"tailored access operations"

Assessing the security of devices by measuring how many difficult things the programmers tried to do

The Cyber Independent Testing Lab is a security measurement company founded by Mudge Zadko (previously), late of the Cult of the Dead Cow and l0pht Heavy Industries and the NSA's Tailored Access Operations Group; it has a unique method for assessing the security of devices derived from methods developed by Mudge at the NSA. Read the rest

Former NSA contractor Harold Martin pleads guilty to 'willful retention of national defense information'

Former NSA contractor Harold Martin today changed his plea to guilty, on charges of willful retention of national defense information. Read the rest

Teardown of a consumer voice/location cellular spying device that fits in the tip of a USB cable

Mich from ha.cking bought a $25 "S8 data line locator" device -- a cellular spying tool, disguised as a USB cable and marketed to the general public -- and did a teardown of the gadget, offering a glimpse into the world of "trickle down surveillance" where the kinds of surveillance tools used by the NSA are turned into products and sold to randos over the internet for $25. Read the rest

How governments and cyber-militias attack civil society groups, and what they can do about it

The University of Toronto's Citizen Lab (previously) is one of the world's leading research centers for cybersecurity analysis, and they are the first port of call for many civil society groups when they are targeted by governments and cyber-militias. Read the rest

NSA contractor Harold Thomas Martin to face espionage charges over 50TB of "stolen code"

A former Booz Allen Hamilton contractor who worked with the National Security Agency will face charges of espionage in a case involving 50 terabytes or more of highly sensitive NSA data the government says were stolen. Read the rest

Head of NSA's hacker squad explains how to armor networks against the likes of him

Rob Joyce runs the NSA's Tailored Access Operations group, the spies who figure out how to hack systems, publishing a spook's version of the Skymall catalog, filled with software and hardware that other spies can order for use. Read the rest

Schneier: China and Russia probably did get the Snowden leaks -- by hacking the NSA

Bruce Schneier weighs in on last week's ridiculous UK government talking points memo that Murdoch's Sunday Times dutifully published as front-page news. Read the rest

Shining light on the shadowy, "superhuman" state-level Equation Group hackers

For more than decade, a shadowy, heavily resourced, sophisticated hacker group that Kaspersky Labs calls the Equation Group has committed a string of daring, cutting-edge information attacks, likely at the behest of the NSA. Read the rest

GCHQ's black bag of dirty hacking tricks revealed

The dirty tricks used by JTRIG -- the toolsmiths of the UK spy agency GCHQ -- have been published, with details on how the agency manipulates public opinion, censors Youtube, games pageview statistics, spy on Ebay use, conduct DDoS attacks, and connect two unsuspecting parties with one another by phone. Read the rest

Photo of NSA technicians sabotaging Cisco router prior to export

One of the Snowden documents published by Glenn Greenwald with the release of his new book is a photo showing an actual NSA Tailored Access Operations team sabotaging a Cisco router before it is exported, a practice reported earlier this week in a story Greenwald wrote for the Guardian.

The great irony is that this kind of sabotage is exactly the sort of thing that the USA has repeatedly accuse Chinese authorities of doing to Huawei routers, something for which we have no evidence. Unlike the photographic evidence we have here of the NSA doing this to a Cisco router. Read the rest

Jacob Appelbaum's must-watch 30C3 talk: why NSA spying affects you, no matter who you are

Sunday's Snowden leaks detailing the Tailored Access Operations group -- the NSA's exploit-farming, computer-attacking "plumbers" -- and the ANT's catalog of attacks on common computer equipment and software -- were accompanied by a lecture by Jacob Appelbaum at the 30th Chaos Communications Congress. I have seen Jake speak many times, but this talk is extraordinary, even by his standards, and should by watched by anyone who's said, "Well, they're probably not spying on me, personally;" or "What's the big deal about spies figuring out how to attack computers used by bad guys?" or "It's OK if spies discover back-doors and keep them secret, because no one else will ever find them." Read the rest

NSA has a 50-page catalog of exploits for software, hardware, and firmware

A Snowden leak accompanying today's story on the NSA's Tailored Access Operations group (TAO) details the NSA's toolbox of exploits, developed by an NSA group called ANT (Advanced or Access Network Technology).

