Security Advisor

Leaked Documents Allege NSA Is Targeting Foreign System Admins

A series of internal message board posts detail how system admis are being targeted to gain access to the networks they control.

According to a newly leaked document from former NSA contractor Edward Snowden, the National Security Agency routinely targets system admin personal e-mails and Facebook accounts in an attempt to find access points into the admins' controlled networks.

The recently revealed document, which contained screen grabs of an internal NSA staff message board discussion, was recently disclosed to the public in a report by The Intercept. The publication found that in its attempt to bypass foreign network browsers, the NSA used the system admins as the gateways to access e-mails, phone calls and other communications of telecom and Internet companies.

In one message board topic titled "I hunt sys adms" from 2012, an unnamed network specialist in the NSA's Signals Intelligence Directorate discussed their role in infiltrating computers of system admins and how the NSA had created a database of high-target admins that the surveillance agency should go after.

"Up front, sys admins generally are not my end target," read the post. "My end target is the extremist/terrorist or government official that happens to be using the network some admin takes care of. Sys admins are a means to an end."

The post continued on to discuss gaining access to those with the "keys to the kingdom" involves searching the Internet for non-related forum or social networking posts by the targeted admin that also includes an admin's personal e-mail.

Once that has been acquired, the NSA then uses its QUANTUM exploitation tool -- an attack suite featuring DNS and HTTP injections -- to either gain immediate access to the admin's computer or later access by saving passwords in a database until needed.

"Now fade off with me into dream-land," the post continued. "Pretend that we had some master list. The master list contained tons of networks around the world, and the personal accounts of admins for each of those networks. And any time you wanted to target a new network, you could just find the admin associated with it, queue his accounts up for QUANTUM, get access to his box and proceed to pwn the network. Wouldn't that be swell?"

Gaining access to these targeted systems could grant the NSA with a list of customers on the controlled networks, a network map pulled from the system admins' hard drives, network password retrieval via a keylogger and details on how their networks are connected to the Internet.

The NSA declined to comment to The Intercept on the leaked message board posts.

About the Author

Chris Paoli is the site producer for Redmondmag.com and MCPmag.com.

Featured

  • How To Configure Windows 10 for Intel Optane Memory

    Intel's Optane memory technology can significantly improve the performance of your Windows 10 system -- provided you enable it correctly. A single mistake can render the system unbootable. Here's how to do it the right way.

  • Microsoft and SAP Enhance Partnership with Teams Integration

    Microsoft and SAP this week described continuing partnership efforts on Microsoft Azure, while also planning a Microsoft Teams integration with SAP's enterprise resource planning product and other solutions.

  • Blue Squares Graphic

    Microsoft Previews Azure IoT Edge for Linux on Windows

    Microsoft announced a preview of Azure IoT Edge for Linux on Windows, which lets organizations tap Linux virtual machine processes that also work with Windows- and Azure-based processes and services.

  • How To Automate Tasks in Azure SQL Database

    Knowing how to automate tasks in the cloud will make you a more productive DBA. Here are the key concepts to understand about cloud scripting and a rundown of the best tools for automating code in Azure.

comments powered by Disqus