Wednesday, January 1, 2014

NSA's ANT exploitation catalog

The latest Snowden disclosure of the NSA's ANT exploitation catalog will be studied by every IT security professional in the world. It's a lot to take in, so I wrote a quick summary here. It includes descriptions of:
  • BIOS-based implants for common routers (Huawei, Cisco), firewalls (Huawei, Juniper, Cisco) and servers (HP and Dell)
  • iPhone implant
  • Room audio capture chip ("bug")
  • 802.11 injection hardware
  • SIM card implants
  • Phones with software-defined-radio for covert wireless survey and capture
  • A PCI hardware implant
  • Wireless chips for airgap jumping (HOWLERMONKEY)
  • Hard drive firmware implant
  • Software implants that route traffic to unused 802.11 interfaces (i.e. exfil even while wireless is "off")
  • Multi-OS BIOS/HPA implant
  • Hardware keylogger chip with RF exfil
  • Implanted GSM handsets
  • Thuraya sat phone handset hardware implant
  • Windows mobile implant
  • GSM basestations that can find targets based on handset IDs, collect and capture voice/data/SMS etc.
  • Sofware defined radio direction finders for tracking targets based on a wide range of emissions
  • Modified USB cables with RF chips for airgap bridging (COTTONMOUTH-I,II,III)
  • Ethernet hardware RJ45 connector implant that can do traffic filtering and injection with comms over RF (FIREWALK)
  • VGA cable with hardware implant that collects video and exfils over RF (RAGEMASTER)