13 of 17Image
GOPHERSET+MONKEYCALENDAR: Your SIM card is phoning home to Fort Meade
For most people a SIM card in a phone is just a key that opens the door to their carrier's network, but there's more to them. A SIM card also holds the user's phone number, address book, text messages, and other data.
GOPHERSET is a software hack of the SIM card itself. It "exfiltrates" the user's personal data using SMS. Yes, code on the SIM card can issue commands to and make requests of the phone. It can be deployed either through USB connection or over the air and may or may not require keys from the carrier. So maybe the carrier, or just a carrier employee, has to cooperate; maybe not.
MONKEYCALENDAR is similar, but it captures and reports the phone's geolocation data.
Interesting question: Surely the text messages are being sent from the user's carrier account, and if there are charges he'll see them on his bill. Perhaps there's more to it.
The documents are dated 10/1/2008.
PICASSO: The cellular sniffer in the room
PICASSO is cool. It's a modified handset that "collects user data, location information and room audio." It can be commanded remotely through SMS from a laptop and another phone.
In fact it does a lot more than just collect data from the room — the description says "Block call to deny target service" which I guess means it can interfere with other phones in the room. It can also have a "panic button" sequence which alerts the operator and sends him location data.
The document is dated 6/20/2008.
TOTECHASER+TOTEGHOSTLY: Getting inside Windows Mobile
TOTECHASER and TOTEGHOSTLY are software hacks aimed at Windows Mobile devices. Windows Mobile never had a lot of traction in consumer markets, but there were narrow markets where it did quite well, including ruggedized phones and, as is the case with TOTECHASER, satellite phones.
TOTECHASER is an implant for the Windows CE kernel inside Windows Mobile, specifically targeting the Thuraya SG-2520 dual-mode GSM/SAT handset (discontinued). Either this model was very popular or the NSA had someone specific in mind.
The TOTECHASER writeup makes it clear that it's not fully-baked (the documents are dated 10/1/2008). It sounds like it probably needs installed before the customer gets it and they haven't figured that part out.
TOTEGHOSTLY is a higher-level remote control framework for compromised (perhaps by TOTECHASER) Windows Mobile devices.