TURBINE (US government project)

Last updated

TURBINE is the codename of an automated system which enables the United States National Security Agency (NSA) automated management and control of a large surveillance network.

The NSA has built an infrastructure which enables it to covertly hack into computers on a mass scale by using automated systems that reduce the level of human oversight in the process. This system places and controls implants – a form of remotely transmitted malware on selected individual computer devices or in bulk on tens of thousands of devices. As quoted by The Intercept , TURBINE is designed to "allow the current implant network to scale to large size (millions of implants) by creating a system that does automated control implants by groups instead of individually." [1] The NSA has shared many of its files on the use of implants with its counterparts in the so-called Five Eyes surveillance alliance – the United Kingdom, Canada, New Zealand, and Australia.

Among other things due to TURBINE and its control over the implants the NSA is capable of:

The TURBINE implants are linked to, and relies upon, a large network of clandestine surveillance "sensors" that the NSA has installed at locations across the world, including the agency's headquarters in Maryland (Fort George G. Meade) and eavesdropping bases used by the agency in Misawa, Japan (Misawa Air Base) and Menwith Hill, England (RAF Menwith Hill). Codenamed as TURMOIL, the sensors operate as a sort of high-tech surveillance dragnet, monitoring packets of data as they are sent across the Internet. When TURBINE implants exfiltrate data from infected computer systems, the TURMOIL sensors automatically identify the data and return it to the NSA for analysis. And when targets are communicating, the TURMOIL system can be used to send alerts or "tips" to TURBINE, enabling the initiation of a malware attack. To identify surveillance targets, the NSA uses a series of data "selectors" as they flow across Internet cables. These selectors can include email addresses, IP addresses, or the unique "cookies" containing a username or other identifying information that are sent to a user's computer by websites such as Google, Facebook, Hotmail, Yahoo, and Twitter, unique Google advertising cookies that track browsing habits, unique encryption key fingerprints that can be traced to a specific user, and computer IDs that are sent across the Internet when a Windows computer crashes or updates. [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] [14] [15] [16]

See also

Related Research Articles

<span class="mw-page-title-main">ECHELON</span> Signals intelligence collection and analysis network

ECHELON, originally a secret government code name, is a surveillance program operated by the five signatory states to the UKUSA Security Agreement: Australia, Canada, New Zealand, the United Kingdom and the United States, also known as the Five Eyes.

<span class="mw-page-title-main">Malware</span> Malicious software

Malware is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, deprive access to information, or which unknowingly interferes with the user's computer security and privacy. Researchers tend to classify malware into one or more sub-types.

<span class="mw-page-title-main">National Security Agency</span> U.S. signals intelligence organization

The National Security Agency (NSA) is a national-level intelligence agency of the United States Department of Defense, under the authority of the Director of National Intelligence (DNI). The NSA is responsible for global monitoring, collection, and processing of information and data for foreign and domestic intelligence and counterintelligence purposes, specializing in a discipline known as signals intelligence (SIGINT). The NSA is also tasked with the protection of U.S. communications networks and information systems. The NSA relies on a variety of measures to accomplish its mission, the majority of which are clandestine. The existence of the NSA was not revealed until 1975. The NSA has roughly 32,000 employees.

<span class="mw-page-title-main">Firmware</span> Low-level computer software

In computing, firmware is a specific class of computer software that provides the low-level control for a device's specific hardware. Firmware, such as the BIOS of a personal computer, may contain basic functions of a device, and may provide hardware abstraction services to higher-level software such as operating systems. For less complex devices, firmware may act as the device's complete operating system, performing all control, monitoring and data manipulation functions. Typical examples of devices containing firmware are embedded systems, home and personal-use appliances, computers, and computer peripherals.

Interdiction is a military term for the act of delaying, disrupting, or destroying enemy forces or supplies en route to the battle area. A distinction is often made between strategic and tactical interdiction. The former refers to operations whose effects are broad and long-term; tactical operations are designed to affect events rapidly and in a localized area.

Cyber spying, cyber espionage, or cyber-collection is the act or practice of obtaining secrets and information without the permission and knowledge of the holder of the information from individuals, competitors, rivals, groups, governments and enemies for personal, economic, political or military advantage using methods on the Internet, networks or individual computers through the use of proxy servers, cracking techniques and malicious software including Trojan horses and spyware. It may wholly be perpetrated online from computer desks of professionals on bases in far away countries or may involve infiltration at home by computer trained conventional spies and moles or in other cases may be the criminal handiwork of amateur malicious hackers and software programmers.

<span class="mw-page-title-main">Tailored Access Operations</span> Unit of the U.S. National Security Agency

The Office of Tailored Access Operations (TAO), now Computer Network Operations, and structured as S32, is a cyber-warfare intelligence-gathering unit of the National Security Agency (NSA). It has been active since at least 1998, possibly 1997, but was not named or structured as TAO until "the last days of 2000," according to General Michael Hayden.

