Leaked Documents Show NSA Compromising Computer Hardware And Communication Technology On A Massive Scale

from the all-your-goddamn-everything-are-belong-to-us dept

Der Spiegel has released more NSA documents detailing the agency’s hacking efforts around the globe. The so-called Tailored Access Operations (TAO) is the NSA’s group of tech masterminds, deployed to insert the agency into worldwide communications. TAO uses a variety of exploits and backdoors to achieve this access, much of which is detailed in a 50-page document that Der Spiegel likens to a “mail-order catalog.”

Another team (ANT — Advanced or Access Network Technology) creates the exploits and “sells” them to the agency, providing access to communications and data that TAO can’t achieve on its own.

In cases where TAO’s usual hacking and data-skimming methods don’t suffice, ANT workers step in with their special tools, penetrating networking equipment, monitoring mobile phones and computers and diverting or even modifying data. Such “implants,” as they are referred to in NSA parlance, have played a considerable role in the intelligence agency’s ability to establish a global covert network that operates alongside the Internet.

Some of the equipment available is quite inexpensive. A rigged monitor cable that allows “TAO personnel to see what is displayed on the targeted monitor,” for example, is available for just $30. But an “active GSM base station” — a tool that makes it possible to mimic a mobile phone tower and thus monitor cell phones — costs a full $40,000. Computer bugging devices disguised as normal USB plugs, capable of sending and receiving data via radio undetected, are available in packs of 50 for over $1 million.

Between TAO and ANT, vast amounts of computer hardware have been compromised. Der Spiegel notes that ANT prefers to deploy its exploits at the BIOS level where they can remain undetected by most security and anti-virus programs. Other programs it creates hitch a ride in device firmware, including that of major American hard drive manufacturers like Western Digital, Seagate and Maxtor. (Apparently, Samsung and Huawei are similarly compromised, making them the only non-American companies listed in the documents.)

ANT also targets communications by compromising network equipment.

Other ANT programs target Internet routers meant for professional use or hardware firewalls intended to protect company networks from online attacks. Many digital attack weapons are “remotely installable” — in other words, over the Internet. Others require a direct attack on an end-user device — an “interdiction,” as it is known in NSA jargon — in order to install malware or bugging equipment.

It’s unclear whether ANT provides exploits to other agencies, but the fact that a catalog exists suggests ANT isn’t solely supplying the NSA. (If it is, one wonders why prices are listed. If it’s internal development and deployment only, cost wouldn’t be an issue.)

Security researcher Jacob Appelbaum, one of the contributors to the Der Spiegel article, addressed the Chaos Communication Congress over the weekend, delivering more details on ANT’s exploits, including exploits affecting iOS devices and any phone using GSM connections. Most surprising perhaps was this exploit-in-a-box device that can deliver its compromising payload from up to eight miles away.

None of this should be taken to imply the TAO isn’t perfectly capable of creating its own high-level exploits and backdoors. If anything, TAO is the more physical and aggressive counterpart to ANT, executing raids to achieve physical access to devices and networks (often with the assistance of the FBI — or at least its vehicles).

An internal description of TAO’s responsibilities makes clear that aggressive attacks are an explicit part of the unit’s tasks. In other words, the NSA’s hackers have been given a government mandate for their work. During the middle part of the last decade, the special unit succeeded in gaining access to 258 targets in 89 countries — nearly everywhere in the world. In 2010, it conducted 279 operations worldwide…

To conduct those types of operations, the NSA works together with other intelligence agencies such as the CIA and FBI, which in turn maintain informants on location who are available to help with sensitive missions. This enables TAO to attack even isolated networks that aren’t connected to the Internet. If necessary, the FBI can even make an agency-owned jet available to ferry the high-tech plumbers to their target. This gets them to their destination at the right time and can help them to disappear again undetected after as little as a half hour’s work.

Even more disturbing, the NSA’s TAO operation waylays purchased hardware en route to customers in order to install exploits.

