Forgot your password?
typodupeerror
Security Privacy United States

The Startling Array of Hacking Tools In NSA's Armory 215

Posted by samzenpus
from the pick-your-poison dept.
littlekorea writes "A series of servers produced by Dell, air-gapped Windows XP PCs and switches and routers produced by Cisco, Huawei and Juniper count among the huge list of computing devices compromised by the NSA, according to crypto-expert and digital freedom fighter Jacob Applebaum. Revealing a trove of new NSA documents at his 30c3 address (video), Applebaum spoke about why the NSA's program might lead to broader adoption of open source tools and gave a hot tip on how to know if your machines have been owned."
This discussion has been archived. No new comments can be posted.

The Startling Array of Hacking Tools In NSA's Armory

Comments Filter:
  • 2013 (Score:5, Informative)

    by Presto Vivace (882157) <marshall@prestovivace.biz> on Monday December 30, 2013 @03:51PM (#45821213) Homepage Journal
    2013 is the year that proved your ‘paranoid’ friend right [washingtonpost.com] The person who can figure out how we can have all our tech toys and our privacy too will earn a fortune. Assuming that the technology is not made illegal.
    • The person who can figure out how we can have all our tech toys and our privacy too will earn a fortune

      They'll earn some money for sure, but not a fortune. The public & the bean counters are more interested in low prices than privacy. If your 'private' device is $100 more, everyone will buy the cheaper device.

    • by innerweb (721995)

      It will be made illegal. In many ways it already is. You must submit the key to encrypted material if proper law enforcement asks. Your lines are allowed to be tapped. Your locks are allowed to be broken.

      The problem is not the agency, but the paranoid and ruthless people who abuse it. There are many people in law enforcement/intelligence communities who are honest law abiding citizens! There are a few who are not. The question becomes how do we watch the watchers? How do we catch the abusers? I am

    • by jader3rd (2222716)

      The person who can figure out how we can have all our tech toys and our privacy too will earn a fortune.

      Given how the majority of the population is trying to share every piece of information about themselves that they can online, I doubt that would be true. Security/privacy is too inconvenient.

    • by skids (119237)

      There's no quick tech fix for this. Mostly because the problem is partially cultural. Qualitative trust webs have to be academically validated, then essential behaviors to support them have to be installed in the population. It will take at least decades and most of the work will go completely unrewarded, because our monetary/compensation system is hopelessly corrupt, being that it also needs said fix.

  • Spy tools (Score:5, Insightful)

    by girlintraining (1395911) on Monday December 30, 2013 @03:58PM (#45821301)

    The debate is not whether the spy tools should exist, but how they should be used. The NSA was originally meant to be a support organization that assisted the CIA and other federal agencies in protecting national security interests globally; Hence the name National Security Agency.

    What it has become lately, thanks to the Department of Homeland Security and our idiot congresscritters, are lackies for the FBI. The FBI has a terrible record going all the way back to the Prohibition of doing whatever it wants and generally running rough-shod over civil rights. It has long shown signs of institutional corruption and rot. This is the source of the rot in our judiciary at the federal level... and like Midas, everything the FBI touches turns to sh*t.

    • J Edgar dreamed of having files on congress like the NSA does.

      • Exactly, the NSA has more power than any branch of government ever had. Any Judge or political official that opposes them will be blackmailed into submission immediately.

        • My one hope is Snowden got those files. But I doubt it.

          The files on Congress, federal judges and the executive branch are the keys to the kingdom. They will never see the light of day.

          Dumping those files would complete the Herculean task of cleaning the DC stables.

    • by Desler (1608317)

      The NSA has always been like this. The only difference between now and the 70s and earlier is their better tools. The NSA has been an abusive, corrupt organization since its outset. The very things they are doing now is what the Church Committee and FISA was meant to prevent. FISA was not meant to be a rubber stamping of any and all actions of the NSA as it has become.

    • by icebike (68054)

      What it has become lately, thanks to the Department of Homeland Security and our idiot congresscritters, are lackies for the FBI.

      Wrong on two counts.

      NSA is not part of DHS.
      The FBI is the foot soldier and sock puppet of the NSA, not the other way around.

    • Actually, it's better to say that the NSA is a support organization of the Department of Defense. And as such are often at odds with Langley since both are competing for the same budget dollars.

    • by jd (1658)

      Not quite. The tools would be invented by someone, eventually. And that someone will have just the same accountability issues as the NSA. So you are guaranteed tools of this power being used by some megalomaniac or diabolical mastermind. So they cannot be factors in the equation.

      The first question is how to upgrade security to the point that no such tool can ever work. Future tools, who knows, but this grade of attack must be permanently beyond anyone's capability.

