Posted on

NSA again. The big tools.

Despite the best efforts of the US Govt and its letter agencies the NSA continues to make the front page. This information is about the NSA and an elite group of hackers. Tailored Access Operations better known as the TAO group inside the NSA. This group has access to almost any kind of electronics with or without the help of the providers such as Google, Apple, Microsoft etc. 

 

“While most Americans spend their time shopping Amazon, Target and Apple.com, the National Security Agency’s elite team of hackers spends its time shopping a secret high-end catalog of custom tools designed to subvert firewalls, servers, and routers made by U.S. firms, impersonate a GSM base station to intercept mobile phone calls, or siphon data from a wireless network.

Hackers in the Tailored Access Operations division get the “ungettable” data the NSA can’t otherwise obtain from tapping undersea cables or collecting bulk data from companies like Yahoo and Google. They do this by by installing backdoors and other implants remotely or by physically intercepting hardware being delivered to customers and planting backdoors in firmware, der Spiegel reportsciting newly disclosed documents from NSA whistleblower Edward Snowden.

“For nearly every lock, ANT seems to have a key in its toolbox,” der Spiegel writes. “And no matter what walls companies erect, the NSA’s specialists seem already to have gotten past them.”

The $40,0000 CANDYGRAM mimics a cell phone tower to intercept signals from mobile phones and track targets.

The $40,0000 CANDYGRAM mimics a cell phone tower to intercept signals from mobile phones and track targets.

With names like PICASSO, IRATEMONKEY, COTTONMOUTH, and WATERWITCH, the various tools allow NSA snoops to map networks and not only monitor data but surreptitiously divert it or modify it.

50-page catalog from the NSA’s ANT Divisionprovides a handy list of tools NSA employees can order to hack a target’s hardware and include prices that range from free to $250,000, according to der Spiegel. The 2008 catalog (which can be viewed here) includes $30 rigged monitor cables that let NSA spies see what a target sees on his computer, a $40,000 GSM base station that mimics a mobile phone tower to track users, and computer bugging devices disguised as USB plugs that are capable of sending and receiving data via radio. A 50-pack costs more than $1 million.”

 

http://www.wired.com/threatlevel/2013/12/nsa-hacking-catalogue/

 

From Der Spiegal. More on TAO hackers working for the US Govt.

“A Unit Born of the Internet

Defining the future of her unit at the time, she wrote that TAO “needs to continue to grow and must lay the foundation for integrated Computer Network Operations,” and that it must “support Computer Network Attacks as an integrated part of military operations.” To succeed in this, she wrote, TAO would have to acquire “pervasive, persistent access on the global network.” An internal description of TAO’s responsibilities makes clear that aggressive attacks are an explicit part of the unit’s tasks. In other words, the NSA’s hackers have been given a government mandate for their work. During the middle part of the last decade, the special unit succeeded in gaining access to 258 targets in 89 countries — nearly everywhere in the world. In 2010, it conducted 279 operations worldwide.

Indeed, TAO specialists have directly accessed the protected networks ofdemocratically elected leaders of countries. They infiltrated networks of European telecommunications companies and gained access to and read mails sent over Blackberry’s BES email servers, which until then were believed to be securely encrypted. Achieving this last goal required a “sustained TAO operation,” one document states.

This TAO unit is born of the Internet — created in 1997, a time when not even 2 percent of the world’s population had Internet access and no one had yet thought of Facebook, YouTube or Twitter. From the time the first TAO employees moved into offices at NSA headquarters in Fort Meade, Maryland, the unit was housed in a separate wing, set apart from the rest of the agency. Their task was clear from the beginning — to work around the clock to find ways to hack into global communications traffic.

Recruiting the Geeks

To do this, the NSA needed a new kind of employee. The TAO workers authorized to access the special, secure floor on which the unit is located are for the most part considerably younger than the average NSA staff member. Their job is breaking into, manipulating and exploiting computer networks, making them hackers and civil servants in one. Many resemble geeks — and act the part, too.

Indeed, it is from these very circles that the NSA recruits new hires for its Tailored Access Operations unit. In recent years, NSA Director Keith Alexander has made several appearances at major hacker conferences in the United States. Sometimes, Alexander wears his military uniform, but at others, he even dons jeans and a t-shirt in his effort to court trust and a new generation of employees.

 

 

The recruitment strategy seems to have borne fruit. Certainly, few if any other divisions within the agency are growing as quickly as TAO. There are now TAO units in Wahiawa, Hawaii; Fort Gordon, Georgia; at the NSA’s outpost at Buckley Air Force Base, near Denver, Colorado; at its headquarters in Fort Meade; and, of course, in San Antonio.

One trail also leads to Germany. According to a document dating from 2010 that lists the “Lead TAO Liaisons” domestically and abroad as well as names, email addresses and the number for their “Secure Phone,” a liaison office is located near Frankfurt — the European Security Operations Center (ESOC) at the so-called “Dagger Complex” at a US military compound in the Griesheim suburb of Darmstadt.

But it is the growth of the unit’s Texas branch that has been uniquely impressive, the top secret documents reviewed by SPIEGEL show. These documents reveal that in 2008, the Texas Cryptologic Center employed fewer than 60 TAO specialists. By 2015, the number is projected to grow to 270 employees. In addition, there are another 85 specialists in the “Requirements & Targeting” division (up from 13 specialists in 2008). The number of software developers is expected to increase from the 2008 level of three to 38 in 2015. The San Antonio office handles attacks against targets in the Middle East, Cuba, Venezuela and Colombia, not to mention Mexico, just 200 kilometers (124 miles) away, where the government has fallen into the NSA’s crosshairs.”

http://www.spiegel.de/international/world/the-nsa-uses-powerful-toolbox-in-effort-to-spy-on-global-networks-a-940969.html#spRedirectedFrom=www&referrrer=http://mobile.extremetech.com/computing/14563-the-nsa-regularly-intercepts-laptop-shipments-to-implant-malware-report-says

 

On a site similar to Wikileaks I found great information on the tools at the NSA’s disposal and how these programs work on various different ways.

