4 of 17Image
FEEDTROUGH+GOURMETTROUGH: Persistence technique for other attacks against Juniper Netscreen firewalls
Things get confusing and a little scary here: FEEDTROUGH isn't actually an attack on certain Juniper Netscreen firewalls, but a way to make other attacks persistent across reboots. These other attacks are identified as "DNT's BANANAGLEE and CES'S ZESTYLEAK." Who are DNT and CES? I don't know and neither BANANAGLEE nor ZESTYLEAK are in this collection.
FEEDTROUGH is version-specific to the OS and maintains a database of OS versions; at boot time it checks the OS version and, if it's one not in the database, FEEDTROUGH exits and allows the boot to continue normally. But check out this line: "If the OS is one modified by DNT, it is not recognized, which gives the customer freedom to field new software."
I repeat: Who is DNT, and how is it that they can modify the OS? Clearly FEEDTROUGH raises more questions than it answers. (But since I ask, DNT is, according to Cryptome, Digital Network Technologies, a private company which builds these things for the NSA.
There is a separate document on GOURMETTROUGH, which sounds like a fine-tuned version of FEEDTROUGH. The description speaks more of DNT, making it sound like another NSA group.
There are several other tools with roughly the same description, tailored for different manufacturers and models: HALLUXWATER, JETPLOW, SOUFFLETROUGH, HEADWATER, SCHOOLMONTANA, SIERRAMONTANA and STUCCOMONTANA
All documents are dated 6/24/2008.
LOUDAUTO: a tiny, low-power microphone
LOUDAUTO is just a "bug" in the old sense, a microphone for picking up audio and transmitting it for the NSA (or whomever) to collect. They call it an "audio-based RF retro-reflector."
It can pick up office-volume audio from over 20 feet away, although perhaps less if concealed. It consumes very little power, which is partly due to the way it retransmits the audio it receives: it passively reflects a digital conversion of the analog audio using a continuous wave signal from a separate, nearby unit.
LOUDAUTO is built entirely with commercial off-the-shelf hardware. Compared to the hacks of commercial computing equipment, LOUDAUTO sounds almost innocuous. This is the sort of spy stuff the government has been doing for many, many decades.
(Yes, I agree, this isn't a computer hack and therefore doesn't conform to the title, but I thought it was cool.)
The document is dated 4/7/2009.
NIGHTSTAND: a wifi-based client exploitation system
No wired network access? No problem! Set up your NIGHTSTAND, hack into the wifi and exploit computers running Windows 2000, Windows XP, Windows XP SP1 and Windows XP SP2 along with Internet Explorer 5 or 6.
NIGHTSTAND is a dedicated Linux Fedora Core 3 computer inside a box with a big antenna that looks like it came off a cell tower. Why? "Use of external amplifiers and antennas on both experimental and operational scenarios have resulted in successful NIGHTSTAND attacks from as far away as eight miles under ideal environmental conditions."
The description says nothing about the mode of attack, but it's likely that NIGHTSTAND can only work on open or WEP-based wifi networks. Back in 2008 (the document is dated 7/25/2008) this may have been a workable strategy.
The document is dated 7/25/2008.