Wish You Had NSA's Cool Spying Toys? Now You Can -- As Low-Cost Open Hardware
from the do-you-fancy-a-twilightvegetable? dept
Alongside the disturbing revelations of indiscriminate, global surveillance carried out by the NSA and its Five Eyes friends, leaked documents have shown another side of modern spying: the high-tech gadgets created for the NSA's Tailored Access Operations group, discussed by Techdirt at the end of last year. As its name suggests, these are targeted operations, and with many of the serious concerns about the use of blanket surveillance removed, it is hard not to be impressed by the ingenuity of the devices. Of course, a natural question is: could the rest of us have them too? According to a detailed and fascinating article in Vice's Motherboard, the answer turns out to be "yes".
The report discusses the work of Michael Ossmann, a long-time hardware hacker. Unlike most people, he was not surprised by many of the NSA spying devices found in a 48-page catalog from the Advanced Network Technology (ANT) division, revealed by the German news magazine Der Spiegel:
Most of the document was fun for Ossmann, rather than actually revelatory. “We" -- as in the global community of radio hackers -- "already knew how to build most of this stuff,” he told me recently.
These devices work by reflecting back radio signals beamed at the target systems containing them. Suitable designs allow information to be transmitted to surveillance teams without the need for on-board power supplies. This means that they can be extremely small -- fitting inside a USB plug, for example. Inspired by the ANT catalog, Ossmann and a group of like-minded hackers set about creating a collection of surveillance gadgets they called the NSA Playset:
But the ANT toolkit also included another more unusual class of devices known as "radio frequency retroreflectors.” With names like NIGHTWATCH, RAGEMASTER, and SURLYSPAWN, these devices were designed to give NSA agents "the means to collect signals that otherwise would not be collectable, or would be extremely difficult to collect and process."Every tool in the NSA Playset has been designed on top of open-source hardware and software so that anyone can build their own, often in no more than a few hours. Over a dozen engineers are involved in the project, Ossmann said, but anyone is invited to join and contribute their own device. The first requirement: a silly name riffing on the original NSA codename. "For example, if your project is similar to FOXACID, maybe you could call it COYOTEMETH," says the NSA Playset website. (A separate website, NSA Name Generator, is designed to help.)
As well as being open, the NSA Playset is also very low cost:
One device, dubbed TWILIGHTVEGETABLE, is a knock off of an NSA-built GSM cell phone that's designed to sniff and monitor internet traffic. The ANT catalog lists it for $15,000; the NSA Playset researchers built one using a USB flash drive, a cheap SDR [software-defined radio], and an antenna, for about $50. The most expensive device, a drone that spies on WiFi traffic called PORCUPINEMASQUERADE, costs about $600 to assemble. At Defcon, a complete NSA Playset toolkit was auctioned by the EFF for $2,250.
The article goes on to explore some of the implications of making these advanced surveillance technologies available so cheaply. As well as the obvious use for research purposes -- for example, coming up with countermeasures -- there's another interesting aspect:
the work Ossmann is doing is helping many of the government's engineers resolve a catch-22 that's emerged in the wake of the Snowden revelations: government security researchers who didn't have access to the ANT catalog when it was classified aren't legally permitted to read it or transmit it now, even though everyone else can. Arguably, that leaves the public sector at a disadvantage next to the private sector -- or to spies in, say, Beijing or Moscow.
Amongst other things, the NSA Playset is a great example of how hackers are doing the authorities a big service, by helping government experts get around stupid rules introduced without thinking through the negative consequences they would have for national security and thus public safety.
Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: ant, michael ossman, open source, radio frequence retroreflectors, surveillance, tao, technology
Reader Comments
Subscribe: RSS
View by: Time | Thread
Genius
One of the things I've noticed over the years is that while attacks seem like black magic from the outside, in most cases the implementation of them is very simple and attainable without having to be a genius. That's why people like script kiddies are happen.
It makes sense, really: simple is more reliable, cheaper, and requires less expertise to install and use. Simple is good.
[ link to this | view in chronology ]
Re: Genius
After all, both private citizens and the government are bound to obey statutory law, but the government additionally must comply with the Constitution.
The government has an easier time getting a court order to allow something, but absent that court order has less freedom than ordinary citizens.
Wiretap/interception laws are a good example of this -- intercepting the content of communications is 100% illegal without a warrant. There is no government exemption to the warrant requirement, since that requirement was intended specifically for the government. If the government does not need a warrant to do something relating to intercepting communications, then neither do you.
Doubtless some shill or apologist will disagree with me -- but the thing is, absent an exception written into the laws, the government cannot have it both ways. Either it's legal or it's not. Even with such an exception, the exception might be unconstitutional and illegal if the exception overrides fourth amendment protections.
[ link to this | view in chronology ]
Re: Re: Genius
[ link to this | view in chronology ]
Re: Re: Genius
By extension, when do I get my government provided MRAP, and Taser, and Stingray, and ...
The cops get them. Shouldn't we be accorded the same consideration? I'd really like to have a few shoulder launched missiles (RPGs), a la Panserfaust. Those would really come in handy in a lot of situations I see every day.
[ link to this | view in chronology ]
Unfortunately...
[ link to this | view in chronology ]
Re: Sewa Band Akustik
No it's not. "Know thy enemy" is an old and valuable concept. We all deserve to know what that fist of yours is doing when it's easily possible it could be aimed at our nose. Self defence against potentially offensive weapons is all the justification necessary. Get rid of your offensive weapons and there'll be no reason to spy on you, except to ensure you don't have any.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Watching Back...Maybe there will be an APP for that
Maybe if one of us catches a terror plot and turns it in they will leave us alone...Kinda like Domestic Spying Outsourcing.
Of course I think it would be easier if they just offered to pay me for my info...But I'm not cheap.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
I was thinking Utah ought to hand them out to school kids in furtherance of their STEM and Civics educational initiatives.
[ link to this | view in chronology ]