Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Tracking & Law Enforcement

Hackers Show the NSA’s Capabilities Are Not Magic

A group of security researchers, hardware hackers, hardware developers and hobbyists have set out to demonstrate that many of the tools similar to those used by the United States National Security Agency (NSA) for surveillance operations can be reproduced on a low budget with open source software and hardware components.

A group of security researchers, hardware hackers, hardware developers and hobbyists have set out to demonstrate that many of the tools similar to those used by the United States National Security Agency (NSA) for surveillance operations can be reproduced on a low budget with open source software and hardware components.

The project, called the “NSA Playset,” came out of a collaboration between security researcher Dean Pierce and Michael Ossmann, founder of Great Scott Gadgets. Shortly after the NSA’s ANT catalog was leaked online, they recruited several others who had already implemented or were working on implementing capabilities that were similar to the ANT tools.

The ANT catalog is a 48-page classified document containing information on the technologies used by the NSA’s Tailored Access Operations (TAO) unit for cyber surveillance. The document is one of the many files obtained by the former NSA contractor Edward Snowden.

The technologies referenced in the ANT catalog have names such as BULLDOZER, CANDYGRAM, COTTONMOUTH, CROSSBEAM, and DROPOUTJEEP. Because of this, the individuals behind the NSA Playset have decided to give their projects silly names like BROKENGLASS, CHUCKWAGON, CONGAFLOCK, and TWILIGHTVEGETABLE.

The project was introduced at the Hack In The Box (HITB) security conference in Amsterdam earlier this year by Ossmann. After HITB, members of the group showcased the devices they built at various events.

CHUCKWAGON
The CHUCKWAGON Open Source Hardware Device

One of the ANT tools replicated by researchers is GENESIS, a modified GSM handset that’s designed to sniff and monitor traffic. In the catalog, the device is listed with a unit cost of $15,000. However, researchers have managed to develop a similar tool, which they’ve dubbed TWILIGHTVEGETABLE, with a budget of only $50 by using an Extreme USB flash drive from SanDisk, a NooElec RTL-SDR dongle, and an antenna.

SLOTSCREAMER is a PCIe attack platform that can be used to read memory, bypass software and hardware security measures, and directly attack other hardware devices in the system. While this might appear like a sophisticated tool, it’s actually just a $100 USB3380-AB evaluation board with custom firmware.

“Most of the tools build on top of existing open source software and hardware, so they were implemented with a few days to a few months of part-time work. None of the projects have material costs for development that exceed a few hundred dollars, and most of them can be reproduced in a couple hours with under a hundred dollars,” Joe FitzPatrick, a researcher at SecuringHardware.com and one of the main contributors to the NSA Playset project, told SecurityWeek. FitzPatrick presented on some of his projects at the recent Suits and Spooks Conference in London.

The gadgets built by the NSA Playset group are for different types of attacks, including passive radio interception, active radio injection, network reconnaissance, physical “domination,” and hardware/software implants.

Advertisement. Scroll to continue reading.

“One goal is for all of the devices to be open source software and hardware, so full technical details will be published, available, and reproducible,” FitzPatrick said.

Currently, there are 10-20 people that are actively contributing to the project, eight of which presented various NSA Playset tools at the latest DEF CON conference. There appears to be a lot of interest in the project since the online discussion group on the NSA Playset website has over 150 members. And while there aren’t any organizations that officially support the initiative, the EFF auctioned a complete NSA Playset toolkit at DEF CON for a record $2,250.

FitzPatrick says he hasn’t received any significant or direct criticism from the security community regarding the NSA Playset. However, the researcher has pointed out that the community is always debating the relative benefits of responsible disclosure vs. full disclosure. In this case, some might argue that it’s irresponsible to build easy-to-use tools with otherwise advanced capabilities.

“The ultimate goal is to dispel the magic about the NSA’s capabilities. By showing that ‘state-actor capabilities’ are actually accessible cheaply and easily, we may also motivate vendors to fix some of the issues,” FitzPatrick said.

Another goal of the project, according to Pierce, is to lower the bar of entry for newer, younger, researchers.

While the NSA hasn’t contacted any of the members of the group in an official capacity, FitzPatrick says they all assume that the intelligence agency has attended their presentations, visited their website, and listened in on their online discussions.

*Updated to clarify that the NSA Playset came out of a collaboration between Dean Pierce and Michael Ossmann.

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.