If a target person, agency or company orders a new computer or related accessories, for example, TAO can divert the shipping delivery to its own secret workshops. The NSA calls this method interdiction. At these so-called “load stations,” agents carefully open the package in order to load malware onto the electronics, or even install hardware components that can provide backdoor access for the intelligence agencies. All subsequent steps can then be conducted from the comfort of a remote computer.

The NSA’s programs continue to make the world less safe for computer users under the guise of “security.” Exploits go undiscovered and unpatched. Handcrafted exploits and backdoors are deployed without affected companies’ knowledge. TAO has manipulated one of the most infamous Windows error messages in order to gain passive access to computers around the world.

The automated crash reports are a “neat way” to gain “passive access” to a machine, the presentation continues. [via XKEYSCORE, most likely.] Passive access means that, initially, only data the computer sends out into the Internet is captured and saved, but the computer itself is not yet manipulated. Still, even this passive access to error messages provides valuable insights into problems with a targeted person’s computer and, thus, information on security holes that might be exploitable for planting malware or spyware on the unwitting victim’s computer.

While not as directly useful as TAO and ANT’s other tools, it still deployed frequently enough that the dialog box itself has become an agency inside joke.

[The altered text reads: “This information may be intercepted by a foreign SIGINT system to gather detailed information and better exploit your machine.”]

These new revelations will only give foreign customers even more reasons to distrust American hardware. Der Spiegel’s article notes that Samsung and Huawei hardware may be similarly compromised, but by and large, most of the “damage” seems to be domestic. Estimates have suggested American companies will potentially lose $150+ billion as a result of the NSA’s actions. This should push that number even higher.

The question that needs to be asked is if this damage is worth it. The agency likely believes it is — or at least believes it shouldn’t be held responsible for tanking the overseas prospects of American tech companies. According to its defenders, the real problem here is the leaks, not the exploitation of every piece of hardware and software it can get its hands on. After all, if Snowden hadn’t taken those documents, this would still be a secret and foreign companies will still be purchasing compromised goods from US companies.

The NSA has never seriously considered the consequences of its activities being exposed. This should have been factored in when considering the “costs” of programs like these. Nothing operates in a vacuum, not even the most secretive of agencies. Frankly, the level of exploitation exposed here verges on inconceivable. Any crying agency spokespersons have done about methods being exposed now looks like nothing more than diversionary noises delivered with poker faces. The agency has “root access.” The rest is just skimming the surface.

Filed Under: , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Leaked Documents Show NSA Compromising Computer Hardware And Communication Technology On A Massive Scale”

Subscribe: RSS Leave a comment
Anonymous Coward says:

Re: Re:

This one seems, well, limited in scope. From a privacy perspective it is worrying, but this is nothing a private hacker/exploiter couldn’t do. ANT is the only truely worrying portion on the government side. I suspect they are a private company, which would put politicians in an even more dangerous economic pin from military industry lobbies…

As for the companies, nothing is new there. Anything happening digitally can be monitored and removing a few exploits will only do so little to reduce the occurances.

Mr. Applegate says:

Re: Re: Re:

“limited in scope” are you crazy?

The only limit is their budget, and that doesn’t even seem to stop much.

You think ANT is more troublesome than TAO? ANT is more like what most people think of hacking as being. What TAO has done, is exactly what they have accused China of doing infecting the firmware of Hard drives and motherboards.

The NSA MUST GO! They will be the ruin of this nation.

The NSA sounds like Col. Nathan R. Jessep in A Few Good Men.

“You fucking people, you have no idea how to defend a nation. You just weakened a country today Kaffee, that?s all you did. You put people?s lives in danger. Sweet dreams son.”

and we need to reapond just like Lt.

“Don?t call me son. I?m a lawyer, and an officer in the United States navy, and you?re under arrest, you son of a bitch. The witness is excused.”

