By Stephen Shankland

One NSA “implant,” once installed could bypass encryption by making a secret copy of calls made over Skype or other voice-over-Internet Protocol communications, according to a document leaked by Edward Snowden.

(Credit: The Intercept)

Through an operation called Turbine, the NSA crafted an automated system designed to hack “millions” of computers, new documents from Edward Snowden’s leaks on government surveillance reveal.

According to documents published by The Intercept on Wedesday, Turbine created “implants” that let it gain access to peoples’ computers. Getting the implants onto machines involved an array of deceptions: fake Facebook Web pages, spam emails with malicious links, and man-in-the-middle attacks that would “shoot” bogus data at a target’s computer when the NSA detected it was visiting a Web site the NSA could spoof.

Once the National Security Agency implants were installed, they could be used to gain access to data before it was encrypted. As the article describes some of the work:

An implant plug-in named CAPTIVATEDAUDIENCE, for example, is used to take over a targeted computer’s microphone and record conversations taking place near the device. Another, GUMFISH, can covertly take over a computer’s webcam and snap photographs. FOGGYBOTTOM records logs of Internet browsing histories and collects login details and passwords used to access websites and email accounts. GROK is used to log keystrokes. And SALVAGERABBIT exfiltrates data from removable flash drives that connect to an infected computer.

Related stories

  • Google paves the way for more wearable apps
  • Snowden: Mass surveillance doesn’t work, encryption does
  • In most-anticipated SXSW talk in years, Snowden fires up Austin

Though the system was designed to work at large scale, through automated attack mechanisms that don’t require human intervention, it’s not clear exactly how broadly it actually was used. However, it appears the NSA was interested in more people than just the direct targets.

Attacking system administrators at foreign telecommunications and Internet service providers apparently was one broader group, for example. “Sys admins are a means to an end,” according to one document, since they make it easier to target a “government official that happens to be using the network some admin takes care of.”

In a statement to The Intercept, the NSA didn’t comment on specifics but said, “As the president made clear on 17 January, signals intelligence shall be collected exclusively where there is a foreign intelligence or counterintelligence purpose to support national and departmental missions, and not for any other purposes.”

Related Links:
Snowden at SXSW: The NSA set fire to the future of the Internet
Yahoo, ICQ chats still vulnerable to government snoops
TrustyCon’s RSA Conference rebels promise more to come
Colbert turns his funny gun on Snowden in RSA keynote
Kill the Snowden interview, congressman tells SXSW