back to article How the NSA hacks PCs, phones, routers, hard disks 'at speed of light': Spy tech catalog leaks

A leaked NSA cyber-arms catalog has shed light on the technologies US and UK spies use to infiltrate and remotely control PCs, routers, firewalls, phones and software from some of the biggest names in IT. The exploits, often delivered via the web, provide clandestine backdoor access across networks, allowing the intelligence …

COMMENTS

This topic is closed for new posts.

Page:

  1. pierce

    and this was their capabilties in 2007, 5 years ago. thats before the utah data center etc have come online with their zetabyte storage (assuming they've sorted out the power problems they were having this summer)

  2. Robin Bradshaw

    Cottonmouth will stand out like a sore thumb as it will be the only USB cable ever made that actually meets USB specs, unlike the millions of cheap crap chinese cables made with copper plated string that only just barely work. :)

  3. Pen-y-gors Silver badge

    Practical action

    It's time for the EU to retaliate. If it's legal under US law to do anything you like to a foreigner's IT equipment then we do the same - make it legal for any European to do anything they like to an American's IT equipment - no more Gary McKinnon cases then.

    And at the same time make it illegal for anyone to break into European IT networks, and make the employer of any person doing it subject to the same penalties, with an option for seizure of any assets owned by the employer (e.g. US Government) in compensation. And allow for trials in absentia and make it a strict liability offence. Oh yes, and allow for civil prosecutions as well (lower burden of proof)

    But will the wimps in the Council of Ministers do anything practical like this? I suspect not...

    1. Alfred

      Re: Practical action

      "But will the wimps in the Council of Ministers do anything practical like this?"

      Perhaps they're simply better people with higher standards who think that someone being a dickhead doesn't actually magically make being a dickhead acceptable.

    2. Anonymous Coward
      Anonymous Coward

      Re: Practical action

      The original deafening silence from the EU about these leaks make me think they're all at it, or want to be.

      1. Vociferous

        Re: Practical action

        > The original deafening silence from the EU...

        ...is because all western intelligence organizations are joined at the hip, and share information. Anything interesting the US finds out from it's snooping, it shares with it's pals, and of course the other way around. And the sum of all the organizations capabilities is much greater than any individual organizations capability. In short, the EU countries benefit from US snooping, particularly as the EU secret services generally may not spy on their own citizens.

        That's not to say that they don't spy on each other or trust each other. For instance, the French repeatedly warned the USA that they were building the case for WMD's in Iraq on falsified evidence, but the USA ignored them.

        Also, sometimes lines are crossed. The EU is fine with the US snooping on little people, but gets upset when the US snoops on, say, military contract bidding.

    3. Anonymous Coward
      Anonymous Coward

      Re: Practical action

      Rohde+Schwarz (Germany) build a fake base station too for various gov'ts ...

      So they are all at it.

    4. Anonymous Coward
      Black Helicopters

      Re: Practical action

      The EU council of ministers (or more likely their key members) are complicit. For one, Britain sits on that council of course, guess who gets all this spytech as a part of their membership in the "Fvey" distribution? Look at the bottom of those catalog pages and you will see that the GCHQ has had access to all this gear for awhile. And they probably have their own Tailored Access Operations "account" or attached team at GCHQ facilities.

      And Germany, France, Netherlands, etc. all get bought off with intelligence sharing agreements, so they get many of the benefits of the NSA's skullduggery without actually having to pay for it all.

      Like I said earlier this year, there is a reason that France/Spain/Portugal closed their airspace to Bolivian President Evo Morales' plane on the SUSPICION that Edward Snowden COULD be onboard, and then the Austrians wouldn't let the Morales plane take off until they could search the plane for Snowden.

      Think of it, four European nations, two of which have reputations for being rather indifferent allies of the U.S., acted together to stop the PRESIDENT OF A SOVEREIGN NATION'S DIPLOMATIC CONVEYANCE. When was the last time you saw anything like that done, by anyone?

