An internal NSA catalog offers spies backdoors into a wide range of equipment from major computing and security vendors, according to an article published by Germany’s Der Spiegel on Saturday, based on documents included in the Snowden cache.
Targets include firewalls from Juniper Networks, hard drives from Western Digital, Seagate, Maxtor and Samsung, networking gear from Cisco and Huawei, and unspecified equipment from Dell. According to the piece, there is no evidence that any of the companies knowingly allowed these backdoors — this seems to be a matter of highly sophisticated hacking and cracking.
The catalog apparently also offers fairly cheap rigged monitor cables for spying on targets’ monitors ($30), and pricier equipment such as base stations for fooling mobile networks and cellphones ($40,000), and bugs disguised as USB plugs ($20,000+).
These are all products of the Advanced/Access Network Technology (ANT) division of the NSA’s Tailored Access Operations (TAO) elite hacker unit. According to the article, ANT also has techniques for infecting BIOS firmware, the instructions that run when a computer starts up, in order to enable long-term, undetected spying.
A second Spiegel article provides an wider look at the actions of TAO unit, describing the “shadow network” that runs alongside the internet in order to aid attacks (such as the UK’s Belgacom hack), the exploitation of Windows crash reports as a way of finding vulnerabilities in victims’ computers, and the physical interception of computers and accessories that have been ordered online, in order to bug them.
Saturday’s revelations aren’t all about targeted attacks, though. They also refer to how the NSA and its partners subvert major undersea cables to tap into bulk internet traffic — specifically the traffic flowing through the SEA-ME-WE-4 cable connecting Europe, North Africa and Asia, the network mapping of which was apparently achieved in early 2013.
via Gigaom http://gigaom.com/2013/12/29/nsas-backdoor-catalog-exposed-targets-include-juniper-cisco-samsung-and-huawei/
0 comments:
Post a Comment