NSA intercepting and hacking laptops and other computer equipment

Just when you thought the NSA stories for the year were done – well lookout cause here we go again. This one is no less shocking than any previous story as it is now being reported that the NSA has been intercepting technology shipments, and modifying the products to install malware. According to the report published over the weekend in Der Spiegel, the special elite hacking unit behind this operation is known as the TAO or Tailored Access Operations. The operations were apparently conducted in collaboration with the CIA and FBI, intercepting shipments of laptops and other computer gear before they were delivered –instead taking them to secret workshops where the systems can be backdoored. The NSA is able to order these things through is kind of like a Skymall catalog, except it’s filled with spy-level offerings that compromise the hardware of a number of technology companies. That includes Samsung, Maxtor, Huawei, Western Digital, Juniper, Dell, Cisco and more. Included in this 50-page catalog is the reported ability to exploit error reports from Microsoft Windows systems. That kind of information can expose configurations and weaknesses, information like this can basically provide a roadmap of what to attack for penetration by hacker teams. These revelations of course come from the compromised Edward Snowden documents.

The reports don’t really spell out who is targeted by these operations, but it’s clear that the compromises require physical access. Therefore the interception of the devices. In some cases, NSA agents fly out on FBI aircraft to drop in, install the device and fly out – all within a half hour of work in some cases. Descriptions include a USB device that allows remote access, a special monitor cable that allows remote viewing, flash drives that transmit information over hidden radio signals and cell phone monitoring base station are part of the equipment that are apparently included in the catalog.

Tech impact?

 

The effects of this revelation could impact tech companies in a number of ways.  At the very least the foundation of trust has to be tarnished.  It is noted however that the report doesn’t show any evidence that any of the manufacturers were compliant and Der Spiegel went as far to say that every company they had contacted in light of the situation denied having any knowledge of this. The NSA is under intense scrutiny from these revelations from a number of privacy groups, international allies, Congress, a growing number of companies and the American public. In the last couple of weeks it was all about the RSA paid-for backdoor, and now this.

For what it’s worth, Snowden declared that he had already won and that his mission has been accomplished.

“For me, in terms of personal satisfaction, the mission’s already accomplished”

The interview with the Washington Post came a couple of days before Snowden put out a Christmas message about privacy and freedom.

“I already won. As soon as the journalists were able to work, everything that I had been trying to do was validated. Because, remember, I didn’t want to change society. I wanted to give society a chance to determine if it should change itself.”

The fact that Snowden states that he has ‘won’ and thus perhaps meaning he is done should give the NSA no solace because as has been previously reported, perhaps 1% of the documents have been released and there is much more out there to be revealed.

photo credit: ocularinvasion & Dunechaservia photopin cc

About John Casaretto

SiliconANGLE's CyberSecurity Editor - Have a story tip or feedback? Please reach out to me! Security is as critical as ever and our mission is to uncover those stories that will help our industry be more secure.