15 of 17Image
TOTECHASER+TOTEGHOSTLY: Getting inside Windows Mobile
TOTECHASER and TOTEGHOSTLY are software hacks aimed at Windows Mobile devices. Windows Mobile never had a lot of traction in consumer markets, but there were narrow markets where it did quite well, including ruggedized phones and, as is the case with TOTECHASER, satellite phones.
TOTECHASER is an implant for the Windows CE kernel inside Windows Mobile, specifically targeting the Thuraya SG-2520 dual-mode GSM/SAT handset (discontinued). Either this model was very popular or the NSA had someone specific in mind.
The TOTECHASER writeup makes it clear that it's not fully-baked (the documents are dated 10/1/2008). It sounds like it probably needs installed before the customer gets it and they haven't figured that part out.
TOTEGHOSTLY is a higher-level remote control framework for compromised (perhaps by TOTECHASER) Windows Mobile devices.
CANDYGRAM: Roaming into hostile territory
CANDYGRAM is a fake cell tower, built out of a Windows XP system and a cell phone. It can be configured for a pre-set list of up to 200 phone numbers. When one of those phones comes within range of CANDYGRAM, it sends an SMS message to "registered watch phones."
CANDYGRAM is designed for passive data collection, not attack of the target phones. There are several other tools in the list with various GSM "network in a box" functions.
The document is dated 6/20/2008.
COTTONMOUTH: Up your Serial Bus
We've got three devices here: COTTONMOUTH-I, COTTONMOUTH-II and COTTONMOUTH-III, all about compromising systems through USB.
COTTONMOUTH-I is a smart "jacket" around a USB A plug. It monitors what's on the wire and communicates it either wirelessly to other COTTONMOUTH-1 devices or through a covert channel in the USB wire to STRAITBIZZARE software. COTTONMOUTH-II is a USB port with a built-in tap to communicate with STRAITBIZZARE. There is no wireless component.
COTTONMOUTH-III is a COTTONMOUTH-II and a tapped Ethernet port. Like COTTONMOUTH-I it has a wireless capability for communicating with other COTTONMOUTH devices and can talk to STRAITBIZZARE over the wire.
These ports are of the type soldered to the motherboard, and so they have to be installed through an interdiction of the computer or, conceivably, at the factory itself.
The document is dated 8/5/2008.