Leaked Documents Show NSA Compromising Computer Hardware And Communication Technology On A Massive Scale
from the all-your-goddamn-everything-are-belong-to-us dept
Der Spiegel has released more NSA documents detailing the agency's hacking efforts around the globe. The so-called Tailored Access Operations (TAO) is the NSA's group of tech masterminds, deployed to insert the agency into worldwide communications. TAO uses a variety of exploits and backdoors to achieve this access, much of which is detailed in a 50-page document that Der Spiegel likens to a "mail-order catalog."
Another team (ANT -- Advanced or Access Network Technology) creates the exploits and "sells" them to the agency, providing access to communications and data that TAO can't achieve on its own.
In cases where TAO's usual hacking and data-skimming methods don't suffice, ANT workers step in with their special tools, penetrating networking equipment, monitoring mobile phones and computers and diverting or even modifying data. Such "implants," as they are referred to in NSA parlance, have played a considerable role in the intelligence agency's ability to establish a global covert network that operates alongside the Internet.Between TAO and ANT, vast amounts of computer hardware have been compromised. Der Spiegel notes that ANT prefers to deploy its exploits at the BIOS level where they can remain undetected by most security and anti-virus programs. Other programs it creates hitch a ride in device firmware, including that of major American hard drive manufacturers like Western Digital, Seagate and Maxtor. (Apparently, Samsung and Huawei are similarly compromised, making them the only non-American companies listed in the documents.)
Some of the equipment available is quite inexpensive. A rigged monitor cable that allows "TAO personnel to see what is displayed on the targeted monitor," for example, is available for just $30. But an "active GSM base station" -- a tool that makes it possible to mimic a mobile phone tower and thus monitor cell phones -- costs a full $40,000. Computer bugging devices disguised as normal USB plugs, capable of sending and receiving data via radio undetected, are available in packs of 50 for over $1 million.
ANT also targets communications by compromising network equipment.
Other ANT programs target Internet routers meant for professional use or hardware firewalls intended to protect company networks from online attacks. Many digital attack weapons are "remotely installable" -- in other words, over the Internet. Others require a direct attack on an end-user device -- an "interdiction," as it is known in NSA jargon -- in order to install malware or bugging equipment.It's unclear whether ANT provides exploits to other agencies, but the fact that a catalog exists suggests ANT isn't solely supplying the NSA. (If it is, one wonders why prices are listed. If it's internal development and deployment only, cost wouldn't be an issue.)
Security researcher Jacob Appelbaum, one of the contributors to the Der Spiegel article, addressed the Chaos Communication Congress over the weekend, delivering more details on ANT's exploits, including exploits affecting iOS devices and any phone using GSM connections. Most surprising perhaps was this exploit-in-a-box device that can deliver its compromising payload from up to eight miles away.
None of this should be taken to imply the TAO isn't perfectly capable of creating its own high-level exploits and backdoors. If anything, TAO is the more physical and aggressive counterpart to ANT, executing raids to achieve physical access to devices and networks (often with the assistance of the FBI -- or at least its vehicles).
An internal description of TAO's responsibilities makes clear that aggressive attacks are an explicit part of the unit's tasks. In other words, the NSA's hackers have been given a government mandate for their work. During the middle part of the last decade, the special unit succeeded in gaining access to 258 targets in 89 countries -- nearly everywhere in the world. In 2010, it conducted 279 operations worldwide…Even more disturbing, the NSA's TAO operation waylays purchased hardware en route to customers in order to install exploits.
To conduct those types of operations, the NSA works together with other intelligence agencies such as the CIA and FBI, which in turn maintain informants on location who are available to help with sensitive missions. This enables TAO to attack even isolated networks that aren't connected to the Internet. If necessary, the FBI can even make an agency-owned jet available to ferry the high-tech plumbers to their target. This gets them to their destination at the right time and can help them to disappear again undetected after as little as a half hour's work.
If a target person, agency or company orders a new computer or related accessories, for example, TAO can divert the shipping delivery to its own secret workshops. The NSA calls this method interdiction. At these so-called "load stations," agents carefully open the package in order to load malware onto the electronics, or even install hardware components that can provide backdoor access for the intelligence agencies. All subsequent steps can then be conducted from the comfort of a remote computer.The NSA's programs continue to make the world less safe for computer users under the guise of "security." Exploits go undiscovered and unpatched. Handcrafted exploits and backdoors are deployed without affected companies' knowledge. TAO has manipulated one of the most infamous Windows error messages in order to gain passive access to computers around the world.
The automated crash reports are a "neat way" to gain "passive access" to a machine, the presentation continues. [via XKEYSCORE, most likely.] Passive access means that, initially, only data the computer sends out into the Internet is captured and saved, but the computer itself is not yet manipulated. Still, even this passive access to error messages provides valuable insights into problems with a targeted person's computer and, thus, information on security holes that might be exploitable for planting malware or spyware on the unwitting victim's computer.While not as directly useful as TAO and ANT's other tools, it still deployed frequently enough that the dialog box itself has become an agency inside joke.
