Last year Edward Snowden leaked the NSA's Advanced Network Technology catalog, a listing of the hardware and software tools the agency makes available to agents for spying. Now enterprising security experts are using the catalog to build similar tools using available electronics.
The team, led by Michael Ossmann of Great Scott Gadgets, examined the leaked catalog and found that a number of the devices the NSA developed can be very simple to recreate.
Ossmann was able to build a software-defined radio (SDR) system
capable of recording and transmitting data from a target PC using a Kickstarter project, and reckons the hardware can be bought to market for $300 or less.
lets you engineer a radio system of any type you like really quickly so
you can research wireless security in any radio format," he told New Scientist.
also said he was able to build two devices from the NSA's catalog using
little more than a few transistors and a two-inch length of wire as an
antenna. These mimic the NSA products Ragemaster (a plug that sits on
the monitor cable of a computer and broadcasts screen images) and the
Surlyspawn keystroke logger, but at a fraction of the cost the
government gets charged.
In a presentation at the Hack In The Box
conference in Amsterdam this May, Ossmann detailed some of his
creations and the methods he and his team used to build them using
off-the-shelf components. These devices aren't as small as the NSA's
hardware, but are just as effective, he said.
The team has now set up a website, NSAPlayset.org,
detailing the different spying products they have reverse-engineered,
and more details will be given out at presentations at the DEFCON
hacking conference being hosted in Las Vegas in August.
goal isn't to help hackers conduct their own spying operations, nor to
make it easier for the government to get low-cost surveillance hardware.
While he has developed tools for the federal government, the goal of
this project is to help the security industry understand the range of
threats it should be protecting against.
"Showing how these devices exploit weaknesses in our systems means we can make them more secure in the future," he opined