Chinese company Xitan Lab recently disclosed information about the ANB system, a global monitoring system capable of intercepting Internet traffic and introducing harmful software through vulnerabilities at the browser level. The system consists of two main components: Turmoil and Turbine.
Turmoil and Turbine: Key Components of Global Surveillance
Turmoil is a passive data collection system that uses sensors placed at strategic points in the global network to analyze and extract valuable information from Internet traffic, including encrypted VPN and VOIP data. Turmoil can also monitor satellite communication, microwave, underwater optical cables, and other types of traffic. The system includes monitoring nodes known as Green Mugs and operates in collaboration with the ANB Menwith Hill base in the UK.
The main link in the tracking system is the Menwith Hill base in the UK, where ANB analysts from the US and the UK work together to collect intelligence information using ground satellite stations.
Turmoil operators filter data flows of interest, such as activity on Google, Yahoo, Facebook, and Skype, processing network data packages and sending valuable information to the XKEYSCORE tracking program for storage and analysis. If significant targets are identified, Turbine is activated for further actions.
Turbine is an active intervention system that injects malicious programs into devices by redirecting traffic to the Foxacid espionage platform and exploiting vulnerabilities to deliver implants to targeted computers.
Collaboration of Turmoil and Turbine Systems
When a user attempts to access a site like Facebook, Turmoil determines if the user is of interest. If flagged, Turbine redirects the user’s request through a malicious server, exploiting browser vulnerabilities to install malicious software on the device. This enables the ANB to gather information from the infected device.
The study highlights that Turmoil and Turbine are just a part of the larger ANB monitoring mechanism, with future publications expected to reveal more components. The actions of the NSA in monitoring Internet activities raise concerns about the extent of surveillance and the security of the global network.
*META and its products are considered extremist and are banned in Russia.