A Dutch publication, NRC Handelsblad, reported yesterday that the National Security Agency has infected over 50,000 computer networks worldwide with malicious software designed to steal sensitive information. This latest piece of information in a long series of stories to come from the Edward Snowden leaks on the American spying agency comes from a 2012 internal presentation on how the NSA collects information globally. The document refers to its methods as Computer Network Exploitation, defined as the secret infiltration of computer systems through the use of malware.
Though incredibly voluminous, the existence of NSA spyware is not novel or particularly surprising. Earlier reports showed that the agency had installed an estimated 20,000 digital implants by 2008, and public documents reveal that the department in charge of these operations, the TAO (Tailored Access Operations), employs over a thousand hackers.
Acting as a sort of virtual “sleeper cell,” the implants can remain in place undetected for years, and be turned off and on at will with a simple command issued remotely by the NSA. A relatively inexpensive procedure, the control of spyware can give the NSA access to information it was not previously privy too; the practice has evidently been in place from as early as 1998.
According to NRC, the transmission of NSA spyware appears to be fairly rudimentary—relying on the same sort of phishing and spamming tactics that any other malware or virus would be spread through, and installing NSA software onto unsuspecting users’ computers through what would superficially appear to be innocuous communications.
On Friday, a day prior to the latest NSA revelation, the enduringly popular social networking website Twitter announced that it has beefed up security to prevent further snooping by unwanted sources. After being the subject of sophisticated hacking attempts earlier this year and seeing that social networks are placed firmly on the NSA’s radar, Twitter has enabled “forward security” on its website. The new measure adds an extra layer of protection to communications between the site and users, making it exceptionally difficult for any unwanted intruders to decode encrypted data and steal user information.
Twitter’s security team says forward security “should be the new normal for web service owners… Our work on deploying forward secrecy is just the latest way in which Twitter is trying to defend and protect the user’s voice in that world.”
Forward security has previously been implemented by Facebook and Google as part of ongoing efforts to protect user data; as Twitter points out, it is just the latest development in “an ever-changing world” of security processes.