ANT's catalog runs to 50 pages, and lists electronic break-in tools, wiretaps, and other spook toys. For example, the catalog offers FEEDTROUGH, an exploit kit for Juniper Networks' firewalls; gimmicked monitor cables that leak video-signals; BIOS-based malware that compromises the computer even before the operating system is loaded; and compromised firmware for hard drives from Western Digital, Seagate, Maxtor and Samsung.

Many of the exploited products are made by American companies, and hundreds of millions of everyday people are at risk from the unpatched vulnerabilities that the NSA has discovered in their products. Read the rest

TAO: the NSA's hacker plumber-wunderkinds

A new Snowden leak disclosed in Der Spiegel details the operations of the NSA's Tailored Access Operations group (TAO), the "plumbers" of the spy agency who collect and deploy exploits to infiltrate computer systems. Reportedly, Edward Snowden turned down a chance join the group.

TAO's repertoire of attacks included unpublished exploits and back-doors for products from major US IT companies like Microsoft and Cisco, as well as foreign companies like Huawei. Spiegel reports that TAO infiltrated networks in 89 countries, including "the protected networks of democratically elected leaders of countries." They took special interest in Mexico's anti-terror efforts, running an operation called WHITETAMALE that compromised the Mexican Secretariat of Public Security.

The tactics deployed by TAO relied upon other NSA programs, like the infamous XKeyscore, which was used to passively intercept crash reports from computers running Windows in order to profile these systems and tailor attacks aimed at them. TAO also compromised the Blackberry's BES email servers, and were able to read mail sent and received by Blackberry users.

One interesting wrinkle: TAO used interception of ecommerce shipping reports to discover when a target ordered new computer equipment. These shipments would be intercepted and loaded with malware before delivery. I know an ex-MI5 whistleblower who only buys computers by walking into a store at random and plucking them off the shelf, to prevent this sort of attack. When I learned about this practice, it sounded a little paranoid to me, but it seems that it's actually a very reasonable precaution. Read the rest

NSA colleague describes life with Snowden: "a genius" who wore EFF anti-NSA hoodies to work

An anonymous former NSA colleague of Edward Snowden described his career at the Agency to Forbes's Andy Greenberg, giving an account of a gifted, principled, compassionate technical "genius" who came to work in his EFF NSA spying hoodie (these were available to donors who gave at least $250 to the Electronic Frontier Foundation).

The co-worker's account paints quite a picture, and also rebuts accusations that Snowden tricked his co-workers into giving him the credentials to gain access to the documents he leaked ("Snowden was given a manager's password so that he could cover for him while he was on vacation. Even then, investigators found no evidence Snowden had misused that staffer’s privileges"). He also kept a copy of the Constitution on his desk "to cite when arguing against NSA activities he thought might violate it." Read the rest

NSA uses Google's tracking cookies to target and "exploit" their subjects

A new set of leaked NSA slides from the Snowden trove was published in the Washington Post today, detailing NSA/GCHQ's use of Web cookies (including Google's PREF cookie) to uniquely identify people as they move around the Web, in order to target them and compromise them.

They also report on an NSA program called HAPPYFOOT that uses mobile phones to do very fine-grained tracking of targets.

Ed Felten, an eminent computer scientist and security researcher, has written a lengthy comment on the disclosures, exploring the different options companies have if they want to safeguard their tracking cookies from being hijacked by the NSA. His primary recommendation is that these cookies should only be sent over SSL. Read the rest

NSA hacked 50,000 global networks

(Click to embiggen)

A new Snowden leak sheds more light on Tailored Access Operations, a catalog of standard attacks against routers and other Internet infrastructure.

The new leak details the deployment of malware against 50,000 computer networks worldwide, in cooperation with GCHQ, the British spy agency. The program dates back to 1998, and the infected networks are referred to internally as "sleeper cells" that can be switched on or off at will. Read the rest

:)