<span class="mw-page-title-main">XKeyscore</span> Mass surveillance system

XKeyscore is a secret computer system used by the United States National Security Agency (NSA) for searching and analyzing global Internet data, which it collects in real time. The NSA has shared XKeyscore with other intelligence agencies, including the Australian Signals Directorate, Canada's Communications Security Establishment, New Zealand's Government Communications Security Bureau, Britain's Government Communications Headquarters, Japan's Defense Intelligence Headquarters, and Germany's Bundesnachrichtendienst.

<span class="mw-page-title-main">Global surveillance disclosures (2013–present)</span> Disclosures of NSA and related global espionage

Ongoing news reports in the international media have revealed operational details about the Anglophone cryptographic agencies' global surveillance of both foreign and domestic nationals. The reports mostly emanate from a cache of top secret documents leaked by ex-NSA contractor Edward Snowden, which he obtained whilst working for Booz Allen Hamilton, one of the largest contractors for defense and intelligence in the United States. In addition to a trove of U.S. federal documents, Snowden's cache reportedly contains thousands of Australian, British, Canadian and New Zealand intelligence files that he had accessed via the exclusive "Five Eyes" network. In June 2013, the first of Snowden's documents were published simultaneously by The Washington Post and The Guardian, attracting considerable public attention. The disclosure continued throughout 2013, and a small portion of the estimated full cache of documents was later published by other media outlets worldwide, most notably The New York Times, the Canadian Broadcasting Corporation, the Australian Broadcasting Corporation, Der Spiegel (Germany), O Globo (Brazil), Le Monde (France), L'espresso (Italy), NRC Handelsblad, Dagbladet (Norway), El País (Spain), and Sveriges Television (Sweden).

<span class="mw-page-title-main">Timeline of global surveillance disclosures (2013–present)</span>

This timeline of global surveillance disclosures from 2013 to the present day is a chronological list of the global surveillance disclosures that began in 2013. The disclosures have been largely instigated by revelations from the former American National Security Agency contractor Edward Snowden.

A man-on-the-side attack is a form of active attack in computer security similar to a man-in-the-middle attack. Instead of completely controlling a network node as in a man-in-the-middle attack, the attacker only has regular access to the communication channel, which allows him to read the traffic and insert new messages, but not to modify or delete messages sent by other participants. The attacker relies on a timing advantage to make sure that the response he sends to the request of a victim arrives before the legitimate response.

HackingTeam was a Milan-based information technology company that sold offensive intrusion and surveillance capabilities to governments, law enforcement agencies and corporations. Its "Remote Control Systems" enable governments and corporations to monitor the communications of internet users, decipher their encrypted files and emails, record Skype and other Voice over IP communications, and remotely activate microphones and camera on target computers. The company has been criticized for providing these capabilities to governments with poor human rights records, though HackingTeam states that they have the ability to disable their software if it is used unethically. The Italian government has restricted their licence to do business with countries outside Europe.

Ryan Gallagher is a Scottish investigative journalist. He writes about security and civil liberties for Bloomberg News, and previously worked for The Intercept reporting on classified documents leaked by former National Security Agency contractor Edward Snowden. He has previously worked for The Intercept, The Guardian, Slate, and the Financial Times.

Regin is a sophisticated malware and hacking toolkit used by United States' National Security Agency (NSA) and its British counterpart, the Government Communications Headquarters (GCHQ). It was first publicly revealed by Kaspersky Lab, Symantec, and The Intercept in November 2014. The malware targets specific users of Microsoft Windows-based computers and has been linked to the US intelligence-gathering agency NSA and its British counterpart, the GCHQ. The Intercept provided samples of Regin for download, including malware discovered at a Belgian telecommunications provider, Belgacom. Kaspersky Lab says it first became aware of Regin in spring 2012, but some of the earliest samples date from 2003. Among computers infected worldwide by Regin, 28 percent were in Russia, 24 percent in Saudi Arabia, 9 percent each in Mexico and Ireland, and 5 percent in each of India, Afghanistan, Iran, Belgium, Austria, and Pakistan.

The Equation Group, classified as an advanced persistent threat, is a highly sophisticated threat actor suspected of being tied to the Tailored Access Operations (TAO) unit of the United States National Security Agency (NSA). Kaspersky Labs describes them as one of the most sophisticated cyber attack groups in the world and "the most advanced (...) we have seen", operating alongside the creators of Stuxnet and Flame. Most of their targets have been in Iran, Russia, Pakistan, Afghanistan, India, Syria and Mali.

