Monday, December 30, 2013

THE most important news story of 2013 - NSA regularly intercepts laptops/other electronic devices to implant malware. All iPhones now compromised too.

Way back on June 10th we had a post titled "The most important news story since Watergate."And as the year draws to a close we will update with two significant revelations from yesterday and today.

The very idea that a government organization has been collecting information for seven years on every phone call, domestic and international, that Americans make was long rumoured and dismissed as the ramblings of the tin foil hat crowd.

But it turns out it's all true.

The US National Security Agency has recorded and logged every phone call, every email, every internet post you have made and stored it. They have done this with the implicit support (and granted access by) organizations such as Facebook and Google.

What we are learning has come to us courtesy of NSA whistleblower Edward Snowden (who should have been Time's Person of the Year)

Since then it has come out that the NSA has hacked the phones of world leaders.

Yesterday Germany's Spielgel magazine revealed stunning revelations which exposed the spy agency's 50 page catalog of "backdoor penetration techniques"
These NSA agents, who specialize in secret back doors, are able to keep an eye on all levels of our digital lives - from computing centers to individual computers, and from laptops to mobile phones. For nearly every lock, ANT seems to have a key in its toolbox. And no matter what walls companies erect, the NSA's specialists seem already to have gotten past them.
It gets better, because when simple penetration is not enough, the NSA adds "implants."
In cases where TAO's usual hacking and data-skimming methods don't suffice, ANT workers step in with their special tools, penetrating networking equipment, monitoring mobile phones and computers and diverting or even modifying data. Such "implants," as they are referred to in NSA parlance, have played a considerable role in the intelligence agency's ability to establish a global covert network that operates alongside the Internet.
And how are those "implants" added?

Der Spielgel reports that the NSA regularly intercepts shipments of laptops and other electronic devices in order to implant physical listening devices and install advanced malware. This process, called interdiction, can give authorities instant remote access to a subject’s computer without them being any the wiser.

Interdiction is undertaken by the NSA’s superhacker team known at Tailored Access Operations (TAO). It is not impossible to deliver malware to a target computer after the fact, but the risk is far lower if the surveillance tools can be installed before a device reaches the buyer.

TAO is reportedly able to divert a computer order from a computer manufacturer to its network of secret workshops where the modifications can be made before returning the packages to the shipping company.

But if that bombshell isn't significant enough, Jacob Applebaum (@ioerror) at the 30th Chaos Communication Congress, dropped another stunner today.

Applebaum outlined the complete and detailed description of how the NSA bugs, remotely, your iPhone.

The way the NSA accomplishes this is using software known as Dropout Jeep, which it describes as follows:
"DROPOUT JEEP is a software implant for the Apple iPhone that utilizes modular mission applications to provide specific SIGINT functionality. This functionality includes the ability to remotely push/pull files from the device. SMS retrieval, contact list retrieval, voicemail, geolocation, hot mic, camera capture, cell tower location, etc. Command, control and data exfiltration can occur over SMS messaging or a GPRS data connection. All communications with the implant will be covert and encrypted."
The most disturbing thing, as Applebaum notes, is:
"Do you think Apple helped them build that? I don't know. I hope Apple will clarify that. Here's the problem: I don't really believe that Apple didn't help them, I can't really prove it but [the NSA] literally claim that anytime they target an iOS device that it will succeed for implantation. Either they have a huge collection of exploits that work against Apple products, meaning that they are hoarding information about critical systems that American companies produce and sabotaging them, or Apple sabotaged it themselves. Not sure which one it is. I'd like to believe that since Apple didn't join the PRISM program until after Steve Jobs died, that maybe it's just that they write shitty software."
So has the NSA hacked all iPhones, or is Apple working with the NSA to by pass the need to hack and is directly installing malware on your phone? The disturbing revelations continue.

And we humbly predict the repercussions from Snowden's whistleblowing (particularly economic repercussions) will ripple across the coming decades in a more profound way than did the events of Watergate in 1974 or the terrorist attacks of September 11th, 2001.

If you follow on twitter, we will continue to re-tweet important developments on this topic.

To see youtube clips of Applebaum's full presentation, follow this link to the Zero Hedge post.


Click 'comments' below to contribute to this post.

Please read disclaimer at bottom of blog.

No comments:

Post a Comment