NSA catalog lets agents deliver cloned hardware to targets

Dec 29, 2013
7
NSA catalog lets agents deliver cloned hardware to targets

A new examination of the seemingly bottomless well of Snowden documents describes an internal NSA catalog of dead ringers for consumer hardware that the NSA can deploy on unsuspecting targets' systems. For example, when a target orders a new hard drive, router, monitor cable, or USB plug online, the NSA can intercept the order and send a bugged clone, which the target would then install by his own volition. The catalog includes hardware by Seagate, Samsung, Cisco, Huawei, Dell and many others.

Western Digital and Maxtor are two other hardware providers named in the monitoring device catalog. It also includes back door access to firewalls by Juniper Networks, as well as ready-made hacks for the BIOS firmware that runs when a personal computer starts up.

The catalog was produced by the Advanced/Access Network Technology (ANT) division of the NSA hacker unit Tailored Access Operations (TAO).

Der Spiegel reported that the NSA can intercept automated personal computer communications like Windows crash reports to ferret out vulnerabilities in users' systems. It does this via a so-called "shadow Internet" that runs alongside the regular Internet. SlashGear has previously reported on the NSA's "quantum insert" technique of serving copies of popular sites like LinkedIn to target users by dint of beating the legitimate websites to the server punch.

In other words, any of your electronics and favorite websites could actually be NSA-created resources should the spy agency deem you an asset.

On the industrial side, the catalog lets agents acquire and physically install bugged base stations that stand in for proprietary mobile network equipment. The NSA can use the stations to collect mobile communications data from personal devices in range.

Finally, the Der Spiegel analysis delved into how the NSA and its partners in private telecommunications companies have tapped major intercontinental data cables to conduct mass data surveillance. For example, the agency in early 2013 mapped the "SEA-ME-WE-4" undersea cable that connects Europe, North Africa and Asia.

SOURCE: Der Spiegel


Must Read Bits & Bytes