Wish You Had NSA's Cool Spying Toys? Now You Can -- As Low-Cost Open Hardware

from the do-you-fancy-a-twilightvegetable? dept

Alongside the disturbing revelations of indiscriminate, global surveillance carried out by the NSA and its Five Eyes friends, leaked documents have shown another side of modern spying: the high-tech gadgets created for the NSA's Tailored Access Operations group, discussed by Techdirt at the end of last year. As its name suggests, these are targeted operations, and with many of the serious concerns about the use of blanket surveillance removed, it is hard not to be impressed by the ingenuity of the devices. Of course, a natural question is: could the rest of us have them too? According to a detailed and fascinating article in Vice's Motherboard, the answer turns out to be "yes".

The report discusses the work of Michael Ossmann, a long-time hardware hacker. Unlike most people, he was not surprised by many of the NSA spying devices found in a 48-page catalog from the Advanced Network Technology (ANT) division, revealed by the German news magazine Der Spiegel:

Most of the document was fun for Ossmann, rather than actually revelatory. “We" -- as in the global community of radio hackers -- "already knew how to build most of this stuff,” he told me recently.

But the ANT toolkit also included another more unusual class of devices known as "radio frequency retroreflectors.” With names like NIGHTWATCH, RAGEMASTER, and SURLYSPAWN, these devices were designed to give NSA agents "the means to collect signals that otherwise would not be collectable, or would be extremely difficult to collect and process."
These devices work by reflecting back radio signals beamed at the target systems containing them. Suitable designs allow information to be transmitted to surveillance teams without the need for on-board power supplies. This means that they can be extremely small -- fitting inside a USB plug, for example. Inspired by the ANT catalog, Ossmann and a group of like-minded hackers set about creating a collection of surveillance gadgets they called the NSA Playset:
Every tool in the NSA Playset has been designed on top of open-source hardware and software so that anyone can build their own, often in no more than a few hours. Over a dozen engineers are involved in the project, Ossmann said, but anyone is invited to join and contribute their own device. The first requirement: a silly name riffing on the original NSA codename. "For example, if your project is similar to FOXACID, maybe you could call it COYOTEMETH," says the NSA Playset website. (A separate website, NSA Name Generator, is designed to help.)
As well as being open, the NSA Playset is also very low cost:
One device, dubbed TWILIGHTVEGETABLE, is a knock off of an NSA-built GSM cell phone that's designed to sniff and monitor internet traffic. The ANT catalog lists it for $15,000; the NSA Playset researchers built one using a USB flash drive, a cheap SDR [software-defined radio], and an antenna, for about $50. The most expensive device, a drone that spies on WiFi traffic called PORCUPINEMASQUERADE, costs about $600 to assemble. At Defcon, a complete NSA Playset toolkit was auctioned by the EFF for $2,250.
The article goes on to explore some of the implications of making these advanced surveillance technologies available so cheaply. As well as the obvious use for research purposes -- for example, coming up with countermeasures -- there's another interesting aspect:
the work Ossmann is doing is helping many of the government's engineers resolve a catch-22 that's emerged in the wake of the Snowden revelations: government security researchers who didn't have access to the ANT catalog when it was classified aren't legally permitted to read it or transmit it now, even though everyone else can. Arguably, that leaves the public sector at a disadvantage next to the private sector -- or to spies in, say, Beijing or Moscow.
Amongst other things, the NSA Playset is a great example of how hackers are doing the authorities a big service, by helping government experts get around stupid rules introduced without thinking through the negative consequences they would have for national security and thus public safety.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: ant, michael ossman, open source, radio frequence retroreflectors, surveillance, tao, technology


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    John Fenderson (profile), 21 Nov 2014 @ 7:50am

    Genius

    This is pure, distilled awesomeness.

    One of the things I've noticed over the years is that while attacks seem like black magic from the outside, in most cases the implementation of them is very simple and attainable without having to be a genius. That's why people like script kiddies are happen.

    It makes sense, really: simple is more reliable, cheaper, and requires less expertise to install and use. Simple is good.

    link to this | view in chronology ]

    • icon
      Bergman (profile), 21 Nov 2014 @ 7:46pm

      Re: Genius

      Don't forget, if the government doesn't need a warrant or other court order to do something, it's not illegal for anyone to do it.

      After all, both private citizens and the government are bound to obey statutory law, but the government additionally must comply with the Constitution.

      The government has an easier time getting a court order to allow something, but absent that court order has less freedom than ordinary citizens.

      Wiretap/interception laws are a good example of this -- intercepting the content of communications is 100% illegal without a warrant. There is no government exemption to the warrant requirement, since that requirement was intended specifically for the government. If the government does not need a warrant to do something relating to intercepting communications, then neither do you.

      Doubtless some shill or apologist will disagree with me -- but the thing is, absent an exception written into the laws, the government cannot have it both ways. Either it's legal or it's not. Even with such an exception, the exception might be unconstitutional and illegal if the exception overrides fourth amendment protections.

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 22 Nov 2014 @ 8:49am

        Re: Re: Genius

        In theory, maybe. In practice, a district attorney is going to prosecute you and not prosecute the NSA for the same borderline-illegal activity.

        link to this | view in chronology ]

      • icon
        tqk (profile), 22 Nov 2014 @ 3:39pm

        Re: Re: Genius

        ... but the thing is, absent an exception written into the laws, the government cannot have it both ways. Either it's legal or it's not.

        By extension, when do I get my government provided MRAP, and Taser, and Stingray, and ...

        The cops get them. Shouldn't we be accorded the same consideration? I'd really like to have a few shoulder launched missiles (RPGs), a la Panserfaust. Those would really come in handy in a lot of situations I see every day.

        link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Nov 2014 @ 11:09am

    Unfortunately...

    ...their discussion group is hosted by Google, which is a double failure: first, because it's friggin' Google for crying out loud, and second, because Google Groups is a third-rate operation run by incompetent, ignorant newbies.

    link to this | view in chronology ]

  • icon
    tqk (profile), 21 Nov 2014 @ 11:13am

    Re: Sewa Band Akustik

    Spying is conflict with human rights

    No it's not. "Know thy enemy" is an old and valuable concept. We all deserve to know what that fist of yours is doing when it's easily possible it could be aimed at our nose. Self defence against potentially offensive weapons is all the justification necessary. Get rid of your offensive weapons and there'll be no reason to spy on you, except to ensure you don't have any.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Nov 2014 @ 11:32am

    government security researchers who didn't have access to the ANT catalog when it was classified aren't legally permitted to read it or transmit it now, even though everyone else can. Arguably, that leaves the public sector at a disadvantage next to the private sector -- or to spies in, say, Beijing or Moscow.
    I consider their inability to use the official ANT catalogue a feature, not a bug. The classification rules are stupid and need to be fixed. Providing a workaround, even a perfectly legal one, reduces the pressure to fix the stupid rules.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Nov 2014 @ 12:10pm

    Watching Back...Maybe there will be an APP for that

    Isn't it nice that now we can spy on the Government spying on us.
    Maybe if one of us catches a terror plot and turns it in they will leave us alone...Kinda like Domestic Spying Outsourcing.
    Of course I think it would be easier if they just offered to pay me for my info...But I'm not cheap.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Nov 2014 @ 12:26pm

    every one of these devices should be deployed near every local government building.

    link to this | view in chronology ]

    • icon
      tqk (profile), 21 Nov 2014 @ 3:31pm

      Re:

      every one of these devices should be deployed near every local government building.

      I was thinking Utah ought to hand them out to school kids in furtherance of their STEM and Civics educational initiatives.

      link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.