The Endless Catalogue of Methods of Computer Espionage of The NSA

Months ago that we have been talking about the scandal in which has been involved the NSA -for them, by the way, this is not anything like that – with its huge massive monitoring programs. Espionage to users via the Internet and mobile devices continues to surprise by the methods used.

The discovery of a catalogue of the NSA that information have been published in Der Spiegel gives good account of several of the methods used by the engineers of the NSA to spy on it all and all. The options seem endless, and the best or rather, worst of all is that this catalog has been deprecated. To know where they have come in recent times.

Software exploits, but also hardware

As any hacker in order to kidnap our teams would, the security vulnerabilities in software from our computers was one of the ways by which the NSA, leaning with different exploits for Windows, for example, it allowed collecting data from users who used such equipment.

From there the surprises begin. For example, the fact that the operators of the NSA were install backdoors in hardware -PCs and laptops, for example–through physical access to these computers. How was this access? Because apparently, during the process of distribution and shipment of such equipment into our homes.

Although it is not clear what has been the degree of cooperation of transport companies – or if it has existed – it seems that NSA personnel had access to these processes of shipping – perhaps personal infiltrate in such companies – to special versions of the firmware install on each computer reflasheando BIOS. One of the jeemplos is the attack known as SWAP, It allowed to install software of control and supervision during the startup of the computer.

Other BIOS attacks took advantage of the called System Management Mode (SMM) motherboards on both Dell and HP servers. Programs DEITYBOUNCE y IRONCHEF respectively they managed running rootkits on those servers so that the NSA had indiscriminate access to the same a posteriori.

In addition to PCs, laptops or servers the NSA also managed to infiltrate into the BIOS of communications equipment. It is the case of the family of programs MOUNTAIN to be used in Juniper Networks routers that he used the operating system JUNOS, a version for FreeBSD. It seems that similar equipment of Cisco or Huawei were also affected by this type of attack.

And when those attacks were not possible, the NSA created calls persistent rear doors. An example was GINSU, using a device connected to the PCI bus so then went into action BULLDOZER, a rootkit that created a wireless bridge that allowed remote control of the operators of the NSA. Still managing to eliminate BULLDOZER, GINSU was responsible for reinstalling the software on the next reboot.

Isolated networks, also victims

Even in networks without outside connection for safety reasons it was possible implement monitoring systems. For this purpose were used to “implant hardware” as COTTONMOUTH, a USB (also Ethernet) capable of transmitting radio signals to create a “Parallel Internet” from which transmit data to a data collection system as TURMOIL or the known X-KEYSCORE of which we discussed.

When the NSA was physical or wireless access to these networks made use of NIGHTSTAND, a set of tools for hack WiFi networks He was able to gain access to wireless networks that were up to 13 kilometres away.

These collection of data transmitted (internally or externally) programs are combined with solutions designed to for example register keystrokes or even to see what a user sees on their computer, “sharing your desktop” without that it could realize.

Smartphones, also in the catalog

Mobile spying programs were also clear interest from engineers and managers from the NSA, with newly discovered solutions as DROPOUTJEEP or TOTEGHOSTLY -the version for Windows Mobile devices, until came Windows Phone -.

Although these systems they need someone who has physical access to the terminals to be installed, in the catalogue indicated that they were studying the development of another program for remote access to these capabilities. It adds a tool called MONKEYCALENDAR that allowed the NSA to install software to collect continuous location of devices implementing some kind of software on the phones SIM card.

As explained in Ars Technica, the truth is that all these elements of the catalogue of the NSA are probably not more than a part of its arsenal. Above all, taking into account that five years ago was published the catalogue.

The NSA has returned to defend himself saying that other countries have similar catalogs to ensure national security, but again the scope of these findings again demonstrate the magnitude of a scandal that curiously neither our Government nor others in the rest of the world They seem to be paying much attention.