1 January 2014

NSA Hackers Get the ‘Ungettable’ With Rich Catalog of Custom Tools

12.30.13


An item in a catalog of hacking tools available to the NSA subverts the firewalls made by the U.S. firm Juniper Networks.

While most Americans spend their time shopping Amazon, Target and Apple.com, the National Security Agency’s elite team of hackers spends its time shopping a secret high-end catalog of custom tools designed to subvert firewalls, servers, and routers made by U.S. firms, impersonate a GSM base station to intercept mobile phone calls, or siphon data from a wireless network.

Hackers in the Tailored Access Operations division get the “ungettable” data the NSA can’t otherwise obtain from tapping undersea cables or collecting bulk data from companies like Yahoo and Google. They do this by by installing backdoors and other implants remotely or by physically intercepting hardware being delivered to customers and planting backdoors in firmware, der Spiegel reports, citing newly disclosed documents from NSA whistleblower Edward Snowden.

“For nearly every lock, ANT seems to have a key in its toolbox,” der Spiegel writes. “And no matter what walls companies erect, the NSA’s specialists seem already to have gotten past them.”

The $40,0000 CANDYGRAM mimics a cell phone tower to intercept signals from mobile phones and track targets.

With names like PICASSO, IRATEMONKEY, COTTONMOUTH, and WATERWITCH, the various tools allow NSA snoops to map networks and not only monitor data but surreptitiously divert it or modify it.

A 50-page catalog from the NSA’s ANT Divisionprovides a handy list of tools NSA employees can order to hack a target’s hardware and include prices that range from free to $250,000, according to der Spiegel. The 2008 catalog (which can be viewed here) includes $30 rigged monitor cables that let NSA spies see what a target sees on his computer, a $40,000 GSM base station that mimics a mobile phone tower to track users, and computer bugging devices disguised as USB plugs that are capable of sending and receiving data via radio. A 50-pack costs more than $1 million.

Another modified GSM handset called PICASSO collects user data, location information and room audio, all for the bargain price of $2,000.

Also listed among the array of products NSA hackers can buy is a digital lockpick for firewalls made by Juniper Networks. The hacking tool, called FEEDTROUGH, lets the NSA burrow into a Juniper firewall to install other tools — implants called ZESTYLEAK and BANANAGLEE — onto a target’s servers. FEEDTROUGH provides persistent access to the system even after reboots and software upgrades so that spy tools wiped from a system during these processes can be restored.

Other tools place a backdoor in routers made by Cisco, or infect the BIOS of a computer to maintain a persistent foothold even if the hard drive is wiped clean and the operating system reinstalled.

The HALLUXWATER does what the U.S. accuses China of doing — installs a backdoor on products made by the Chinese firm Huawei.

Ironically, the list also includes tools for the NSA to plant a backdoor in firewalls and routers made by Huawei, a Chinese firm that has come under tremendous scrutiny recently amid suspicions it might be providing surveillance backdoors for the Chinese government.

The backdoors and other spy tools listed in the NSA catalog appear to be only after-market implants rather than backdoors installed with the manufacturer’s cooperation.

Some of the tools can be installed remotely via the internet, others require an “interdiction” — the NSA’s term for the physical intrusion of a device or system to implant a bugging device on it. In this case, the NSA relies on the CIA or FBI to gain physical access to a system or intercept product shipments from manufacturers and retailers so the spies can subvert equipment before it’s delivered to the customer.

The ANT tools help the NSA reach systems and data in a more efficient fashion than hacking individual computers or tapping undersea cables, where it must sift a lot of data. By compromising a target organization’s routers and servers, it can zero in on an entire network to map its infrastructure and uncover vulnerabilities, siphon entire spools of email from servers or target specific machines, including industrial control systems. But these implants, depending on how securely they’re designed, could introduce a security risk that allows others to hijack the same equipment to take over a system.

The TRINITY microcontroller for implanting into targeted devices costs $625,000 for a package of 100.

No comments: