Log in
|
statistically speaking the probability of you knowing me is very small.
|
Der Spiegel has a good article on the NSA's Tailored Access Operations unit: basically, its hackers.
"Getting the ungettable" is the NSA's own description of its duties. "It is not about the quantity produced but the quality of intelligence that is important," one former TAO chief wrote, describing her work in a document. The paper seen by SPIEGEL quotes the former unit head stating that TAO has contributed "some of the most significant intelligence our country has ever seen." The unit, it goes on, has "access to our very hardest targets."Defining the future of her unit at the time, she wrote that TAO "needs to continue to grow and must lay the foundation for integrated Computer Network Operations," and that it must "support Computer Network Attacks as an integrated part of military operations." To succeed in this, she wrote, TAO would have to acquire "pervasive, persistent access on the global network." An internal description of TAO's responsibilities makes clear that aggressive attacks are an explicit part of the unit's tasks. In other words, the NSA's hackers have been given a government mandate for their work. During the middle part of the last decade, the special unit succeeded in gaining access to 258 targets in 89 countries -- nearly everywhere in the world. In 2010, it conducted 279 operations worldwide.
[...]
Certainly, few if any other divisions within the agency are growing as quickly as TAO. There are now TAO units in Wahiawa, Hawaii; Fort Gordon, Georgia; at the NSA's outpost at Buckley Air Force Base, near Denver, Colorado; at its headquarters in Fort Meade; and, of course, in San Antonio.
The article also has more details on how QUANTUM -- particularly, QUANTUMINSERT -- works.
Until just a few years ago, NSA agents relied on the same methods employed by cyber criminals to conduct these implants on computers. They sent targeted attack emails disguised as spam containing links directing users to virus-infected websites. With sufficient knowledge of an Internet browser's security holes -- Microsoft's Internet Explorer, for example, is especially popular with the NSA hackers -- all that is needed to plant NSA malware on a person's computer is for that individual to open a website that has been specially crafted to compromise the user's computer. Spamming has one key drawback though: It doesn't work very often.Nevertheless, TAO has dramatically improved the tools at its disposal. It maintains a sophisticated toolbox known internally by the name "QUANTUMTHEORY." "Certain QUANTUM missions have a success rate of as high as 80%, where spam is less than 1%," one internal NSA presentation states.
A comprehensive internal presentation titled "QUANTUM CAPABILITIES," which SPIEGEL has viewed, lists virtually every popular Internet service provider as a target, including Facebook, Yahoo, Twitter and YouTube. "NSA QUANTUM has the greatest success against Yahoo, Facebook and static IP addresses," it states. The presentation also notes that the NSA has been unable to employ this method to target users of Google services. Apparently, that can only be done by Britain's GCHQ intelligence service, which has acquired QUANTUM tools from the NSA.
A favored tool of intelligence service hackers is "QUANTUMINSERT." GCHQ workers used this method to attack the computers of employees at partly government-held Belgian telecommunications company Belgacom, in order to use their computers to penetrate even further into the company's networks. The NSA, meanwhile, used the same technology to target high-ranking members of the Organization of the Petroleum Exporting Countries (OPEC) at the organization's Vienna headquarters. In both cases, the trans-Atlantic spying consortium gained unhindered access to valuable economic data using these tools.
Another article discusses the various tools TAO has at its disposal.
A document viewed by SPIEGEL resembling a product catalog reveals that an NSA division called ANT has burrowed its way into nearly all the security architecture made by the major players in the industry -- including American global market leader Cisco and its Chinese competitor Huawei, but also producers of mass-market goods, such as US computer-maker Dell.[...]
In the case of Juniper, the name of this particular digital lock pick is "FEEDTROUGH." This malware burrows into Juniper firewalls and makes it possible to smuggle other NSA programs into mainframe computers. Thanks to FEEDTROUGH, these implants can, by design, even survive "across reboots and software upgrades." In this way, US government spies can secure themselves a permanent presence in computer networks. The catalog states that FEEDTROUGH "has been deployed on many target platforms."
[...]
Another program attacks the firmware in hard drives manufactured by Western Digital, Seagate, Maxtor and Samsung, all of which, with the exception of the latter, are American companies. Here, too, it appears the US intelligence agency is compromising the technology and products of American companies.
[...]
There is no information in the documents seen by SPIEGEL to suggest that the companies whose products are mentioned in the catalog provided any support to the NSA or even had any knowledge of the intelligence solutions.
The German version of the article had a couple of pages from the 50-page catalog of tools; they're now on Cryptome. This seems to be the whole TOP SECRET catalog; there's a lot of really specific information here about individual NSA TAO devices.
For example:
(TS//SI//REL) SOUFFLETROUGH is a BIOS persistence implant for Junpier SSG 500 and SSG 300 series firewalls. It persists DNT'S BANANAGLEE software implant. SOUGGLETROUGH also has an advanced persistent back-door capability.
And NIGHTSTAND:
(TS//SI//REL) An active 802.11 wireless exploitation and injection tool for payload/exploit delivery into otherwise denied target space. NIGHTSTAND is typically used in operations where wired access to the target is not possible.
