The NSA’s “Targeted” Surveillance Is Looking Less Targeted All the Time

Future Tense
The Citizen's Guide to the Future
March 12 2014 5:22 PM

The NSA’s “Targeted” Surveillance Is Looking Less Targeted All the Time

It's long been the conventional wisdom that if the NSA is after you, there's pretty much no stopping it from getting inside your computer. The agency's dedicated hacking unit, Tailored Access Operations, has all kinds of ways to take over your devices, steal your data, and monitor you through your webcam or microphone—assuming you're interesting enough to target. But according to new documents obtained from Edward Snowden and published by Glenn Greenwald and Future Tense alumnus Ryan Gallagher at the Intercept, the NSA and its British counterpart GCHQ have been automating these targeted operations, allowing for “industrial scale exploitation” that can potentially infect “millions” of machines with malware.

The documents show that the automated system, codenamed TURBINE, has allowed the number of active malware “implants” to increase dramatically—from about 100 to 150 infected machines in 2004 to tens of thousands over the next six to eight years—and is intended to “aggressively scale” into the millions by infecting in “groups rather than individually.”

Advertisement

Intelligence agencies have various ways of delivering spyware implants, from man-in-the-middle attacks to the much less frequently successful method of tricking users into downloading malicious attachments from emails. On the extreme end of the spectrum, the NSA's previously disclosed QUANTUM system allows the agency to masquerade as popular websites like Google and Facebook, returning a Web browser's request with malicious packets before the legitimate server has a chance to respond.

Perhaps most alarming, however, is how TURBINE's expansion seems to piggyback on the massive amounts of data that advertising networks collect from Web users. One slide from a classified presentation shows how targets are identified using “selectors” including Google preference IDs, Yahoo cookies, and the unique identifiers captured by DoubleClick for ad-targeting purposes. Google's tracking cookies can also reveal things like Web browsing habits, making it possible for TURBINE to pick out groups of people for infection. The NSA wouldn't comment on the system but reassured the Intercept that “signals intelligence shall be collected exclusively where there is a foreign intelligence or counterintelligence purpose to support national and departmental missions, and not for any other purposes.”

The ability to automate and increase the number of targets is good news for spy agencies, because it maximizes the usefulness of the security flaws they use to penetrate machines. Such exploits all come with expiration dates, and the more often and carelessly they're used, the less time it takes until they are detected and patched. (Last year, Reuters reported that the United States is now the top buyer of “zero-0day” exploits—critical flaws in software that are unknown to its developers.) With the automated system, however, those exploits become much more agile. TURBINE and QUANTUM can scan for certain selectors—like ad-targeting IDs or people visiting certain websites—select a suitable exploit, and automatically “shoot” it to intended targets.

This revelation suggests that the NSA's tailored-access platform is becoming a bit more like the un-targeted dragnets everyone has been so upset about: stuff like the mass-collection of phone metadata, and the tapping of undersea Internet cables, which allows the agency to filter through raw communications for keywords.

Of course, the question is whether having the capability to “target” people en-masse means that the NSA and GCHQ will necessarily do so. But based on what we know so far from the Snowden files, it's hard to imagine what would stop them.

Future Tense is a partnership of SlateNew America, and Arizona State University.

Joshua Kopstein is a cyberculture journalist who studies policy, activism, and the dystopian present.

TODAY IN SLATE

Politics

The Irritating Confidante

John Dickerson on Ben Bradlee’s fascinating relationship with John F. Kennedy.

My Father Invented Social Networking at a Girls’ Reform School in the 1930s

Renée Zellweger’s New Face Is Too Real

Sleater-Kinney Was Once America’s Best Rock Band

Can it be again?

The All The President’s Men Scene That Captured Ben Bradlee

Medical Examiner

Is It Better to Be a Hero Like Batman?

Or an altruist like Bruce Wayne?

Technology

Driving in Circles

The autonomous Google car may never actually happen.

The World’s Human Rights Violators Are Signatories on the World’s Human Rights Treaties

How Punctual Are Germans?

  News & Politics
Politics
Oct. 22 2014 12:44 AM We Need More Ben Bradlees His relationship with John F. Kennedy shows what’s missing from today’s Washington journalism.
  Business
Moneybox
Oct. 21 2014 5:57 PM Soda and Fries Have Lost Their Charm for Both Consumers and Investors
  Life
The Vault
Oct. 21 2014 2:23 PM A Data-Packed Map of American Immigration in 1903
  Double X
The XX Factor
Oct. 21 2014 3:03 PM Renée Zellweger’s New Face Is Too Real
  Slate Plus
Behind the Scenes
Oct. 21 2014 1:02 PM Where Are Slate Plus Members From? This Weird Cartogram Explains. A weird-looking cartogram of Slate Plus memberships by state.
  Arts
Brow Beat
Oct. 21 2014 9:42 PM The All The President’s Men Scene That Perfectly Captured Ben Bradlee’s Genius
  Technology
Technology
Oct. 21 2014 11:44 PM Driving in Circles The autonomous Google car may never actually happen.
  Health & Science
Climate Desk
Oct. 21 2014 11:53 AM Taking Research for Granted Texas Republican Lamar Smith continues his crusade against independence in science.
  Sports
Sports Nut
Oct. 20 2014 5:09 PM Keepaway, on Three. Ready—Break! On his record-breaking touchdown pass, Peyton Manning couldn’t even leave the celebration to chance.