Report: NSA Intercepts PC Deliveries, Pays Cybercriminals to Spy on Americans
December 30, 2013 3:46 PM
Consumer electronics goods are reportedly regularly diverted to secret workshops where they are modified
We already know that agents of the
U.S. National Security Agency
spied on their ex-lovers (so-called "LOVEINT")
. We've heard that the NSA put Americans' financial futures in jeopardy by
paying for backdoors
sabotage of international encryption standards
We know that the NSA is
spying on our relationships
on Facebook Inc. (
) and Google Inc.'s (
) social networks. We know that the NSA hunted for "terrorists"
spying on users of World of Warcraft
and other online games.
I. Don't be Mad; It's Just Big Brother Bugging You
And yet for
all the incredible ways
we've learned that the NSA is
spending hundreds of billions of our dollars
to "protect" us, it still manages to find new ways amaze.
-- Germany's top newspaper -- has
based on analysis of NSA internal
documents shared by leaker Edward Snowden
, a former
U.S. Central Intelligence Agency
(CIA) analyst and NSA contractor. The report casts light on new cybercrime-inspired techniques the NSA uses against U.S. citizens and foreigners.
[Image Source: CNN]
Among the most shocking are reports that the NSA routinely intercepted consumer electronics shipments from "partners" like Amazon.com, Inc. (
coincidentally is vying for CIA contracts
lobbying for more spying behind closed doors
) and installing James Bond-esque devices to spy on Americans.
One such program is dubbed "COTTONMOUTH" and involves the installation of a malicious USB "hardware implant". Other programs reportedly involved the installation of malicious firmware or software (malware). COTTONMOUTH was among the expansions of the spying program by President Barrack Obama (D), having been instituted in 2009.
The NSA named its sabotage program after a venemous snake that slithers unseen in southern swamps
The practice appears relatively common, as the NSA used it enough to have "secret workshops" (note the plural tense from the slides and memos -- indicating that it was common enough to have more than one) devoted primarily to the effort to sabotage Americans' electronic devices to spy on them.
Further, two entire units of the NSA are devoted to hardware sabotage. The first is referred to as the "TAO" (Tailored Access Operations) unit.
According to internal NSA documents viewed by Spiegel, these on-call digital plumbers are involved in many sensitive operations conducted by American intelligence agencies… The documents reveal just how diversified the tools at TAO’s disposal have become — and also how it exploits the technical weaknesses of the IT industry, from Microsoft to Cisco and Huawei, to carry out its discreet and efficient attacks.
A second unit -- the Advanced/Access Network Technology unit -- was tasked with developing a set of sabotage procedures for virtually any consumer hardware target.
While domestic interceptions can be relatively inexpensive, foreign interceptions can become very costly to the taxpayer. The NSA reportedly flies some shipments to their destinations, coordinating flights with the CIA and U.S. Federal Bureau of Investigations, "This gets them to their destination at the right time and can help them to disappear again undetected after even as little as a half hour's work."
Such night flights may occur occasionally in the U.S. as well, when the sabotaged delivery is in danger of running late, or when there's concern the target might suspect the modifications.
II. General Searches Once Inspired Rebellion, But Today Evoke Apathy
Among the companies whose electronics devices the NSA can penetrate include numerous top domestic brands. Among those mentioned were routers from Juniper Networks, Inc. (
) and Cisco Systems, Inc. (
), and Huawei Technologies Comp. (
Hard drives and external storage solutions by Western Digital Corp. (
), Seagate Technology PLC (
) (and its Maxtor brand), and Samsung Electronics Comp., Ltd. (
) were mentioned, as well as undisclosed products from Dell.
Huawei's routers are reportedly riddled with security holes -- some of which some analyst claim are deliberate back doors. [Image Source: The Hacker News]
Reportedly, the NSA gets authorization for redirections of citizens' goods to secret workshops
via the mass warrants Foreign Intelligence Surveillance
Court ("FISC") -- a secret court. It is of course a crime for anyone involved with these programs to inform the public of the secret court's decisions.
The warrants granted by the FISC are bulk orders that allow the NSA to pursue actions as if all Americans are criminals until proven innocent, within certain confines.
Basically, those confines are that the NSA is only officially allowed to pursue investigations against citizens if it has evidence to believe they are involved with "terrorism" (although it is also clear that they regular violate that restriction and (typically "accidentally") monitor innocent non-terrorist Americans, anyway).
