Hackers reverse-engineer NSA spy kit using off-the-shelf parts Last year Edward Snowden leaked the NSA's Advanced Network Technology catalog, a listing of the hardware and software tools the agency makes available to agents for spying. Now enterprising security experts are using the catalog to build similar tools using available electronics. The team, led by Michael Ossmann of Great Scott …
With the exception of advanced weapons systems, it has been my experience that most 'secret technology' isn't that advanced, in and of itself. Sure, there are a lot of clever people who have put together rather clever things, but the actual power of the tech comes from the fact it can be deployed and used in ways that aren't (legally) available to the proles.
The reason it 'needs' to be kept secret is so that people just aren't aware of how defenseless they really are. The reason it's so expensive is simply the price for silence on the part of the manufacturers, it sure isn't the advanced designs or super exta special components.
Also a lot of these tools need physical access to fit them to the victim's computer. Generally speaking, if the bad guys have breached your physical security then you don't have much chance anyway. Also that ups the ante quite a bit, as someone (even if a corrupt employee) is there doing the fitting and risking jail-time it caught by CCTV, observant staff, security checks, etc.
Generally speaking, if the bad guys have breached your physical security then you don't have much chance anyway.
It's remarkably difficult, and hence expensive, to maintain physical security around the clock for a 'normal' office environment. Your server room may be secure, but most companies do not employ, e.g., cleaning staff from agencies that conduct background checks. Everyday access by their personnel, or even yours, who have been suborned, or socially-engineered access by the black-hats directly, could give opportunities for deploying devices like keyloggers, which could then sit unnoticed in desk cable-management conduits for a very long time.
What the production of these devices does is illuminate our threat perception. For most companies most of the time, the CIO or security boss is going to be thinking "who's going to go to *those* lengths...?". Reading this, they will realise the lengths are shorter than you might think.
>>> Also a lot of these tools need physical access to fit them to the victim's computer.
With automated systems used to refresh corporate client side hardware every 2 or maybe 3 years depending on support contracts. The machine going to person X at multinational company Y can and is intercepted before it arrives on site. Either with a secret order at the factory or intercepted en route (customs/transit). The serial numbers of which machine goes to who is locked down, long before the hardware arrives on site, to make sure that any extra perks (more RAM, bigger SSD, 'secure' local backup system) go to the correct person. The serial number, MAC address and full name of the recipient is normally printed on a label on the shipping box. A lot of this spy gear is used for plain old corporate espionage.
And with a lot of US companies are in the IT hardware/software/support sector, this makes any extra free(dom) 'upgrades' by the NSA so much easier.
@don Jefe
Agreed. Any tech which one side has ought to be assumed by that side to at least be equaled, if not compromised. Recent history tells us this. Fuchs gave away Manhattan & ironically it was the subsequent distrust by the US of UK intel tech that led to a cash strapped UK govt to "give" away what became the MIG 17.
Either of us could cause havoc with nothing more than a tire lever or bolt cutter, the likes of which the terrorists could only dream. Ultimately, govt is afraid of the people.
"More scumbags will ship off to prison as a result of their stupidity."
I doubt that it will make a measurable difference to the volume of "scumbags" being shipped off to prison, on the basis that most of the scumbags who use this stuff are operating beyond the reach of the judicial oversight + law in the first place.
P.S. All you need to make that a Matty B Rant post is the word "Sheeple".
You're both off the mark. When you're selling to a government and somebody comes along with a product that's comparable to yours you simply upgrade yours, and charge even more: 'The commoditization of certain technical products, and the resultant lower prices, correlates directly with the the advancement of other technologies. Yesterday's technology is no longer sufficient to deal with today's threats. Here's Gizmo 2.0, now with 35% greater costs'. Amateurs :)
While I was being lighthearted with the above, that's actually how it works, but the language in the contracts is tediously uninspired. Furthermore, the lowest cost provider is not going to be a factor here. My lifestyle would be radically different if cost was the primary factor in government procurement. While that's true with a lot of things they buy, it's not that way with lots of other things.
An agency doesn't have to reach very far to justify customized equipment, specifically designed with the needs of their mission in mind. If it's not already OTS kit in the GSA catalog then agencies have a tremendous amount of latitude in selecting the vendor using criteria that are never disclosed or made part of the competitive acquisition process.
All in all, it's all crap and has been since the end of WWII. Expect nothing to change for a long time.
I think not. "Prices" associated with the goodies list will have been estimated to cover the full development and production cost over a rather small production run (go ahead, downvote, but these are mostly not mass produced items). The "purchases" will have been paid almost entirely with internal budget transfers - funny money - and billings adjusted at fiscal year end between managers to help them all stay within their piece of the DoD appropriation which, although secret as to its details, is set by the Congress and administered according to the same rules that apply to other agencies.
@tom dial
I'm afraid nothing you said makes sense. The US turned it's massive manufacturing capability into weapons. The tanks they sent to North Africa were built from converted tractors. They were reliable & had big "fuck off" guns (aka the Grant). They were shit compared to the panzers but could at least knock one one out unlike the pre-war junk the UK had.The Sherman was inferior, even with it's big gun toward the end of the war. It came through en-masse, not superiority, unlike like the Russian T34 which was a stonker.
The UK had an empire which was, in theory, a democracy. The US did not want to get involved in (another) world war (ie WW1). The US did the lend-lease thing & by virtue of hating "the empire" destroyed it. In doing so it has become "the empire".
To answer your point, you sir, sound like one of the economists who, pre 1942, said "let's cut off the jap oil supplies, what could possibly go wrong?"
MoD bod "Confidentially we have a device that can detect when an (exchangeable pack) hard drive is running"
Specialist "So what. I've got hardware that can read the data off that hard drive as it's running"
Sometimes the government doesn't have quite the advanced toys they think they do.
The 1940s called and want their passive radio transmitters back. "The Thing" was a carved version of the US Great Seal which happened to contain a passive listening device designed by Lev Sergeyevich Termen (aka Mr Theremin ) that worked nearly the same way as these devices do without the benefit of transistors..
Physics and Chemistry are a lot more capable than people like to think it is. The "railgun" I built at age 12 could embed ball bearings in my bedroom wall , and with more coils and some not very complex sequencing, could have penetrated them. Now imagine someone creative with a barrel of finishing nails...
The landlord and Dad bought me a crystal radio the very next week Gee. What a surprise.
FWIW, tune around; you may not need WiFi or Bluetooth to hear that CD player.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