      Why did they do it? It's because all those nations are beneficiaries of the NSA's snooping, and they don't want Snowden ending the party, because then Europe would have to choose between flying blind without intel or ponying up the monetary and moral costs of replacing the NSA data feed.

  4. GrahamsTenPenneth

    You guys are sooo gullible

    Think about it:

    There are >7 billion people in the world.

    If even a tenth have access to cellphones and computers that's >700million.

    Exactly how many staff do the NSA have to monitor 700million people?

    1,000? 10,000? 100,000?

    Even at 100,000 staff that's one member of staff to monitor 7000 people 24/7/365.

    Using supercomputers to filter down candidates you MAY get that down.

    Heuristic biometric software is not that good, but lets say it is able to filter that down to 10% or even 1% (which is science fiction "universal translator" anyone).

    Can one person monitor 70 people's phone and internet activity constantly all day, all year, day and night?

    Bear in mind this is 100,000 staff (same as the whole of Microsoft) and using estimates of filtering based on 24th century techniques.

    "Person of Interest" is a fantasy TV show, not reality.

    1. Alfred

      Re: You guys are sooo gullible

      You're an idiot with no imagination. If you ever come to their attention, they've got (as suggested in the article) 15 years of data to sift back through. They don't need to watch you constantly. When you come to their attention they pick something from the last 15 years of automated collection of your life to get you with.

      1. GrahamsTenPenneth

        Re: You guys are sooo gullible

        O I have imagination all right.

        I also have worked in the IT industry for the last 20 years, including in biometric, supercomputing , and security fields.

        I current work in financial IT where I look after a great deal of Cisco ASA firewalls.

        I have a good idea what is possible, and this is just another wet dream.

        15 years ago there wasn't the tech to harvest and store this kind of data, nor did the consumer tech exist off which to harvest it.

        Don't you think they would have block this articles release if they have that much IT power?

        The guy would be in prison or dead before this article got out.

        Next you'll say there are aliens walking among us :)

        1. Alfred

          Re: You guys are sooo gullible

          I discount your credentials roughly 80% and consider you to be more of an idiot for relying on credentials to bolster your arguments. I can spout credentials too. Check this:

          I also have worked in the IT industry for the last 30 years, including in biometric, supercomputing , and security fields, and unicorns.

          I current work in financial IT where I look after a great deal of Cisco ASA firewalls, but fior a bigger more important company than you.

          See. Meaningless. You know I made that up. I suspect that you didn't make yours up, but it counts about as much and says heaps about you that you rely on it this way.

          1. GrahamsTenPenneth

            Re: You guys are sooo gullible

            Alfred, I think you are somewhat missing the point.

            The American government actively promoted aliens stories to explain tech created during wartime.

            They are prone to this kind of misinformation.

            I'm not stupid, I can do the maths (the English version, not the American "math")

            I'm saying I'll get a good nights sleep tonight, nooooo problem.

            "You foster parents are dead!"

          2. GrahamsTenPenneth

            Re: You guys are sooo gullible

            Alfred,

            Actually I have to admit to missing your point.

            Hidden gadgets hand installed on machine-manufactured surface mount PCBs, listening to your private conversations from across the world, backdoors to your kettle and fridge.

            It's all made up and meaningless.

            1. Anonymous Coward
              Anonymous Coward

              Re: You guys are sooo gullible

              OK, what about if some of the bandwidth had already been hogged by the NSA, but was transmitting pure noise at the time so no one can tell anything was wrong? Now with the intercept in place, it's now transmitting encrypted data (which would be nigh-indistinguishable from the earlier noise)?

              And we can't rule much out anymore. We KNOW Americans have come up in the past with truly ground-breaking tech (like the F-117 stealth fighter) that was classified "black" (deny it exists). For all we know, the NSA actually already has a working high-quibit quantum computer hidden in the data store in Utah, already using Shor's Algorithm to churn away at all the old encrypted comms it's storing upstairs. They may even know a secret to breaking lattice encryption and many of the other "post-quantum" algos that have been proposed. Plus, one other thing to note is that if they can subvert storage hardware at the firmware level, they may even have an inroad into stealing the pinnacle of encryption: one-time pads.

