Ride the Lightning

ANT: The NSA Catalog of Tools for Watching Us All

January 15, 2014

Thanks to a story from Der Spiegel and a post from LeakSource, you can now browse through the contents of an alarming catalog of products used by the NSA to watch us all (oh, wait, the targets are all foreign, right?). There is apparently a division of the NSA called ANT, thought to be Advanced or Access Network Technology, which published a 50-page catalog of tools to unlock all kinds of technology, including that made by Cisco and Dell – and they are only the tip of the iceberg. Data centers, individual computers, laptops, smartphones- it doesn't seem to matter – for every security lock, it appears the NSA has a key.

Basically, the document is an internal catalog from which NSA employees can order technologies from the ANT division to tap the data of their targets. Some products are free – some run up to a pricey $250,000.

One example: Juniper Networks' online PR copy says that the company's products are "ideal" for protecting large companies and computing centers from unwanted access from outside. But not so.

In the case of Juniper, the name of the NSA's digital lock pick is "FEEDTROUGH." This malware burrows into Juniper firewalls and makes it possible to smuggle other NSA programs into mainframe computers. Thanks to FEEDTROUGH, these implants can survive "across reboots and software upgrades." The NSA can thus secure a permanent presence in computer networks. The catalog states that FEEDTROUGH "has been deployed on many target platforms."

ANT specialists have been described as master carpenters for the NSA's department for Tailored Access Operations (TAO). When TAO's usual hacking and data-skimming methods don't suffice, ANT workers employ their special tools, penetrating, diverting or even modifying data. Such "implants," as they are referred to in NSA-speak, have played a considerable role in the intelligence agency's ability to establish a global covert network that operates alongside the Internet.

There is a clear preference for planting malicious code in the BIOS, the first thing that loads when a computer is turned on which makes the infection invisible to users and security programs. Even if a computer is "cleaned" and a new operating system installed, the malware continues to function. This is called "Persistence." Aptly named.

Another program attacks the firmware in hard drives manufactured by Western Digital, Seagate, Maxtor and Samsung, all of which, with the exception of the latter, are American companies. I love that we are busy compromising the technology of American companies. This will certainly undermine their credibility in the marketplace, here and abroad.

Other ANT programs target Internet routers meant for professional use or hardware firewalls intended to protect company networks from online attacks. Many digital attack weapons are "remotely installable" — in other words, over the Internet. Others require a direct attack on an end-user device — an "interdiction," as it is known in NSA parlance — in order to install malware or bugging equipment.

There is no current evidence to suggest that any of the compromised companies have cooperated in any way with the NSA.

Clearly, what we need is a modern version of an ant trap – and I have no doubt that there are folks working on exactly that.

Update: And don't neglect to read today's New York Times story on how the National Security Agency has implanted software in nearly 100,000 computers around the world allowing the United States to conduct surveillance on those machines and to create a digital highway for launching cyberattacks.

While most of the software is inserted by gaining access to computer networks, the NSA has made use of a secret technology that enables it to enter and alter data in computers even if they are not connected to the Internet.

The technology, in use since at least 2008, relies on a covert channel of radio waves that can be transmitted from tiny circuit boards and USB cards inserted surreptitiously into the computers. In some cases, they are sent to a briefcase-size relay station that intelligence agencies can set up miles away from the target. Amazing news to wake to this morning.

http://twitter.com/sharonnelsonesq