suddenly after meeting with regulators the price recovers?
    Conclusion: Promote regulation of the Bitcoin network as it's correlated with a rise in the price.

  • holy shit (Score:4, Interesting)

    by Laxori666 (748529) on Saturday August 31, 2013 @11:36PM (#44728267) Homepage
    Time for me to destroy my webcam and make sure no device on my computer has a microphone.
    • Re:holy shit (Score:5, Insightful)

      by wmac1 (2478314) on Sunday September 01, 2013 @01:28AM (#44728855)

      Then you shouldn't take and store photos and videos (obviously using and on your computer). You shouldn't use phone (since it has a microphone and possibly camera).. You shouldn't use Windows, ... and Android, ...oh and Linux and almost every connected device and software.

      Basically it is a frightening fact that we can hardly run from ubiquitous surveillance since the whole connected electronics devices can be used for spying on us. Unless you leave in a farm, do not have communication devices and spend cash only. But I doubt even that would be enough.

      Can we have Orwell's 1984 instead?

    • by antdude (79039)

      So you would open your laptops/notebooks to avoid their warranties? Better, just stop using electronics. :)

  • by NoKaOi (1415755) on Saturday August 31, 2013 @11:37PM (#44728279)

    Budget documents say the $652 million project...

    Most big budget "defense" projects go over budget, over time, and don't perform to expectations. How well does this actually work (yeah, I know it's a rhetorical question)? Of course, by comparison, it's quite a bit less than the cost of a single B-2 bomber, so maybe its budget isn't large scale enough to underperform?

  • Cold warriors haven't got the memo ...
  • by sandbagger (654585) on Saturday August 31, 2013 @11:47PM (#44728327)

    But I can't find a single typewriter in any antique shops any more.

    • by wmac1 (2478314)

      I suggest using totally disconnected computers for the purpose. You can even use Windows XP and Word if you like but make sure no network device is attached.

      Perhaps even close USB and remove DVD drives (use a second internal hard drive for backups) and print whenever needed.

      How is that plan?

  • by Mr_Plattz (1589701) on Sunday September 01, 2013 @12:03AM (#44728461)

    Like everyone else on slashdot, I only run Debian and must say I smile when I see reports such as country sponsored malware strikes like this. But it does make me ask an honest question:

    How can we be sure that the Linux kernel isn't compromised? I don't really have the time to go through all lines of code and I doubt my security analysis and development skills are up to the task anyway.

    • by Jmc23 (2353706)
      Perhaps you should ask Linus?
    • by caseih (160668)

      That's a very good question. But you can also bet that there are a lot of parties around the world who have a strong interest in knowing if this is true or not. They also have access to the source code, and can build it themselves (I don't believe the NSA quite has the influence to propagate a Thomson compiler attack). I bet that if such a backdoor was discovered by China or Russia, that they'd use it as a propaganda weapon and we'd thus know about it.

      But in the meantime, we don't know that it's not comp

      • by tftp (111690) on Sunday September 01, 2013 @01:23AM (#44728843) Homepage

        I bet that if such a backdoor was discovered by China or Russia, that they'd use it as a propaganda weapon and we'd thus know about it.

        It would be more realistic to expect them to use the backdoor to their advantage, while it lasts.

        Some backdoors are very hard to detect because there is no obvious bug or a backdoor in any one place; with the size of the code base as it is, who would be crawling through the source of some USB driver that works just fine? As a crude example:

        static int a[MAX_LENGTH];
        void ioctl_handler(int i, int d) {
        int *p = &a[0] + GetOffset(i, MAX_LENGTH);
        *p = d;
        }

        There is no bug here. Now, elsewhere:

        int GetOffset(int i, int len) { return (i < len?) i : (len-1); }

        Welcome to poking any RAM location of your choice (limited only by sizeof(int).)

      • by blackest_k (761565) on Sunday September 01, 2013 @04:33AM (#44729529) Homepage Journal

        I'm wondering if many of us have backdoored ourselves with Skype.

        It has been reported that it accesses /ect/password and also reads the bookmarks in firefox. While the later seems harmless initially isn't this similar to the meta-data collected from email exchanges that the nsa is known to collect. I'm sure there is value in knowing what people are reading at some point you may become discontent enough to become a radical or terrorist.

        Unfortunately Skype is generally installed by giving the skype installer root access. There is no need to find an exploit when the system user installs your trojan willingly.

        We already know skype is not secure for communication and has changed from peer to peer communication to running via microsofts servers. However it is still pretty useful, about the best cross platform messenger client out there. I don't use skype to say anything that is likely to warrant any action from the nsa, so its not a real problem right?

        However the access that skype has to my machine is bothering me especially the potential access to passwords, am I giving the nsa the equivalent of ssh access to my machine?

        I believe its possible to install skype as its own user and without giving skype root at anytime but apart from some instructions on securing skype on arch wiki I can't find anything else.

        Is there anyone here who can share how to install skype sandboxed so it has a much more limited access to peoples machines?

