Over the past months, leaked documents from the NSA, GCHQ, and other agencies have shed light on efforts to dramatically scale the process of putting malware on targets' computers. At The Intercept, Glenn Greenwald and Ryan Gallagher have published more details about how these programs work, and what tools operatives use to compromise security — whether that's by hacking routers or impersonating Facebook. A program known as TURBINE, first revealed last year, is meant to dramatically speed the process: one document says it will "allow the current implant network to scale to large size (millions of implants) by creating a system that does automated control implants by groups instead of individually."
The group behind TURBINE, known as the NSA's Tailored Access Operations (TAO) division, gathers information on specific targets, but Greenwald and security experts worry that a large, automated system makes the surveillance process too painless and open to abuse. The scaling process, according to Greenwald, started in 2004, when the NSA operated only 100 to 150 software implants. The number of implants used in the years between 2010 to 2012, by contrast, is described as numbering in the tens of thousands. The documents revealed in this report appear to be mostly from 2009.
As always, the leaked documents reveal new details and color commentary about how the NSA approached its work. One internal post, concerning large-scale router compromises, was entitled "I hunt sys admins" and extolled the benefits of hacking large networks in order to get at targets that include government officials. "Sys admins are a means to an end," wrote the operative. Another document describes a program called QUANTUMHAND, in which the agency would attempt to direct targets to a fake Facebook server. It was apparently officially launched in 2010 after being tested successfully on "about a dozen targets." And one slide deck describes a whole series of QUANTUM attacks, ranging from spam messages to instant messaging compromise to taking control of botnets.