Americans have no direct route to proving their innocence, although companies can try to
petition to knock out bulk requests
a difficult process
The Founding Fathers rebellion from England a decade after the colonial nationalist power stepped up its mass warrants. [Image Source: USFCA.edu]
Such mass warrants were common in the colonial U.S. as British authorities tried to crack down on American colonies' political and economic freedoms. A common misconception is that imperial England in the 1700s had no courts; much like America today it did in fact have courts and a legislature, and even offered limited versions of both to the U.S. government.
The general warrants issued by English courts (a plot hatched in the mid-1700s by Charles Pratt, 1st Earl Camden a prominent UK justice at the time) were remarkably similar to the FISA warrants of today, sharing the same two crucial problems -- the assumption that everyone might be a criminal without evidence and a lack of accountability/oversight. And the king, for all his powers, was arguably no more powerful that President Obama is today, in many regards.
The Obama administration is returning America to its imperialist English roots with his "total war" on terrorism and general warrants. [Image Source: Freaking News]
The difference is that in the old days mass searches were far less subtle. And the American colonists were at one time much more opposed to such sacrifices of freedom. In fact, according to historian
the "colonial epidemic of general searches" was a key reason why the Founding Fathers rebelled from Britain.
When they wrote the Constitution, they specifically forbid such "universal searches", only allowing individual warrants. Today, though, as an increasingly powerful U.S. government slowly sets the Constitution aside, those safeguards no longer apply. And yet the huddled masses in America appear relatively apathetic to the same kinds of intrusions that their ancestors labeled as tyranny.
The majority -- for now -- appears content to surrender their freedom for a small measure of safety. Great American statesman Benjamin Franklin warned that this could happen, stating, "They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety."
The Founding Fathers paid a price in blood to free America of "general searches" (i.e. mass warrants). And they warned their ancestors that if they allowed such practices to reappear in the name of national security they would have neither freedom nor safety. [Image Source: U.S. Treasury]
The prediction proves fortuitous -- in recent Congressional testimony the NSA reduced its estimate of how many terrorist attacks it stopped with universal spying and sabotage from 54 to 2. And in its testimony it made it clear that it’s not even clear that those cases were truly stopped by spying.
So basically Americans may be paying for these bizarre mass searches for basically no security -- which Benjamin Franklin would argue was an unfortunately deserved outcome.
III. With Secret Courts, Secret Warrants, Everyone's a Criminal
With bulk warrants in hand, all that is required to install malware on a target's machine is for an agent to fill out a form in an app or web portal, which generates a change request. That request is passed up the chain to various agency inspectors (up to 20, according to some reports) who stamp (or rubber stamp?) it with their approval.
Such approval is time sensitive, so typically supervisors are unable to carefully scrutinize their underlings' requests carefully.
[Image Source: Jason Mick; original: Maximum PC]
Once approved, the service reportedly goes something like
a warranty request with Amazon or Newegg might
-- the machine gets redirected to the workshop, which has a digital document of the requested malware, firmware, or hardware modifications to perform. The device is then shipped to the citizen who ordered it, with no hint that it was sabotaged.
Again, nowhere in this process is an
warrant required. The NSA contends such spying is always done "with warrant", but they almost always mean a bulk warrant. In layman's terms such a bulk warrant is effectively no warrant at all, as it targets all Americans, or at least millions of them. In essence the only thing needed to spy on your machine is an agent deciding to select it out of their rich stream of data on in-progress shipments, then obtain supervisor click-throughs.
A lone American protests his nation's secret courts. [Image Source: Before Its News]
The German report describes the apps used by agents to initiate these effectively warrantless sabotage service orders as a "mail order spy catalog". They give them many options that can quickly be used to target citizens or foreigners ordering U.S. products.
IV. NSA May be Paying Criminals to Target Americans
What happens if interception fails? Well that doesn't mean the citizen is safe from spying.
If the agency cannot intercept a shipment in time, it still has options. As most PCs run on Windows, internal memos reveal that the NSA is intercepting Microsoft Corp.'s (
) Windows Errors reports, which can reveal details of security holes on target machines.
The NSA vacuums up Microsoft Windows Error reports to infect citizens' computers with malware, remotely.
A document viewed by Spiegel resembling a product catalog reveals that an NSA division called ANT has burrowed its way into nearly all the security architecture made by the major players in the industry — including American global market leader Cisco and its Chinese competitor Huawei, but also producers of mass-market goods, such as US computer-maker Dell.