NIGHTSTAND can work from as far away as eight miles, and "the attack is undetectable by the user."
There's lots more in the source document. And note that this catalog is from 2008, and presumably TAO's capabilities have improved significantly in the past five years.
We don't know what "ANT" stands for. Der Spiegel speculates that it "stands for Advanced or Access Network Technology."
And -- back to the first article -- TAO can install many of the implants when a target orders new equipment through the mail:
If a target person, agency or company orders a new computer or related accessories, for example, TAO can divert the shipping delivery to its own secret workshops. The NSA calls this method interdiction. At these so-called "load stations," agents carefully open the package in order to load malware onto the electronics, or even install hardware components that can provide backdoor access for the intelligence agencies. All subsequent steps can then be conducted from the comfort of a remote computer.These minor disruptions in the parcel shipping business rank among the "most productive operations" conducted by the NSA hackers, one top secret document relates in enthusiastic terms. This method, the presentation continues, allows TAO to obtain access to networks "around the world."
Related is this list of NSA attack tools. And here is another article on TAO from October.
And remember, this is not just about the NSA. The NSA shares these tools with the FBI's black bag teams for domestic surveillance, and presumably with the CIA and DEA as well. Other countries are going to have a similar bag of tricks, depending on their sophistication and budgets. And today's secret NSA programs are tomorrow's Ph.D. theses and the next day's criminal hacking tools. Even if you trust the NSA to only spy on "enemies," consider this an advance warning of what we have to secure ourselves against in the future.
Legitimate Business Syndicate has been gracious enough to provide us with complete packet captures from the DEF CON 21 Capture the Flag contest! A big thanks to them and all the great teams who participated! Here is the first batch of those pcaps, all the traffic from Friday at the con. Saturday and Sunday's will be soon to follow so keep your eyes peeled!
They were also so kind as to include the tools and binaries from the game, which we have also included in a handy torrent file!
You can always find write-ups, file collections, and history of the DEF CON Capture the Flag competition on our CTF Page! Enjoy!
The man alleged to be "Dread Pirate Roberts," the founder and operator of the Silk Road—an online marketplace where bitcoins were traded for a range of goods and services, including drugs—was arrested by the FBI in San Francisco yesterday. The criminal complaint, released today, provides many details about how the site and its users relied on widespread anonymity technology, including Tor and Bitcoin.
The increased attention on this technology is a good reminder about how important it is not to blame these tools for the actions of a small portion of their users. The public wouldn't tolerate a campaign to malign the car because of its utility as a getaway vehicle for bank robbers; we must apply the same critical thinking to essential privacy-preserving technology.
In certain parts of the complaint, even the federal agent behind the investigation and the Justice Department attorney in charge of the case acknowledge this. In describing how Tor was required to access the Silk Road (the site was configured as a Tor hidden service), they state that "Tor has known legitimate uses". Similarly, "Bitcoins are not illegal in and of themselves and have known legitimate uses."
Elsewhere the complaint goes astray. For example, it asserts that the suspect's efforts to "'hide the identities of those that run Silk Road' reflect his awareness of the illegal nature of the Silk Road enterprise." Of course, that explanation overlooks the countless lawful reasons why a person would want to engage in anonymous speech—and in the process hide the identities of those behind the technical infrastructure—that don't involve breaking the law.
Similarly, the complaint's description of the bitcoin "tumbler" that the Silk Road employed to obscure the parties involved in each transaction is alarmingly limited. According to the complaint, "the only function served by such 'tumblers' is to assist with the laundering of criminal proceeds." Really, the purpose of a tumbler is to attempt to make a bitcoin transaction as anonymous and private as cash. Certainly one can take issue with Silk Road's use of the technology in particular. It's incredibly dangerous, though, to say that anonymous currency—whether bitcoins or traditional cash—is only of interest to drug dealers or money launderers.
It's essential that the use of encryption, anonymization techniques, and other privacy practices is not deemed a suspicious activity. Rather, it must be recognized as an essential element for practicing freedom of speech in a digital environment.
In some ways, the complaint provides encouragement to those who depend on this technology to engage in speech privately and anonymously. After all, it was human error, and the chance discovery of nine fake ID cards in a routine package inspection at the border, that led to the final round of investigation. This summer's revelations about the NSA's subverting certain cryptographic technologies have definitely heightened fears in the security community. Although there are still some unanswered questions about the investigation, it's a small relief that, for now, those fears weren't confirmed by the criminal complaint.
The point remains, however, that relegating these technologies by associating them only with their criminal use threatens to undermine their ability to enable important, lawful speech.
Unfortunately, we've witnessed that sort of demonization of technology before. We've seen it in attempts to target peer-to-peer protocols because they can be used for copyright infringement; in the outrageous stacking of penalties that can result in decades of possible prison time for violations of the Computer Fraud and Abuse Act; in the original "Crypto Wars" of the 1990s and their reprise today; and in many other places besides.
The allegations against the Silk Road are serious, and may get even more so as the case progresses to formal charges and a trial. But if the government puts undue weight on the suspect's use of technology, instead of the actual crimes of which he is accused, the public will be worse off for it.
