NSA Elite Hackers Exposed

This post is also available in: עברית (Hebrew)

10369375_s featureDer Spiegel revealed that the TAO unit of NSA planted backdoors to access computers, hard drives, routers, and other devices from principal vendors.

Germany’s Der Spiegel has published another disturbing article on the NSA surveillance activities, the media agency has published an internal NSA catalog that offers spies backdoors into a wide range of equipment from major vendors.

The catalog includes backdoor for hard drives from Western Digital, Seagate, Maxtor and Samsung, for Juniper Networks firewalls, networking appliances from Cisco and Huawei, and unspecified equipment from Dell. The backdoors appear to be the result of a high sophisticated hacking and cracking operations conducted by NSA, all the products offered are designed by the Advanced/Access Network Technology (ANT) division of the NSA’s Tailored Access Operations (TAO) elite hacker unit.

iHLS – Israel Homeland Security

Der Spiegel also reports that the ANT division of TAO has built capabilities to infect BIOS firmware of targeted systems for long-term cyber espionage. The catalog includes base stations for fooling mobile networks and cellphones ($40,000), bugs disguised as USB plugs ($20,000) and also cheaper rigged monitor cables for spying on targets’ monitors.

The catalog even lists the prices for these electronic break-in tools, with costs ranging from free to $250,000. In the case of Juniper, the name of this particular digital lock pick is “FEEDTROUGH.” This malware burrows into Juniper firewalls and makes it possible to smuggle other NSA programs into mainframe computers. Thanks to FEEDTROUGH, these implants can, by design, even survive “across reboots and software upgrades.” In this way, US government spies can secure themselves a permanent presence in computer networks. The catalog states that FEEDTROUGH “has been deployed on many target platforms.”

The TAO unit is a specialized hacking unit already introduced when documents leaked by Snowden mentioned the existence of the FoxAcid infrastructure and the infiltration of more over 50000 foreign networks with malware based attacks.