NSA’s backdoor catalog exposed - Targets: Dell, Juniper, Cisco, Samsung, Huawei

[thorfourwinds]

NSA's backdoor catalog exposed: Targets include Juniper, Cisco, Samsung, Huawei — Tech News and Analysis

An internal NSA catalog offers spies backdoors into a wide range of equipment from major computing and security vendors, according to an article published by Germany's Der Spiegel on Sunday, based on leaked documents.

Targets include firewalls from Juniper Networks, hard drives from Western Digital, Seagate, Maxtor and Samsung, networking gear from Cisco and Huawei, and servers from Dell.

The documents are from 2007, so other products may have been affected since then.

According to the piece, there is no evidence that any of the companies knowingly allowed these backdoors — this seems to be a matter of highly sophisticated hacking and cracking.
According to more specific documents published on Monday by Der Spiegel, the affected network security products and servers include:

   •   Cisco 500 series PIX firewalls and most ASA firewalls (5505, 5510, 5520, 5540, 5550)

   •   Juniper Networks SSG 500 and SSG 300 series firewalls (320M, 350M, 520, 550, 520M, 550M), as well as Juniper Netscreen NSG5T, NS50, NS25 and ISG1000 appliances

   •   Juniper J-series, M-series and J-series routers

   •   Huawei Eudemon 200, 500 and 1000 series firewalls

   •   Huawei routers (unspecified)

   •   Dell PowerEdge 1850, 2850, 1950, 2950 RAID servers

The catalog also offers fairly cheap rigged monitor cables for spying on targets' monitors ($30), and pricier equipment such as base stations for fooling mobile networks and cellphones ($40,000), and bugs disguised as USB plugs ($20,000+).

Interactive Graphic: The NSA's Spy Catalog - SPIEGEL ONLINE

RELATED:

Backdoors Embedded in DoD Microchips From China

Defense from malware | Privately Investigating

[zorgon]

How to stop the NSA from spying on you...

#1  Use a burn phone...

Every spy on the planet, every drug lord... uses them. You don't need all that fancy stuff its just a dang phone   

#2 Make your computer invisible to the net...

They cannot hack you or spy on you if they cannot sniff out your connections

Go to Shields Up and see if YOU are in stealth mode 

https://www.grc.com/x/ne.dll?bh0bkyd2

#3  Stop giving out all your info on facebook and twitter

[ArMaP]

#2 Make your computer invisible to the net...

They cannot hack you or spy on you if they cannot sniff out your connections

Go to Shields Up and see if YOU are in stealth mode 

https://www.grc.com/x/ne.dll?bh0bkyd2

That's where the firewall hacks (or whatever) are needed, as tests like that one test for normal communication attempts only.

[thorfourwinds]

Let's Play NSA! The Hackers Open-Sourcing Top Secret Spy Tools

By Motherboard @motherboard

Michael Ossmann and a merry band of hackers are rebuilding the NSA's most secret weapons—for science.

THE ANT FARM
It all began just after Christmas 2013, when a peculiar 48-page gadget catalog appeared on the website of Der Spiegel. The top of each page contained a string of letters, beginning with "TOP SECRET."

Six months earlier, the German newspaper had been one of a number of media outlets to publish thousands of classified documents disclosed by Edward Snowden. But this document wasn't like the others.

The leaked file, authored around 2008 by a group at the National Security Agency known as the Advanced Network Technology (ANT) division, was a list of spy devices designed for getting what it called "the ungettable."

Devices in the ANT Catalog were designed to exploit a range of hardware, software and firmware.  Collage: Alex Pasternack

The Privacy Threats of 2014 | Motherboard

[...]
In the last days of 2013, Jacob Applebaum at the Chaos Computer Club conference described some truly phenomenal pieces of surveillance technology being used by the NSA's elite hacking force: a device used in black bag attacks that can attack a computer when placed within 8 miles of its target, USB cables with hidden chips that allow network access, and—something that is beyond even the most morbid dystopian nightmare—a piece of kit that beams radiation at people and the computers around them, providing "the means to collect signals that otherwise would not be collectable, or would be extremely difficult to collect and process."

(In fact, when Jacob revealed this particular gadget to Julian Assange, he reportedly quipped, "Hmm... I bet the people around Hugo Chavez are going to wonder what caused his cancer."

Although this specific tech is only available to NSA employees at the moment—at least according to the documents released by Jacob and Der Spiegel, which described them as featuring on an "internal catalog"—the agency's reliance on private contractors may suggest their proliferation outside of the US is nigh. It would be naïve to think that these private surveillance companies would think twice about filling any country's hacker teams with the latest tech, as long as they can afford the price.
[...]


Related stories:

New Documents Show Thousands of Unreported Wiretaps by Canadian Cops

[thorfourwinds]

Above: ESD America's map of the interceptors discovered so far
Image Credit: ESD America, September 2, 2014 2:58 PM

Who is putting up 'interceptor' cell towers? The mystery deepens | VentureBeat | Security
by Barry Levine

Mysterious "interceptor" cell towers in the USA are grabbing phone calls — but they're not part of the phone networks. And, two experts told VentureBeat today, the towers don't appear to be projects of the National Security Agency (NSA).

The towers were revealed by Les Goldsmith to Popular Science last week. He's CEO of ESD America, which builds the super-secure Cryptophone 500 for clients that need the military-grade security and can handle the phone's estimated $3,500 price tag.

