Report: NSA intercepts computer deliveries to plant spyware
A special hacking unit of the U.S. National Security Agency intercepts deliveries of new computer equipment en route to plant spyware, according to a report on Sunday from Der Spiegel, a German publication.
The method, called “interdiction,” is one of the most successful operations conducted by the NSA’s Office of Tailored Access Operations (TAO), which specializes in infiltrating computers, wrote the publication, citing a top-secret document.
”If a target person, agency or company orders a new computer or related accessories, for example, TAO can divert the shipping delivery to its own secret workshops,” Der Spiegel wrote.
The workshops, called “load stations,” install malware or hardware components that give the NSA access to the computer, it wrote.
Der Spiegel did not say where the documents were obtained, although it is one of several news outlets, including The Washington Post and The Guardian, which possess information leaked by former NSA contractor Edward Snowden. He is not mentioned in the story, which was co-authored by filmmaker Laura Poitras, whom Snowden contacted.
The documents leaked by Snowden have prompted a U.S. government review of the NSA’s spying activities and its impact on civil liberties and law. Technology companies, calling for stronger privacy controls, contend the agency’s tampering with their networks could undermine their businesses.
Der Spiegel wrote that a 50-page “product catalog” it viewed from the NSA described a division called “ANT,” which specializes in engineering access to products from companies such as firewall maker Juniper Networks, networking giants Cisco Systems and Huawei Technologies, and Dell.
”For nearly every lock, ANT seems to have a key in its toolbox,” the publication wrote.
Another internal NSA presentation showed the agency has access to crash reports sent by computers to Microsoft, Der Spiegel reported. A prompt is sometimes shown during certain problems with Windows, and users are asked if they’d like to send an automated report to the company.
Der Spiegel wrote that the presentation indicated the NSA can intercept these reports from a sea of internet traffic using its XKeyscore tool, an internet monitoring tool revealed in July by The Guardian.
Intercepting the reports “appears to have little importance in practical terms” but provides insights into a targeted person’s computer, Der Spiegel wrote.
Another top-secret document described NSA efforts to tap into the SEA-ME-WE-4 undersea telecommunications cable, which stretches from southern France to Thailand and connects Europe with North Africa and the Middle East.
On Feb. 13, the TAO “successfully collected network management information” for the cable, including Layer 2 information that shows circuit mapping, Der Spiegel reported, quoting the document.
Der Spiegel further described some of the TAO’s computer exploitation activities, which include trying to redirect a targeted person’s computer to servers controlled by the agencies that can deliver spyware.
The NSA and its U.K. counterpart, GCHQ, use a tool called QUANTUMINSERT to tracks a person’s internet browsing and at opportune moments direct the user’s computer to one of its FOXACID exploitation servers.
One document showed that QUANTUMINSERT was most effective when people were trying to visit the professional networking site LinkedIn, Der Spiegel said. The success rate was more than 50 percent, it said.
The NSA could not be immediately reached for comment Sunday night.