These NSA agents, who specialize in secret back doors, are able to keep an eye on all levels of our digital lives — from computing centers to individual computers, from laptops to mobile phones. For nearly every lock, ANT seems to have a key in its toolbox. And no matter what walls companies erect, the NSA’s specialists seem already to have gotten past them.
This, at least, is the impression gained from flipping through the 50-page document. The list reads like a mail-order catalog, one from which other NSA employees can order technologies from the ANT division for tapping their targets’ data. The catalog even lists the prices for these electronic break-in tools, with costs ranging from free to $250,000.
Many of these backdoor tools reportedly come from so-called "blackhat" sellers -- criminals of the internet. So the NSA is shelling out reportedly up to a quarter million to buy tools from the private sector criminals to carry out its spying on Americans. And when it can't buy a solution it appears it is willing to regularly pay even more money to develop a solution analogous to criminal tools currently available.
It then can initiate remote attacks against machines, which are loaded with malware, via traditional means such as infected websites, phishing, or direct attacks. This strategy leans heavily on tactics the NSA learned from criminals in the U.S. and abroad.
V. Why Does Germany Care? Oh Yeah,
In case you're wondering why the
press is so concerned about this, Germany has been in an uproar ever since it was revealed that President Obama authorized
spying on Germany's Prime Minister Angela Merkel
and other top German officials. While publicly acting like these German officials were dear allies, his NSA was secretly stealing their secrets.
Chancellor Merkel is surprised by a Pirate Party drone guest. [Image Source: TorrentFreak]
On top of that, the NSA is reportedly daily
spying on tens of millions of German citizens
. Strangely Germany appears one of Europe's most target nations. NSA maps show that Germany was targeted with more spying that Afghanistan, home of the Taliban. Germany and the U.S. were spied on at similar rates to Saudi Arabia; a nation the U.S. both considers an ally and a key funder of terrorism.
On a daily basis the U.S., on average, grabs data on roughly
20 million phone calls in Germany
, grabbing as many as 60 million calls on some days. That's not quite the
rate at which the U.S. spies on its own citizens calls -- 99 percent
-- but it's pretty impressive given that Germany only has 80 million citizens. The NSA also reportedly gathers information on 10 million internet data connections in Germany daily, on average.
Boundless Informant maps show the NSA isn't just spying on terrorsm-affiliated states.
[Image Source: Guardian]
Steffen Seibert, spokesperson for Germany's Chancellor Angela Merkel,
issued a stiff warning
when these allegations emerged earlier this year,
, "If it is confirmed that diplomatic representations of the European Union and individual European countries have been spied upon, we will clearly say that bugging friends is unacceptable. We are no longer in the Cold War. Mutual trust is necessary in order to come to [trade agreements]."
And Germany's Justice Minister Sabine Leutheusser-Schnarrenberger -- a trusted advisor of the German Chancellor -- remarked earlier this year, "If the media reports are accurate, then this recalls the methods used by enemies during the Cold War. It is beyond comprehension that our friends in the United States see Europeans as enemies."
This uproar has led some serious social-searching amongst Obama administration supporters -- although the U.S. public may not be happy with the changes some have suggested. For example
Sen. Dianne Goldman Berman Feinstein
(D-Calif.) suggests that spying on ally leaders like Chancellor Merkel or the Pope should be illegal, but
spying on Americans should be strengthened
VI. NSA Becomes the Shadow Villain That Congress Long Accused Citizen Hackers, the Chinese of Being
In retrospect it seems pretty ironic as
Congress last year accused Chinese OEMs like Huawei and ZTE
of possibly leaving holes in their hardware and software to spy on Americans. As recently as earlier this year, a former CIA director was
blasting Huawei for helping Chinese "spy" on Americans
Instead, it appears that Huawei and others were (likely inadvertently) helping the U.S. government spy on Americans. Perhaps intelligence analysts' concern about Chinese spying stemmed from its first hand knowledge of just how many holes in these OEMs' firmware and software there were. After all, it was reportedly routinely exploiting these holes to spy on Americans without warrant.
The true enemy lay at home, not in China, after all. [Image Source: Chinadangvu]
For all the hot air the NSA and other agencies were
never able to provide Congress of any hard evidence that Chinese spying on Americans
occurred in the wild. Indeed, a White House report based on the NSA analysis and other sources ruled that such spying had not occurred.
The NSA should know. It was carrying out precisely such spying.
