The NSA’s catalog of spy gear shows how it hacks computers

January 2, 2014

NSA BuildingOver the New Year’s holiday the German newspaper Spiegel has published details about the gadgets the NSA uses to spy on people and companies. According to the newspaper the NSA has a special secret unit, called ANT, which specializes in creating tech related devices for eavesdropping and installing spyware on computers. From USB sticks that works as bugging devices to implants that can spy on your network, the NSA has it all!

Although the catalog is over four years old it contains a remarkable array of gadgets and we can all be sure that the NSA hasn’t been idle. If four years ago the agency could create an implant that sits within the physical Ethernet/USB stack that is found on so many motherboards, imagine which little devices it has now that can be implanted into smartphones and tablets! Replacement batteries with bugging devices, hidden RF transmitters or what about SD cards with NSA implants?

The Ethernet implant, which is called FIREWALK, was designed to collected network traffic and inject Ethernet packets into the target network. But it is only one of a bewildering range of gadgets used by the NSA. The ANT unit of the America’s National Security Agency has USB sticks that act as listening devices and portable cellular base stations that can intercept every call and SMS message from your phone.

nsa-firewalk

But here is the really interesting part, the NSA has working spyware that implants itself into the BIOS of PCs. The BIOS is that bit that shows the graphic of your PC maker, or maybe some white text on a black background, that appear briefly before the Windows logo is displayed. It is the lowest level of software that runs on a PC and is stored on flash memory on the motherboard. From time to time motherboard makers release new versions of the BIOS software for their motherboards to fix bugs. This means that consumer level tools exist to replace the firmware with the latest version. So this is consumer level tech used in a nefarious way.

Now imagine a situation where the NSA sends in a undercover engineer to perform a BIOS upgrade on a PC with spyware pre-built into it. Or where the agency intercepts that new motherboard you just bought online and installs its own BIOS before repackaging it and posting it on to you. Or worse imagine a situation where the NSA has managed to alter the official BIOS of a motherboard, either by coercionbribery or subterfuge, so that the official BIOS on a motherboard actually contains NSA spyware.

According to Spiegel ANT also has spyware capable of embedding itself unnoticed into hard drives manufactured by Western Digital, Seagate and Samsung.

nsa-spy-on-android

This was all four years ago. Now imagine what the NSA can do with a smartphone! It isn’t hard to imagine how the NSA can create versions of Android with its spyware cooked into it and then when it wants surveillance on someone it arranges an upgrade for the phone which looks and behaves exactly like the clean version of Android. Or what about bootloaders? There are some fairly sophisticated bootloaders out there now which are used for managing custom ROMs. What if the NSA can replace the bootloader on your device with one that can spy on you?

Speigel make it clear that it has not seen any documents which suggest that equipment manufacturers are in anyway connected with this spying, but rather these devices are the sole work of the NSA in its attempts to spy on people.

What do you think? Are the revelations a shock or should we all have assumed that this was what the NSA was doing all along?

Comments

  • Michael Tucker

    One thing is for sure, is that the US tech industry is taking a battering because of state-run departments, hell-bent on listening to people’s affairs.

    There was a statement put out by Apple today explaining that they are not co-horts with the NSA.
    This is even making the mainstream media, bringing out the fear of the general populous.
    One thing is for sure is that security protocols will change and new standards will be made in order to combat this global cyberwar.

    • Ichibanmugen

      Hopefully!

    • Balraj

      Powerful nations decide which security to use
      Usa is a powerful nation…..
      Pointless in bringing New security std

      • Guest123

        THIS!

        The gov will make the companies do it, just like they did before, and not allow them to talk about it, just like they did before.

        Until the Americans amend the constitution and start trying some of these people stomping on the constitution nothing will change.

      • APai

        that’s precisely one of the reasons why a sole entity cannot be trusted with, rigging apple is a single point to complete control. looks like apple and microsoft are guilty of playing well with the authorities, microsoft, more so.

  • MasterMuffin

    So to put that interesting part more simply, they’ve developed rootkits? And soon they may develop first rootkits for mobile phones (if they haven’t already)? :O

  • Robert John Hebert

    There has never been, nor never will be, any privacy. Get over it.

    • andy

      Yeah as long people think like that they will.

    • APai

      debatable, the security bogey or the magic word *terrorists* will be enough for the government to get away with any shit. what nsa has done is going beyond spy states like china/ north korea – and obama or others have no explanation for that. just when you think this is crazy, there’s another article of something worse nsa has done!!! it just keeps getting worse.

      it’s like nsa has left ALL regular sources/ ways of spying and they just want people to surrender all their data. that’s completely not acceptable – simply because it’s stupid way to spy. it’s like they are dumping more hay to search the elusive needle

  • Jacques Hragar

    If only someone would hack the NSA we would get so many good root exploits

  • raj

    Sad affairs on how every move of ours is being spied upon

  • Aravind J Nampoothiry

    Can someone tell me if Indians are being spied too?

    • APai

      cannot say for sure from public records and news outlets, but the laws are getting draconian. nokia/ blackberry had to play ball with our government right ? that’s proof enough.

  • http://www.timmalonenow.com Lowbar77

    It is my guess that the manufacturer’s are working directly, either by choice, or by coercion. This technology has been injected into every technology platform there is. Motherboards, CPU chips, hard drives, any mobile devices, and any other kind of hardware or software application. This is in addition to all the traditional spying technology that already exists.

  • Ebrahim Ally

    I recently discovered that I’ve got 3 ant apps preloaded on my s4. Should I be worried and should I delete it, anybody?

  • Majid Javadi

    Previously on Homeland….

  • Chas Henry

    Is this related in anyway?

    Check out “ANT Radio Service”

    https://play.google.com/store/apps/details?id=com.dsi.ant.service.socket

    • najiy91

      maybe.it is a tracking software for sports and locations on some devices.

  • APai

    the entire security industry seems suspect now. anti virus, auditing companies, banking or anyone remotely concerned with safe keeping. far too many questions !

  • MUTINOUS

    It seems like Android has an advantage here. Since Android is “Open Source” there should
    be more eyes scrutinizing the code for any suspicious anomalies or hidden
    back-doors. The more eyes with an invested
    interest to keep the code clean should equate to a cleaner OS. Am I correct on the thought process?

    • Chris

      Forget the OS, we are talking about BIOS/Bootloader. Which, for most peoples eyes, are not viewable.

      • phalanx

        is BIOS able to connect to network ?

        I’m guessing it would be NIC/ network card that has spyware, easier to access remotely.

        • Chris

          Essentially any type of software embedded on the phone has access to the wireless adapter. Heck, if recoveries wanted to, I’m sure they could as well.

    • American Patriot

      Not only is Android safer, you can also perform a complete wipe and reload a fresh image and bypass the NSA garbage if you feel your device is ‘infected’ with NSA spyware.
      If you have toyed with the root files, and know your device inside and out, you should be able to easily spot anything suspicious in the file path.

      • APai

        but the troubling thing is that nsa is forever ahead of the curve because the phone/ hardware makers report all bugs first to nsa!

  • Alex Ohannes

    Wow. My pre-2006 PC hardware never looked so good (or so secure) before. :)

  • Alex Ohannes

    Wow. My pre-2006 PC hardware never looked so good (or so secure) before! :)

  • Arturo Raygoza

    lol flash drives and micro sd’s ?? and the NSA intercepting a motherboard in the middle of shipping to install spyware?! lmao get out ta here with that. they are spying on everything ever sent thru the internet from all devices of everybody everywhere at all times even this very message here before I press the button to post it even. don’t be naive that only certain carriers or types of hard drives are the only ones. we are definitely in 2014 but we are still in 1984…

  • Quinlan M

    Now I feel so much safer living in Canada, with all this invasion of privacy in the US

    • American Patriot

      You are not safe from the NSA even in Canada.
      The NSA spies on EVERYBODY!

    • phalanx

      you’ll safe from NSA in china. but you got another spies there..

  • najiy91

    all those spies are perverts.imagine your family,your wife or your children’s being spied every single day.americans please stand up!stop nsa!

  • andy

    It’s no surprise they say we’re free but with big brother looking over your shoulder how much freedom do we really have?

  • Brendon Brown

    Say what you want, it wont change a thing … this is the era of Hackers etc. …