        As someone who doesn't feel there is any reason for the nsa to want to snoop on him i still see some utility in skype (what is the cross platform alternative) but i really don't like the idea that the nsa already has access to my personal files and my passwords.

        It is a bit cocky to be thinking you're secure since you don't run windows, when you may well have welcomed in the nsa giving them the keys to your 'secure' systems.

         

    • by Anonymous Coward

      We don't and its safe to say that from the gov Linux is just as vulnerable as the rest

    • by Nyder (754090)

      Like everyone else on slashdot, I only run Debian and must say I smile when I see reports such as country sponsored malware strikes like this. But it does make me ask an honest question:

      How can we be sure that the Linux kernel isn't compromised? I don't really have the time to go through all lines of code and I doubt my security analysis and development skills are up to the task anyway.

      Guess it's time to bring up the innovation of AmigaOS? OS that was decades ahead of it's time and NSA free!

      =)

    • They don't need to backdoor the kernel, they can install stuff in the hardware your os runs on to do the same job.
    • by AHuxley (892839)
      Everything you connect Linux to is by default compromised. Every packet you send, every search term, every line of code you add or correct.
      So in theory and practice the code is safe. The first telco exchange/tower/branded box you connect is not.
      The hardware and software used to help Linux as part of a much larger setting maybe junk as the routers, switches and firewalls from multiple product vendor lines comment notes.
      You also have the hint of "“harvest” communications and tunnel into other
    • by fluffy99 (870997)

      Like everyone else on slashdot, I only run Debian and must say I smile when I see reports such as country sponsored malware strikes like this. But it does make me ask an honest question:

      How can we be sure that the Linux kernel isn't compromised? I don't really have the time to go through all lines of code and I doubt my security analysis and development skills are up to the task anyway.

      But, but, aren't there "many eyes" reviewing the code, making it perfectly safe? At least you recognize the fallacy of open source software being more secure. In reality there really isn't an entire community reviewing and proofing the code. Just a handful of hackers pouring through it looking for exploits. It's less likely that it was intentionally compromised, but in some respects the linux kernel and distros are more vulnerable because their code is published.

      • by sjames (1099)

        There is no fallacy there. It is *more* secure. That's only natural since it is open to examination by many more people with differing agendas and allegiances and there is no vetting process before they get access.

        What it isn't is *perfectly* secure. Nobody I know of is claiming that.

  • What is a good system admin to do when presented with information like this?

    Companies large and small need to think long and hard about their responsibility
    in the presence of secret orders, nationally funded hackers with agenda.

    Data and data compromise by hook, by crook, by truck, by cloud collapse are all possible.

    Key management, process management and more need to be understood by managers.

    Companies have been coasting and relying on credentials to qualify their employees
    to the point that managers near and

  • Could governments to reach an international agreement, a treaty, with verification inspections to stop this network sabotage? I have severe unexplainable problems on my routers periodically.

    I could not explain it. I spent years trying to find a reason. Now I have got an idea.
  • by Beryllium Sphere(tm) (193358) on Sunday September 01, 2013 @01:32AM (#44728879) Homepage Journal

    If they have really developed software which can do that, they should share their techniques with the commercial world. Software that can continue to run even after a system upgrade? Sign me up.

    • I'm guessing they have already shared their... samples, with the 'commercial world', the commercial world isn't just yet aware of it.
  • Who are these programmers doing this, and where does the government find them?
  • It is all getting so muddied up - who are the terrs now? The NSA and GCHQ are bigger threats to business IT systems than the traditional Romanian hackers. Of course all engineers and computer scientists always suspected as much, but the scope of the problem is rather larger than I ever suspected. I always assumed that these organizations have the capability to do targeted espionage attacks, but never thought that it will grow into blanket surveillance, for the simple reason that more data does not mean mor
  • Cheap dual ethernet motherboards see a jump in sales as whitebox testing units are constructed.
    A fast new cleanroom OS is loaded and deep packetsniffing code is carefully crafted.
    When the boss is home and clerical staff have packed up for the day...
    Ex staff and trusted colleagues load up their B2B and B2P machines with exciting new dual use orders from exotic locations.
    Will they see a hint of "routers, switches and firewalls from multiple product vendor lines" trying to “harvest” their effo
  • by sydneyfong (410107) on Sunday September 01, 2013 @02:21AM (#44729077) Homepage Journal

    Pentagon Sets Stage for U.S. to Respond to Computer Sabotage With Military Force

    http://online.wsj.com/article/SB10001424052702304563104576355623135782718.html [wsj.com]

  • by PapayaSF (721268) on Sunday September 01, 2013 @05:22AM (#44729653) Journal

    And yet Russia can call us up and say "Hey, there are two Chechen refugee brothers in Boston who we think are terrorists" and NOTHING HAPPENS.

If I have seen farther than others, it is because I was standing on the shoulders of giants. -- Isaac Newton

Working...