NSA 'hijacked' criminal botnets to install spyware
Leaked slide confirms hijacking of 140,000 computers
A slide, leaked by Edward Snowden and published by Intercept News on Wednesday shows that 140,000 computers have been "co-opted" for installing spyware by the National Security Agency (NSA) since 2007.
Reuters reports that the NSA has been hijacking botnets as a means of spying. Botnets are usually used by criminals to steal financial information from infected machines, to relay spam messages and to conduct "denial of service" attacks against websites by having all the computers try to connect simultaneously, thereby overwhelming them. Many botnet operations disable the machine's security software leaving them vulnerable to new attacks by others.
The top secret slide - which according to Reuters was marked for distribution to the "Five Eyes" intelligence alliance, which includes the United States and Britain - calls this particular operation "QUANTOMBOT". QUANTOMBOT "takes control of idle IRC bots and finds computers belonging to botnets and hijacks the command and control channel", according to the slide. It describes QAUNTOMBOT's operation as "highly successful". The slide is said to be the first confirmation of the practice.
The NSA declined to confirm or deny the existence of the programme. It is not known if the botnets hijacked by the agency were in other counties or in the United States, or if the botnets could have been recaptured by criminals.
In a written statement, an NSA spokeswoman said: "As the President affirmed on 17 January, signals intelligence shall be collected exclusively where there is a foreign intelligence or counterintelligence purpose to support national and departmental missions, and not for any other purposes.
"Moreover, Presidential Policy Directive 28 affirms that all persons - regardless of nationality - have legitimate privacy interests in the handling of their personal information, and that privacy and civil liberties shall be integral considerations in the planning of U.S. signals intelligence activities."
The Intercept article and supporting slides showed that the NSA had sought the means to automate the deployment of its tools for capturing email, browsing history and other information in order to reach as many as millions of machines.
It did not say whether such widespread efforts, which included impersonating Web pages belonging to Facebook Inc and other companies, were limited to computers overseas.
If it did pursue U.S. computers, the NSA also could have minimised information about those users.