The NSA’s “Targeted” Surveillance Is Looking Less Targeted All the Time

The Citizen's Guide to the Future
March 12 2014 5:22 PM

The NSA’s “Targeted” Surveillance Is Looking Less Targeted All the Time

It's long been the conventional wisdom that if the NSA is after you, there's pretty much no stopping it from getting inside your computer. The agency's dedicated hacking unit, Tailored Access Operations, has all kinds of ways to take over your devices, steal your data, and monitor you through your webcam or microphone—assuming you're interesting enough to target. But according to new documents obtained from Edward Snowden and published by Glenn Greenwald and Future Tense alumnus Ryan Gallagher at the Intercept, the NSA and its British counterpart GCHQ have been automating these targeted operations, allowing for “industrial scale exploitation” that can potentially infect “millions” of machines with malware.

The documents show that the automated system, codenamed TURBINE, has allowed the number of active malware “implants” to increase dramatically—from about 100 to 150 infected machines in 2004 to tens of thousands over the next six to eight years—and is intended to “aggressively scale” into the millions by infecting in “groups rather than individually.”


Intelligence agencies have various ways of delivering spyware implants, from man-in-the-middle attacks to the much less frequently successful method of tricking users into downloading malicious attachments from emails. On the extreme end of the spectrum, the NSA's previously disclosed QUANTUM system allows the agency to masquerade as popular websites like Google and Facebook, returning a Web browser's request with malicious packets before the legitimate server has a chance to respond.

Perhaps most alarming, however, is how TURBINE's expansion seems to piggyback on the massive amounts of data that advertising networks collect from Web users. One slide from a classified presentation shows how targets are identified using “selectors” including Google preference IDs, Yahoo cookies, and the unique identifiers captured by DoubleClick for ad-targeting purposes. Google's tracking cookies can also reveal things like Web browsing habits, making it possible for TURBINE to pick out groups of people for infection. The NSA wouldn't comment on the system but reassured the Intercept that “signals intelligence shall be collected exclusively where there is a foreign intelligence or counterintelligence purpose to support national and departmental missions, and not for any other purposes.”

The ability to automate and increase the number of targets is good news for spy agencies, because it maximizes the usefulness of the security flaws they use to penetrate machines. Such exploits all come with expiration dates, and the more often and carelessly they're used, the less time it takes until they are detected and patched. (Last year, Reuters reported that the United States is now the top buyer of “zero-0day” exploits—critical flaws in software that are unknown to its developers.) With the automated system, however, those exploits become much more agile. TURBINE and QUANTUM can scan for certain selectors—like ad-targeting IDs or people visiting certain websites—select a suitable exploit, and automatically “shoot” it to intended targets.

This revelation suggests that the NSA's tailored-access platform is becoming a bit more like the un-targeted dragnets everyone has been so upset about: stuff like the mass-collection of phone metadata, and the tapping of undersea Internet cables, which allows the agency to filter through raw communications for keywords.

Of course, the question is whether having the capability to “target” people en-masse means that the NSA and GCHQ will necessarily do so. But based on what we know so far from the Snowden files, it's hard to imagine what would stop them.

Future Tense is a partnership of SlateNew America, and Arizona State University.

Joshua Kopstein is a cyberculture journalist who studies policy, activism, and the dystopian present.



Don’t Worry, Obama Isn’t Sending U.S. Troops to Fight ISIS

But the next president might. 

The Extraordinary Amicus Brief That Attempts to Explain the Wu-Tang Clan to the Supreme Court Justices

Amazon Is Officially a Gadget Company. Here Are Its Six New Devices.

The Human Need to Find Connections in Everything

It’s the source of creativity and delusions. It can harm us more than it helps us.

How Much Should You Loathe NFL Commissioner Roger Goodell?

Here are the facts.

Altered State

The Plight of the Pre-Legalization Marijuana Offender

What should happen to weed users and dealers busted before the stuff was legal?

Surprise! The Women Hired to Fix the NFL Think the NFL Is Just Great.

You Shouldn’t Spank Anyone but Your Consensual Sex Partner

Sept. 17 2014 5:10 PM The Most Awkward Scenario in Which a Man Can Hold a Door for a Woman
  News & Politics
Altered State
Sept. 17 2014 11:51 PM The Plight of the Pre-Legalization Marijuana Offender What should happen to weed users and dealers busted before the stuff was legal?
Business Insider
Sept. 17 2014 1:36 PM Nate Silver Versus Princeton Professor: Who Has the Right Models?
Dear Prudence
Sept. 18 2014 6:00 AM All Shook Up My 11-year-old has been exploring herself with my “back massager.” Should I stop her?
  Double X
The XX Factor
Sept. 17 2014 6:14 PM Today in Gender Gaps: Biking
  Slate Plus
Slate Fare
Sept. 17 2014 9:37 AM Is Slate Too Liberal?  A members-only open thread.
Brow Beat
Sept. 17 2014 8:25 PM A New Song and Music Video From Angel Olsen, Indie’s Next Big Thing
Future Tense
Sept. 17 2014 9:00 PM Amazon Is Now a Gadget Company
  Health & Science
Bad Astronomy
Sept. 18 2014 7:30 AM Red and Green Ghosts Haunt the Stormy Night
Sports Nut
Sept. 17 2014 3:51 PM NFL Jerk Watch: Roger Goodell How much should you loathe the pro football commissioner?