Top NSA hacks of our computers

Top NSA hacks of our computers

Summary: The latest leaked documents from the NSA reveal a long collection, from 2007-2008, of software and hardware used to spy on computers, networks and to capture audio and video.

SHARE:
TOPICS: Security
8

 |  Image 2 of 17

  • Thumbnail 1
  • Thumbnail 2
  • Thumbnail 3
  • Thumbnail 4
  • Thumbnail 5
  • Thumbnail 6
  • Thumbnail 7
  • Thumbnail 8
  • Thumbnail 9
  • Thumbnail 10
  • Thumbnail 11
  • Thumbnail 12
  • Thumbnail 13
  • Thumbnail 14
  • Thumbnail 15
  • Thumbnail 16
  • Thumbnail 17
  • ANT: Just one of NSA's crack development teams

    Last week I wrote up a leak of an NSA document describing DEITYBOUNCE, a tool for flashing malicious BIOS on Dell servers. Not until the next day did I realize that it was part of a much larger set of descriptions of such hacks. In this image gallery I describe many of the most interesting ones.

    The leaked documents were first described in an article in Der Spiegel, the German magazine. Most are in the same spirit as DEITYBOUNCE and have similar code names. Many are for hacking into mainstream computing hardware like the Dell PowerEdge servers hacked by DEITYBOUNCE, or for big-name networking hardware from the likes of Cisco, Juniper and Huawei.

    There are also devices for tapping into video cables, wireless networks and USB ports. There are devices meant to capture audio in a room and send it elsewhere. There are devices which I just don't understand. Quite a bit of it looks stereotypically James Bond-like.

    These documents are all rather old, dating from 2007 to 2009. It's likely that many, if not most, are obsolete. Certainly DEITYBOUNCE is not likely to be useful anymore. We have no reason to believe that the NSA gave up on this sort of espionage, so it's reasonable to assume there are more current devices and descriptions out there. Perhaps Snowden and his buddies in the press are holding them back for future leakage.

    The tools are the work of a group called ANT, which Der Spiegel says "...presumably stands for Advanced or Access Network Technology." The descriptions of ANT's tools make it clear that there are other groups at the NSA doing similar, related work and perhaps their descriptions are still to come.

    Many of the tools, both hardware and software, need some sort of insider help for installation. There are many places this can be done, such as the manufacturer, a distributor, an intercepted shipment, or even the company's own IT, perhaps even after a bribe or blackmail.

    One of the tools, DROPOUTJEEP, got a lot of attention about a week ago because it provides a hack for iPhones.

  • IRONCHEF: Hacking the HP Proliant 380DL G5 server

    Superficially just like DEITYBOUNCE in that it's designed to be a persistent compromise of a common server platform. There is a software component but, instead of flashing a BIOS, IRONCHEF uses a "hardware implant." Like the flashed BIOS, the hardware device can reinstall the software component at boot time.

    The document is dated 7/14/2008.

    full.02.IRONCHEF

     

  • FEEDTROUGH+GOURMETTROUGH: Persistence technique for other attacks against Juniper Netscreen firewalls

    Things get confusing and a little scary here: FEEDTROUGH isn't actually an attack on certain Juniper Netscreen firewalls, but a way to make other attacks persistent across reboots. These other attacks are identified as "DNT's BANANAGLEE and CES'S ZESTYLEAK." Who are DNT and CES? I don't know and neither BANANAGLEE nor ZESTYLEAK are in this collection.

    FEEDTROUGH is version-specific to the OS and maintains a database of OS versions; at boot time it checks the OS version and, if it's one not in the database, FEEDTROUGH exits and allows the boot to continue normally. But check out this line: "If the OS is one modified by DNT, it is not recognized, which gives the customer freedom to field new software."

    I repeat: Who is DNT, and how is it that they can modify the OS? Clearly FEEDTROUGH raises more questions than it answers. (But since I ask, DNT is, according to Cryptome, Digital Network Technologies, a private company which builds these things for the NSA.

    There is a separate document on GOURMETTROUGH, which sounds like a fine-tuned version of FEEDTROUGH. The description speaks more of DNT, making it sound like another NSA group.

    There are several other tools with roughly the same description, tailored for different manufacturers and models: HALLUXWATER, JETPLOW, SOUFFLETROUGH, HEADWATER, SCHOOLMONTANA, SIERRAMONTANA and STUCCOMONTANA

    All documents are dated 6/24/2008.

    full.03.FEEDTROUGH

     

    full.03.GOURMETTROUGH

     

Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

Talkback

8 comments
Log in or register to join the discussion
  • I'd hardly call them hacks.

    They paid the companies to put in back doors, no hacking skills necessary.
    Jacob VanWagoner
    • Not necessarily

      Even the devices (like COTTONMOUTH-III - http://www.zdnet.com/top-nsa-hacks-of-our-computers_p16-7000024787/#photo) which are soldered to the motherboard could be done without vendor cooperation or knowledge. We know from other documents that they can have shipments diverted to them, contents modified and then forwarded on to the destination. Many of the tools could be applied by IT at the company.
      I'm inclined to believe that very few vendors, as a company decision, would knowingly install any of these tools. It's probably easier for everyone if the NSA bribes or otherwise induces an employee to do it for them, either an employee at the manufacturer, or at a distributor or in company IT.
      larry@...
  • This is why we build our own.

    For military and government contractors, all parts must be made (and assembled) in the USA. Quite simply so China doesn't do this to us.
    gwrankin
    • That can't be true

      There are too many parts not made in the US for that to be true. I didn't think anyone even makes DRAM in the US for a long time, and I bet nobody makes displays
      larry@...
  • If you want something really malicious and dangerous.....

    wait for the volunteers who willingly give their information up and expect you to do the same.
    trm1945
  • Is there anyway to catch such add-ons?

    Without knowing every chip that is supposed to be on a board and thus seeing something that doesn't belong there, how is anyone able to discover such devices or to protect against backdoors in any of the software we purchase?

    I assume there's a backdoor in every Comcast modem/DVR, every email software program, etc. Not that we can do anything about it. . .or can we?
    krettig
  • More incentive to use only companies with no US affiliation

    China is already developing a national Linux version and a national microprocessor. These NSA programs just encourage them to do it more rapidly. And good luck finding a bunch of US-based engineers and computer scientists who know technical Chinese well enough to hack hardware and software written from the ground up in Chinese and can qualify for the necessary US security clearances.
    Rick_R
  • can you help me?

    I'm an American in Beijing and I am being hacked by the same NSA gimmick shown in your article. The the second image in the series of slides at the bottom you see a screen says : internet self service system with an authorization code window
    THIS IS THE EXACT SCENARIO i EXPERIENCED WHEN CHECKING BACK INTO XIJIAO HOTEL ON THURSDAY
    TOOK THE HOTEL TECHNICIAL ONE HOUR TO GET CONNECTIVITY FOR ME
    I'm looking now at your article and I DON'T SEE IT!!!!
    I'm not a crazy paranoid weirdo.
    What is a person supposed to do? Please help me!
    Cheryl Petty