Some more Edward Snowden document leaks have shed further light on the United States National Security Agency‘s initiative to compromise system administrators. The NSA is allegedly using these techniques to further their quest to gather intelligence on American citizens and the potential enemies of the US, both foreign and domestic.
These latest documents lay out the agency’s plan to construct a network of system administrators; personnel that are associated with access to networks which the agency wants to implant malware and or spyware upon.
According to Firstlook, the database that has been generated by the NSA includes network maps, customer lists, correspondence, and other data. The agency started these efforts by using surveillance on a network administrator and then gathering IP and surfing information about that individual. “What we’d really like is a personal webmail or Facebook account to target,” claimed the documents. More “analog” methods of intelligence gathering on targets include tactics such as dumpster diving, or searching for “official and non-official emails” that the admins may have online. The aforementioned “Quantum” program would then be let loose on the unfortunate recipient. The author of the posts colloquially wrote, “Just pull those selectors, queue them up for Quantum, and proceed with the pwnage,”
This sysop corruption method was previously used to infiltrate Belgacom, the Belgian telecommunications company, by the UK’s GCHQ. The NSA author wrote that “all you have to do is put all this info in a database somewhere, and what you end up with is a list of networks as well as personal accounts that probably belong to those admins.” Then, upon finding a person of interest “see if we have any admins pre-identified for that network, and if we do, automatically queue up tasking.”
Is this a worrying thought? What do you think? As always, if you would like to leave a sensible comment, then please do so in the comments section below.
[Image via: patdollard]