In the course of testing the phone, Goldsmith's team discovered the existence of phone cell towers that intercept a call and hand it off to the real network — allowing the tower to listen in or load spyware to the mobile device.

In July, ESD America identified 17 of the towers, but now it has increased that outed inventory to 19. On its Facebook page, ESD America points out that an interceptor "doesn't necessarily need to be a[n] actual cell tower," but could simply be the listening/call handling technology sitting somewhere.

Who is installing and managing these interceptors?

Not the NSA, cloud security firm SilverSky CTO/SVP Andrew Jaquith told us. "The NSA doesn't need a fake tower," he said. "They can just go to the carrier" to tap your line.

"I would agree with that," Goldsmith told us. But then who?

They could be from perhaps law enforcement agencies or the military, he suggested. A number of these towers are around military bases, although they're also found in other locations, including the vicinity of the South Point Casino in Las Vegas.

The discovery "appears to confirm real-world use of techniques that have been highlighted by researchers for years," said Stephen Ellis, manager of cyber threat intelligence at security firm iSIGHT Partners. While noting that his company "cannot confirm the accuracy of this reporting without further information," Ellis told us that iSIGHT is "highly confident that we have observed real-world use of this technique in support of another of its uses – cyber crime [for] financial gain."

"We have observed and reported on cases in other parts of the world where actors are known to have set up fake base stations to send spoofed SMS messages," Ellis said, "possibly to send spam or to direct unsuspecting victims to malicious websites."

The Federal Communications Commission (FCC) announced last month that it is launching an investigation into the use of cell network interceptors by criminal gangs and foreign intelligence.

We asked Goldsmith if he could be mistaken about the towers. Perhaps they are just commercial ones that seem unusual?

"We can definitely tell" that they're non-network towers, he said, by analysis of the infrastructure. These phony towers, without names as normal towers have, insist to your phone that they must handle the call and then trick the phone into turning off its normal encryption.

Such a tower tells you that "none of your towers are currently available," Goldsmith told us. It says, "'I'm your tower.'

"If you wanted to listen to a phone call," he said, "this would be the easy way."

[zorgon]

Doesn't make any sense...

The NSA has no use for them as stated and the military/NSA have always had the ECHELON system and the MUOS system (Mobile User Objective System)  Had all that info on the website for years in Jack's section

Seems more likely that these toers might be for an independent network, the same way they have SiPRNET, JWICS and others that are not connected to the main stream internet.

Sure there are over 200 spook agencies out there but seems to me building visible towers is a waste of money

[zorgon]

The discovery "appears to confirm real-world use of techniques that have been highlighted by researchers for years," said Stephen Ellis, manager of cyber threat intelligence at security firm iSIGHT Partners. While noting that his company "cannot confirm the accuracy of this reporting without further information,"[/i] Ellis told us that iSIGHT is "highly confident that we have observed real-world use of this technique in support of another of its uses – cyber crime [for] financial gain."

Okay reading that sounds like this guy is using this to promote his company iSIGHT

appears to confirm...

cannot confirm without more info...

highly confident we have observed...

Seriously?

How can they say they have traced calls and got a return message but cannot confirm these towers are real?

Don't think I would hire these guys 

[burntheships]

Some, or maybe most of these "towers" are not actual towers, just
equipment that can fit into a car, or an airplane.  Jack Bauer type stuff.

This article seems to lay blame on the U.S. Marshalls flying around looking
for targets.....
http://www.extremetech.com/extreme/194271-us-government-uses-fake-cell-towers-flown-on-airplanes-to-harvest-phone-data-and-track-down-criminals

While this article speaks to the idea that Google is worse than the NSA.
Google has cars, and blimps, and satellites, ( by the way that is penned
by Assange no less )


http://www.newsweek.com/assange-google-not-what-it-seems-279447
so I would wager a bet they have airplanes too, and "fake towers".

[thorfourwinds]

[ArMaP]

What's that supposed to mean?

[zorgon]

What's that supposed to mean?

Buncha Vikings doing internet security   


Comprehensive Attack Intelligence

The Norse DarkMatter platform is designed to maximize coverage and sampling rate of malicious and questionable Internet traffic. Analysis of malicious and questionable traffic includes IRC, Tor, P2P, free open-source services (DNS, SSH, VPN), private IP and SOCKS proxies, unassigned and unadvertised address space, attacks against Norse dark sensors, geolocation analysis, and web-crawling for specific data of interest. The information from these data sources is continuously analyzed and correlated using over 1500 criteria, resulting in the Norse IPQ risk score, contributing risk factors (rationale), and geolocation information for each IP address. Up to four years of historical data is also factored into the risk analysis.

Live Attack Intelligence at Transaction Speed

http://www.norse-corp.com/technology_overview.html

[ArMaP]

Buncha Vikings doing internet security   

I should have been clearer in my question.

What is that supposed to mean in this topic? Does it show attacks related to the topic? If yes, how do they know? If no, what's the relevance?

[Somamech]

I see no sense in tower interception.

ALL of our comms will travel via some means which WILL PASS though a server, cable, phone line or (The Bush Telegraph ie: Old School Spooks lol).

The fact of the matter is that you don't have to hide if you have a reasonable idea.  You only hide if you do something really stupid like fight cop's or whathave you


 

[zorgon]

What is that supposed to mean in this topic?

OH LOL you would have to ask Thor about that  He posts in mysterious ways