“After years of speculation that electronics can be accessed by intelligence agencies through a back door, an internal NSA catalog reveals that such methods already exist for numerous end-user devices.

When it comes to modern firewalls for corporate computer networks, the world’s second largest network equipment manufacturer doesn’t skimp on praising its own work. According to Juniper Networks’ online PR copy, the company’s products are “ideal” for protecting large companies and computing centers from unwanted access from outside. They claim the performance of the company’s special computers is “unmatched” and their firewalls are the “best-in-class.” Despite these assurances, though, there is one attacker none of these products can fend off — the United States’ National Security Agency.

Specialists at the intelligence organization succeeded years ago in penetrating the company’s digital firewalls. A document viewed by SPIEGEL resembling a product catalog reveals that an NSA division called ANT has burrowed its way into nearly all the security architecture made by the major players in the industry — including American global market leader Cisco and its Chinese competitor Huawei, but also producers of mass-market goods, such as US computer-maker Dell. See: Cisco / Dell Comments Re: NSA Backdoors

These NSA agents, who specialize in secret back doors, are able to keep an eye on all levels of our digital lives — from computing centers to individual computers, from laptops to mobile phones. For nearly every lock, ANT seems to have a key in its toolbox. And no matter what walls companies erect, the NSA’s specialists seem already to have gotten past them.

This, at least, is the impression gained from flipping through the 50-page document. The list reads like a mail-order catalog, one from which other NSA employees can order technologies from the ANT division for tapping their targets’ data. The catalog even lists the prices for these electronic break-in tools, with costs ranging from free to $250,000.

In the case of Juniper, the name of this particular digital lock pick is “FEEDTROUGH.” This malware burrows into Juniper firewalls and makes it possible to smuggle other NSA programs into mainframe computers. Thanks to FEEDTROUGH, these implants can, by design, even survive “across reboots and software upgrades.” In this way, US government spies can secure themselves a permanent presence in computer networks. The catalog states that FEEDTROUGH “has been deployed on many target platforms.”

The specialists at ANT, which presumably stands for Advanced or Access Network Technology, could be described as master carpenters for the NSA’s department for Tailored Access Operations (TAO). In cases where TAO’s usual hacking and data-skimming methods don’t suffice, ANT workers step in with their special tools, penetrating networking equipment, monitoring mobile phones and computers and diverting or even modifying data. Such “implants,” as they are referred to in NSA parlance, have played a considerable role in the intelligence agency’s ability to establish a global covert network that operates alongside the Internet.

Some of the equipment available is quite inexpensive. A rigged monitor cable that allows “TAO personnel to see what is displayed on the targeted monitor,” for example, is available for just $30. But an “active GSM base station” — a tool that makes it possible to mimic a mobile phone tower and thus monitor cell phones — costs a full $40,000. Computer bugging devices disguised as normal USB plugs, capable of sending and receiving data via radio undetected, are available in packs of 50 for over $1 million.

The ANT division doesn’t just manufacture surveillance hardware. It also develops software for special tasks. The ANT developers have a clear preference for planting their malicious code in so-called BIOS, software located on a computer’s motherboard that is the first thing to load when a computer is turned on.

This has a number of valuable advantages: an infected PC or server appears to be functioning normally, so the infection remains invisible to virus protection and other security programs. And even if the hard drive of an infected computer has been completely erased and a new operating system is installed, the ANT malware can continue to function and ensures that new spyware can once again be loaded onto what is presumed to be a clean computer. The ANT developers call this “Persistence” and believe this approach has provided them with the possibility of permanent access.

Another program attacks the firmware in hard drives manufactured by Western Digital, Seagate, Maxtor and Samsung, all of which, with the exception of latter, are American companies. Here, too, it appears the US intelligence agency is compromising the technology and products of American companies.

Other ANT programs target Internet routers meant for professional use or hardware firewalls intended to protect company networks from online attacks. Many digital attack weapons are “remotely installable” — in other words, over the Internet. Others require a direct attack on an end-user device — an “interdiction,” as it is known in NSA jargon — in order to install malware or bugging equipment.

There is no information in the documents seen by SPIEGEL to suggest that the companies whose products are mentioned in the catalog provided any support to the NSA or even had any knowledge of the intelligence solutions. “Cisco does not work with any government to modify our equipment, nor to implement any so-called security ‘back doors’ in our products,” the company said in a statement. Contacted by SPIEGEL reporters, officials at Western Digital, Juniper Networks and Huawei also said they had no knowledge of any such modifications. Meanwhile, Dell officials said the company “respects and complies with the laws of all countries in which it operates.”

Many of the items in the software solutions catalog date from 2008, and some of the target server systems that are listed are no longer on the market today. At the same time, it’s not as if the hackers within the ANT division have been sleeping on the job. They have continued to develop their arsenal. Some pages in the 2008 catalog, for example, list new systems for which no tools yet exist. However, the authors promise they are already hard at work developing new tools and that they will be “pursued for a future release”.

 

http://leaksource.wordpress.com/2013/12/30/nsas-ant-division-catalog-of-exploits-for-nearly-every-major-software-hardware-firmware/

 

Examples of tools used.. More can be found at the above link. 

Image

ImageImageImageImage

 

Advertisements

About dgarnold

More interests than I can count.. enjoy Foreign Policy, Current events, Books, Game theory,Sports (both watching and participating) and of course my Labradors. Love Mountain Biking! World class backgammon player.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s