A newly discovered NSA cyber espionage program was revealed by researchers earlier this week which involves the agency installing malware in hardware firmaware. As serious as this is, the list of websites that the malware uses to send information back to the NSA is actually kind of amusing. Random letters and numbers would look too suspicious so some people actually sat down and came up with all the silly names the NSA uses for its fake websites.
The names suggest a parade of a C-list websites. There was NewJunk4U.com and Monster-Ads.net, CoffeeHausBlog.com and SuddenPlot.com. But, these sad-sounding domains actually were artful creations of the National Security Agency: They were fronts for distributing and controlling government malware around the world. Those domains and 109 others came to light last month as part of the “Equation Group” report from anti-virus vendor Kaspersky. Researchers at Kaspersky identified 300 such domains, and published 113 of them. The NSA’s malware domains always have been a closely guarded secret—it’s the kind of direct, actionable information that can expose even old cyber espionage operations. Now the agency is in an awkward position: What should it do with these domains now that their covers have been blown? The domains were chosen to look legitimate, which means the US government is effectively cyber squatting on a sizable portfolio of names like newjunk4u.com and businessdealsblog.com that are no longer useful for espionage, but potentially valuable for business.