The NSA ANT catalog is a 50-page classified document listing technology available to the United States National Security Agency (NSA) Tailored Access Operations (TAO) by the Advanced Network Technology (ANT) Division to aid in cyber surveillance. Most devices are described as already operational and available to US nationals and members of the Five Eyes alliance. According to Der Spiegel, which released the catalog to the public on December 30, 2013, "The list reads like a mail-order catalog, one from which other NSA employees can order technologies from the ANT division for tapping their targets' data."[1][2][3][4][5][6][7][8][9] The document was created in 2008.[10]
Security researcher Jacob Appelbaum gave a speech at the Chaos Communications Congress in Hamburg, Germany, in which he detailed techniques that the simultaneously published Der Spiegel article he coauthored indicate the NSA uses in its surveillance efforts in the US and internationally.[6][11]
The prices of the items in the catalog range from free (typically for software) to US$250,000.[1]
Hintergrund
BearbeitenIn 2013, Der Spiegel published an article, co-written by Jacob Appelbaum, Judith Horchert and Christian Stöcker, that exposed the NSA "toolbox". Their source of the document was not disclosed. While it came from one of the news agencies in possession of documents leaked by former NSA contractor Edward Snowden,[12] security expert Bruce Schneier said he doesn't "believe the TAO catalog came from the Snowden documents. I think there's a second leaker out there."[12]Vorlage:Failed verification[13]
Exploits described in the document are mostly targeted at devices manufactured by US companies, including Apple,[14] Cisco, Dell, Juniper Networks, Maxtor, Seagate, and Western Digital, although there is nothing in the document that suggests that the companies were complicit.[1][15] After Der Spiegel revealed that NSA has the ability to inject software onto iPhones using an ANT product called DROPOUTJEEP, Apple issued a statement denying any prior knowledge of the NSA spyware and stated that they would take steps to protect their customers from security attacks "regardless of who's behind them".[16] Cisco has mustered their Cisco Product Security Incident Response Team (PSIRT) to investigate the hack vulnerability.[17]
Liste der Fähigkeiten
BearbeitenThe NSA ANT document contains codeword references to hardware and software surveillance technology available to the NSA.[18]
- BULLDOZER: Technology that creates a hidden wireless bridge allowing NSA personnel to remotely control a system wirelessly.[15][19]
- CANDYGRAM: A $40,000 tripwire device that emulates a GSM cellphone tower.
- COTTONMOUTH: (see image at right) A family of modified USB and Ethernet connectors that can be used to install Trojan horse software and work as wireless bridges, providing covert remote access to the target machine.[20] COTTONMOUTH-I is a USB plug that uses TRINITY as digital core and HOWLERMONKEY as RF transceiver. Cost in 2008 was slightly above $1M for 50 units.
- COTTONMOUTH-II is deployed in a USB socket (rather than plug), and costs only $200K per 50 units, but requires further integration in the target machine to turn into a deployed system.
- COTTONMOUTH-III is a stacked Ethernet and USB plug costing approximately $1.25M for 50 units.
- CROSSBEAM is "a GSM communications module capable of collecting and compressing voice data" [21]
- CTX4000: Continuous wave radar device that can ""illuminate" a target system for recovery of "off net" information.[22]
- CYCLONE-HX9 - GSM Base Station Router
- DEITYBOUNCE: Technology that installs a backdoor software implant on Dell PowerEdge servers via the motherboard BIOS and RAID controller(s).[23][24]
- DROPOUTJEEP: "A software implant for the Apple iPhone that utilizes modular mission applications to provide specific SIGINT functionality. This functionality includes the ability to remotely push/pull files from the device. SMS retrieval, contact list retrieval, voicemail, geolocation, hot mic, camera capture, cell tower location, etc. Command, control and data exfiltration can occur over SMS messaging or a GPRS data connection. All communications with the implant will be covert and encrypted."[8]
- EBSR is a "tri-band active GSM base station with internal 802.11/GPS/handset capability" [25]
- ENTOURAGE
- FEEDTROUGH: Software that can penetrate Juniper Networks firewalls allowing other NSA-deployed software to be installed on mainframe computers.[1][9][26]
- FIREWALK: (see image at right) A device that looks identical to a standard RJ45 socket that allows data to be injected, or monitored and transmitted via radio technology.[27] using the HOWLERMONKEY RF transceiver. It can for instance create a VPN to the target computer. Cost in 2008: $537K for 50 units.
- FOXACID: Technology that can install spyware using a "quantum insert" capable of infecting spyware at a packet level. (Not numbered because FOXACID may or may not be part of the NSA ANT catalog; sources differ.)
