NSA 'hijacked' criminal botnets to install spyware

SAN FRANCISCO Wed Mar 12, 2014 5:05pm EDT

A National Security Agency (NSA) data gathering facility is seen in Bluffdale, about 25 miles (40 km) south of Salt Lake City, Utah, December 16, 2013. Jim Urquhart/REUTERS

A National Security Agency (NSA) data gathering facility is seen in Bluffdale, about 25 miles (40 km) south of Salt Lake City, Utah, December 16, 2013. Jim Urquhart/

Credit: Reuters

Related Topics

SAN FRANCISCO (Reuters) - While U.S. law enforcement agencies have long tried to stamp out networks of compromised computers used by cyber criminals, the National Security Agency has been hijacking the so-called botnets as a resource for spying.

The NSA has "co-opted" more than 140,000 computers since August 2007 for the purpose of injecting them with spying software, according to a slide leaked by former NSA contractor Edward Snowden and published by The Intercept news website on Wednesday. (r.reuters.com/xut57v)

Botnets are typically used by criminals to steal financial information from infected machines, to relay spam messages, and to conduct "denial-of-service" attacks against websites by having all the computers try to connect simultaneously, thereby overwhelming them.

In November, Federal Bureau of Investigation Director James Comey told the Senate that botnets had "emerged as a global cyber security threat" and that the agency had developed a "comprehensive public-private approach to eliminate the most significant botnet activity and increase the practical consequences for those who use botnets for intellectual property theft or other criminal activities."

According to the NSA slide published by The Intercept, one technique the intelligence agency used was called QUANTUMBOT, which "finds computers belonging to botnets, and hijacks the command and control channel." The program was described as "highly successful."

Reuters reported in May that U.S. agencies had tapped botnets to harvest data from the machines' owners or to maintain the ability to issue the infected computers new commands.

The slide leaked by Snowden is the first confirmation of the practice, and underscores the complications for the NSA of balancing its major mission of providing eavesdropping capability with the less well-funded missions of protecting critical national assets and assisting law enforcement.

The Top Secret slide was marked for distribution to the "Five Eyes" intelligence alliance, which includes the United States and Britain.

The NSA declined to confirm or deny the existence of the program. It is not known if the botnets hijacked by the agency

were in other counties or in the United States, or if the botnets could have been recaptured by criminals.

Many botnet operations disable the machines' security software, leaving them vulnerable to new attacks by others.

In a written statement, an NSA spokeswoman said: "As the President affirmed on 17 January, signals intelligence shall be collected exclusively where there is a foreign intelligence or counterintelligence purpose to support national and departmental missions, and not for any other purposes.

"Moreover, Presidential Policy Directive 28 affirms that all persons - regardless of nationality - have legitimate privacy interests in the handling of their personal information, and that privacy and civil liberties shall be integral considerations in the planning of U.S. signals intelligence activities."

The Intercept article and supporting slides showed that the NSA had sought the means to automate the deployment of its tools for capturing email, browsing history and other information in order to reach as many as millions of machines.

It did not say whether such widespread efforts, which included impersonating web pages belonging to Facebook Inc and other companies, were limited to computers overseas.

If it did pursue U.S. computers, the NSA also could have minimized information about those users.

(Reporting by Joseph Menn; Editing by Tiffany Wu)

FILED UNDER:
We welcome comments that advance the story through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can flag it to our editors by using the report abuse links. Views expressed in the comments do not represent those of Reuters. For more information on our comment policy, see http://blogs.reuters.com/fulldisclosure/2010/09/27/toward-a-more-thoughtful-conversation-on-stories/
Comments (7)
Now if only they could also stop spammers, too…

Mar 12, 2014 5:29pm EDT  --  Report as abuse
Art16 wrote:
If NSA wants to infest a computer in the United States to gather data with an illegal technology, let them get a warrant. This is tantamount to an illegal search because they are doing this without required legal approval;i.e.,no warrant. This portrays the NSA in the same light as those infesting computers with bots for fun and profit, and illegally, to boot. Has the NSA lost its mature staffing? This sounds like they are smarty pants kids trying to play games.

Mar 12, 2014 5:33pm EDT  --  Report as abuse
mb56 wrote:
The Bush Administration lowered standards and gave the intelligence agencies MASSIVE budget increases. The consequence of such actions were completely predictable. We are now reaping what we sowed… the US has become the KING of Surveillance states in terms of the shear volumes of information being collected on people. With tortured logic they imply that the Forth Amendment has not been breached because they are only collecting the data and (supposedly) not widely searching it. One must wonder if our Founding Fathers would have been OK with copies of all their letters and communications being made and their travels tracked by government agents on the basis that it wouldn’t be looked at “unless needed”. I think not…

Mar 12, 2014 6:22pm EDT  --  Report as abuse
This discussion is now closed. We welcome comments on our articles for a limited period after their publication.

Pictures