              1. GrahamsTenPenneth
                Terminator

                Re: You guys are sooo gullible

                "For all we know, the NSA actually already has a working high-quibit quantum computer hidden in the data store in Utah..."

                Yes and they probably have warp drive and a TARDIS in area 51.

                It's not paranoia if they really are after you!

                Do me a favour.

        2. Valeyard

          Re: You guys are sooo gullible

          Oh well since you put it that way it's all fine then, absolutely nothing is wrong at all

          You can give them all YOUR personal data if you want in the belief that security through obscurity is fine, i however believe

          1-i don't care if they can process it (yet) or not. it's my data, hands off

          2-i think they have a bigger budget than your company and smarter people than you to play with it

          1. GrahamsTenPenneth

            Re: You guys are sooo gullible

            Valeyard, I'm also not stupid.

            I don't run Windows and wouldn't have it in my house.

            I also don't have an iPhone or a stupid Windows phone.

            I like to be able to run something which I can see has no vulnerabilities, not something a secretive company tells me I can trust.

            1. Valeyard

              Re: You guys are sooo gullible

              you're on the internet mate, read the bit about undersea cables? use telephones?

              1. GrahamsTenPenneth

                Re: You guys are sooo gullible

                Actually I have had to organise several repairs to the fibre trunks that run under the Atlantic and Indian oceans.

                This costs in the region of a million dollars to organise any work on even a single undersea trunk.

                If they have a L2 hack they would have to send the data somewhere via something else.

                If they are sending the data along the same trunk it would impact the limited bandwidth and stick out like a sore thumb.

                We are talking of a large trunk here so exactly what would carry that data?

                Another 100gig trunk?

                That's a 1 billion dollar operation to construct and lay it.

                All without even a Russian or Chinese satellite seeing it.

            2. Anonymous Coward
              Anonymous Coward

              Re: You guys are sooo gullible

              "I like to be able to run something which I can see has no vulnerabilities, not something a secretive company tells me I can trust."

              Well, if the snoops can subvert actual physical silicon, it's the latter by default unless you can roll your own ICs.

            3. Anonymous Coward
              Anonymous Coward

              @GrahamsTenPenneth

              So because you don't have an iPhone or Windows Phone - by which I assume you have an Android - you feel you're safe?

              Too bad the mention of the iPhone pointed out this capabilities list dated from 2007, before the first Android phone existed. Safe to say they have a backdoor into your Android phone, too. But you won't listen, you're probably naive enough to believe that open source = no backdoors. Go google "on trusting trust" and get back to me after you've smashed your undoubtedly bugged phone with a hammer.

    2. NomNomNom

      Re: You guys are sooo gullible

      I work at Burger King at weekends and I can tell you this is no laughing matter

      1. GrahamsTenPenneth

        Re: You guys are sooo gullible

        I think said "Bin Laden" at least 20 times.

        O no I typed it too.

        What's that knock at the door....

        O It's just aliens posing as Jehovah's Witnesses again.

  5. jai

    naming conventions

    good grief! do they really name all their software code in ALL-CAPS???

    Or was that just done in the report to make them sounds more terrifying? Also makes it harder to read the TLAs in the report. Damnit I spent several minutes trying to work out what WISTFULTOLL was an acronym for...

    1. bpfh
      Boffin

      Re: naming conventions

      US military code names tend to be in upper case and it avoids confusion as random code names or project names used in a sentence could be taken out of context. For example, in a military/intelligence context, saying "check with Fairview" could mean that you need to check a project, a town, a manual, or a person, but "check with FAIRVIEW" explicitly references a project (in this case a mass telephone/email surveillance project if I believe this page: http://www.laquadrature.net/wiki/Usa_surveillance_tools )

      1. Destroy All Monsters Silver badge
        Trollface

        GOLD JULY BOOJUM

        At least I now have new names for my servers.

        howlermonkey.homelinux.org sound pretty good.

