Security Advisor

Leaked Documents Allege NSA Is Targeting Foreign System Admins

A series of internal message board posts detail how system admis are being targeted to gain access to the networks they control.

According to a newly leaked document from former NSA contractor Edward Snowden, the National Security Agency routinely targets system admin personal e-mails and Facebook accounts in an attempt to find access points into the admins' controlled networks.

The recently revealed document, which contained screen grabs of an internal NSA staff message board discussion, was recently disclosed to the public in a report by The Intercept. The publication found that in its attempt to bypass foreign network browsers, the NSA used the system admins as the gateways to access e-mails, phone calls and other communications of telecom and Internet companies.

In one message board topic titled "I hunt sys adms" from 2012, an unnamed network specialist in the NSA's Signals Intelligence Directorate discussed their role in infiltrating computers of system admins and how the NSA had created a database of high-target admins that the surveillance agency should go after.

"Up front, sys admins generally are not my end target," read the post. "My end target is the extremist/terrorist or government official that happens to be using the network some admin takes care of. Sys admins are a means to an end."

The post continued on to discuss gaining access to those with the "keys to the kingdom" involves searching the Internet for non-related forum or social networking posts by the targeted admin that also includes an admin's personal e-mail.

Once that has been acquired, the NSA then uses its QUANTUM exploitation tool -- an attack suite featuring DNS and HTTP injections -- to either gain immediate access to the admin's computer or later access by saving passwords in a database until needed.

"Now fade off with me into dream-land," the post continued. "Pretend that we had some master list. The master list contained tons of networks around the world, and the personal accounts of admins for each of those networks. And any time you wanted to target a new network, you could just find the admin associated with it, queue his accounts up for QUANTUM, get access to his box and proceed to pwn the network. Wouldn't that be swell?"

Gaining access to these targeted systems could grant the NSA with a list of customers on the controlled networks, a network map pulled from the system admins' hard drives, network password retrieval via a keylogger and details on how their networks are connected to the Internet.

The NSA declined to comment to The Intercept on the leaked message board posts.

About the Author

Chris Paoli (@ChrisPaoli5) is the associate editor for Converge360.


comments powered by Disqus

Subscribe on YouTube