- GENESIS
- GINSU: Technology that uses a PCI bus device in a computer, and can reinstall itself upon system boot-up.[28]
- GOPHERSET: GSM software that uses a phone's SIM card’s API (SIM Toolkit or STK) to control the phone through remotely sent commands.[29]
- GOURMETTROUGH: User-configurable persistence implant for certain Juniper Networks firewalls.[22]
- HALLUXWATER: Back door exploit for Huawei Eudemon firewalls.[22]
- HEADWATER: Persistent backdoor technology that can install spyware using a "quantum insert" capable of infecting spyware at a packet level on Huawei routers.[22]
- HOWLERMONKEY: (see image at right) A RF transceiver that makes it possible (in conjunction with digital processors and various implanting methods) to extract data from systems or allow them to be controlled remotely.
- IRATEMONK: Technology that can infiltrate the firmware of hard drives manufactured by Maxtor, Samsung, Seagate, and Western Digital.[30]
- IRONCHEF: Technology that can "infect" networks by installing itself in a computer I/O BIOS.[15] IRONCHEF includes also "Straitbizarre" and "Unitedrake" which have been linked to the spy software REGIN.[31]
- JUNIORMINT
- JETPLOW: Firmware that can be implant to create a permanent backdoor in a Cisco PIX series and ASA firewalls.[22]
- LOUDAUTO: $30 audio-based RF retro-reflector listening device.[22]
- MAESTRO-II: a multi-chip module approximately the size of a dime that serves as the hardware core of several other products. The module contains a 66 MHz ARM7 processor, 4 MB of flash, 8 MB of RAM, and a FPGA with 500,000 gates. Unit cost: $3–4K (in 2008). It replaces the previous generation modules which were based on the HC12 microcontroller.
- MONKEYCALENDAR: Software that transmits a mobile phone's location by hidden text message.
- NEBULA
- NIGHTSTAND: Portable system that wirelessly installs Microsoft Windows exploits from a distance of up to eight miles.[22]
- NIGHTWATCH: Portable computer used to reconstruct and display video data from VAGRANT signals; used in conjunction with a radar source like the CTX4000 to illuminate the target in order to receive data from it.
- PICASSO: Software that can collect mobile phone location date, call metadata, access the phone’s microphone to eavesdrop on nearby conversations.[29]
- PHOTOANGLO: A joint NSA/GCHQ project to develop a radar system to replace CTX4000.[22]
- RAGEMASTER: (see image above, right) A concealed $30 device that taps the video signal from a target's computer's VGA signal output so the NSA can see what is on a targeted desktop monitor. It is powered by a remote radar and responds by modulating the VGA red signal (which is also sent out most DVI ports) into the RF signal it re-radiates; this method of transmission is codenamed VAGRANT. RAGEMASTER is usually installed/concealed in the ferrite choke of the target cable. The original documents are dated 2008-07-24. Several receiver/demodulating devices are available, e.g. NIGHTWATCH.[6]
- SCHOOLMONTANA: Software that makes DNT implants persistent on JUNOS-based (FreeBSD-variant) J-series routers/firewalls.[22]
- SIERRAMONTANA: Software that makes DNT implants persistent on JUNOS-based M-series routers/firewalls.[22]
- STUCCOMONTANA: Software that makes DNT implants persistent on JUNOS-based T-series routers/firewalls.[22]
- SOMBERKNAVE: Software that can be implanted on a Windows XP system allowing it to be remotely controlled from NSA headquarters.
- SOUFFLETROUGH: BIOS injection software that can compromise Juniper Networks SSG300 and SSG500 series firewalls.[22]
- SPARROW II: (see image at right) A small computer intended to be used for WLAN collection, including from UAVs. Hardware: IBM Power PC 405GPR processor, 64 MB SDRAM, 16 MB of built-inflash, 4 mini PCI slots, CompactFlash slot, and 802.11 B/G hardware. Running Linux 2.4 and the BLINDDATE software suite. Unit price (2008): $6K.
- SURLYSPAWN: Keystroke monitor technology that can be used on remote computers that are not internet connected.
- SWAP: Technology that can reflash the BIOS of multiprocessor systems that run FreeBSD, Linux, Solaris, or Windows.
- TAWDRYYARD
- TOTECHASER
- TOTEGHOSTLY: Software that can be implanted on a Windows mobile phone allowing full remote control.
- TRINITY: (see image at right) A more recent and more powerful multi-chip module using a 180 MHz ARM9 processor, 4 MB of flash, 96 MB of SDRAM, and a FPGA with 1 million gates. Smaller than a penny. Estimated cost (2008) $625K for 100 units.
- WATERWITCH: A portable "finishing tool" that allows the operator to find the precise location of a nearby mobile phone.