Operation Anarchist was a joint operation between the American National Security Agency and British Government Communications Headquarters to monitor advanced weapons systems in the Middle East, with a particular focus on Israel. Begun in 1998, it was publicly exposed in January 2016 as a result of documents released by Edward Snowden. It has been called the worst intelligence breach in Israel's history.

<span class="mw-page-title-main">Point-of-sale malware</span>

Point-of-sale malware is usually a type of malicious software (malware) that is used by cybercriminals to target point of sale (POS) and payment terminals with the intent to obtain credit card and debit card information, a card's track 1 or track 2 data and even the CVV code, by various man-in-the-middle attacks, that is the interception of the processing at the retail checkout point of sale system. The simplest, or most evasive, approach is RAM-scraping, accessing the system's memory and exporting the copied information via a remote access trojan (RAT) as this minimizes any software or hardware tampering, potentially leaving no footprints. POS attacks may also include the use of various bits of hardware: dongles, trojan card readers, (wireless) data transmitters and receivers. Being at the gateway of transactions, POS malware enables hackers to process and steal thousands, even millions, of transaction payment data, depending upon the target, the number of devices affected, and how long the attack goes undetected. This is done before or outside of the card information being (usually) encrypted and sent to the payment processor for authorization.

Targeted surveillance is a form of surveillance, such as wiretapping, that is directed towards specific persons of interest, and is distinguishable from mass surveillance. Both untargeted and targeted surveillance is routinely accused of treating innocent people as suspects in ways that are unfair, of violating human rights, international treaties and conventions as well as national laws, and of failing to pursue security effectively.

<span class="mw-page-title-main">Vault 7</span> CIA files on cyber war and surveillance

Vault 7 is a series of documents that WikiLeaks began to publish on 7 March 2017, detailing the activities and capabilities of the United States Central Intelligence Agency (CIA) to perform electronic surveillance and cyber warfare. The files, dating from 2013 to 2016, include details on the agency's software capabilities, such as the ability to compromise cars, smart TVs, web browsers, and the operating systems of most smartphones, as well as other operating systems such as Microsoft Windows, macOS, and Linux. A CIA internal audit identified 91 malware tools out of more than 500 tools in use in 2016 being compromised by the release. The tools were developed by the Operations Support Branch of the C.I.A.

DoublePulsar is a backdoor implant tool developed by the U.S. National Security Agency's (NSA) Equation Group that was leaked by The Shadow Brokers in early 2017. The tool infected more than 200,000 Microsoft Windows computers in only a few weeks, and was used alongside EternalBlue in the May 2017 WannaCry ransomware attack. A variant of DoublePulsar was first seen in the wild in March 2016, as discovered by Symantec.

References

  1. 1 2 Ryan Gallagher and Greenwald (March 12, 2014). "How the NSA Plans to Infect 'Millions' of Computers with Malware". The Intercept. Retrieved March 12, 2014.
  2. Gallagher, Ryan (March 15, 2014). "Compare the NSA's Facebook Malware Denial to its Own Secret Documents". The Intercept. Retrieved March 23, 2014.
  3. Gallagher, Sean (March 12, 2014). "NSA's automated hacking engine offers hands-free pwning of the world". Ars Technica. Retrieved March 23, 2014.
  4. "Thousands of Implants". The Intercept. March 12, 2014. Retrieved March 12, 2014.
  5. "Industrial-Scale Exploitation". The Intercept. March 12, 2014. Retrieved March 12, 2014.
  6. "NSA Technology Directorate Analysis of Converged Data". The Intercept. March 12, 2014. Retrieved March 12, 2014.
  7. "There Is More Than One Way to Quantum". The Intercept. March 12, 2014. Retrieved March 12, 2014.
  8. "NSA Phishing Tactics and Man in the Middle Attacks". The Intercept. March 12, 2014. Retrieved March 12, 2014.
  9. "Quantum Insert Diagrams". The Intercept. March 12, 2014. Retrieved March 12, 2014.
  10. "TURBINE and TURMOIL". The Intercept. March 12, 2014. Retrieved March 12, 2014.
  11. "The NSA and GCHQ's QUANTUMTHEORY Hacking Tactics". The Intercept. March 12, 2014. Retrieved March 12, 2014.
  12. "Menwith Hill Station Leverages XKeyscore for Quantum Against Yahoo and Hotmail". The Intercept. March 12, 2014. Retrieved March 12, 2014.
  13. "Five Eyes Hacking Large Routers". The Intercept. March 12, 2014. Retrieved March 12, 2014.
  14. "Selector Types". The Intercept. March 12, 2012. Retrieved March 12, 2014.
  15. "VPN and VOIP Exploitation With HAMMERCHANT and HAMMERSTEIN". The Intercept. March 12, 2014. Retrieved March 12, 2014.
  16. "Thousands of Implants". The Intercept. March 12, 2014. Retrieved March 13, 2014.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.