Your Source for Leaks Around the World!

NSA’s ANT Division Catalog of Exploits for Nearly Every Major Software/Hardware/Firmware

In ANT, Archive, Hacking, NSA, NSA Files, Surveillance, TAO, Technology on December 30, 2013 at 3:17 AM

nsa-ant

12/29/2013

SPIEGEL:

After years of speculation that electronics can be accessed by intelligence agencies through a back door, an internal NSA catalog reveals that such methods already exist for numerous end-user devices.

When it comes to modern firewalls for corporate computer networks, the world’s second largest network equipment manufacturer doesn’t skimp on praising its own work. According to Juniper Networks’ online PR copy, the company’s products are “ideal” for protecting large companies and computing centers from unwanted access from outside. They claim the performance of the company’s special computers is “unmatched” and their firewalls are the “best-in-class.” Despite these assurances, though, there is one attacker none of these products can fend off — the United States’ National Security Agency.

Specialists at the intelligence organization succeeded years ago in penetrating the company’s digital firewalls. A document viewed by SPIEGEL resembling a product catalog reveals that an NSA division called ANT has burrowed its way into nearly all the security architecture made by the major players in the industry — including American global market leader Cisco and its Chinese competitor Huawei, but also producers of mass-market goods, such as US computer-maker Dell and Apple’s iPhone.

These NSA agents, who specialize in secret back doors, are able to keep an eye on all levels of our digital lives — from computing centers to individual computers, from laptops to mobile phones. For nearly every lock, ANT seems to have a key in its toolbox. And no matter what walls companies erect, the NSA’s specialists seem already to have gotten past them.

This, at least, is the impression gained from flipping through the 50-page document. The list reads like a mail-order catalog, one from which other NSA employees can order technologies from the ANT division for tapping their targets’ data. The catalog even lists the prices for these electronic break-in tools, with costs ranging from free to $250,000.

In the case of Juniper, the name of this particular digital lock pick is “FEEDTROUGH.” This malware burrows into Juniper firewalls and makes it possible to smuggle other NSA programs into mainframe computers. Thanks to FEEDTROUGH, these implants can, by design, even survive “across reboots and software upgrades.” In this way, US government spies can secure themselves a permanent presence in computer networks. The catalog states that FEEDTROUGH “has been deployed on many target platforms.”

The specialists at ANT, which presumably stands for Advanced or Access Network Technology, could be described as master carpenters for the NSA’s department for Tailored Access Operations (TAO). In cases where TAO’s usual hacking and data-skimming methods don’t suffice, ANT workers step in with their special tools, penetrating networking equipment, monitoring mobile phones and computers and diverting or even modifying data. Such “implants,” as they are referred to in NSA parlance, have played a considerable role in the intelligence agency’s ability to establish a global covert network that operates alongside the Internet.

Some of the equipment available is quite inexpensive. A rigged monitor cable that allows “TAO personnel to see what is displayed on the targeted monitor,” for example, is available for just $30. But an “active GSM base station” — a tool that makes it possible to mimic a mobile phone tower and thus monitor cell phones — costs a full $40,000. Computer bugging devices disguised as normal USB plugs, capable of sending and receiving data via radio undetected, are available in packs of 50 for over $1 million.

The ANT division doesn’t just manufacture surveillance hardware. It also develops software for special tasks. The ANT developers have a clear preference for planting their malicious code in so-called BIOS, software located on a computer’s motherboard that is the first thing to load when a computer is turned on.

This has a number of valuable advantages: an infected PC or server appears to be functioning normally, so the infection remains invisible to virus protection and other security programs. And even if the hard drive of an infected computer has been completely erased and a new operating system is installed, the ANT malware can continue to function and ensures that new spyware can once again be loaded onto what is presumed to be a clean computer. The ANT developers call this “Persistence” and believe this approach has provided them with the possibility of permanent access.

Another program attacks the firmware in hard drives manufactured by Western Digital, Seagate, Maxtor and Samsung, all of which, with the exception of latter, are American companies. Here, too, it appears the US intelligence agency is compromising the technology and products of American companies.

Other ANT programs target Internet routers meant for professional use or hardware firewalls intended to protect company networks from online attacks. Many digital attack weapons are “remotely installable” — in other words, over the Internet. Others require a direct attack on an end-user device — an “interdiction,” as it is known in NSA jargon — in order to install malware or bugging equipment.

There is no information in the documents seen by SPIEGEL to suggest that the companies whose products are mentioned in the catalog provided any support to the NSA or even had any knowledge of the intelligence solutions. “Cisco does not work with any government to modify our equipment, nor to implement any so-called security ‘back doors’ in our products,” the company said in a statement. Contacted by SPIEGEL reporters, officials at Western Digital, Juniper Networks and Huawei also said they had no knowledge of any such modifications. Meanwhile, Dell officials said the company “respects and complies with the laws of all countries in which it operates.”

Many of the items in the software solutions catalog date from 2008, and some of the target server systems that are listed are no longer on the market today. At the same time, it’s not as if the hackers within the ANT division have been sleeping on the job. They have continued to develop their arsenal. Some pages in the 2008 catalog, for example, list new systems for which no tools yet exist. However, the authors promise they are already hard at work developing new tools and that they will be “pursued for a future release”.

