The�NSA�has "co-opted" more than 140,000 computers since August 2007

NSA hijacked botnets to use for spying

The US National Security Agency has been hijacking botnets as a resource for spying, according to a leaked slide by Edward Snowden.

The NSA has "co-opted" more than 140,000 computers since August 2007 for the purpose of injecting them with spying software, according to the slide that was published by The Intercept news website on yesterday.

The networks of compromised computers are typically used by criminals to steal financial information from infected machines, to relay spam messages, and to conduct "denial-of-service" attacks against websites by having all the computers try to connect simultaneously, thereby overwhelming the target site.

The NSA declined to confirm or deny the existence of the program. It is not known if the botnets hijacked by the agency were in other counties or in the United States, or if the botnets could have been recaptured by criminals.

In a written statement, an NSA spokeswoman said: "As the President affirmed on 17 January, signals intelligence shall be collected exclusively where there is a foreign intelligence or counterintelligence purpose to support national and departmental missions, and not for any other purposes.

"Moreover, Presidential Policy Directive 28 affirms that all persons – regardless of nationality – have legitimate privacy interests in the handling of their personal information, and that privacy and civil liberties shall be integral considerations in the planning of US signals intelligence activities."

According to the NSA slide, one technique the intelligence agency used was called QUANTUMBOT, which "finds computers belonging to botnets, and hijacks the command and control channel." The program was described as "highly successful."

The Intercept article and supporting slides showed that the NSA had sought the means to automate the deployment of its tools for capturing email, browsing history and other information in order to reach as many as millions of machines.

It did not say whether such widespread efforts, which included impersonating web pages belonging to Facebook and other companies, were limited to computers overseas. If it did pursue US computers, the NSA also could have minimised information about those users.

Reuters reported in May that US agencies had tapped botnets to harvest data from the machines' owners or to maintain the ability to issue the infected computers new commands and the leaked slide is the first confirmation of the practice.

The Top Secret slide was marked for distribution to the "Five Eyes" intelligence alliance, which includes the USA and Britain.

In November, Federal Bureau of Investigation Director James Comey told the Senate that botnets had "emerged as a global cyber security threat" and that the agency had developed a "comprehensive public-private approach to eliminate the most significant botnet activity and increase the practical consequences for those who use botnets for intellectual property theft or other criminal activities."

Recent articles

Info Message

Our sites use cookies to support some functionality, and to collect anonymous user data.

Learn more about IET cookies and how to control them

Close