Sad to say it, but those cheap Chinese routers, hard drives and computers are looking like a much better buy than that Cisco, Western Digital, Dell gear. Sure China copied the motherboard, and chips, but made their own, NSA free firmware.

Mr. Applegate says:

Re: Re: Re:2 Re:

I understand that. The point I was making was not for me personally, but what the average non-US buyer might think.

The point is to much of the rest of the world, they would prefer not to have the US spying on them. It is far more preferable to have China or Korea spying on them than the US.

Let’s be honest China hasn’t been all that effective at keeping their spying secret, or even using the information they gather all that effectively.

I will not be at all surprised to see huge downturns in US tech sales over then next few years, probably enough to create a recession, perhaps worse.

For me personally, I simply keep most of my gear off the net and on isolation transformers. That only leaves RF or physical access. Not foolproof, but you would have to really want access and apply a lot of special effort to get it.

Anonymous Coward says:

Re: Re: Re:2 Re:

“That won’t prevent the spying, it’ll just change who’s spying on you.”

I’d much rather have the Chinese spying on me than the NSA. They don’t have nearly as much power over me as the US gov’t does (US no-fly lists, US border searches, “random” IRS audits, etc., etc.)

Anonymous Coward says:

Re: Re: Re: Re:

Operations like this by their very nature are limited in scope. They require too many resources to implement on a broad scale without being targeted to specific targets. The problem arises when someone is targeted for an unjustified reason simply because there is no true oversight.

The reason ANT is more troublesome is the suggestion that they may be selling their hardware to other entities as well where there is no mandate on how those devices are used.

Mr. Applegate says:

Re: Re: Re:2 Re:

From the story:

“vast amounts of computer hardware have been compromised. Der Spiegel notes that ANT prefers to deploy its exploits at the BIOS level where they can remain undetected by most security and anti-virus programs. Other programs it creates hitch a ride in device firmware, including that of major American hard drive manufacturers like Western Digital, Seagate and Maxtor. “

What about that sounds like a limited scope?

If I am going to go to the trouble of developing software to hitch a ride on firmware, then I am also going to go to the trouble to make sure is widely deployed by infecting the factory image (not as hard as you might think). You simply then only target those system you want to even though they are all infected. Meh, may as well have a peek and see if John Doe is up to anything interesting…

Sure the ANT crap like monitor cables and GSM Base Stations… are more targeted but firmware or BIOS exploits you can bet your bottom dollar they are widely deployed to a LOT of systems. That is the only way that makes any sense, and they have shown they are much more interested in large scale than limited targeting.

Mr. Applegate says:

Re: Re: Re:2 Re:

I am quite certain China is doing the same thing. The question is how much power do they have over you vs. the U.S. Government?

As you can see by the comments, many here would find it far preferable to have the Chinese spying on them than the U.S. Government.

Go outside the U.S. and that sentiment will likely be 10 – 20 fold higher in most parts of the world. China, while fairly brutal to their own people are mostly benign to the rest of the world (yes that is changing).

The U.S. on the other hand, who’s people are supposed to have things like privacy, due process… it turns out are becoming more like China every day. Due process is barely a formality with the deck increasingly stacked against the U.S. people. For the rest of the world the U.S. has much greater influence over world politics, financial markets… Basically, the U.S. has become the playground bully. It imposes its political will (determined mostly by corporate interests) on the world, and increasingly on its own people.

Therefore spying from the U.S. is likely to have much more impact than spying from China, or other countries. The result will likely be backlash against Corporate America who has shown themselves to be all to eager to grant the NSA backdoors, allow them to provide code…

Anonymous Coward says:

Re: Re: Re:

I’m not quite sure you grasp the scope of the argument. The fact that this could be found and exploited by third parties as well as the NSA is the most worrying part.

Yes some of the actions described, even Applebaum’s ending on illicit cables is pretty much well known, first published in 1985: Van Eck Phreaking It just wasn’t done at this scale before.

By the US Government not disclosing these critical vulnerabilities has led now to a lot of damage to US companies as Mike points out, as well as third parties, also could be of US origin, that are currently using these products.

