How the NSA hacks PCs, phones, routers, hard disks ‘at speed of light’: Spy tech catalog leaks
It’s not as bad as you thought – it’s much worse
The cellphone network you are connected to is not the network you want
Mobile communications are also wide open, it seems. The NSA catalog offers a mobile base station called the Typhon HX (priced at $175,800) that will mimic a network provider’s infrastructure and collect mobile signals to decode and study; it effectively taps cellphones.
Appelbaum said this type of hacking was spotted in action by the Ecuadorian embassy shortly after Julian Assange arrived as a house guest. The embassy’s staff started getting welcome messages from Uganda Telecom on their mobile because the British intelligence services hadn’t reconfigured their data slurping base-station correctly from a previous operation, apparently.
Mobile phone SIM cards can also be easily hacked, the documents claim, using a tool dubbed MONKEYCALANDER. This exploits a flaw, only recently spotted by security researchers but used by the NSA since 2007, that allows code to be installed on a SIM card that will track and monitor an individual user’s calls and location.
The catalog also details an exploit called DROPOUTJEEP which claims it can gain complete control of an Apple iPhone via a backdoor, at least back in 2007 when the cyberweapon catalog was drawn up. The NSA says the DROPOUTJEEP exploit has a 100 per cent success rate, leading Applebaum to speculate that Cupertino may have helped the NSA out with the software. The first version of DROPOUTJEEP needed an agent to get his or her hands on the device, but remotely launched versions were promised.
Also listed is flash ROM malware for compromising satellite phones, in case you felt like using that, plus exploits to remotely control Windows Mobile handsets.
Speaking of Windows, NIGHTSTAND is a handy little box of tricks that can, with a range of 8 miles, transmit carefully crafted Wi-Fi traffic to potentially gain control of a PC running Windows XP and Internet Explorer. A tiny Linux-powered computer called SPARROW II can be fitted to drones to scope out poorly secured wireless networks from the skies.
Your hard disk is not the device you thought it was
Hard drives are also easy meat for the NSA, according to the documents. Software called IRATEMONK can be installed on the firmware in disks from Western Digital, Seagate, Maxtor, and Samsung to allow full access to the target’s data and operating system. And because it’s flashed onto the chips, via other remotely installed malware, the customized firmware is almost impossible to detect. This allows spies to hide and execute anything they like on the connected computer, even if the drive is wiped.
If you want to see how a reprogrammed disk firmware can silently alter files, turn to this independent, earlier research. An example target of IRATEMONK cited by the NSA is a cyber-cafe of PCs.
“Western Digital has no knowledge of, nor has it participated in the development of technology by government entities that create ‘implants’ on Western Digital hard drives, as Der Spiegel described,” a WD spokesperson told El Reg in a statement.
The parcels from Amazon are not the parcels you want
On the hardware front, the TAO hacking team also has specialists in “close access operations” or “Off Net” projects where physical access is required to a target’s system. This can involve intercepting laptops ordered online from Amazon and others, adding tracking hardware, and then delivering them as normal in the correct packaging, as well as breaking into private property for hardware installation.
The catalog offers a number of hardware tools that can be installed by a g-man. $200,000, for example, will buy you 50 USB cables that have a secondary radio communications system called COTTONMOUTH that allows the agency to send and collect data directly through the ether. A VGA monitor cable called RAGEMASTER intercepts video signals and beams them to a nearby government snoop using a radar-based technique. A similar device exists for keyboards.
Those cables were built by the NSA’s ANT team, which also has a fondness for attacking and infiltrating the firmware on your PC: this is the low-level software that’s not without its bugs, first to run, and boots your operating system. If this is compromised and reprogrammed using the ANT crew’s SWAP program, then it’s pretty much game over for the target as the whole system above the firmware can be remotely controlled and monitored as required. Another tool called WISTFULTOLL leaps upon Windows Management Instrumentation to access data on systems.