nsa-ant-deitybounce

nsa-ant-ironchef

nsa-ant-feedthrough

nsa-ant-gourmettrough

nsa-ant-halluxwater

nsa-ant-jetplow

nsa-ant-souffletrough

nsa-ant-headwater

nsa-ant-schoolmontana

nsa-ant-sierramontana

nsa-ant-stuccomontana

nsa-ant-ctx4000

nsa-ant-loudauto

nsa-ant-nightstand

nsa-ant-nightwatch

nsa-ant-photoanglo

nsa-ant-sparrow-ii

nsa-ant-tawdryyard

nsa-ant-ginsu

nsa-ant-howlermonkey

nsa-ant-iratemonk

nsa-ant-juniormint

nsa-ant-maestro-ii

nsa-ant-somberknave

nsa-ant-swap

nsa-ant-trinity

nsa-ant-wistfultoll

nsa-ant-surlyspawn

nsa-ant-dropoutjeep

nsa-ant-gopherset

nsa-ant-monkeycalendar

nsa-ant-picasso

nsa-ant-totechaser

nsa-ant-toteghostly-2.0

nsa-ant-candygram

nsa-ant-crossbeam

nsa-ant-cyclone-hx9

nsa-ant-ebsr

nsa-ant-entourage

nsa-ant-genesis

nsa-ant-nebula

nsa-ant-typhon-hx

nsa-ant-waterwitch

nsa-ant-cottonmouth-i

nsa-ant-cottonmouth-ii

nsa-ant-cottonomouth-iii

nsa-ant-firewalk

nsa-ant-ragemaster

Related Links:

American Companies Respond to New NSA Hacking Claims

To Protect and Infect: The Militarization of the Internet – Claudio Guarnieri, Morgan Marquis-Boire, Jacob Appelbaum @ 30c3

Tax and Spy: How the NSA Can Hack Any American, Stores Data 15 Years

NSA Can Hack WiFi Devices From Eight Miles Away

The NSA Has a Backdoor Called “DROPOUTJEEP” for Nearly Complete Access to the Apple iPhone

U.S. to China: We Hacked Your Internet Gear We Told You Not to Hack

The NSA Product Generator

NSA Technology Transfer Program (TTP) Catalog for Licensing Products to U.S. Companies

  1. […] «Non credo provenga dai documenti di Snowden», ha scritto sul suo blog. «Credo che nemmeno il catalogo del TAO (ne avevo scritto qui) proveniva dai documenti di Snowden. Credo ci sia un secondo leaker, là […]

  2. […] to Jake Appelbaum, Laura Poitras and others in Germany: the Angela Merkle surveillance story, the TAO catalog, the X-KEYSCORE rules. My guess is that this is either an NSA employee or contractor working in […]

  3. […] to Jake Appelbaum, Laura Poitras and others in Germany: the Angela Merkel surveillance story, the TAO catalog, the X-KEYSCORE rules. My guess is that this is either an NSA employee or contractor working in […]

  4. […] der NSA selbst. Dieser hat das Regelwerk von X-Keyscore, die Überwachung von Angela Merkel und weitere Details ans Licht gebracht. Journalist Glenn Greenwald bestätigte, dass die Nachrichten rund um […]

  5. […] to Jake Appelbaum, Laura Poitras and others in Germany: the Angela Merkel surveillance story, theTAO catalog, the X-KEYSCORE rules. My guess is that this is either an NSA employee or contractor working in […]

  6. Great information! On my original Google website you will find pictures of the #NSA software, their code, including some programmers like Shlomi Feinstein, their servers and server locations like Tampa, Florida #HiVelocity server, et cetera. Enjoy! #PatrickSteed

  7. […] Is someone spying on you? This talk will present several low-tech ways that you can detect even high-tech surveillance. Topics covered will include: detecting surveillance cameras with your cell phone, signs that you are under physical surveillance, detecting active and passive bugs with low cost devices, and detecting devices implanted inside computers, tablets, and cell phones. […]

  8. […] Related Link: NSA’s ANT Division Catalog of Exploits for Nearly Every Major Software/Hardware/Firmware […]

  9. […] NSA’s ANT Division Catalog of Exploits for Nearly Every Major Software/Hardware/Firmware […]

  10. […] Appelbaum, Laura Poitras and others in Germany about the Angela Merkel surveillance story, the TAO catalog and the […]

  11. […] Edward Snowden and the person passing secrets about the Angela Merkel surveillance story, the TAO catalog and the X-KEYSCORE rules), was suggested at the end of the documentary Citizen Four in a […]

  12. […] the NSA catalogue of surveillance tools leaked last year[5], known as the ANT catalogue, describes something called the Cottonmouth-I[6], a hardware implant […]

  13. […] the NSA catalogue of surveillance tools leaked last year, known as the ANT catalogue, describes something called the Cottonmouth-I, a hardware implant that […]

  14. […] the NSA catalogue of surveillance tools leaked last year, known as the ANT catalogue, describes something called the Cottonmouth-I, a hardware implant that […]

  15. […] the NSA catalogue of surveillance tools leaked last year, known as the ANT catalogue, describes something called the Cottonmouth-I, a hardware implant that […]

  16. […] the NSA catalogue of surveillance tools leaked last year, known as the ANT catalogue, describes something called the Cottonmouth-I, a hardware implant that […]

  17. […] the  NSA catalogue of surveillance tools leaked last year, known as the ANT catalogue, describes something called the  Cottonmouth-I, a hardware […]

  18. […] the NSA catalogue of surveillance tools leaked last year, known as the ANT catalogue, describes something called the Cottonmouth-I, a hardware implant that […]

  19. […] the NSA catalogue of surveillance tools leaked last year, known as the ANT catalogue, describes something called the Cottonmouth-I, a hardware implant that […]

  20. […] Un metodo che ricorda quello già utilizzato dall’Nsa, e trapelato l’anno scorso su un catalogo  degli strumenti utilizzati dalla National Security Agency. Utilizzando questa funzione gli aggressori possono trasformare un dispositivo onnipresente e […]

  21. […] emen şarj istasyonları kullanmak, sahte WiFi noktaları, sahte baz istasyonları ve diğer casusluk cihazları… İnternet takibi için denizaltı kablolarına saplama yapılmış. İnternete bağlı […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: