Much of the information below was taken from an interactive graphic published by the German newspaper der Spiegel (On Line International), published on December 30, 2013 and titled “Interactive Graphic: The NSA’s Spy Catalog”. The link is HERE.
According to the New York Times (1/14/14), the National Security Agency has implanted software in nearly 100,000 computers around the world that allows the United States to conduct surveillance on those machines and can also create a digital highway for launching cyberattacks:
1. At the computer hardware level, the NSA’s Tailored Operations Unit uses a process it calls “interdiction” to intercept computers built by manufacturers like Dell and HP (e.g. the HP DL380 G5 and the Dell PowerEdge Server line), and on their way to be delivered to customers, then the NSA’s ANT division installs several hardware and software implants which are concealed within the computer’s BIOS (like “DIETYBOUNCE” and “IRONCHEF”) and continues shipping the computer to its recipient, without any knowledge of either the manufacturer (they claim) or the recipient. Because it’s implanted in the BIOS, it continues to work even if the computer is rebooted or a new operating system is installed. And, once installed, it can be used to update itself to add even more capabilities. Also, software programs like SOMBERKNAVE can secretly divert data via wireless LAN connections when required, or embed themselves in the master boot record [like IRATEMONK [implant hidden in the firmware of hard drives from WD, Seagate, Maxtor and Sansung replacing the MBR for hacking purposes], BEI GINSU [software using the BULLDOZER implant], SWAP [a PC bios implant allowing remote control over many O/S’s like Windows, Linux and Solaris], WISTFULTOLL [software implant using Windows Management Instrumentation (“WMI”) to gain access to data, also a plug-in for UNITEDDRAKE AND STRAITBIZARRE spy programs], HOWLERMONKEY [a radio transceiver for remote control extraction of data], JUNIORMINT [a multi-chip-module (“MCM”) that can be configured], MAESTRO-II [another MCM], SOMBERKNAVE [an XP implant that uses wireless to remote control a device], TRINITY [another MCM, very small], QUANTUMINSERT and its sucessor QUANTUMDIRK [which inject malicious code into chat services like Facebook and Yahoo as well as STRAITBIZARRE [which can be turned into disposable and non-attributable “shooter” nodes which can receive messages from the NSA’s Quantum network, which can be used for “command and control for a very large scale active exploitation and attack].
2. Similar software is installed in the BIOS, allowing the NSA to hack computer systems through firewalls manufactured by major companies (like Cisco, Juniper and Huawei), transforming these products from intrusion protection hardware and software to gateways for NSA ANT hacking. NSA uses software named JETPLOW, HALLUXWATER, FEEDTHROUGH, SOURRLETROUGH and GOURMETTROUGH) to compromise both hardware and software firewalls.
3.NSA ANT has compromised professional routers made by at least two manufacturers (Juniper and Huawei), again through the BIOS, using its HEADWATER, SCHOOLMONTANTA, SIERRAMONTANTA and STUCCOMONTANA software implants to hack into the internal network of a company or ISP.
4.NSA ANT has also developed and implanted methods for gaining access to wireless LAN networks by planting its own software on Windows network systems. NIGHTSTAND AND SPARROW III are exploits which can remotely inject data packets into a wireless network so that it can detect signals over distances over eight miles, even further if the hardware is mounted on an aerial drone.
5. Room Surveillance is made possible even without bugging devices being installed on premises, through the use of several devices which emit an extremely low signal which can be detected from outside. NSA calls this type of surveillance ANGRYNEIGHBOR. For example, NSA can capture the location of a specific object in a room (TAWDRYYARD), detect words spoken (LOUDATO) or what is showing on a computer monitor (NIGHTWATCH and RAGEMASTER). Moreover, NSA has developed radar units like the CTX4000 (successor to PHOTOANGLO), which can reveal signals from devices like laser printers (used, it is claimed, to spy on EU representatives office in Washington, DC).
