Feeds

Hackers reverse-engineer NSA spy kit using off-the-shelf parts

Expect a busy DEFCON with lots of new pwnage products

Secure remote control for conventional and virtual desktops

Last year Edward Snowden leaked the NSA's Advanced Network Technology catalog, a listing of the hardware and software tools the agency makes available to agents for spying. Now enterprising security experts are using the catalog to build similar tools using available electronics.

The team, led by Michael Ossmann of Great Scott Gadgets, examined the leaked catalog and found that a number of the devices the NSA developed can be very simple to recreate.

Ossmann was able to build a software-defined radio (SDR) system capable of recording and transmitting data from a target PC using a Kickstarter project, and reckons the hardware can be bought to market for $300 or less.

"SDR lets you engineer a radio system of any type you like really quickly so you can research wireless security in any radio format," he told New Scientist.

Ossmann also said he was able to build two devices from the NSA's catalog using little more than a few transistors and a two-inch length of wire as an antenna. These mimic the NSA products Ragemaster (a plug that sits on the monitor cable of a computer and broadcasts screen images) and the Surlyspawn keystroke logger, but at a fraction of the cost the government gets charged.

In a presentation at the Hack In The Box conference in Amsterdam this May, Ossmann detailed some of his creations and the methods he and his team used to build them using off-the-shelf components. These devices aren't as small as the NSA's hardware, but are just as effective, he said.

The team has now set up a website, NSAPlayset.org, detailing the different spying products they have reverse-engineered, and more details will be given out at presentations at the DEFCON hacking conference being hosted in Las Vegas in August.

Ossmann's goal isn't to help hackers conduct their own spying operations, nor to make it easier for the government to get low-cost surveillance hardware. While he has developed tools for the federal government, the goal of this project is to help the security industry understand the range of threats it should be protecting against.

"Showing how these devices exploit weaknesses in our systems means we can make them more secure in the future," he opined. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
Regin: The super-spyware the security industry has been silent about
NSA fingered as likely source of complex malware family
Why did it take antivirus giants YEARS to drill into super-scary Regin? Symantec responds...
FYI this isn't just going to target Windows, Linux and OS X fans
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
'Regin': The 'New Stuxnet' spook-grade SOFTWARE WEAPON described
'A degree of technical competence rarely seen'
Astro-boffins start opening universe simulation data
Got a supercomputer? Want to simulate a universe? Here you go
prev story

Whitepapers

Driving business with continuous operational intelligence
Introducing an innovative approach offered by ExtraHop for producing continuous operational intelligence.
Why CIOs should rethink endpoint data protection in the age of mobility
Assessing trends in data protection, specifically with respect to mobile devices, BYOD, and remote employees.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Reducing the cost and complexity of web vulnerability management
How using vulnerability assessments to identify exploitable weaknesses and take corrective action can reduce the risk of hackers finding your site and attacking it.