  6. Dodgy Geezer Silver badge

    ...angry words between the NSA, manufacturers and hardware customers – the latter likely to be searching for more secure products....

    If you want to avoid NSA/GCHQ reading your transmissions....

    1 - run like Obama did and don't use computers, use messengers.

    2 - use an old BBC micro that you keep physically secured. Encrypt messages on it using a one-time pad. Only connect to the Internet when you are sending messages, using a separate machine from the one you used for encryption....

    1. Dave 126 Silver badge

      >1 - run like Obama did and don't use computers, use messenger

      Wasn't it the complete absence of a telephone line etc that marked out a house in Abbotsbad as being a contender for Ozzie's hideout?

      1. Anonymous Coward
        Anonymous Coward

        >2- Who's to say any computer since the Apple II wasn't already compromised (probably by hidden tech in the early processors)? They probably also discrete transmit their memory contents through subsonic acoustics, defeating even an air gap. And one-time pads? If it's anything of significant size, how will you keep a pad that size on paper, not lose track of it, and still enter it reliably? And once you store it, it's game over if all the storage tech is subverted.

        1. Destroy All Monsters Silver badge

          run like Obama did

          I think there is some confusion with Forrest Gump here.

  7. Tromos

    All that money and all that effort...

    ...and all we've got to show for it is a Lolcat. At least it's a bloody good one.

    1. This post has been deleted by its author

  8. RyokuMas Silver badge
    Coat

    How dastardly...

    I vote we all switch over to carrier pidgeons. See if we can turn the NSA into something more like this...

    1. Anonymous Coward
      Anonymous Coward

      Re: How dastardly...

      Until the government starts training hawks and falcons...

  9. Boris the Cockroach Silver badge

    The NSA

    Can read this .. actually I doubt they'd bother

    "The NSA can install various nasties on computers due to them being intercepted while being delivered to the customer"

    So that means that your laptop that you got from Dell last week is stuffed full of NSA spying stuff....... maybe .. maybe not.... If you're J.Smith, 2nd line hell desk and part time sys op for a small company not, if you're B.Jones known business partner to a 'bad guy' then yes.

    In any case the reason your brand new laptop starts so slowly is because of all the crapware Dell put on it, not because you are on the NSA watch list.

    1. John Brown (no body) Silver badge

      Re: The NSA

      "In any case the reason your brand new laptop starts so slowly is because of all the crapware Dell put on it, not because you are on the NSA watch list."

      Maybe so, bit least now you KNOW why all that crapware was installed in the first place. How many would bother to remove all of it? Most users will find at least one item potentially useful ;-)

  10. bpfh
    Paris Hilton

    Docs or it didn't happen...

    Der Spiegel talks alot about this catalogue... and a lot of sites are linking to Der Spiegel about this catalogue... but I'd like to see the catalogue rather than be talked to about it. Come on, if you are going to drop the dox, go all the way!

    1. Anonymous Coward
      Anonymous Coward

      Re: Docs or it didn't happen...

      Check Cryptome.

      1. Anonymous Coward
        Anonymous Coward

        Re: Docs or it didn't happen...

        Der Spiegel also showed some of the catalog pages in an infographic running with the main story.

  11. Anonymous Coward
    Anonymous Coward

    "If the dossier is to be believed"

    And there's the problem.. Is this truth, NSA misinformation, or just total bullshit made up by someone who thinks Spooks is true to life?

  12. GrahamsTenPenneth

    "Applebaum suggests that those interested should look for samples that use the RC6 block cipher and which emit encrypted UDP traffic."

    If traffic is encrypted it will be TCP.

    An proprietary non-standard cypher which is emitting rare UDP traffic.

    Shouldn't be hard to spot.

    Why would someone disguising traffic using such an easily detectable hack.

    Just means this article is BS.

    1. Anonymous Coward
      Anonymous Coward

      UDP being connectionless, it might be harder to say who was the intended recipient?

      If you don't want to disclose the tap(s) why flag the end point.

