The United States’ National Security Agency (NSA) is keeping an eye on corporate computer networks and individual computers from PCs and laptops to tablets and smartphones worldwide using secret “backdoors” embedded into software or firmware through various remote or “hands-on” methods, including on devices intercepted in transit from vendors to end-users.
Germany’s Der Spiegel magazine in one of its latest articles cites a document it has seen, a kind of product catalogue, revealing that an NSA division called Advanced Network Technology (ANT) has burrowed its way into nearly all the firewalls made by leading computer manufacturers and software developers.
The document shows that the NSA’s Tailored Access Operations (TAO) unit installed hidden access methods in a variety of devices from Apple, Cisco Systems, Dell, Huawei, Juniper, Maxtor, Samsung, Seagate, and Western Digital, among others.
If TAO’s hacking methods were not enough, ANT “master carpenters” stepped in with their special tools, penetrating networking equipment, monitoring mobile phones and computers and diverting or even modifying data. Those tools, or “implants” (a NSA jargon word), have enabled the NSA to establish a global covert network operating alongside the Internet.
The 50-page list looks like a mail-order catalog, one from which other NSA employees can order technologies from the ANT division for tapping their targets’ data. It even lists the prices for these electronic break-in tools, with costs ranging from free to $250,000, Der Spiegel says.
One of those break-in tools is called “FEEDTROUGH.” This malware makes it possible to smuggle NSA spy “implants” into mainframe computers and keep them “alive” through any reboots or software upgrades, providing the NSA with permanent presence in computer networks. The catalog states that FEEDTROUGH “has been deployed on many target platforms.”
Planted by ANT developers in so-called BIOS – the software located on a computer’s motherboard that is the first thing to load when a computer is turned on – a malicious code remains invisible to virus protection and other security programs. A computer “infected” in this way will operate normally as if nothing happened and even if its hard drive is erased and a new operating system is installed, the ANT malware will continue to function ensuring that new spyware can once again be loaded onto what is presumed to be a clean computer. The ANT developers call this “Persistence”.
Some ANT programs attack the firmware in hard drives manufactured by Western Digital, Seagate, Maxtor and Samsung, while others target Internet routers meant for professional use or hardware firewalls intended to protect company networks from online attacks. Most of those programs are remotely installable via the Internet, but some “digital weapons” require a direct attack on an end-user device – a so-called “interdiction” (another NSA jargon word).
Der Spiegel’s report is based on revelations by former NSA contractor Edward Snowden.
Apple, Cisco Systems, Dell, Huawei and other companies have responded publicly expressing concern over the alleged “backdoors” and claiming that they have never cooperated with the NSA.
Apple released a statement saying it had never worked with the NSA to create a backdoor in any of its products and had been unaware of the NSA program targeting iPhones.
Meanwhile, Apple was one of the nine tech giants cited as sources for the NSA’s data-gathering program, PRISM, which was first reported back in June by The Guardian and The Washington Post.
Reprinted from The Voice of Russia.