old news but it is real.
SPIEGEL ONLINE
12/29/2013 09:19 AM
Shopping for Spy Gear
Catalog Advertises NSA Toolbox
By Jacob Appelbaum, Judith Horchert and Christian Stöcker
After years of speculation that electronics can be accessed by intelligence
agencies through a back door, an internal NSA catalog reveals that such
methods already exist for numerous end-user devices.
Editor's note: This article accompanies our main feature story on the NSA's
Tailored Access Operations unit. You can read it here.
When it comes to modern firewalls for corporate computer networks, the
world's second largest network equipment manufacturer doesn't skimp on
praising its own work. According to Juniper Networks' online PR copy, the
company's products are "ideal" for protecting large companies and computing
centers from unwanted access from outside. They claim the performance of the
company's special computers is "unmatched" and their firewalls are the
"best-in-class." Despite these assurances, though, there is one attacker none
of these products can fend off -- the United States' National Security
Agency.
Specialists at the intelligence organization succeeded years ago in
penetrating the company's digital firewalls. A document viewed by SPIEGEL
resembling a product catalog reveals that an NSA division called ANT has
burrowed its way into nearly all the security architecture made by the major
players in the industry -- including American global market leader Cisco and
its Chinese competitor Huawei, but also producers of mass-market goods, such
as US computer-maker Dell.
A 50-Page Catalog
These NSA agents, who specialize in secret back doors, are able to keep an
eye on all levels of our digital lives -- from computing centers to
individual computers, and from laptops to mobile phones. For nearly every
lock, ANT seems to have a key in its toolbox. And no matter what walls
companies erect, the NSA's specialists seem already to have gotten past them.
This, at least, is the impression gained from flipping through the 50-page
document. The list reads like a mail-order catalog, one from which other NSA
employees can order technologies from the ANT division for tapping their
targets' data. The catalog even lists the prices for these electronic
break-in tools, with costs ranging from free to $250,000.
In the case of Juniper, the name of this particular digital lock pick is
"FEEDTROUGH." This malware burrows into Juniper firewalls and makes it
possible to smuggle other NSA programs into mainframe computers. Thanks to
FEEDTROUGH, these implants can, by design, even survive "across reboots and
software upgrades." In this way, US government spies can secure themselves a
permanent presence in computer networks. The catalog states that FEEDTROUGH
"has been deployed on many target platforms."
Master Carpenters
The specialists at ANT, which presumably stands for Advanced or Access
Network Technology, could be described as master carpenters for the NSA's
department for Tailored Access Operations (TAO). In cases where TAO's usual
hacking and data-skimming methods don't suffice, ANT workers step in with
their special tools, penetrating networking equipment, monitoring mobile
phones and computers and diverting or even modifying data. Such "implants,"
as they are referred to in NSA parlance, have played a considerable role in
the intelligence agency's ability to establish a global covert network that
operates alongside the Internet.
Some of the equipment available is quite inexpensive. A rigged monitor cable
that allows "TAO personnel to see what is displayed on the targeted monitor,"
for example, is available for just $30. But an "active GSM base station" -- a
tool that makes it possible to mimic a mobile phone tower and thus monitor
cell phones -- costs a full $40,000. Computer bugging devices disguised as
normal USB plugs, capable of sending and receiving data via radio undetected,
are available in packs of 50 for over $1 million.
'Persistence'
The ANT division doesn't just manufacture surveillance hardware. It also
develops software for special tasks. The ANT developers have a clear
preference for planting their malicious code in so-called BIOS, software
located on a computer's motherboard that is the first thing to load when a
computer is turned on.
This has a number of valuable advantages: an infected PC or server appears to
be functioning normally, so the infection remains invisible to virus
protection and other security programs. And even if the hard drive of an
infected computer has been completely erased and a new operating system is
installed, the ANT malware can continue to function and ensures that new
spyware can once again be loaded onto what is presumed to be a clean
computer. The ANT developers call this "Persistence" and believe this
approach has provided them with the possibility of permanent access.
Another program attacks the firmware in hard drives manufactured by Western
Digital, Seagate, Maxtor and Samsung, all of which, with the exception of the
latter, are American companies. Here, too, it appears the US intelligence
agency is compromising the technology and products of American companies.
Other ANT programs target Internet routers meant for professional use or
hardware firewalls intended to protect company networks from online attacks.
Many digital attack weapons are "remotely installable" -- in other words,
over the Internet. Others require a direct attack on an end-user device -- an
"interdiction," as it is known in NSA jargon -- in order to install malware
or bugging equipment.
There is no information in the documents seen by SPIEGEL to suggest that the
companies whose products are mentioned in the catalog provided any support to
the NSA or even had any knowledge of the intelligence solutions. "Cisco does
not work with any government to modify our equipment, nor to implement any
so-called security 'back doors' in our products," the company said in a
statement. Contacted by SPIEGEL reporters, officials at Western Digital,
Juniper Networks and Huawei also said they had no knowledge of any such
modifications. Meanwhile, Dell officials said the company "respects and
complies with the laws of all countries in which it operates."
Many of the items in the software solutions catalog date from 2008, and some
of the target server systems that are listed are no longer on the market
today. At the same time, it's not as if the hackers within the ANT division
have been sleeping on the job. They have continued to develop their arsenal.
Some pages in the 2008 catalog, for example, list new systems for which no
tools yet exist. However, the authors promise they are already hard at work
developing new tools and that they will be "pursued for a future release."