Intercepted packages. Custom-made cables that steal data. Towers that mimic a commercial cellphone network. Those are a few of the tricks used by elite units of the National Security Agency to monitor potential threats, according to Germany's Der Spiegel. The magazine published those revelations Sunday and Monday, detailing what it calls a catalog of the NSA's high-tech spying products and methods.
The report centers on how the NSA's Tailored Access Operations division purportedly uses everything from networks' technical flaws to modified USB plugs to access targets' systems and data. The unit, known as TAO, is seen as an elite group whose focus is on producing high-quality and hard-to-gain intelligence, Der Spiegel reports, citing internal NSA documents.
The magazine didn't explain how it acquired the documents. But in the past, Der Spiegel has published materials that came from former NSA contract worker Edward Snowden. And the authors of its main story on TAO's operations include Laura Poitras, a journalist and filmmaker who collaborated with Snowden earlier this year to expose U.S. surveillance secrets.
Update at 3:30 p.m. ET: Mobile Phones Also Targeted
While much of Der Spiegel's report centers on the alleged infiltration of computers, some of the materials it says were obtained from the NSA also outline the agency's ability to penetrate the Apple iPhone and other cellphones.
A TAO system called DROPOUTJEEP is one of seven products that target phones, according to the documents. Under development when the report was produced in 2008, it promised the ability "to remotely push/pull files from the device," in addition to retrieving text and geolocation data and using its microphone and camera, according to a document on the Der Spiegel site.
The document says the first release of DROPOUTJEEP would require "close access methods," a phrase we take to be another way of saying "by hand." A remote option was planned for the future, the document says.
Our original report continues:
In describing TAO's operations, Der Spiegel notes that the group works out of a former Sony chip-making plant in San Antonio, Texas.
That's presumably where its technical experts in a unit called ANT work to produce computer monitor cables that send data to NSA agents and to make USB plugs that are actually bugs, using radio frequencies to send and receive data. Those products, and their per-unit prices, are listed in an ANT catalog, the magazine reported Monday.
From Der Spiegel:
"The catalog is not up to date. Many of the software solutions on offer date from 2008, some apply to server systems or mobile phone models no longer on the market, and it is very likely that the portions SPIEGEL has seen are far from complete. And yet this version still provides considerable insight both into the tools the NSA has had at its disposal for years and into the agency's boundless ambitions. It is safe to assume that ANT's hackers are constantly improving their arsenal. Indeed, the catalog makes frequent mention of other systems that will be 'pursued for a future release.'
"The NSA has also targeted products made by well-known American manufacturers and found ways to break into professional-grade routers and hardware firewalls, such as those used by Internet and mobile phone operators. ANT offers malware and hardware for use on computers made by Cisco, Dell, Juniper, Hewlett-Packard and Chinese company Huawei."
NSA agents reportedly embed their software on computer motherboards, making it difficult to detect and remove — the ANT catalog calls the product IRONCHEF. The agency can also put spyware on hard drives, Der Spiegel says, including devices from Western Digital, Seagate and Samsung.
A slide that Der Spiegel says is from an NSA internal presentation suggests the hacking group isn't shy about touting its abilities. The magazine says the NSA workers are able to exploit the error reports that many computers running Microsoft software send after crashing. That ability reportedly led them to doctor a slide of the normal error message that pops up on screens where things have gone wrong.
Instead of the usual note about informing Microsoft of a system crash, it reads, "This information may be intercepted by a foreign SIGINT system to gather detailed information and better exploit your machine."
The German magazine notes that there seems to be no sign of complicity on the part of companies named in the NSA documents. Representatives of the tech firms told Der Spiegel that they do not work with government agencies to modify their equipment. Cisco, Microsoft and the other firms also expressed concerns over the story and its allegations.
Citing the NSA documents, the magazine says the agency sometimes arranges for packages of electronic gear to be intercepted while en route to customers. Once the spyware is added, the packages are sent on their way.
While several earlier reports about the NSA's activities focused on allegations that it gathered vast amounts of data, Der Spiegel says the TAO unit is tasked with "getting the ungettable."
The division has yielded "some of the most significant intelligence our country has ever seen," a former head of the American unit wrote in a document acquired by Der Spiegel. Her note said the agency's TAO division provided "access to our very hardest targets."
The NSA would not respond to specific questions about its hacking operations, Der Spiegel reports. Here's how the magazine describes a statement from the agency:
" 'Tailored Access Operations is a unique national asset that is on the front lines of enabling NSA to defend the nation and its allies.' The statement added that TAO's 'work is centered on computer network exploitation in support of foreign intelligence collection.' "