October 9, 2013

How NSA Deploys Malwares

How NSA Deploys Malwares


NSA is counted as the world’s premier spy agency, as it is expert in breaking into computers. A more detailed view can be seen that how NSA exploits the privacy of their targeted computers. All of this information was disclosed by Snowden in past weeks. NSA is using a malware to enter into the computers of their targets. The templates of those malware are widely used by criminals and fraudsters, as well as foreign intelligence agencies. It has become important to secure yourself from the attackers.

Malware installations have got two steps. First, the attacker has to make his victim attract towards his website which is controlled by them. Second attacker has to get malware installed in the victim’s system to get the control of their machine.

In order to make victim visit website from where an attacker can get access to his system, he can send an email with a link of the website in a description which is a phishing attack. Reports disclose that NSA is using phishing attacks but this step is preceded via “man in the middle” attack.  NSA has got their own codenamed servers “Quantum” which helps the NSA to redirect their targets away from their destinations to other NSA servers which injects the malware. But the question is how will they be able to take control of the system of their victim? The answer to the question is that the attacker has to trick the victim into downloading and running the software. This can be done by designing a very attractive popup for the victim.

But this method does not always work, and relies on a user taking action to download and run the software. Instead, attackers can exploit software vulnerabilities in the browser that the victim is using in order to gain access to her computer. When a victim’s browser loads a website, the software has to perform tasks like parsing text given to it by the server, and will often load browser plugins like Flash that run code given to it by the server, in addition to executing Javascript code given to it by the server. But browser software—which is becoming increasingly complex as the web gains more functionality—doesn’t work perfectly. Like all software, it has bugs, and sometimes those bugs are exploitable security vulnerabilities that allow an attacker to gain access to a victim’s computer just because a particular website was visited. Once browser vendors discover vulnerabilities, they are generally patched, but sometimes a user has out of date software that is still vulnerable to known attacks. Other times, the vulnerabilities are known only to the attacker and not to the browser vendor; these are called zero-day vulnerabilities.

NSA has got a set of server which is on public internet named “FoxAcid” which are used to install malware. This software is linked from Quantum once the victims system gets redirected to FoxAcid it starts a tool kit which gains the control over victim’s software. This system is used to make the initial malware last longer. Once the attacker gains full control over the victim’s machine, he will be able to read the keystrokes helping them to know the passwords , turning on the webcams or read any data which they thing is useful for their investigations.

This is a great threat as using the malware; anyone can enter into the privacy of your machine. Some useful steps can be taken from the users from which they can secure their machines. Firstly, updating your software is necessary especially browser plugins which require manual updates. Keep checking on whether your updating software is genuine or fake.

For users who want to go an extra step towards being more secure—and we think everyone should be in this camp—consider making plugins like Flash and Java “click-to-play” so that they are not executed on any given web page until you affirmatively click them. For Chromium and Chrome, this option is available in Settings => Show Advanced Settings => Privacy => Content Settings => Plug-ins. For Firefox, this functionality is available by installing a browser Add-On like “Click to Play per-element”. Plugins can also be uninstalled or turned off completely. Users should also use ad blocking software to stop unnecessary web requests to third party advertisers and web trackers, and our HTTPS Everywhere add-on in order to encrypt connections to websites with HTTPS as much as possible.

Finally, for users who are willing to notice some more pain when browsing the web, consider using an add-on like NotScripts (Chrome) or NoScript (Firefox) to limit the execution of scripts. This means you will have to click to allow scripts to run, and since Javascript is very prevalent, you will have to click a lot. For Firefox users, RequestPolicy is another useful add-on that stops third-party resources from loading on a page by default. Once again, as third-party resources are popular, this will disrupt ordinary browsing a fair amount. Finally, for the ultra paranoid,HTTP Nowhere will disable all HTTP traffic completely, forcing your browsing experience to be entirely encrypted, and making it so that only websites that offer an HTTPS connection are available to browse.

NSA’s system of injecting malware is not very original but having the knowledge of its working helps you to make your browsers and machines safe from the attacks of criminals, foreign agencies and a host of attackers. NSA should come clean as their steps of tracking and injecting can hurt the privacy and information which is a private affair of people.



How to, Internet, Security and Hacking, Tech Tips