[The altered text reads: "This information may be intercepted by a foreign SIGINT system to gather detailed information and better exploit your machine."]
These new revelations will only give foreign customers even more reasons to distrust American hardware. Der Spiegel's article notes that Samsung and Huawei hardware may be similarly compromised, but by and large, most of the "damage" seems to be domestic. Estimates have suggested American companies will potentially lose $150+ billion as a result of the NSA's actions. This should push that number even higher.
The question that needs to be asked is if this damage is worth it. The agency likely believes it is -- or at least believes it shouldn't be held responsible for tanking the overseas prospects of American tech companies. According to its defenders, the real problem here is the leaks, not the exploitation of every piece of hardware and software it can get its hands on. After all, if Snowden hadn't taken those documents, this would still be a secret and foreign companies will still be purchasing compromised goods from US companies.
The NSA has never seriously considered the consequences of its activities being exposed. This should have been factored in when considering the "costs" of programs like these. Nothing operates in a vacuum, not even the most secretive of agencies. Frankly, the level of exploitation exposed here verges on inconceivable. Any crying agency spokespersons have done about methods being exposed now looks like nothing more than diversionary noises delivered with poker faces. The agency has "root access." The rest is just skimming the surface.
Thank you for reading this Techdirt post. With so many things competing for everyoneâs attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: ant, compromised hardware, nsa, surveillance, tao
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in chronology ]
"Interdiction"
[ link to this | view in chronology ]
Also - is this why the sound stopped working for Netflix last night?
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
As for the companies, nothing is new there. Anything happening digitally can be monitored and removing a few exploits will only do so little to reduce the occurances.
[ link to this | view in chronology ]
Re: Re:
The only limit is their budget, and that doesn't even seem to stop much.
You think ANT is more troublesome than TAO? ANT is more like what most people think of hacking as being. What TAO has done, is exactly what they have accused China of doing infecting the firmware of Hard drives and motherboards.
The NSA MUST GO! They will be the ruin of this nation.
The NSA sounds like Col. Nathan R. Jessep in A Few Good Men.
and we need to reapond just like Lt.
Kaffee:
Sad to say it, but those cheap Chinese routers, hard drives and computers are looking like a much better buy than that Cisco, Western Digital, Dell gear. Sure China copied the motherboard, and chips, but made their own, NSA free firmware.
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re:
The point is to much of the rest of the world, they would prefer not to have the US spying on them. It is far more preferable to have China or Korea spying on them than the US.
Let's be honest China hasn't been all that effective at keeping their spying secret, or even using the information they gather all that effectively.
I will not be at all surprised to see huge downturns in US tech sales over then next few years, probably enough to create a recession, perhaps worse.
For me personally, I simply keep most of my gear off the net and on isolation transformers. That only leaves RF or physical access. Not foolproof, but you would have to really want access and apply a lot of special effort to get it.
[ link to this | view in chronology ]
Re: Re: Re: Re:
I'd much rather have the Chinese spying on me than the NSA. They don't have nearly as much power over me as the US gov't does (US no-fly lists, US border searches, "random" IRS audits, etc., etc.)
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
The reason ANT is more troublesome is the suggestion that they may be selling their hardware to other entities as well where there is no mandate on how those devices are used.
[ link to this | view in chronology ]
Re: Re: Re: Re:
If I am going to go to the trouble of developing software to hitch a ride on firmware, then I am also going to go to the trouble to make sure is widely deployed by infecting the factory image (not as hard as you might think). You simply then only target those system you want to even though they are all infected. Meh, may as well have a peek and see if John Doe is up to anything interesting...
Sure the ANT crap like monitor cables and GSM Base Stations... are more targeted but firmware or BIOS exploits you can bet your bottom dollar they are widely deployed to a LOT of systems. That is the only way that makes any sense, and they have shown they are much more interested in large scale than limited targeting.
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re:
As you can see by the comments, many here would find it far preferable to have the Chinese spying on them than the U.S. Government.
Go outside the U.S. and that sentiment will likely be 10 - 20 fold higher in most parts of the world. China, while fairly brutal to their own people are mostly benign to the rest of the world (yes that is changing).
The U.S. on the other hand, who's people are supposed to have things like privacy, due process... it turns out are becoming more like China every day. Due process is barely a formality with the deck increasingly stacked against the U.S. people. For the rest of the world the U.S. has much greater influence over world politics, financial markets... Basically, the U.S. has become the playground bully. It imposes its political will (determined mostly by corporate interests) on the world, and increasingly on its own people.
Therefore spying from the U.S. is likely to have much more impact than spying from China, or other countries. The result will likely be backlash against Corporate America who has shown themselves to be all to eager to grant the NSA backdoors, allow them to provide code...
[ link to this | view in chronology ]
Re: Re:
Yes some of the actions described, even Applebaum's ending on illicit cables is pretty much well known, first published in 1985: Van Eck Phreaking It just wasn't done at this scale before.
