NSA Playset invites hackers to 'play along with the NSA'

NSA Playset invites hackers to 'play along with the NSA'

Summary: Inspired by the NSA's ANT Catalog of spyware and surveillance tools, the collaborative NSA Playset project aims for easy, at-home creation of the NSA's spy-tools arsenal — silly names encouraged.

TOPICS: Security, Hardware
NSA Playset

Inspired by the NSA's ANT Catalog of spyware and surveillance tools, The NSA Playset project invites hackers to reproduce easy, at-home versions of the NSA's spy-tools arsenal — and NSA-style silly names are required.

The NSA's ANT Catalog was among documents leaked by Edward Snowden. It revealed 49 different software and hardware tools used for espionage on civilian targets. For hackers, it's an irresistible Pandora's Box.

The NSA Playset was announced in a presentation at Hack In The Box Amsterdam in April by Michal Ossmann (founder of Great Scott Gadgets, known for the Throwing Star LAN Tap and HackRF). His talk NSA Playset slides are here (.pdf).

For development of the collaborative project, The NSA Playset website was created.

The NSA Playset riffs off of the NSA's ANT Catalog, issuing an open call to hackers to contribute to The NSA Playset project: a humorous, open-contribution DIY guide to making sets and tools based on ANT Catalog "products."

The project encourages hackers to create NSA spy tools to "build your own NSA Playset out of open source components and play along with the NSA!"

The Playset website introduction reads,

Welcome to the home of the NSA Playset.

In the coming months and beyond, we will release a series of dead simple, easy to use tools to enable the next generation of security researchers.

We, the security community have learned a lot in the past couple decades, yet the general public is still ill equipped to deal with real threats that face them every day, and ill informed as to what is possible.

Inspired by the NSA ANT catalog, we hope the NSA Playset will make cutting edge security tools more accessible, easier to understand, and harder to forget.

The Playset project's goal is to raise awareness about everyday security and surveillance risks by reproducing the tools — the toys — used by the NSA for spying, easily, and while open-sourcing the recipes.

NSA Playset slide

 According to Ossmann's debut of The NSA Playset,

The gadgets in the catalog allow the NSA to monitor and locate mobile phones, tap USB and Ethernet connections, maintain persistent malware on PCs, communicate with malware across air gaps, mount Wi-Fi attacks from drones, and even monitor video displays, keystrokes, and ambient audio from a distance.

Did you know that nearly all of those capabilities can be implemented today with open source hardware and software?

Four NSA Playset projects will be presented at this year's premiere American hacking conference, DEF CON 22.

These include "TWILIGHTVEGETABLE" (comprehensive GSM sniffing/attacks), RF retroreflectors (radar eavesdropping technology for over-the-air surveillance), "SLOTSCREAMER" (DMA attacks),  and "CHUCKWAGON" (an open source hardware version of the NSA's hardware trojan, its name play a riff on the NSA's "WAGONBED").

CHUCKWAGON's placeholder instructions on The NSA Playset website read,

step 1: Boot Kali Linux
step 2: Take a nap
step 3: ????
step 4: Profit

NSA Playset Hardware Implants

Making spytime into playtime

Project requirements for NSA Playset contributions are a combination of whimsy and practicality.

Contributions must have a silly name, a category, an exact scope or escalation, a list of ingredients and detailed instructions for reproducing results.

The entire concept is a bitterly lucid, almost luridly absurd — nee playful — critique. Yet this makes sense, after all, as the childish-seeming names in the ANT Catalog readily lent themselves to startling moments of humor.

If your project is similar to an existing NSA ANT project, you can come up with a clever play on that name.  For example, if your project is similar to FOXACID, maybe you could call it COYOTEMETH.

Of course, if your project doesn't quite line up with anything in the ANT Catalog, you can come up with your own name.  If you are feeling less creative, try out the handy [NSA] name generator found here.

The categories reveal a scope that make us wonder if this project might go the way of The Anarchist's Cookbook:

Passive Radio Interception - Any radio monitoring and analysis techniques.
Active Radio Injection - Any radio technique that requires transmission.
Physical Domination - These are techniques for forcibly unlocking physically proximate locked electronic devices.
Hardware Implants - Modified hardware/firmware for the purposes of monitoring or control of hardware devices.
Software Implants - Rootkits for any major software platform, including servers, mobile devices, browsers, etc.
Network Reconnaissance - Tools for gathering metadata from a live, local network.

