As the cataract of code words and compromises continues to course from Edward Snowden's cache of classified information, it's easy to lose track of what, exactly, the US National Security Agency and its allies can and can't do. So let's clarify that -- especially given that last week's revelations make it clear that the NSA's capabilities go way, way beyond what was previously thought.
It's obvious that the NSA could do more than, say, the organised cybercriminal gangs of eastern Europe. The agency has more and arguably smarter people -- it hires the "best and brightest" -- and those people have been working on the problems for far longer.
Over the years, criminals have built software systems that automate many of the processes of hacking. Tools to "weaponise" otherwise innocuous programs or documents so they'll infect the computers on which they're opened. Tools that automatically check that these new pieces of malware (malicious software) will successfully evade commercial anti-virus software. Tools that automatically look at a computer's configuration, figure out a way to hack into it
, and install a remote access tool (RAT), which in turn means that the hacker can control anything and everything happening on that computer. And tools that can link thousand or even millions of these "zombies" into a botnet (a network of robots) and use them in complex transnational criminal operations
In 2011, one of the major information security vendors taught technology journalists how to use these tools to create a cybercrime network. It took just 90 minutes. It'd then take a day or two to customise that process to the needs of your own criminal operation. The only particularly difficult part isn't even technical: it's figuring out how to launder all the money you'd make without getting caught.
So yes, the NSA has all of this. Once the agency has control of a target's computer, it would presumably be less interested in watching for any credit card numbers that might be typed, or placing phoney orders for iPhones through online retailers, and more interested in looking at email and other documents for signs of evil or turning on the microphone to listen in to nearby conversations, but the principles are basically the same.
But the NSA has much more, as revealed in last week's story at First Look ...