German publication Der Spiegel provides some interesting details about the NSA’s hacking capabilities, particularly regarding the tools used by the agency’s Tailored Access Operations (TAO) department.
Until a few years ago, the spy agency used spam, just like most common cybercriminals, to trick their targets into installing malware on their computers. However, spam is not very efficient, so TAO has developed a set of tools dubbed “QUANTUMTHEORY.”
Documents seen by Der Spiegel show that the tools are highly effective in targeting online services such as Yahoo, Facebook, Twitter and YouTube.
Apparently, the NSA hasn’t managed to use the method against Google services. On the other hand, the United Kingdom’s GCHQ, which acquired some QUANTUM tools from the US intelligence agency, has been successful in targeting Google.
One of the tools, dubbed “QUANTUMINSERT,” has been used by GCHQ to target Belgacom, the Belgian state-owned telecoms company. The same resource has been utilized by the NSA against the Organization of the Petroleum Exporting Countries (OPEC) to gain access to sensitive information.
This and other QUANTUM applications are reportedly linked to a shadow network maintained by the NSA. This network, which runs parallel to the Internet, is comprised not only of NSA machines, but also of routers and servers that have been compromised by the agency.
QUANTUM systems are designed to work automatically based on cookies and other information contained in Internet traffic. When a target’s email address or specific cookie is detected, the victim is rerouted to the NSA’s covert servers dubbed FOXACID.
In the case of the Belgacom breach, engineers who attempted to visit LinkedIn were redirected to FOXACID and custom malware was pushed onto their computers. The malware is specially made so that it exploits the vulnerabilities on the targeted device.
Apparently, attacks that involve LinkedIn have a success rate of more than 50%.