"Bots that are based in the U.S. are reported to the
    FBI Office of Victim Assistance."

What a load of horse ####.

The FBI Office of Victim Assistance?

Who the hell ever heard of that?

Who the hell ever had that office contact them and tell them that their
PC was hacked?

Nobody.

And now you know why the NT-line of Windoze is first and formost a
trojan hosting platform.  Because the US gov't wanted it that way. 

============================================

Documents leaked by Edward Snowden show the NSA hijacks botnets and
computers infected with malware by other intelligence agencies

IDG News Service | Jan 19, 2015 7:50 AM PT

In addition to having its own arsenal of digital weapons, the U.S.
National Security Agency reportedly hijacks and repurposes third-party
malware.

The NSA is using its network of servers around the world to monitor
botnets made up of thousands or millions of infected computers. When
needed, the agency can exploit features of those botnets to insert its
own malware on the already compromised computers, through a technology
codenamed Quantumbot, German news magazine Der Spiegel reported Sunday. 

One of the secret documents leaked by former NSA contractor Edward
Snowden and published by Der Spiegel contains details about a covert NSA
program called DEFIANTWARRIOR that's used to hijack botnet computers and
use them as "pervasive network analysis vantage points" and "throw-away
non-attributable CNA [computer network attack] nodes."

This means that if a user's computer is infected by cybercriminals with
some malware, the NSA might step in, deploy their own malware alongside
it and then use that computer to attack other interesting targets. Those
attacks couldn't then be traced back to the NSA.

According to the leaked document, this is only done for foreign
computers. Bots that are based in the U.S. are reported to the FBI
Office of Victim Assistance.

The NSA also intercepts and collects data that is stolen by third-party
malware programs, especially those deployed by other foreign
intelligence agencies, if it is valuable. It refers to this practice as
"fourth party collection."

In 2009, the NSA tracked a Chinese cyberattack against the U.S.
Department of Defense and was eventually able to infiltrate the
operation. It found that the Chinese attackers were also stealing data
from the United Nations so it continued to monitor the attackers while
they were collecting internal UN data, Der Spiegel reported.

It goes deeper than that. One leaked secret document contains an NSA
worker's account of a case of fifth party collection. It describes how
the NSA infiltrated the South Korean CNE (computer network exploitation)
program that targeted North Korea.

"We found a few instances where there were NK officials with SK implants
on their boxes, so we got on the exfil [data exfiltration] points, and
sucked back the data," the NSA staffer wrote in the document. "However,
some of the individuals that SK was targeting were also part of the NK
CNE program. So I guess that would be the fifth party collect you were
talking about."

In other words, the NSA spied on a foreign intelligence agency that was
spying on a different foreign intelligence agency that had interesting
data of its own.

Sometimes the NSA also uses the servers of unsuspecting third parties as
scapegoats, Der Spiegel reported. When exfiltrating data from a
compromised system, the data is sent to such servers, but it is then
intercepted and collected en route though the NSA's vast upstream
surveillance network.

The documents published by Der Spiegel also shine more light on the
malware capabilities of the NSA and the rest of the Five Eyes partners
-- the intelligence agencies of the U.K., Canada, Australia and New
Zealand.

One leaked document from the Communications Security Establishment
Canada (CSEC) describes a unified computer network exploitation platform
codenamed WARRIORPRIDE that is used by all Five Eyes partners and can be
extended through plug-ins.

Der Spiegel released samples of an old keylogger program dubbed QWERTY
that likely acted as a WARRIORPRIDE plug-in, so that the security
industry can analyze it and possibly find other connections. The
keylogger was among the files leaked by Snowden to journalists.

Another leaked document dated June 2012 describes the technical
accomplishments of a malware writer working for one of the Five Eyes
agencies. One of the computer network attack (CNA) tools he developed is
codenamed PITIEDFOOL and can be used to wipe data from computer hard
disk drives at a preconfigured time after first disabling Volume Shadow
Copy (VSS), a Windows backup service that can be used to restore data.

"I took a build of FUZZYEBOLA from last month, and without recompiling
inserted the PITIEDFOOL binary with configuration details to execute it
at a certain time," the tool's author wrote describing a test. "At that
time I saw the process usage slightly increase (from 0% to around 2%)
and a few minutes later the system rebooted and didn't come back up.
Running a file recovery tool over the entire drive yielded some files
(from scraping headers) but nearly the entire contents of the drive were
irrecoverable, and if it had been configured to securely wipe every
sector on the drive after killing the MFT and VSS it wouldn't have been
able to recover anything at all. Success!"

If national security agencies are adopting such destructive file wiping
malware programs, their use might become a frequent occurrence in the
future. Wiper malware was used in August 2012 to destroy data on 30,000
computers at Saudi Aramco, the national oil company of Saudi Arabia; in
March 2013 against South Korean banks and broadcasting organizations,
and recently against Sony Pictures Entertainment in the U.S.

In each of those cases, previously unknown hacktivist groups claimed
responsibility for the attacks. However, the FBI later attributed the
attack against Sony to North Korea, resulting in new U.S. sanctions
against the country. 

http://www.computerworld.com/article/2871687/the-nsa-not-only-creates-but-also-
hijacks-malware-with-quantumbot.html
--- NewsGate v1.0 gamma 2