6. The NSA also has an entire range of USB plug bugs, cleverly disguised as plugs or extension cords between a mouse, keyboard or the like and the devices. COTTONMOUTH I, II AND III and FIREWALK, can send and receive radio signals to monitor the bugged computer and its network and also send commands back to the computer or network. Keystroke loggers like SURLYSPAWN can even transmit what a computer user types even when the computer isn’t online. RAGEMASTER , which is installed in the ferrite insulation on a video cable can allow the NSA to see what’s on a monitor.
7. Let’s not leave out cell phones. The NSA has developed implants for mobile phones and SIM cards, like DROUPOUTJEEP, initially developed for the first iPhones in 2008, to trace location, upload and download files and divert messages. Also, GOPHERSET, which can pull phone book, SMA and call logs remotely from cell phones. MONKEYCALENDAR can direct a cell phone SIM card to transmit geolocation data via hidden SMS messages. TOTECHASER similarly transmits satphone data via covert SMS. TOTEGHOSTLY 2.0, an implant from the NSA’a STRAITBIZARRE family, allows complete remote control of Windows mobile phones, such as reading messages, address book entries, turning microphones or cameras on and off, determining geolocation and cell tower data, etc. PICASSO is similar. DROPOUTJEEP works with iPhones with the same features. While cell phone conversations are generally prohibited on many commercial flights, an NSA document says that it recorded data from about 100,000 people who used their phones while flying in February 2009. A secret program called "Southwinds" could gather all cellular communication from commercial air flights, including "voice communication, data, metadata and content of calls." But the agencies were targeting in-flight calls on Air France as early as 2005. When the program was up and running, it could collect data in "near real-time" and airplanes could be tracked every two minutes using the cell connections. The only real requirement was that a plane be cruising at over 10,000 feet.
Once cruising altitude was reached, ground-based stations could intercept the call as it was passed through a satellite. From there, the agencies could cross-reference the call with the list of passengers on board and find who was making the call. And judging by this report, this practice continues through today -- the report shows calls tracked as recently as 2012, and with in-flight calling expected to be far more common in the coming years, the NSA and GCHQ will have many more opportunities to listen in to calls.
The forthcoming boom in in-flight mobile phone usage will "further extend the scope of espionage by providing a pool of potential targets comprising several hundreds of thousands of people, a level of popularity anticipated by the NSA seven years ago," writes Jacques Follorou of Le Monde. "This implies a population that goes far beyond terrorist targets. The political or economic surveillance of passengers in business or in first class on long-haul flights could be put to many other uses."
Naturally, both the GCHQ and NSA told Le Monde and The Intercept that their actions comply with European Convention on Human Rights and US law and policy, respectively.
8. Cell phone networks are also hacked. Programs like CROSSBEAM, CANDYGRAM, CYCLONE Hx9, EBSR, ENTOURAGE, GENESIS, NEBULA, TYPHON HX, WATERWITCH and CROSSBEAM, all involve various ways of tracking mobile phones, their signals and data and the like, over various types of cell phone protocols and networks here and abroad. Some even masquerade as official network mobile phone antennas. Programs like CANDYWIRE contain “telephone tripwires” which send the NSA a text message when a mobile phone enters a specific range. Programs like this probably were used in the tapping of German Chancellor Angela Merkel’s mobile phone. The Warriorpride program, a collection of software programs employed by all the Five Eyes partner agencies employs keyloggers (like Qwerty) and other phone breaking programs.
9. See also links in this website to PRISM, BOUNDLESS INFORMANT, XKEYSCORE.
10. Active programs by the NSA, like Polterain, a project of the agency’s TAO (“Tailored Access Operations”) department, like Barnfire, are discussed in the CYBERCOM definition. The men and women working for the ROC (“Remote Operations Center”) of the NSA, which uses the codename “S321,” is responsible for the NSA’s covert operations. Residing on the third floor of the Ft. Mead headquarters, a fleet of agents continuously monitor the internet, tracing foreign cyberattacks by other governments and analyzing them for insight, turning defense into attacks. Department S31177 (codenamed Transgression) is charged with the mandate of “global network dominance” and it has tons of tools it has gleaned from attackes on the U.S. to use in our defense.