By the US Government not disclosing these critical vulnerabilities has led now to a lot of damage to US companies as Mike points out, as well as third parties, also could be of US origin, that are currently using these products.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
think Windows 7 is immune?
[ link to this | view in chronology ]
The problem is actually worse
Given that the NSA has compromised systems in enormous numbers, what's to prevent third parties from piggybacking on that? Whether they're other US agencies, other governments, criminals, or freelancers, what's to stop them from taking advantages of the NSA's largesse?
Breaking systems is hard (well, some of the time). Breaking a system you already know is broken is much easier. The NSA has quite effectively, and apparently quite pervasively, lowered the bar for every attacker on the planet.
Exercise for the reader: how many of the security breaches that we've seen in the last few years were a direct consequence of this?
[ link to this | view in chronology ]
Re: The problem is actually worse
If they haven't been helping the rest of the government to fix their security, it means that the NSA has been letting (for example) the Pentagon use software/hardware that's known to be insecure. It also raises the urgent question of to whom, exactly, they've been selling these exploits. GCHQ? Local law enforcement? Mossad?
[ link to this | view in chronology ]
We've tons of proof that it isn't working. The NSA was doing this during the time of 9/11 only not quite as intensive yet failed to communicate the danger. The Boston bombing went off without detection. So one has to look at who is the real target. I would say the real target is US citizens. This was demonstrated during the OWS protests, where the FBI co-ordinated various police agencies across the nation on how to deal with the protests.
The sad part about all this is rarely are laws unmade once in action. It's beginning to look like of you want any privacy at all, living in a cave may come out to be the only answer.
Democracy no longer has the safe guards that it once had. I tend to think this has went way overboard and way too far in all this domestic spying. Something will have to be done by our politicians, simply to save their hallowed local state industries. The question now is how much of it will be feel good that looks like it does what it won't.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Would the real reason for the DMCA please stand up?
[ link to this | view in chronology ]
Re: Would the real reason for the DMCA please stand up?
The other reason is to make limit the amount of control over things you 'Buy'. Things like movies and music, digital books...
It is all about control. State first, corporate second, people dead last!
[ link to this | view in chronology ]
Expect another movie soon...
[ link to this | view in chronology ]
Re: Expect another movie soon...
[ link to this | view in chronology ]
Re: Re: Expect another movie soon...
[ link to this | view in chronology ]
is this a problem?
[ link to this | view in chronology ]
Re: is this a problem?
As well, a nation of peace should not force its laws and policies onto other nations but instead respect them. If certain nations insist on mistreating or oppressing their people, diplomatic solutions and humanitarian aid to the oppressed would be what a peaceful nation should provide, yes? Military force only if directly attackedand, I might add, without said nation goading another into attacking first as an excuse for war, as the United States has often done.
A nation of peace will provide for its people and not collude with corporations against them. In such a nation, government and business would be completely separate, with neither allowed to influence the other aside from government providing necessary regulation which business must not compromise.
An idealistic scenario, of course, but it is a place from which we may start. And much better than what we have now. It will not be easy to remove those who care more for power than for people, but it must be done if our future is to be better than our present.
[ link to this | view in chronology ]
Re: Re: is this a problem?
[ link to this | view in chronology ]
Shut them down.
[ link to this | view in chronology ]
Re: Shut them down.
[ link to this | view in chronology ]
Re: Re: Shut them down.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
History repeats itself
If it were not for patriots like Snowden, Manning, and others, we would never have the opportunity to fix the system. Refusing to pardon or grant amnesty to them can only be an endorsement of authoritarianism, as that is the only basis for the behavior they brought to light and the only basis of their prosecution.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
So they get more money and power, and naturally they use it to ensure they'll get even more money and power, by further weakening security.
[ link to this | view in chronology ]
Now I'm afraid to buy anything online. I'm afraid it will be delivered by UPS with a backdoor already installed.
Nobodies going to trust American technology anymore. Way to go NSA, mission accomplished you unconstitutional "collect it all" spies.
[ link to this | view in chronology ]
Re:
The bigger thing to fear is the cracking of firmware and the like, which can absolutely be done on a widespread basis and doesn't require any particular method of shipment to the end user.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
they've been doing this for a while
[ link to this | view in chronology ]
Re: they've been doing this for a while
[ link to this | view in chronology ]
Re: they've been doing this for a while
I suspect that may be an old slide and that things have advanced considerably since then.
[ link to this | view in chronology ]
target hack?
br3n
[ link to this | view in chronology ]
Newegg
[ link to this | view in chronology ]
NSA exploits
DICTATORSHIP!!!
This has been the unvarying pattern of such things!
[ link to this | view in chronology ]
Kaffe Online
Tack för att dela. Det Àr mycket anvÀndbart. du inte har nÄgot emot, jag kommer att dela din webbplats med mina vÀnner.
[ link to this | view in chronology ]
Kaffe Online
[ link to this | view in chronology ]
Italienskt Kaffe
Tack för att dela. Det Àr mycket anvÀndbart. du inte har nÄgot emot, jag kommer att dela din webbplats med mina vÀnner.
[ link to this | view in chronology ]