Today, De Spiegel announced they had received a set of documents which implicate the NSA and their TAO (Tailored Access Operations) subsidiary in a worldwide hacking scandal the likes of which have only been seen about a dozen times already since last June.
According to the 50-page report, the rogue government agency has been planting backdoors in hardware from major manufacturers such as Cisco, Dell, Seagate, and SanDisk for nearly ten years, and have been using their code to collect valuable data for domestic corporations and military contractors alike. Although many speculate the NSA has used its powers for financial espionage and manipulation, the damage to the homeland’s economy may be far worse than any forethought might have made up for in the end.
Dozens of CEOs have publicly denounced American cloud storage companies and networking hardware manufacturers, claiming they must have colluded with the government to grant firmware backdoors they could use to bolster the American economy. As such, they have chosen Chinese manufacturers such as Huawei to supply their server farms, siphoning off jobs that our struggling country needs to stay afloat.
Forged by ANT (Advanced Network Technology), the hardware-based subset of the TAO group, the backdoors come pre-equipped with measures to prevent your everyday hacker from taking advantage of the code while the government is looking the other way.
In a statement, Cisco denied any cooperation with the NSA or their efforts to crack into the routers of you and everyone you know.
“Cisco does not work with any government to modify our equipment, nor to implement any so-called security ‘back doors’ in our products.”
All this information doesn’t come cheap though, and the NSA actually has to purchase the necessary tools for surveillance from ANT at prices ranging anywhere from $30 all the way up to $1 million for more advanced pieces of malicious machinery. Anything from rigged monitor cables to full on cell phone towers are part of the laundry list of devices that TAO depends on to spy on their targets, and the catalog functions much like any other mail-order catalog that agents can call up, place an order, and have the parts on their desk within a week or less.
Many of these tools can be installed remotely, however the paper suggests that some of the bigger cracks, like those for server farms and internal networks of foreign companies, do require a bit of social engineering in order for the engineers at ANT to get inside.
By relying on a concept known as “Persistence”, their viruses and malware can survive even if you wipe your hard drives and install completely new software and operating systems. They achieve this effect by burrowing into the BIOS of an infected machine, which is where all the base-layer computations are made by the motherboard when communicating with the rest of the system.
Check outon how to install custom firmware on your router so you never have to worry about manufacturers passing the buck when it comes to the security of your network at home!