T.C. Sottek
The Verge
12/29/2013
According to a new report from Der Spiegel based on internal NSA documents, the signals intelligence agency’s elite hacking unit (TAO) is able to conduct sophisticated wiretaps in ways that make Hollywood fantasy look more like reality. The report indicates that the NSA, in collaboration with the CIA and FBI, routinely and secretly intercepts shipping deliveries for laptops or other computer accessories in order to implant bugs before they reach their destinations. According to Der Spiegel, the NSA’s TAO group is able to divert shipping deliveries to its own “secret workshops” in a method called interdiction, where agents load malware onto the electronics or install malicious hardware that can give US intelligence agencies remote access.
While the report does not indicate the scope of the program, or who the NSA is targeting with such wiretaps, it’s a unique look at the agency’s collaborative efforts with the broader intelligence community to gain hard access to communications equipment. One of the products the NSA appears to use to compromise target electronics is codenamed COTTONMOUTH, and has been available since 2009; it’s a USB “hardware implant” that secretly provides the NSA with remote access to the compromised machine.
This tool, among others, is available to NSA agents through what Der Spiegel describes as a mail-order spy catalog. The report indicates that the catalog offers backdoors into the hardware and software of the most prominent technology makers, including Cisco, Juniper Networks, Dell, Seagate, Western Digital, Maxtor, Samsung, and Huawei. Many of the targets are American companies. The report indicates that the NSA can even exploit error reports from Microsoft’s Windows operating system; by intercepting the error reports and determining what’s wrong with a target’s computer, the NSA can then attack it with Trojans or other malware…
The article continues at The Verge.
Related: The NSA Actually Intercepted Packages to Put Backdoors in Electronics
The NSA revelations keep on coming, and if you’re feeling desensitized to the whole thing it’s time to refocus and get your game face on for 2014. Because shit continues to get real…
The NSA Has A Way To Intercept Computers Mid-Shipment And Install Spyware On Them
…First, the TAO program can intercept hardware like laptops before they’re shipped to a user and install malware on the devices that let spies track the owner. The process is called “interdiction” and allows the NSA to divert shipments of consumer devices to secret workshops where agents carefully open the packing so it looks like nothing was tampered with before installing the malware.
TAO agents can also use bugs in Microsoft’s Windows operating system to look for potential holes in a suspect ‘s machine…
Update: Judge Says the NSA Can Look at Your Phone Records Because They’re Not Yours
Today a federal judge in New York rejected the American Civil Liberties Union’s challenge to the National Security Agency’s routine collection of information about every telephone call placed in the United States. U.S. District Judge William H. Pauley conceded that “such a program, if unchecked, imperils the civil liberties of every citizen,” since “such data can reveal a rich profile of every individual as well as a comprehensive record of people’s associations with one another.” But he said he was bound by the Supreme Court’s ruling in the 1979 case Smith v. Maryland, which held that the Fourth Amendment does not apply to telephone metadata indicating who calls whom, when, and for how long…
…U.S. District Judge Richard Leon, who issued a preliminary injunction against the NSA’s phone record dragnet last week, tried to escape the implications of Smith by arguing that the information at issue in that case (the numbers dialed by a robbery suspect over a two-day period) was much narrower than the information collected by the NSA (metadata for every phone call made during the last five years). Leon also argued that the ubiquity of cellphones has dramatically increased the volume of metadata and therefore the potential for invading people’s privacy. But as I noted in my column last week, the sweeping terms of the third party doctrine do not seem to leave any room for such considerations…