The Playset definitely has the capability to introduce a level of chaos that no one expected to result from the Snowden documents.

The NSA Playset concept makes the ANT Catalog into a hacking and learning experience for hacker culture, which no doubt saw the NSA's catalog of James Bond/Q gadgets as both a cabinet of toys that filled them with intellectual lust, and a challenge to conquer.

We can only imagine that to a number of hackers and security researchers, the NSA ANT Catalog was its own sort of Sears catalog of madness. It is terrifying because it is understood.

In this view, The NSA Playset feels like a pointed yet whimsical way of coping with what the NSA ANT Catalog meant to the very people in the world who truly understand the chilling implications of the sinister toys the NSA (minus a democracy's version of adult supervision) is playing with.

NSA Playset website

Images via Michael Ossmann's NSA Playset slides.

Topics: Security, Hardware

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • So what's actually going on here?

    Is this a means of the NSA crowd-sourcing surveillence? Do these kits send the results to the NSA, to the hackers, or to both?

    Are the Chinese and the easern Europeans using these kits to hack us?
  • Slightly Resistant

    Considering I spent 8 yrs in Military Intelligence and have sat in the back of the room while i watch the Gov't Intelligence Agencies creeping out in our lives so they can validate their existance, this is questionable.

    Take notice that anything that has NSA associated with it, will most likely be used to keep track of the hackers/users. This is an attempt to bring the hackers, they dont know about, out of the closet and into their spotlight.

    Any (cr/h)acker that uses this tool is inviting a gremlin into their domain (home, network, etc). It has Google stamped on it, but even Google is in bed with all the Governments they are available.
  • I will play when Snowden is given a medal of freedom award

    Until then, I would not risk it.
  • I'm Mindboggled

    I have no idea how to respond to this article. Should I:

    1) Run for the hills, screaming?
    2) Shrug?
    3) Join a terrorist cell?
    4) Go buy a typewriter?
    5) Devote 24/7 to becoming a hacker?
    6) Buy more guns than Cliven Bundy and find an abandoned mine to move into?
    7) Devote my life to become a drug addict or alcy?
    8) Confess my sins and hope the angels will protect me?
    9) Move to San Francisco for the purpose of jumping off the GG Bridge?
    10) Fall in love with Violet and start to stalk her?

    What to do? What to do? What to do?
    • Or maybe all of the above?

      Or maybe all of the above?
  • ...this is a joke...

    ...right? Like the Borowitz Report from the Washington Post, the "Coffee Achiever" commercial (created by the original SNL crew which aired during prime time on NBC back in the 80s)? the end of the world in Dec 2012, Scientology, correct?
    Kyoto Kid
  • And yet when all the silliness is over and done

    in the end there will be all these real life, free, open source NSA type tools available for everyone to anonymously track anybody or everybody.

    "by reproducing the tools — the toys — used by the NSA for spying, easily, and while open-sourcing the recipes."
  • Maybe...

    When the wives, girlfriends, husbands, boyfriends of executives in the IT world get access to these toys it will spur a new sense of urgency in privacy protection in the executive suites.
  • How about using NSA hacking tools against the NSA?

    How about if hackers around the world use the tools that the NSA has graciously given the world to hack into the NSA and publish EVERYTHING they find on anonymized websites? How about using their tools to launch distributed denial-of-service attacks against the NSA? How about hacking into the personal lives of every employee of the NSA and publishing their personal secrets on anonymized websites? Will the FISA court issue another blanket warrant to the NSA to track down every hacker in the world by tracking every HTTP transaction on the Internet?
  • Examples of personal information on NSA employees to publish on the Web:

    Full Name
    Home address and telephone number
    Marital Status
    Spouse name if any
    Children's names if any
    Children's schools if any
    Salaries (This SHOULD already be public information! They "work for us", don't they? Yeah, right)

    Why should the NSA object to this? They're spying on us, isn't "turnabout fair play?"
  • Oh, I forgot!

    "We don't need no stinkin' warrants!"
  • No one gets it?

    It seems like not a single commenter understands the post.

    What it seems to be saying, is that someone has created a web site seeking volunteers to reproduce the functionality of the NSA toolkit devices. Not that the NSA is giving out their toolset.