      I can picture ways of making it very, very

  • by MikeRT (947531) on Monday December 30, 2013 @04:02PM (#45821355) Homepage

    The fact is that the NSA needs these tools for the same reason the Army needs weapons ranging from small arms to weapons of mass destruction. It needs tools that let it collect signals intelligence on foreign targets. And yes, that includes our "allies." They do it as much to as we do it to them. It's understood that it happens. Even the British and Canadians wouldn't be shy about collecting Top Secret data on our operations that we want to keep from them if they could acquire it without jeopardizing their highly productive and close relationship with the US.

    Americans should be outraged that the NSA is now deeply integrated with federal law enforcement per 9/11 "reforms" that all but created an integrated security state. That puts our rights deeply at risk. Prior to 9/11, the most the NSA could legally do was inform Customs and the Coast Guard that smugglers were en route to US territorial waters or airspace. Now, they're damn near as much of an intelligence arm for law enforcement as the military.

    What we need is an iron clad, black letter of the law statute that says that no data the NSA collects on Americans is legally admissible unless the communication was collected abroad, occurred entirely outside of US territory and is specifically of a nature that is dangerous to our national security.

    • by mrxak (727974) on Monday December 30, 2013 @04:15PM (#45821471)

      I'd go a step further. It shouldn't just be legally inadmissible, it shouldn't be collectable at all. If it's accidentally collected, it should immediately be purged and the responsible parties prosecuted. If the FBI wants to develop their own NSA-like capabilities for domestic law enforcement, they can do so in a targeted fashion with warrants, but the NSA should be focused entirely on overseas operations, just like the CIA, just like the military. Mixing foreign and domestic all up in one agency is a very bad idea, (I hope) for obvious reasons.

    • by gmuslera (3436) on Monday December 30, 2013 @04:24PM (#45821557) Homepage Journal

      You may be not outraged that your country have weapons. But you should be very outraged that they are using them, in all the world to every innocent people (stripping basically every human of a fundamentan human right), in all the country, and in particular, in you.

      If you think that what they are doing is not a crime, try to do the same and get caught, the sun will be a white dwarf by the time you can get out of jail, considering how they are punishing minor ofenses [mmajunkie.com]. If any other country would be doing the same to US, at the same level and deepness, probably a lot of nukes would be flying right now.

      • If you think that what they are doing is not a crime, try to do the same and get caught

        The same is true of taxation, but I don't see you complaining about that either. The government has natural authority which individuals do not when there exists a legitimate government. One of those is defense and intelligence gathering is now as critical to national defense as any weapon system if not more so.

      • by steelfood (895457)

        Hyperbole won't get you anywhere.

        Quite frankly, the internet was a U.S. creation. Thus the keys to the internet always lay in the hands of the U.S. If there was anyone capable of containing the internet, it would be the U.S. That was not supposed to be. Things were not supposed to be this way.

        What we understood up to two, three years ago was that the U.S. was a bastion of freedom and free speech, and thus the internet would be free from such censorship and threats of censorship. What we realize now, today,

    • No, the NSA needs to be dismantled and a new constitutional amendment explicitly outlawing this sort of wiretapping on anyone, us citizen or not unless they have a REAL warrant from a REAL judge. Like the man said, They've even compromised Solaris. Which group of Terrorists is using Solaris? This has nothing to do with protecting us, and everything to do with controlling us.

      • by OhPlz (168413)

        We already have the 4th amendment. What we need are judges that will uphold the laws we already have and not subvert them to serve the government's own interests. More laws won't fix this mess.

    • by jovius (974690)

      The real illusion is to believe in the paradigm of hierarchy and security clearances. The social class system is based on the level of information made available. The ones on top are liberated, and they most likely want to keep it that way. The funny thing is that it's all based on nothing, because everybody can act however one likes regardless. The system is build with sand, which can be blown away without any effort. The scariest thing is how much real iron the illusionary system has accumulated for prot

    • by AmiMoJo (196126) *

      Not every country is as bad as the US/UK. Don't try to excuse what they are doing by claiming everyone else is at it. Germany didn't try to tap Obama's phone, and I doubt they would try because among allies there are lines, and crossing them is a good way to get yourself excluded from intelligence sharing agreements. Plus, it's just a dick move.

  • Cisco and Huawei (Score:4, Interesting)

    by icebike (68054) on Monday December 30, 2013 @04:17PM (#45821493)

    Given all the US lobbying against Huawei gear [forbes.com] being used in critical infrastructure [businessweek.com], it seems odd that the NSA is claiming they have managed to penetrate these routers.

    Perhaps while NSA was powning Huawei routers they discovered they were already compromised.

    Seems far more likely that in doing so, the NSA penetration was in turn detected and prevented by Huawei, or they haven't been able to penetrate to the extent they have with Cisco routers, and therefore they need to keep these out of critical infrastructure.

    • Sometimes it's difficult to figure out what is going in government with all the different motivations different people have, most of which you don't even know about.

      In the Huawei case, it's entirely possible that Huawei's competitors were better at lobbying than Huawei. See also Apple vs Samsung.
    • by wiggles (30088)

      They know the Chinese have managed to penetrate them precisely because they have penetrated them the same way.

