“When governments fear the people, there is liberty. When the people fear the government, there is tyranny.” Although that quote may be misattributed to Thomas Jefferson, he did warn against tyranny and so too did security and privacy activist Jacob Applebaum when he delivered a keynote speech, To Protect and Infect [pdf], at the 30th Chaos Computer Club conference in Germany. After exposing a previously unknown NSA catalog of exploits used to spy on Americans as well as foreigners, he warned, “This is turnkey tyranny and it is here.”
Hackers from the NSA’s Office of Tailored Access Operations (TAO) have been in the news since Edward Snowden leaked some details such as how they secretly infected 50,000 computer networks with malware. TAO is internally known as ANT and its catalog of exploits is from 2008, but technology has advanced a great deal in the last six years so there’s no telling what the NSA can do now. As of 2008, the NSA had developed ways to compromise Apple, Cisco Systems, Dell, HP, Huawei, Juniper Networks, Linux, Maxtor, Microsoft, Seagate, Samsung, and Western Digital to name a few of the hard drives, firewalls, operating systems, routers, smartphones, switches and PCs described in the ANT division catalog of exploits.
If you’ve taken the time since 30C3 to study the NSA’s Advanced Network Technology (ANT) division catalog of exploits (16.2MB zip file), which were also described on Der Spiegel, then you might feel like your head will explode.
“Basically their goal is to have total surveillance of everything that they are interested in,” Applebaum said. “There really is no boundary to what they want to do. There is only sometimes a boundary of what they are funded to be able to do, and the amount of things they are able to do at scale they seem to just do those things without thinking too much without it.”
Some of the exploits are deployed remotely and others are physically installed. Those hands-on operations may occur while the product is being shipped; it could be snagged during shipping so an obscure group like an FBI black bag team can do the NSA’s domestic dirty work. There are too many exploits listed in the leak to cover in one post, but I thought you might like to know about some that target servers, routers and PCs. Please note, however, that ANT can exploit nearly every major software, hardware and firmware.
GINSU was listed as $0 per unit cost and targets Microsoft Windows."
IRATEMONK, also listed as $0 per unit, replaces the firmware on Seagate, Western Digital, Maxtor and Samsung hard drives in order to retrieve data from laptops and desktop computers.
SWAP “supports” Windows, Linux, FreeBSD or Solaris and was listed as free ($0).
SOMBERKNAVE “is a Windows XP wireless software implant that provides covert internet connectivity for isolated targets.” The cost is $50k per unit.
WISTFULTOLL had a unit cost of $0; the plug-in "harvests and returns forensic" info and was meant to exploit Windows 2000, 2003 and XP.
GINSU was listed as $0 per unit cost and “supports any desktop PC system that contains at least one PC connector (for BULLDOZER installation) and Microsoft Windows 9x, 2000, 2003, XP, or Vista.
JUNIORMINT may have a scary cost as it was only “available upon request.” It is a digital core packaged in both a mini Printed Circuit Board (PCB) and a miniaturized Flip Chip Module (FCM) “to be used in implants with size constraining concealments.”
HOWLERMONKEY was described as a “custom Short to Medium Range Implant RF Transceiver” meant to “provide a complete implant.” At a cost of $750 for 40 units, or 25 units at $1,000 each, HOWLERMONKEY “PCB layouts are tailored to individual implant space requirements and can vary greatly in form factor.”
Router exploits: (Huawei, Juniper J, Juniper M, Juniper T series)
The ANT catalog specifies persistent backdoor router exploits that target Huawei, Juniper J, Juniper M, and Juniper T series.
HEADWATER targets Huawei routers; there was no price listed, but it was ready for deployment. SCHOOLMONTANA also has no price listed but was ready to be implanted on Juniper J-Series routers. SIERRAMONTANA was listed without a price as it was under development to be deployed against Juniper M-Series routers. STUCCOMONTANA had no price listed, but was available to be deployed in November 2008 on Juniper T-Series routers.
Some of the servers listed in the exploit catalog included HP’s Proliant 380DL G5 server, which is targeted by an IRONCHEF tool to extract data using two-way RF communication. With DIETYBOUNCE, the NSA exploits a BIOS vulnerability in Dell’s PowerEdge servers 1850, 2850, 1950, 2950 by using remote access or inserting an USB stick. Dell PowerEdge 1950 and 2950 have a JTAG debugging interface that the NSA exploits via GODSURGE. All of the server exploits are listed at a cost of $0 per unit except for GODSURGE, which costs $500 for hardware and installation.
NSA quantum computer to crack encryption
At the conclusion of Jacob Appelbaum’s (@ioerror) To Protect and Infect [pdf] presentation, he stated, “If you work for the NSA, I’d like to encourage you to leak more documents. I’ll be available until I am assassinated to answer questions.”
Please take the time to watch To Protect and Infect. Or you can view Applebaum's presentation here [pdf]; here's the catalog of exploits on leaksource, or you can download the entire catalog (16.2MB zip file).