New NSA hacking techniques, equipment revealed

0

New documents released on Monday detailed techniques and equipment used by a top secret cyber surveillance group run by the National Security Agency.

The group’s team of elite hackers are often tasked with “getting the ungettable,” according to a historian interviewed by the German newspaper Der Spiegel. Though the group’s existence has been known for years — the TAO has been around since the late 1990s and expanded rapidly after the September 11, 2001 terrorist attack – just how the group “got” the “ungettable” has been largely shrouded in mystery.

Until now.

Documents released Monday by Der Spiegel, in tandem with an address given by security expert Jacob Appelbaum at Germany’s “30C3” conference, reveal some of the hardware, software and techniques developed by a previously-unknown group at the NSA for use by TAO hackers.

The group is called “ANT” (supposedly for “Advanced Network Techniques”), a division made up of specialists tasked with manufacturing spy hardware and computer software for use by NSA spies like those found in the TAO group.

The documents, released in part by Der Spiegel and in whole by Appelbaum via the document library Cryptome, are peppered with spy parlance and computer jargon. The Desk read through the 11 documents published Monday and highlighted some of the key revelations below:

A photo of the $30 "RAGEMASTER" bug.

A photo of the $30 “RAGEMASTER” bug.

1. The NSA can monitor what you see and type:

“RAGEMASTER” is a $30 device that is implanted in a VGA computer monitor cable. When activated, the device broadcasts the image show on a target’s computer to an external monitor. Similar hardware can be used to compromise a computer’s microphone and keyboard (in June, former NSA contractor Edward Snowden told the Washington Post that the agency has the ability to “watch your ideas form as you type“).

2. The NSA can breach and bypass firewalls:

Several documents detail permanent software (“firmware”) that, when deployed and activated, can weaken or completely destroy firewalls on computer servers. “JETPLOW” is NSA software that allows analysts to bypass certain Cisco PIX and Cisco ASA firewalls. Documents show that similar NSA firmware is used against firewalls and network routers sold by Juniper and Huawei.

Once installed, the firmware allows the NSA to do any number of things, including allowing agents to install other software that allows a computer to be remotely monitored or controlled. In some cases, the software grants the NSA a “permanent backdoor” into an infected computer — in other words, the NSA has access to the computer even if software is updated or the machine is rebooted or wiped clean (the NSA calls this technique “persistence”).

3. The NSA snoops on cell phone calls and data:

Cell phone detection device "WATERWITCH"

Cell phone detection device “WATERWITCH”

The NSA has several methods of monitoring cell phones around the world that run on the GSM network (which almost all phones outside of the United States do). “CANDYGRAM” is a mock cell phone tower that allows NSA agents to view when a target is in a certain area the moment his phone connects to it. “ENTOURAGE” is a device that allows the NSA to remotely pull geolocation data from a phone, allowing agents to see the general area of a target phone. “WATERWITCH” is similar to “ENTOURAGE,” except it’s used by agents in the field to find a cell phone’s location similar to how a metal detector “finds” coins on a beach.

“CYCLONE” is a $70,000 box that allows agents to intercept phone calls and other data from GSM phones. A device like “CYCLONE” would probably have been used to monitor the cell phone of German Chancellor Angela Merkel and others.

The NSA has also developed exploits targeting cell phone SIM cards. SIM cards always contain subscriber information and sometimes contain other data like contact lists, call logs and text messages — “GOPHERSET” is NSA software that allows agents to pull that kind of information off a SIM card, while “MONKEYCALENDAR” allows NSA agents to locate a cell phone based on GPS data.

4. The NSA designed software to infect smartphones:

Software has been developed that allows the NSA to infect at least three cell phone operating systems: Microsoft’s Windows CE and Windows Mobile, and Apple’s iOS (only iOS, which is used in iPhones, is commercially available today).

Once a phone is infected with the software, NSA agents can retrieve things like call logs and text messages. Agents also have access to a phone’s files, address book, voicemail, GPS data, camera and microphone on phones running Windows CE and iOS (iPhones).

When the document was published (sometime in 2008), the software could only be installed on a phone via “close access method” — in other words, an agent had to have physical access to the phone. But the document says that “remote installation capability” would be “pursued for a future release” of the software — it is likely that the NSA has that ability now, and there’s little doubt the NSA has designed similar software for phones running Android, Windows Phones and other operating systems.

The full collection of NSA documents released by Der Spiegel and Appelbaum on Monday can be found here.

Der Spiegel: How the NSA shops for spy gear
Boing Boing: Inside the NSA’s ANT catalog
YouTube: Jacob Appelbaum’s “30C3” address ‘To Protect and Infect’