  • Silly me, I thought the reason for NSA's existence was to make it HARDER for the bad guys to attack our infrastructure, not easier. Shows how little I know about how Washington "works" for us.

  • by Presto Vivace (882157) <marshall@prestovivace.biz> on Monday December 30, 2013 @04:18PM (#45821515) Homepage Journal
    it is difficult to believe that the NSA is the only one doing this, so who else owns my electronic toys?
    • so who else owns my electronic toys?

      If you have an iPhone/iPad/iPod, Apple.
      If you have an Android phone/tablet, Google, and likely Samsung/HTC/Hawei/LG.
      If you have a Windows Phone/tablet, Microsoft, and likely Nokia/HTC/Samsung.
      If you watch movies on your phone, the MPAA.
      If you play music on your phone, the RIAA.
      If you have a data plan on your device, then AT&T/Verizon/Sprint/T-Mobile, or your regional MVNO.

    • by mrxak (727974)

      In some cases, the weakening of encryption standards done by the NSA, and various backdoors they've managed to install in systems used by everyone, there may be foreign and criminal organizations that are simply riding the NSA's coattails to compromise your security in the exact same manner.

      But you're right, if the NSA has been doing this, so has everyone else. The NSA is just better funded.

      • almost all our electronic toys are made in China. It is difficult to dismiss the possibility that they have inserted their own malware into our toys.
    • It's irrelevant if others are doing it. We have proof the NSA is doing it. They need to stop. We can worry about everyone else after we get our federal government to obey the law.

    • by AHuxley (892839)
      Its depends on your electronics, the local optical loops, your tame telco and cooperation by your countries crypto/telco/gov/mil staff/national gov.
      Its hard for any one nation to reach around the world into domestic local telco optical loops unless they risk placing their own region hardware.
      The NSA and GCHQ really have the 'only' global solution to that domestic or regional problem - the old/new Commonwealth countries, many new/old shared bases, invites into countries to 'help' by new nations, failed cou
  • So basically no online banking platform can be safe once these exploits are released into the public? I do wonder though how they do it though.
    • Likely they either:
      Paid the company that designed it
      Bribed someone working for that company
      Simply got their own NSA agents hired at the company with the sole purpose of having them write exploits into the code (most likely)

    • So basically no online banking platform can be safe once these exploits are released into the public? I do wonder though how they do it though.

      I'm not quite sure I understand your question. I would rearrange the ideas this way- No online banking platform will be safe until these exploits are known publicly, and defended against technicly. As to your title- makes you long for the days of flash-write-protect jumpers and dipswitches doesn't it...

  • Nevermind "thanks Obamacare", now nobody is going to buy *any* technology from a US vendor because it's likely compromised by the NSA.

    Just like you don't want to buy from a purely Chinese vendor because it's reporting back to the Chinese version of the NSA.

    So, thanks to the NSA and China having a dick-measuring contest on why can spy more, the internet is essentially fucked. No privacy, no e-commerce, hell, no commerce (thanks Target), unless it's all cash.

    So the only place you can trust is (ironically), Cr

  • If Congress required the NSA to reveal exploits of US made products within 30 days it could boost US sales.

  • One of the ways NSA developed hacks into MS software was by intercepting the error reports that Windoze sends when it crashes.
    Talk about a lot of data ;-)
  • From TFA:

    intercept the hardware in transit, and take it to a secret workshop where it could be discretely fitted with espionage software before being sent on its way.

    I blame it all on bad elves.

  • I'm surprised by what I saw, heard, and read about NSA interception technology.

    This stuff goes far, quite far, and to quote Jacob Applebaum: "I can't remember voting on any of this stuff, or even having seen a public debate on it".

    How about you?

  • "Applebaum spoke about why the NSA's program might lead to broader adoption of open source tools and gave a hot tip on how to know if your machines have been owned."

    Where could the code be hiding .. the BIOS, the PCI BIOS, the Video Card, the NIC, the PXE ROM or buried in the CPU microcode ...
  • by eyenot (102141)

    The sooner I get my PhD in computer engineering, the sooner I can do something about there being fewer stories like this.

    • Did you see that compromised on board network adapter or the USB cable? Those things were amazing pieces of tech.

      The network adapter really just looked like a big RJ45 jack with some hardware on the back. That's what the non compromised version looks like. It does all the layer 1 stuff right there so you don't need to worry about things like impedance matching. The NSA added an extra chip which is invisible from the outside that acts as a second layer 2/3 controller. A simple single component replaceme

  • ... we are fucked!

    All hail the New World Order and our masters at NSA. I was not a true believer in the NSA NWO but then I watched the 30c3 vid mentioned in the summary. Holy crap. No wonder Charlie Stross gave up on his next novel. I am now beyond horrified and simply in awe of our new Overlords.

  • So, you're suggesting that open source will be more secure? Oh! That's right! If it's open source, the NSA wouldn't be able to find exploits in it... Because after all, it's open source, it can't be hacked!

Whoever dies with the most toys wins.

Working...