Rich Kulawiec (profile) says:

The problem is actually worse

Isaac Asimov wrote “It’s a poor atom blaster that won’t point both ways”.

Given that the NSA has compromised systems in enormous numbers, what’s to prevent third parties from piggybacking on that? Whether they’re other US agencies, other governments, criminals, or freelancers, what’s to stop them from taking advantages of the NSA’s largesse?

Breaking systems is hard (well, some of the time). Breaking a system you already know is broken is much easier. The NSA has quite effectively, and apparently quite pervasively, lowered the bar for every attacker on the planet.

Exercise for the reader: how many of the security breaches that we’ve seen in the last few years were a direct consequence of this?

Anonymous Coward says:

Re: The problem is actually worse

Another, related question is whether the NSA told the rest of the government about their exploits, or helped the rest of the government to fix their security. The answer is “probably not”, because the NSA’s policy is to never tell anybody anything.

If they haven’t been helping the rest of the government to fix their security, it means that the NSA has been letting (for example) the Pentagon use software/hardware that’s known to be insecure. It also raises the urgent question of to whom, exactly, they’ve been selling these exploits. GCHQ? Local law enforcement? Mossad?

Anonymous Coward says:

Russia has already started back to using typewriters to eliminate this spying problem. So how many other countries are going to do this? Not to mention that the supposed terrorists have long ago been aware of just how the US is getting it’s data. If anything those that are being found are diversionary tactics to lead the NSA and the like into believing things that aren’t.

We’ve tons of proof that it isn’t working. The NSA was doing this during the time of 9/11 only not quite as intensive yet failed to communicate the danger. The Boston bombing went off without detection. So one has to look at who is the real target. I would say the real target is US citizens. This was demonstrated during the OWS protests, where the FBI co-ordinated various police agencies across the nation on how to deal with the protests.

The sad part about all this is rarely are laws unmade once in action. It’s beginning to look like of you want any privacy at all, living in a cave may come out to be the only answer.

Democracy no longer has the safe guards that it once had. I tend to think this has went way overboard and way too far in all this domestic spying. Something will have to be done by our politicians, simply to save their hallowed local state industries. The question now is how much of it will be feel good that looks like it does what it won’t.

Anonymous Coward says:

is this a problem?

If countries are going to have intelligence services, they’re going to have technology like this. You don’t know a priori what systems the “bad guys” are going to use, so you want to develop tools to break into any and every system at a moments notice. The real questions revolve around what oversight is in place to make sure the tools are deployed judiciously and legally. There is insufficient oversight at the NSA, making these tools frightening, but their existence is not in itself disturbing. (Now one might ask whether we need secret intelligence services at all, but that is not the question on the table at the moment…)

Londo Mollari (profile) says:

Re: is this a problem?

You mentioned the question of whether we need such intelligence agencies at all, and I will answer it. I do not believe they have?or should have?any place in a society that claims to promote freedom and peace. A nation that does so should set a different example, one of trust and cooperation and a refusal to intervene militarily in any other nation’s internal conflicts. A nation of peace has no need of military bases all around the world, or even of any outside its own borders. And the size of said military ought to only be the bare minimum for defense.

As well, a nation of peace should not force its laws and policies onto other nations but instead respect them. If certain nations insist on mistreating or oppressing their people, diplomatic solutions and humanitarian aid to the oppressed would be what a peaceful nation should provide, yes? Military force only if directly attacked?and, I might add, without said nation goading another into attacking first as an excuse for war, as the United States has often done.

A nation of peace will provide for its people and not collude with corporations against them. In such a nation, government and business would be completely separate, with neither allowed to influence the other aside from government providing necessary regulation which business must not compromise.

An idealistic scenario, of course, but it is a place from which we may start. And much better than what we have now. It will not be easy to remove those who care more for power than for people, but it must be done if our future is to be better than our present.

