The NSA has denied infecting millions of computers using its Turbine system

NSA denies infecting millions of computers

The US National Security Agency has denied allegations it has been infecting millions of computers with malware.

The statement comes after reports earlier this week, based on classified NSA documents from whistleblower Edward Snowden, revealed the existence of Turbine – a system designed to scale up the NSA's hacking operations by automating the deployment of malware that hijacks computer command and control channels "by groups instead of individually".

The report in The Intercept, which also alleged that the NSA had masqueraded as a fake Facebook server to use the social media site as a launching pad to infect computers, did not allege the NSA actually used the system to infect millions of computers, merely that it had the capability.

It instead pointed to previous reports based on Snowden’s documents that put the number of implants deployed by the agency at between 85,000 to 100,000, but the US government agency has sought to downplay the significance of the revelations.

“Recent media reports that allege NSA has infected millions of computers around the world with malware, and that NSA is impersonating US social media or other websites, are inaccurate,” it said in a statement.

“The NSA uses its technical capabilities only to support lawful and appropriate foreign intelligence operations, all of which must be carried out in strict accordance with its authorities. Technical capability must be understood within the legal, policy, and operational context within which the capability must be employed.

“The NSA's authorities require that its foreign intelligence operations support valid national security requirements, protect the legitimate privacy interests of all persons, and be as tailored as feasible. NSA does not use its technical capabilities to impersonate US company websites.

“Nor does NSA target any user of global Internet services without appropriate legal authority. Reports of indiscriminate computer exploitation operations are simply false.”

A slide published with The Intercept's report also revealed that aside from developing technology to create its own botnets, the Turbine program included "co-opting" more than 140,000 computers belonging to existing botnets since August 2007 for the purpose of injecting them with command and control software.

Recent articles

Info Message

Our sites use cookies to support some functionality, and to collect anonymous user data.

Learn more about IET cookies and how to control them