Tuesday, December 31, 2013

NSA can target individual computers with malware with TAO Program (report from German magazine)

The NSA can hack personal or business computers before they are delivered to customers, or sometimes when customers get operating system errors (particularly from Microsoft), which might be intentional. 
There was a report to this effect in the German magazine Speigel, for example here
The NSA has a “Tailored Access Program” or TAO, to hack specific targets, exploiting known operating system or browser vulnerabilities or cookies. 
It would appear that these efforts have been made only against Americans with certain kinds of overseas connections.  But the government has long feared that “steganography” could place hidden instructions for attacks on innocuous websites, including those run by amateurs.  This danger was widely discussed right after 9/11.
Despite the tremendous automation of snooping by the NSA, the compartmentalization of information (within the CIA, Pentagon, all sorts of agencies) probably still hinders the communication of "street level" observations that even amateur bloggers who "connect the dots" (like the character Jimmy in Smallville) by hand. 

In some cases TAO has taken some visitors to fake Facebook or LinkedIn pages in order to intercept “whitelisted” postings intended only for “Friends”.   I don’t think this is likely to involve many “average” Americans.  But social media sometimes has hidden clues to security-associated crimes and possible terror plans.  There was at least one murder of a security employee in 2008 where threats against her could be found on Myspace and in spam blogs.  It’s unclear how much information police got out of social media at the time, some related info here

No comments: