Monday, December 30, 2013

Leaked Documents Show NSA Compromising Computer Hardware And Communication Technology On A Massive Scale

from the all-your-goddamn-everything-are-belong-to-us dept

Der Spiegel has released more NSA documents detailing the agency's hacking efforts around the globe. The so-called Tailored Access Operations (TAO) is the NSA's group of tech masterminds, deployed to insert the agency into worldwide communications. TAO uses a variety of exploits and backdoors to achieve this access, much of which is detailed in a 50-page document that Der Spiegel likens to a "mail-order catalog."

Another team (ANT -- Advanced or Access Network Technology) creates the exploits and "sells" them to the agency, providing access to communications and data that TAO can't achieve on its own.
In cases where TAO's usual hacking and data-skimming methods don't suffice, ANT workers step in with their special tools, penetrating networking equipment, monitoring mobile phones and computers and diverting or even modifying data. Such "implants," as they are referred to in NSA parlance, have played a considerable role in the intelligence agency's ability to establish a global covert network that operates alongside the Internet.

Some of the equipment available is quite inexpensive. A rigged monitor cable that allows "TAO personnel to see what is displayed on the targeted monitor," for example, is available for just $30. But an "active GSM base station" -- a tool that makes it possible to mimic a mobile phone tower and thus monitor cell phones -- costs a full $40,000. Computer bugging devices disguised as normal USB plugs, capable of sending and receiving data via radio undetected, are available in packs of 50 for over $1 million.
Between TAO and ANT, vast amounts of computer hardware have been compromised. Der Spiegel notes that ANT prefers to deploy its exploits at the BIOS level where they can remain undetected by most security and anti-virus programs. Other programs it creates hitch a ride in device firmware, including that of major American hard drive manufacturers like Western Digital, Seagate and Maxtor. (Apparently, Samsung and Huawei are similarly compromised, making them the only non-American companies listed in the documents.)

ANT also targets communications by compromising network equipment.
Other ANT programs target Internet routers meant for professional use or hardware firewalls intended to protect company networks from online attacks. Many digital attack weapons are "remotely installable" -- in other words, over the Internet. Others require a direct attack on an end-user device -- an "interdiction," as it is known in NSA jargon -- in order to install malware or bugging equipment.
It's unclear whether ANT provides exploits to other agencies, but the fact that a catalog exists suggests ANT isn't solely supplying the NSA. (If it is, one wonders why prices are listed. If it's internal development and deployment only, cost wouldn't be an issue.)

Security researcher Jacob Appelbaum, one of the contributors to the Der Spiegel article, addressed the Chaos Communication Congress over the weekend, delivering more details on ANT's exploits, including exploits affecting iOS devices and any phone using GSM connections. Most surprising perhaps was this exploit-in-a-box device that can deliver its compromising payload from up to eight miles away.


None of this should be taken to imply the TAO isn't perfectly capable of creating its own high-level exploits and backdoors. If anything, TAO is the more physical and aggressive counterpart to ANT, executing raids to achieve physical access to devices and networks (often with the assistance of the FBI -- or at least its vehicles).
An internal description of TAO's responsibilities makes clear that aggressive attacks are an explicit part of the unit's tasks. In other words, the NSA's hackers have been given a government mandate for their work. During the middle part of the last decade, the special unit succeeded in gaining access to 258 targets in 89 countries -- nearly everywhere in the world. In 2010, it conducted 279 operations worldwide…

To conduct those types of operations, the NSA works together with other intelligence agencies such as the CIA and FBI, which in turn maintain informants on location who are available to help with sensitive missions. This enables TAO to attack even isolated networks that aren't connected to the Internet. If necessary, the FBI can even make an agency-owned jet available to ferry the high-tech plumbers to their target. This gets them to their destination at the right time and can help them to disappear again undetected after as little as a half hour's work.
Even more disturbing, the NSA's TAO operation waylays purchased hardware en route to customers in order to install exploits.
If a target person, agency or company orders a new computer or related accessories, for example, TAO can divert the shipping delivery to its own secret workshops. The NSA calls this method interdiction. At these so-called "load stations," agents carefully open the package in order to load malware onto the electronics, or even install hardware components that can provide backdoor access for the intelligence agencies. All subsequent steps can then be conducted from the comfort of a remote computer.
The NSA's programs continue to make the world less safe for computer users under the guise of "security." Exploits go undiscovered and unpatched. Handcrafted exploits and backdoors are deployed without affected companies' knowledge. TAO has manipulated one of the most infamous Windows error messages in order to gain passive access to computers around the world.
The automated crash reports are a "neat way" to gain "passive access" to a machine, the presentation continues. [via XKEYSCORE, most likely.] Passive access means that, initially, only data the computer sends out into the Internet is captured and saved, but the computer itself is not yet manipulated. Still, even this passive access to error messages provides valuable insights into problems with a targeted person's computer and, thus, information on security holes that might be exploitable for planting malware or spyware on the unwitting victim's computer.
While not as directly useful as TAO and ANT's other tools, it still deployed frequently enough that the dialog box itself has become an agency inside joke.


[The altered text reads: "This information may be intercepted by a foreign SIGINT system to gather detailed information and better exploit your machine."]

These new revelations will only give foreign customers even more reasons to distrust American hardware. Der Spiegel's article notes that Samsung and Huawei hardware may be similarly compromised, but by and large, most of the "damage" seems to be domestic. Estimates have suggested American companies will potentially lose $150+ billion as a result of the NSA's actions. This should push that number even higher.

The question that needs to be asked is if this damage is worth it. The agency likely believes it is -- or at least believes it shouldn't be held responsible for tanking the overseas prospects of American tech companies. According to its defenders, the real problem here is the leaks, not the exploitation of every piece of hardware and software it can get its hands on. After all, if Snowden hadn't taken those documents, this would still be a secret and foreign companies will still be purchasing compromised goods from US companies.

The NSA has never seriously considered the consequences of its activities being exposed. This should have been factored in when considering the "costs" of programs like these. Nothing operates in a vacuum, not even the most secretive of agencies. Frankly, the level of exploitation exposed here verges on inconceivable. Any crying agency spokespersons have done about methods being exposed now looks like nothing more than diversionary noises delivered with poker faces. The agency has "root access." The rest is just skimming the surface.

No comments:

Post a Comment