Categories: HackingIntelligence

TURNIPSCHOOL – DIY NSA spying technology from the NSA Tao catalog

Researchers have presented the TURNIPSCHOOL project and other activities that replicate NSA surveillance implants with cheaper and off the shelf components.

In December 2013, the popular cyber security expert Jacob Appelbaum, with the support of Der Spiegel news agency, disclosed the NSA’s catalog of surveillance.

“Germany’s Der Spiegel has published another disturbing article on the NSA surveillance activities, the media agency has published an internal NSA catalog that offers spies backdoors into a wide range of equipment from major vendors. The catalog includes backdoor for hard drives from Western Digital, Seagate, Maxtor and Samsung, for Juniper Networks firewalls, networking appliances from Cisco and Huawei, and unspecified equipment from Dell. The backdoors appear to be the result of a high sophisticated hacking and cracking operations conducted by NSA,  all the product offered are designed by the Advanced/Access Network Technology (ANT) division of the NSA’s Tailored Access Operations (TAO) elite hacker unit.” I wrote in a article that was published the day of the publisc disclosure.

The National Security Agency’s ANT catalog provide a detailed list of technologies that could be exploited the agent of the agency to compromise any kind of electronic equipment and run cyberespionage operation. I personally examined the document related to Radar Wave Devices to compromise computers, giving a look to the Implants in the Arsenal of the NSA and to specific exploits used by the cyber spies, like RADON and DEWSWEEPER Work.

Sifting in the interesting catalog readers can find the description of a USB cable with embedded hardware called Cottonmouth-I, the device could be used by NSA agent to exploit the USB connections for remote wiretapping or even to gain the remote control over the target.

Cottonmouth-I is a simple as powerful implant that could allow attackers to wiretapping communications with peripheral devices (i.e. keyboards, printers) and inject malicious code, the tool os considered very effective for the attack on air gapped networks.

“One, called Cottonmouth I, looks like a normal USB plug but has a tiny transceiver buried in it. According to the catalog, it transmits information swept from the computer “through a covert channel” that allows “data infiltration and exfiltration.” Another variant of the technology involves tiny circuit boards that can be inserted in a laptop computer — either in the field or when they are shipped from manufacturers — so that the computer is broadcasting to the N.S.A. even while the computer’s user enjoys the false confidence that being walled off from the Internet constitutes real protection.” states Cryptome.org.

Basically the NSA intelligence agency has fitted all necessary technology into a USB plug to spy on victims, unfortunately, the price indicated in the catalog is high due to the sophisticated hardware used, Cottonmouth-I was over $1 million per lot of 50 units ($20,000 per device).

Obviously, the technology evolves and the costs for the construction of devices such as the Cottonmouth-I decline rapidly and this is what the wireless security researcher Michael Ossman has demonstrated at Shmoocon conference recently. Ossman, which is also the founder of Great Scott Gadgets, is one the contributor of the NSA Playset program, an initiative that aims to duplicate in open source the technologies exposed in the NSA surveillance catalog. The experts has presented his progress on the TURNIPSCHOOL project, which is a hardware man-in-the-middle USB cable based on the design of a USB hub-on-a-chip and a microprocessor with a built-in radio onto a circuit board that fits into a molded USB plug.

Ossman presented the TURNIPSCHOOL project and other two other projects with his colleagues, Dominic Spill and Jared Boone. Spill is the author of the project USBProxy, realized using the BeagleBone Black development platform, which provides a way to monitor traffic passing over a USB 2.0. The experts explained that hackers worldwide could build tools more sophisticated of the implants described in the worldwide could build tools more sophisticated of the implants described in the NSA ANT catalog.

 “The tools spooks use aren’t that big a deal,” said Ossman. “We can build them ourselves.” [toold developed by independent hackers] “are more sophisticated than stuff in the ANT catalog.”

The purpose of the NSA Playset is to design NSA-like spying devices with off-the-shelf components, for example with the BeagleBone Black platform.

I have found TURNIPSCHOOL simply amazing, it is based on the following components:

Ossman explained that solder and plastic cover not included so he has done it by itself.

“I soldered it myself,” Ossman said. “It’s totally accessible at a hobbyist level.”

The three researchers are also working on the building of a custom printed circuit boards for hacking purposes. The Daisho is another interesting project, a SuperSpeed USB 3.0 FPGA platform, which uses a general purpose circuitry based on field-programmable gate array (FPGA) that could allow monitoring USB 3.0 bus.

Daisho received funding support from the DARPA Cyber Fast Track program, a government program developed with intent to funds multiple small projects for all technologies related in the area of cyber characterized by high value-added in shorter time frames, limited cost and with the expectation of results demonstrated in less than 12 month periods.

The technology will make it increasingly simple espionage activities at low cost.

 

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs –  NSA surveillnce catalog, TURNIPSCHOOL)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Google's Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively…

6 hours ago

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during…

18 hours ago

INC Ransom stole 3TB of data from the National Health Service (NHS) of Scotland

The INC Ransom extortion group hacked the National Health Service (NHS) of Scotland and is threatening…

22 hours ago

CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft SharePoint vulnerability disclosed at the…

1 day ago

The DDR Advantage: Real-Time Data Defense

This is the advantage of Data Detection and Response (DDR) for organizations aiming to build…

1 day ago

Finnish police linked APT31 to the 2021 parliament attack

The Finnish Police attributed the attack against the parliament that occurred in March 2021 to…

1 day ago

This website uses cookies.