Wish You Had NSA's Cool Spying Toys? Now You Can — As Low-Cost Open Hardware
from the do-you-fancy-a-twilightvegetable? dept
Alongside the disturbing revelations of indiscriminate, global surveillance carried out by the NSA and its Five Eyes friends, leaked documents have shown another side of modern spying: the high-tech gadgets created for the NSA’s Tailored Access Operations group, discussed by Techdirt at the end of last year. As its name suggests, these are targeted operations, and with many of the serious concerns about the use of blanket surveillance removed, it is hard not to be impressed by the ingenuity of the devices. Of course, a natural question is: could the rest of us have them too? According to a detailed and fascinating article in Vice’s Motherboard, the answer turns out to be “yes”.
The report discusses the work of Michael Ossmann, a long-time hardware hacker. Unlike most people, he was not surprised by many of the NSA spying devices found in a 48-page catalog from the Advanced Network Technology (ANT) division, revealed by the German news magazine Der Spiegel:
Most of the document was fun for Ossmann, rather than actually revelatory. ?We” — as in the global community of radio hackers — “already knew how to build most of this stuff,? he told me recently.
But the ANT toolkit also included another more unusual class of devices known as “radio frequency retroreflectors.? With names like NIGHTWATCH, RAGEMASTER, and SURLYSPAWN, these devices were designed to give NSA agents “the means to collect signals that otherwise would not be collectable, or would be extremely difficult to collect and process.”
These devices work by reflecting back radio signals beamed at the target systems containing them. Suitable designs allow information to be transmitted to surveillance teams without the need for on-board power supplies. This means that they can be extremely small — fitting inside a USB plug, for example. Inspired by the ANT catalog, Ossmann and a group of like-minded hackers set about creating a collection of surveillance gadgets they called the NSA Playset:
Every tool in the NSA Playset has been designed on top of open-source hardware and software so that anyone can build their own, often in no more than a few hours. Over a dozen engineers are involved in the project, Ossmann said, but anyone is invited to join and contribute their own device. The first requirement: a silly name riffing on the original NSA codename. “For example, if your project is similar to FOXACID, maybe you could call it COYOTEMETH,” says the NSA Playset website. (A separate website, NSA Name Generator, is designed to help.)
As well as being open, the NSA Playset is also very low cost:
One device, dubbed TWILIGHTVEGETABLE, is a knock off of an NSA-built GSM cell phone that’s designed to sniff and monitor internet traffic. The ANT catalog lists it for $15,000; the NSA Playset researchers built one using a USB flash drive, a cheap SDR [software-defined radio], and an antenna, for about $50. The most expensive device, a drone that spies on WiFi traffic called PORCUPINEMASQUERADE, costs about $600 to assemble. At Defcon, a complete NSA Playset toolkit was auctioned by the EFF for $2,250.
The article goes on to explore some of the implications of making these advanced surveillance technologies available so cheaply. As well as the obvious use for research purposes — for example, coming up with countermeasures — there’s another interesting aspect:
the work Ossmann is doing is helping many of the government’s engineers resolve a catch-22 that’s emerged in the wake of the Snowden revelations: government security researchers who didn’t have access to the ANT catalog when it was classified aren’t legally permitted to read it or transmit it now, even though everyone else can. Arguably, that leaves the public sector at a disadvantage next to the private sector — or to spies in, say, Beijing or Moscow.
Amongst other things, the NSA Playset is a great example of how hackers are doing the authorities a big service, by helping government experts get around stupid rules introduced without thinking through the negative consequences they would have for national security and thus public safety.
Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+
Filed Under: ant, michael ossman, open source, radio frequence retroreflectors, surveillance, tao, technology
Comments on “Wish You Had NSA's Cool Spying Toys? Now You Can — As Low-Cost Open Hardware”
Genius
This is pure, distilled awesomeness.
One of the things I’ve noticed over the years is that while attacks seem like black magic from the outside, in most cases the implementation of them is very simple and attainable without having to be a genius. That’s why people like script kiddies are happen.
It makes sense, really: simple is more reliable, cheaper, and requires less expertise to install and use. Simple is good.
Re: Genius
Don’t forget, if the government doesn’t need a warrant or other court order to do something, it’s not illegal for anyone to do it.
After all, both private citizens and the government are bound to obey statutory law, but the government additionally must comply with the Constitution.
The government has an easier time getting a court order to allow something, but absent that court order has less freedom than ordinary citizens.
Wiretap/interception laws are a good example of this — intercepting the content of communications is 100% illegal without a warrant. There is no government exemption to the warrant requirement, since that requirement was intended specifically for the government. If the government does not need a warrant to do something relating to intercepting communications, then neither do you.
Doubtless some shill or apologist will disagree with me — but the thing is, absent an exception written into the laws, the government cannot have it both ways. Either it’s legal or it’s not. Even with such an exception, the exception might be unconstitutional and illegal if the exception overrides fourth amendment protections.
Re: Re: Genius
In theory, maybe. In practice, a district attorney is going to prosecute you and not prosecute the NSA for the same borderline-illegal activity.
Re: Re: Genius
By extension, when do I get my government provided MRAP, and Taser, and Stingray, and …
The cops get them. Shouldn’t we be accorded the same consideration? I’d really like to have a few shoulder launched missiles (RPGs), a la Panserfaust. Those would really come in handy in a lot of situations I see every day.
Unfortunately...
…their discussion group is hosted by Google, which is a double failure: first, because it’s friggin’ Google for crying out loud, and second, because Google Groups is a third-rate operation run by incompetent, ignorant newbies.
Sewa Band Akustik
No it’s not. “Know thy enemy” is an old and valuable concept. We all deserve to know what that fist of yours is doing when it’s easily possible it could be aimed at our nose. Self defence against potentially offensive weapons is all the justification necessary. Get rid of your offensive weapons and there’ll be no reason to spy on you, except to ensure you don’t have any.
I consider their inability to use the official ANT catalogue a feature, not a bug. The classification rules are stupid and need to be fixed. Providing a workaround, even a perfectly legal one, reduces the pressure to fix the stupid rules.
Watching Back...Maybe there will be an APP for that
Isn’t it nice that now we can spy on the Government spying on us.
Maybe if one of us catches a terror plot and turns it in they will leave us alone…Kinda like Domestic Spying Outsourcing.
Of course I think it would be easier if they just offered to pay me for my info…But I’m not cheap.
every one of these devices should be deployed near every local government building.
Re: Re:
I was thinking Utah ought to hand them out to school kids in furtherance of their STEM and Civics educational initiatives.