The NSA Has A Way To Intercept Computers Mid-Shipment And Install Spyware

  • 4 Replies
  • 725 Views
*

Offline Bugbatter

  • Microsoft® MVP
  • Administrator
  • Diamond Member
  • 10660
The NSA Has A Way To Intercept Computers Mid-Shipment And Install Spyware On Them

Spiegel Online has a lengthy new report out today about a previously unheard of NSA spying program called Tailored Access Operations, or TAO. The group is designed to gain access to electronic devices it can’t normally spy on using more traditional means.
Continued:
http://www.businessinsider.com.au/nsa-tao-2013-12

Microsoft MVP Consumer Security 2006-2016
Microsoft Windows Insider MVP 2016-

*

Offline Bear

  • Malware Removal Mentors
  • Global Moderator
  • Gold Member
  • 2830
Re: The NSA Has A Way To Intercept Computers Mid-Shipment And Install Spyware
« Reply #1 on: December 30, 2013, 03:14:12 AM »
1984 is just a few years late.  Why don't they just move into my house and follow me around  :m
Never interrupt your enemy when he is making a mistake.
- Napoleon Bonaparte

*

Offline Bugbatter

  • Microsoft® MVP
  • Administrator
  • Diamond Member
  • 10660
Re: The NSA Has A Way To Intercept Computers Mid-Shipment And Install Spyware
« Reply #2 on: December 30, 2013, 07:49:03 AM »
Related: http://gizmodo.com/the-nsa-actually-intercepted-packages-to-put-backdoors-1491169592

Quote
SPIEGEL published two pieces this morning about the NSA's Tailored Access Operations (TAO) division, aka premier hacking ninja squad. According to Snowden documents, TAO has a catalog of all the commercial equipment that carries NSA backdoors. And it's a who's who of a list. Storage products from Western Digital, Seagate, Maxtor and Samsung have backdoors in their firmware, firewalls from Juniper Networks have been compromised, plus networking equipment from Cisco and Huawei, and even unspecified products from Dell. TAO actually intercepts online orders of these and other electronics to bug them.

Microsoft MVP Consumer Security 2006-2016
Microsoft Windows Insider MVP 2016-

*

Offline brian631

  • Bronze Member
  • 1
1984 is just a few years late.  Why don't they just move into my house and follow me around  :m

LOL...very funny :)

*

Offline Bugbatter

  • Microsoft® MVP
  • Administrator
  • Diamond Member
  • 10660
NSA Exploit of the Day: DEITYBOUNCE
Quote
The plan is to post one of these a day for the next couple of months.

Today's item from the NSA's Tailored Access Operations (TAO) group implant catalog is DEITYBOUNCE:

DEITYBOUNCE
(TS//SI//REL) DEITYBOUNCE provides software application persistence on Dell PowerEdge servers by exploiting the motherboard BIOS and utilizing System Management Mode (SMM) to gain periodic execution while the Operating System loads.

(TS//SI//REL) This technique supports multi-processor systems with RAID hardware and Microsoft Windows 2000, 2003, and XP. It currently targets Dell PowerEdge 1850/2850/1950/2950 RAID servers, using BIOS versions A02, A05, A06, 1.1.0, 1.2.0, or 1.3.7.

(TS//SI//REL) Through remote access or interdiction, ARKSTREAM is used to reflash the BIOS on a target machine to implant DEITYBOUNCE and its payload (the implant installer). Implantation via interdiction may be accomplished by nontechnical operator through use of a USB thumb drive. Once implanted, DEITYBOUNCE's frequency of execution (dropping the payload) is configurable and will occur when the target machine powers on.

Status: Released / Deployed. Ready for Immediate Delivery

Complete blog:
https://www.schneier.com/blog/archives/2014/01/nsa_exploit_of.html

Microsoft MVP Consumer Security 2006-2016
Microsoft Windows Insider MVP 2016-