Latest posts by Alvin Bryan (see all)
- Millionaire Tyupkin Malware ATM Hackers May Come to US, India After Hitting Europe - October 23, 2014
- BitLicense Will Allow Bitcoin Spying in New York - October 22, 2014
- Australians are Fighting Data Retention Laws - October 22, 2014
Edward Snowden has surprised us yet again with the contents of another batch of NSA documents. In these, we can read the details of a highly developed and powerful NSA hacking system. The umbrella system is called Turbulence. This system has several components that can launch automated attacks on a global and industrial scale. The NSA can and has been cracking almost any computer system or network it sets its sights on.
Turbulence and its Component Systems
Turbulence is the NSA codename for the group of automated systems that the agency uses for hacking. Turbulence includes two very interesting tools, Turmoil and Turbine. Turmoil is the network surveillance system that provides all the data accessed through the NSA’s XKeyScore database.
Turbine is a hacking engine that can target millions of networks at once. It is fully automated and can be activated by just pressing a button. Turbine is also capable of injecting malware. But this malware is designed to crack digital communications like VoIP and VPN traffic. This is normally done when a network is considered an important target. This means it either has a lot of data stored or gives access to the details of high priority targets. Turbine was designed particularly for insidious mass surveillance. The Turbine automated system routinely collects data on thousands of networks. But it can be expanded to snoop on millions of networks at any time.
The NSA has cracked some encryption protocols, but others remain safe. For VPNs, OpenVPN is the safest to use. The NSA can attempt to inject malware into OpenVPN, but it will be quickly and decisively removed. Users on VoIP can therefore use this type of VPN connection to secure their communications. Socks proxies were used previously for VoIP security, but this is no longer guaranteed safe. VPN Internet security is a user’s best bet. For instance, known OpenVPN providers like ExpressVPN can provide better security.
Turmoil can be accessed at the head offices of the NSA and the GCHQ. It is designed as an attack system that can launch an automated spread of attacks. It gets its power from the large capacity that the two agencies have for using man-in-the-middle exploits. It finds points at which Internet traffic is heavy and fires its barrage of attacks. With this power, Turmoil makes it possible for Turbulence systems automatically intercept and alter the data transmissions of different IPs. It can either inject malware or corrupt the communications stream.
VPN Internet Security against NSA Malware Attacks
VPN and VoIP systems are indicated as a priority in the NSA documents. Malware attacks are regularly launched by the NSA to try to compromise these systems. The agency has been doing this on an international scale. For protection against this invasive spying, users around the world need VPN Internet security from secure providers. VPN Internet security isn’t just having a tool that changes the user’s IP address. For true VPN Internet security, the provider must offer OpenVPN or at least L2TP/IPSec for devices that can’t yet use OpenVPN. In addition, users can trust their VPN Internet security only when their providers do not record their online activities.
The NSA is using an array of malware to gain access to protected computer systems and networks. They have malware designed to control or shut down computer systems and to scrape data and send it to NSA controlled servers. Below is a list of some malware launched by Turbulence tools:
♦ CaptivatedAudience – computer microphone control for conversation recording
♦ FoggyBottom and Grok – to capture emails, browser history files, passwords, and other online account credentials
♦ Gumfish – computer webcam control to take pictures of users
♦ Hammerstein – for man-in-the-middle attacks to compromise IKE on VPNs and other secure connections
♦ HammerChant – router implant for VoIP attacks (intercepts SIP/H.323, compromises RTP data streams)
♦ QuantumCopper – corrupts user file downloads
♦ Quantumsky – blocks access to websites
♦ SalvageRabbit – external hard drive scraper
♦ UnitedRake – modular malware for complete control of infiltrated computers