updated 05:46 am EST, Mon December 30, 2013
German mag says NSA diverts retail orders to secretly add tracking software, devices
The National Security Agency (NSA) has the ability to bug computers and peripherals being shipped to customers from retail, says a new report allegedly laying out more of the agency's surveillance activities. Some orders for electronics can apparently get redirected to the Tailored Access Operations (TAO) group, run by the NSA, which can secretly add hardware devices and malware to the unit before resealing and forwarding it on to the customer.
The report from Der Spiegel alleges that the introduction of backdoors to ordered devices is only one part of TAO's efforts. A 50-page document that resembles a "mail-order catalog" for spying apparently offers NSA employees a list of tools from TAO, with prices for items starting at no cost and ranging up to $250,000 per use. Examples given include a monitor cable adapted to allow "personnel to see what is displayed on the targeted monitor" for $30, an "active GSM base station" for mimicking cell towers costs $40,000, and bugs capable of collecting and transmitting data over radio, though disguised as a USB plug, is priced at over $1 million for a pack of 50.
NSA headquarters, Maryland
Devices and software for enterprise customers, such as Cisco and Huawei, are said to have backdoors usable by TAO, with mass-marketed goods also fair game to the group. One program is claimed to attack hard drive firmware from Western Digital, Seagate, Maxtor, and Samsung. Even Microsoft's operating systems can allegedly be taken advantage of without installing any malware, with the automated error reports being intercepted in order to plan a further attack.
One of the larger operations listed in the documents mentions spying through the SEA-ME-WE-4 underwater cable bundle connecting Europe to North Africa and the Gulf States. Used by a variety of telecommunications companies, TAO claims that it had managed to collect "Layer 2 network information that shows the circuit mapping for significant portions of the network."
In the last month, security firm RSA has been accused of being paid $10 million for helping with surveillance of its encryption software, something the company strongly denies. Technology companies and foreign governments are also speaking out against the NSA's antics, which has reportedly led to mobile devices being banned from UK government meetings and locked into "soundproof lead-lined boxes" to avoid digital eavesdropping. Another document leaked this month appears to show the NSA as taking advantage of cookies used by Google's advertising system, potentially allowing it to track an individual's Internet habits.