Anonymous Coward says:

Re: Re: is this a problem?

I agree with you, idealistically; however, I’m not sure what we can do practically to achieve this end. Armed revolt is one possibility. But aside from the inherent bloodshed, the odds of the outcome being better than what we have now are low (see Oliver Cromwell, Lenin, etc.). Can we dismantle unjust and destructive government/corporate/intelligence structures using an approach more like MLK or Ghandi? What levers do we, as people, have to achieve this aim?

Londo Mollari (profile) says:

Shut them down.

If this latest revelation does not clearly demonstrate the need for the NSA’s immediate dismantling, I do not know what does. They are destroying our future for the sake of security that does not exist. Fools, all of them. I do not see any other alternative to stop this madness than to shut them down as soon as possible, preferably holding those in charge accountable in the process by means of trial and imprisonment. Although it might be nice to place the heads of Clapper, Alexander, and the rest on pikes and wave up at them with a little smile, I will settle for a lifetime in a cell for each of them with no possibility of release. They are too dangerous to society to be allowed their freedom.

Anonymous Coward says:

Re: Shut them down.

These sorts of actions are EXACTLY in their mandate as targeted (which from reading the article sounds like it is) against specific suspected threats. The problem comes when these techniques are used for other purposes that are not threats to national security. True oversight and accountability is what is needed here not the disposal of the NSA altogether.

Londo Mollari (profile) says:

Re: Re: Shut them down.

I disagree. They have shown that they cannot be trusted with power, and those charged with ensuring they do not abuse it are in fact complicit in it. Therefore, none of them can be trusted, and the system must go. You must remember that much of the hostility toward the United States is born of its own actions and is a response to them.

ambrellite (profile) says:

History repeats itself

If I recall correctly, this very thing happened in the 90’s when the FBI lobbied for a law compromising the security features of American technology. For the gazillionth time, our “intelligence” community has failed to learn from its mistakes, and our “representatives” have failed to inform us of how our interests have been sacrificed to build an intelligence system explicitly designed to criminalize dissent and undermine the rule of law.

If it were not for patriots like Snowden, Manning, and others, we would never have the opportunity to fix the system. Refusing to pardon or grant amnesty to them can only be an endorsement of authoritarianism, as that is the only basis for the behavior they brought to light and the only basis of their prosecution.

Anonymous Coward says:

and Cameron’s lot at GCHQ are up to their necks as far as the NSA but the ‘good old boys’ in the UK haven’t done a single thing that is illegal! both the examinations over what GCHQ have been doing alongside and in conjunction with the NSA have been as big a shams as you could get! it’s been carried out with his full knowledge and approval, not just so as to be one of the USA’s ‘special relations’! it’s done so as to be able to spy on everyone, everywhere, because the UK is becoming as paranoid as the USA!! if not careful, it will destroy itself by doing the very things that terrorists would do.

Anonymous Coward says:

Re: Re:

It’s by design. Compromised security leads to increased attacks. Attacks let them declare that they could have stopped the attacks if only they had more funding and weren’t held back by those pesky human rights.
So they get more money and power, and naturally they use it to ensure they’ll get even more money and power, by further weakening security.

Anonymous Coward says:

Way to go NSA, you killed our economy! Nobody is going to order American tech products anymore, because everyone is afraid you’ll intercept their shipment and install backdoors into the hardware.

Now I’m afraid to buy anything online. I’m afraid it will be delivered by UPS with a backdoor already installed.

Nobodies going to trust American technology anymore. Way to go NSA, mission accomplished you unconstitutional “collect it all” spies.

John Fenderson (profile) says:

Re: Re:

Intercepting hardware and installing custom cracks on it is expensive and time-consuming. That’s truly not something that can be done on a widespread basis. Unless you have reason to think that the US government is interested in you, specifically, you have no reason to fear.

The bigger thing to fear is the cracking of firmware and the like, which can absolutely be done on a widespread basis and doesn’t require any particular method of shipment to the end user.

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...