- WISTFULTOLL
Siehe auch
Bearbeiten- Computer and Internet Protocol Address Verifier (CIPAV) — FBI trojan
- Duqu — spyware worm
- Equation Group - a highly advanced secretive computer espionage group, suspected of being tied to the NSA
- FinFisher — private-sector trojan used by several states
- MiniPanzer and MegaPanzer — Swiss state-sponsored trojans
- R2D2 (trojan) — a German state-sponsored trojan
- TEMPEST — NSA standards for electromagnetic protection
- WARRIOR PRIDE — more recent (2010) NSA/GCHQ capabilities against smartphones
- Communications Assistance for Law Enforcement Act - CALEA
- Tempora
- NSA Playset
Einzelnachweise
BearbeitenVorlage:Commons category {{DEFAULTSORT:NSA ANT catalog}} [[Category:Mass surveillance]] [[Category:National Security Agency operations]]
- ↑ a b c d Referenzfehler: Ungültiges
<ref>
-Tag; kein Text angegeben für Einzelnachweis mit dem Namen Applebaum. - ↑ Referenzfehler: Ungültiges
<ref>
-Tag; kein Text angegeben für Einzelnachweis mit dem Namen Hathaway. - ↑ Referenzfehler: Ungültiges
<ref>
-Tag; kein Text angegeben für Einzelnachweis mit dem Namen Condliffe. - ↑ Referenzfehler: Ungültiges
<ref>
-Tag; kein Text angegeben für Einzelnachweis mit dem Namen Edwards. - ↑ Referenzfehler: Ungültiges
<ref>
-Tag; kein Text angegeben für Einzelnachweis mit dem Namen LeMonde. - ↑ a b c Referenzfehler: Ungültiges
<ref>
-Tag; kein Text angegeben für Einzelnachweis mit dem Namen Satter. - ↑ Referenzfehler: Ungültiges
<ref>
-Tag; kein Text angegeben für Einzelnachweis mit dem Namen Hardawar. - ↑ a b Referenzfehler: Ungültiges
<ref>
-Tag; kein Text angegeben für Einzelnachweis mit dem Namen Kain. - ↑ a b Referenzfehler: Ungültiges
<ref>
-Tag; kein Text angegeben für Einzelnachweis mit dem Namen Zetter. - ↑ Referenzfehler: Ungültiges
<ref>
-Tag; kein Text angegeben für Einzelnachweis mit dem Namen Lawler. - ↑ Referenzfehler: Ungültiges
<ref>
-Tag; kein Text angegeben für Einzelnachweis mit dem Namen Mick. - ↑ a b Referenzfehler: Ungültiges
<ref>
-Tag; kein Text angegeben für Einzelnachweis mit dem Namen Kirk. - ↑ Richard Stiennon: Is There A Second NSA Leaker?
- ↑ Referenzfehler: Ungültiges
<ref>
-Tag; kein Text angegeben für Einzelnachweis mit dem Namen Campbell. - ↑ a b c Referenzfehler: Ungültiges
<ref>
-Tag; kein Text angegeben für Einzelnachweis mit dem Namen Gallagher. - ↑ Referenzfehler: Ungültiges
<ref>
-Tag; kein Text angegeben für Einzelnachweis mit dem Namen Hughes. - ↑ Referenzfehler: Ungültiges
<ref>
-Tag; kein Text angegeben für Einzelnachweis mit dem Namen Brandon. - ↑ Referenzfehler: Ungültiges
<ref>
-Tag; kein Text angegeben für Einzelnachweis mit dem Namen Elmer-DeWitt. - ↑ GINSU NSA ANT catalog page: File:NSA_GINSU.jpg (not publicly known to have its own page in the catalog)
- ↑ Arik Hesseldahl: You Won't Believe All the Crazy Hardware the NSA Uses for Spying. All Things Digital, 30. Dezember 2013, abgerufen am 1. Januar 2014.
- ↑ Bruce Schneier: CROSSBEAM: NSA Exploit of the Day. 21. Februar 2014, abgerufen am 1. Februar 2015.
- ↑ a b c d e f g h i j k l Referenzfehler: Ungültiges
<ref>
-Tag; kein Text angegeben für Einzelnachweis mit dem Namen LeakSource. - ↑ Darmawan Salihun. "NSA BIOS Backdoor a.k.a. God Mode Malware Part 1: DEITYBOUNCE" January 29th, 2014.
- ↑ DEITYBOUNCE NSA ANT catalog page: File:NSA DEITYBOUNCE.jpg
- ↑ Bruce Schneier: EBSR: NSA Exploit of the Day. 25. Februar 2014, abgerufen am 1. Februar 2015.
- ↑ Referenzfehler: Ungültiges
<ref>
-Tag; kein Text angegeben für Einzelnachweis mit dem Namen Whitwam. - ↑ Referenzfehler: Ungültiges
<ref>
-Tag; kein Text angegeben für Einzelnachweis mit dem Namen Thomson. - ↑ GINSU NSA ANT catalog page: File:NSA_GINSU.jpg
- ↑ a b Referenzfehler: Ungültiges
<ref>
-Tag; kein Text angegeben für Einzelnachweis mit dem Namen Estes. - ↑ Referenzfehler: Ungültiges
<ref>
-Tag; kein Text angegeben für Einzelnachweis mit dem Namen Meyer. - ↑ Christian Stöcker, Marcel Rosenbach: Trojaner Regin ist ein Werkzeug von NSA und GCHQ. In: Spiegel Online. 25. November 2014, abgerufen am 2. Februar 2015 (deutsch).