The NSA regularly intercepts laptop shipments to implant malware, report says
By Ryan Whitwam on December 30, 2013 at 4:14 pm
It’s common to check up on tracking information when you’re waiting on a package, but at least occasionally, that tracking data is omitting a quick stop off at the NSA. According to a new report in Der Spiegel, the NSA regularly intercepts shipments of laptops and other electronic devices in order to implant physical listening devices and install advanced malware. This process, called interdiction, can give authorities instant remote access to a subject’s computer without them being any the wiser.
Interdiction is undertaken by the NSA’s superhacker team known at Tailored Access Operations (TAO). It is not impossible to deliver malware to a target computer after the fact, but the risk is far lower if the surveillance tools can be installed before a device reaches the buyer. TAO is reportedly able to divert a package to its network of secret workshops where the modifications can be made before returning the packages to the shipping company.
It is unclear how frequently this program is utilized, but the scale is likely limited. Diverting electronics shipments en masse would be suspicious, and the intelligence agency would not want to expose its internal tools to more potential discovery than absolutely necessary — the NSA pays a pretty penny for many of these backdoors.
The NSA has what Der Spiegel describes as a catalog of spy tools with pricing and feature details. The 50-page document lists tools to compromise hardened systems made by the likes of Cisco, Juniper Networks, Huawei, Western Digital, Microsoft, and Samsung. The prices for these attacks, maintained by an internal group known as ANT, can reach as high as $250,000. Although, when it comes to secret NSA software vulnerabilities, you get what you pay for.
One popular tool employed by the NSA on interdicted PCs is known as Cottonmouth. This is a physical device developed in 2009 that can be implanted in a USB port to give the NSA remote access to the target machine once it reaches its destination. Other tools can be used to mirror hard drives by going after the firmware used by companies like Western Digital and Seagate.
The ANT catalog also contains more powerful tools like Feedtrough, which can bypass Juniper firewalls and allow the installation of additional programs. Windows-based systems can be monitored with tools that use error reports to determine what conventional malware might be used to attack the system — plausible deniability and all.
When the NSA is unable to get its hands on a device as it is being shipped, it will sometimes attempt to gain physical access with the help of the CIA and FBI. Agents from the NSA are occasionally ferried around on FBI jets to plant wiretaps, which may only take a few minutes. With the work done, the agent will hop another FBI plane and vanish like a specter in the night.
The NSA has been under increased scrutiny this past year, but by all accounts it is continuing its work undeterred. So the next time your Amazon shipment takes a little longer than usual to arrive, maybe you should be worried.