      I think we will look back on the initial IPV6 thing as the biggest porting of global data through untrusted relays ever.

      Most people use it without a second thought, even those who turn it off I'm sure are passing data in ways we don't yet understand while they feel safe that they have a expensive IPV4 firewall that doesn't even inspect the tunnel.

      Even the handshaking and negotiating of scope may be more than it appears.

      I see your previous point about the PCB's, very low tech stuff but then if I want to deploy many thousands in the hope one or two are useful, there is something to be said for paying only pennies for additional "normal looking stuff" in the boxes. If you want to get fancy make pin compatible PCB components that replace some SMD chips, quick rework and that visually indistinguishable BGA package could be something quite a bit different to it's base function, hell on dual video laptops use the "inactive" video card for something interesting.

      What is possible is only limited by the imagination, we may take it on trust that it is not "sensible or justified" probably with a sound commercial head on, but since when has black book spending been limited by sensible or justified?

    2. Destroy All Monsters Silver badge

      If traffic is encrypted it will be TCP

      LOLWHAT

    3. Androgynous Cupboard Silver badge

      Graham the blind squirrel finds a nut...

      Graham, you've got some odd opinions.

      RC6 is not proprietary, it's algorithm is public. It's even on Wikipedia. Encryption can be applied to UDP or TCP equally, and in fact a block cipher lends itself fairly easily to UDP - although I have to admit UDP is an odd choice, as the strength of a block cipher comes from block chaining which isn't viable with UDP (lose one packet in the middle and you lose the ability to decrypt the rest). How amusing if the NSA were not doing this, intercept enough of their traffic and search for a plaintext crib and you could find their key...

      Identifying a UDP packet encrypted with RC6 is not easily detectable: it is, in fact, impossible on the wire, as it will look like a packet with noise in it. Because of the encryption, you see. Identifying the cipher used to create the noise is statistically impossible for any well functioning cipher, almost by definiton really. To identify the use of RC6 you would need to disassemble the code generating the packets and identify the algorithm by it's "footprint".

      However in all your bluster you've asked one very interesting question: if you're tapping an undersea fibre to copy all the data, where do you route this data? On the same fibre? This implies complicity from the backbone provider, and in that case why bother to hack it in the first place? Or do they lay another cable out?

      1. Anonymous Coward
        Anonymous Coward

        Re: Graham the blind squirrel finds a nut...

        Or they'd been preparing in advance by shuttling noise down the line for some time, then using the "noise channel" as a backhaul once the tap is in place.

      2. Tom Chiverton 1

        Re: Graham the blind squirrel finds a nut...

        " This implies complicity from the backbone provider, and in that case why bother to hack it in the first place?"

        I don't see why. The NSA (via a suitable front) rents some space on the fibre, same as any other tier one...

        1. GrahamsTenPenneth
          Big Brother

          Re: Graham the blind squirrel finds a nut...

          OK it was my mistake to apply a bit of rationality and logic to the rather derivative claims in the original article.

          Some people want to be afraid it seems.

          Orwell would be proud.

          1. Matt Bryant Silver badge
            Thumb Up

            Re: GrahamTenPenneth Re: Graham the blind squirrel finds a nut...

            "....Some people want to be afraid it seems....." It seems some people are just desperate to imagine that they are interesting enough for other people to actually want to eavesdrop on them, it would so bruise their fragile egos to be told they are of zero interest to the NSA or GCHQ.

      3. GrahamsTenPenneth

        Re: Graham the blind squirrel finds a nut...

        "RC6 is not proprietary, it's algorithm is public. It's even on Wikipedia. "

        "It is a proprietary algorithm, patented by RSA Security."

        "RC6 is a patented encryption algorithm (U.S. Patent 5,724,428 and U.S. Patent 5,835,600)."

        - wikipedia

        "as it will look like a packet with noise in it. "

        So we look for UDP packets with "noise", which are obviously the bulk of the internet traffic!

        Thanks for making my points.

Page:

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2021