The NSA’s “Targeted” Surveillance Is Looking Less Targeted All the Time

The Citizen's Guide to the Future
March 12 2014 5:22 PM

The NSA’s “Targeted” Surveillance Is Looking Less Targeted All the Time

It's long been the conventional wisdom that if the NSA is after you, there's pretty much no stopping it from getting inside your computer. The agency's dedicated hacking unit, Tailored Access Operations, has all kinds of ways to take over your devices, steal your data, and monitor you through your webcam or microphone—assuming you're interesting enough to target. But according to new documents obtained from Edward Snowden and published by Glenn Greenwald and Future Tense alumnus Ryan Gallagher at the Intercept, the NSA and its British counterpart GCHQ have been automating these targeted operations, allowing for “industrial scale exploitation” that can potentially infect “millions” of machines with malware.

The documents show that the automated system, codenamed TURBINE, has allowed the number of active malware “implants” to increase dramatically—from about 100 to 150 infected machines in 2004 to tens of thousands over the next six to eight years—and is intended to “aggressively scale” into the millions by infecting in “groups rather than individually.”


Intelligence agencies have various ways of delivering spyware implants, from man-in-the-middle attacks to the much less frequently successful method of tricking users into downloading malicious attachments from emails. On the extreme end of the spectrum, the NSA's previously disclosed QUANTUM system allows the agency to masquerade as popular websites like Google and Facebook, returning a Web browser's request with malicious packets before the legitimate server has a chance to respond.

Perhaps most alarming, however, is how TURBINE's expansion seems to piggyback on the massive amounts of data that advertising networks collect from Web users. One slide from a classified presentation shows how targets are identified using “selectors” including Google preference IDs, Yahoo cookies, and the unique identifiers captured by DoubleClick for ad-targeting purposes. Google's tracking cookies can also reveal things like Web browsing habits, making it possible for TURBINE to pick out groups of people for infection. The NSA wouldn't comment on the system but reassured the Intercept that “signals intelligence shall be collected exclusively where there is a foreign intelligence or counterintelligence purpose to support national and departmental missions, and not for any other purposes.”

The ability to automate and increase the number of targets is good news for spy agencies, because it maximizes the usefulness of the security flaws they use to penetrate machines. Such exploits all come with expiration dates, and the more often and carelessly they're used, the less time it takes until they are detected and patched. (Last year, Reuters reported that the United States is now the top buyer of “zero-0day” exploits—critical flaws in software that are unknown to its developers.) With the automated system, however, those exploits become much more agile. TURBINE and QUANTUM can scan for certain selectors—like ad-targeting IDs or people visiting certain websites—select a suitable exploit, and automatically “shoot” it to intended targets.

This revelation suggests that the NSA's tailored-access platform is becoming a bit more like the un-targeted dragnets everyone has been so upset about: stuff like the mass-collection of phone metadata, and the tapping of undersea Internet cables, which allows the agency to filter through raw communications for keywords.

Of course, the question is whether having the capability to “target” people en-masse means that the NSA and GCHQ will necessarily do so. But based on what we know so far from the Snowden files, it's hard to imagine what would stop them.

Future Tense is a partnership of SlateNew America, and Arizona State University.

Joshua Kopstein is a cyberculture journalist who studies policy, activism, and the dystopian present.



Talking White

Black people’s disdain for “proper English” and academic achievement is a myth.

Hong Kong’s Protesters Are Ridiculously Polite. That’s What Scares Beijing So Much.

The One Fact About Ebola That Should Calm You: It Spreads Slowly

Operation Backbone

How White Boy Rick, a legendary Detroit cocaine dealer, helped the FBI uncover brazen police corruption.

A Jaw-Dropping Political Ad Aimed at Young Women, Apparently

The XX Factor
Oct. 1 2014 4:05 PM Today in GOP Outreach to Women: You Broads Like Wedding Dresses, Right?

How Even an Old Hipster Can Age Gracefully

On their new albums, Leonard Cohen, Robert Plant, and Loudon Wainwright III show three ways.

How Tattoo Parlors Became the Barber Shops of Hipster Neighborhoods

This Gargantuan Wind Farm in Wyoming Would Be the Hoover Dam of the 21st Century

Oct. 1 2014 8:34 AM This Gargantuan Wind Farm in Wyoming Would Be the Hoover Dam of the 21st Century To undertake a massively ambitious energy project, you don’t need the government anymore.
  News & Politics
Oct. 1 2014 7:26 PM Talking White Black people’s disdain for “proper English” and academic achievement is a myth.
Buy a Small Business
Oct. 1 2014 11:48 PM Inking the Deal Why tattoo parlors are a great small-business bet.
Dear Prudence
Oct. 2 2014 6:00 AM Can’t Stomach It I was shamed for getting gastric bypass surgery. Should I keep the procedure a secret?
  Double X
The XX Factor
Oct. 1 2014 5:11 PM Celebrity Feminist Identification Has Reached Peak Meaninglessness
  Slate Plus
Behind the Scenes
Oct. 1 2014 3:24 PM Revelry (and Business) at Mohonk Photos and highlights from Slate’s annual retreat.
Brow Beat
Oct. 1 2014 9:39 PM Tom Cruise Dies Over and Over Again in This Edge of Tomorrow Supercut
Future Tense
Oct. 1 2014 6:59 PM EU’s Next Digital Commissioner Thinks Keeping Nude Celeb Photos in the Cloud Is “Stupid”
  Health & Science
Oct. 1 2014 4:03 PM Does the Earth Really Have a “Hum”? Yes, but probably not the one you’re thinking.
Sports Nut
Oct. 1 2014 5:19 PM Bunt-a-Palooza! How bad was the Kansas City Royals’ bunt-all-the-time strategy in the American League wild-card game?