The law tasks the NSA from spying on foreigners, but forbids it to spy on U.S. citizens. Sen. Feinstein is fighting to flip that equation. [Image Source: Nation of Change]
Thus, after several years of the legislative and executive branches whining and whimpering in international circuits about China "spying" on Americans and their allies, it turns out that whatever spying China was doing was likely grossly eclipsed by the spying the U.S. federal government was doing on its own people
and its allies
Adding to this appearance of some sort of darker intent is how the U.S. government
regularly released reports
the last half decade
when it came to cybersecurity
. In retrospect these reports appear to be
devious social engineering
. The reality was that the intelligence community appears to be one of the most advanced hacker rings in the world, with skills and funding surpassing even
the most sophisticated private-sector hacking rings
, and even the elite hacking units of allies and rivals like Israel and China.
The U.S. was the cyberwolf, clothing itself in a garb of lies to look the meek sheep.
Feigning weakness, the NSA was a waiting wolf in sheep's clothing. [Image Source: Dharmma Musings]
After witnessing these lies and the truth of the American government's apparently predatory behavior against its allies and its own people, it's going to be pretty hard for ally states to believe anything the U.S. says on cybersecurity from here on out -- the trust has been fatally betrayed.
VII. Looking Everywhere Where Cybercriminals Aren't
The motivation for such spying at best seems illogical and at worst could allude to dark intent, given that the services and targets the U.S. spied upon seemed to have little to do with terrorism. As
recently noted, Google only indexes an estimated 4 percent of the internet.
True terrorists tend to avoid American services like Gmail. [Image Source: DVD Active]
The top American news agency
In a January 2012 report titled “
Jihadism on the Web: A Breeding Ground for Jihad in the Modern Age
,” the Dutch General Intelligence and Security Service drew a convincing picture of an Islamist Web underground centered around “core forums.” These websites are part of the Deep Web, or Undernet, the multitude of online resources not indexed by commonly used search engines.
In other words our allies' intelligence agencies have made it clear that real terrorist chatter was not common in services like Facebook, Gmail, or World of Warcraft -- services popular in rich, civilized nations like the U.S. and its European allies. So why is the NSA looking there?
Instead true terrorist communication reportedly occurs primarily through unindexed forums that Google and others do not even recognize or index -- the so-called "deep web". That part of the internet the NSA mostly ignores, raising serious questions of what exactly it is truly trying to accomplish.
The deep web is where most terrorist chatter occurs. [Image Source: OpenText]
Why is it reportedly ignoring the parts of the internet where its targets lie? Why is spending hundreds of billions on data collection that does virtually nothing to stop terrorists just some sort of foolish wastefulness?
Note, that in virtually every case of hacking by foreign powers or private sector criminals, the end goal was gaining financial secrets of some form to turn into profit. The NSA claims its cybercrime campaign's goal is to fight terrorism, yet its programs are not designed to fight terrorism. They are designed for financial secrets theft.
Is the government using its collected information for economic malfeasance? It's clearly not using it to catch terrorists very often. [Image Source: Google Images]
But these are important questions to ask, given the economic secrets that lie in the NSA's dataset, just waiting to be exploited for profit. Secret, furtive abuse may sound unlikely, but we've already seen far too many uncomfortable unlikelihoods long dismissed as paranoid be proven factual, when it comes to the NSA's Orwellian campaign. As
A Scanner Darkly
author Phillip K. Dick wrote, "Strange how paranoia can link up with reality now and then."
VIII. Cybercrime is Unethical, Except When the NSA is Doing It
Regardless of the motivations it's appearing that the U.S. is practicing a double standard, allowing its intelligence officials to behave in a manner it deems it criminal for its citizens to behave in.
use these techniques to spy on Americans
, they typically end up in facing prison time -- and many would argue justifiably so. Such actions would likely be deemed crimes
under the ambiguous Computer Fraud and Abuse Act
of 1986 (
18 USC § 1030
Cybercrime or law enforcement? It depends on if your bosses rule the nation.
[Image Source: TechieNews]
When the government resorts to criminal tactics to (supposedly) offer some small modicum of security it certainly appear dangerously contrary to the protections promised by and spirit of the U.S. Constitution. But given the supreme powers allocated to the NSA and its backing secret courts by Congress, chances are that at least some in Congress and the courts will deem such tactics are "legal" in the U.S. as it enters its post-Constitution era.
When you're the NSA -- an organization that admits to "accidentally" violating the law thousands of times a year -- you
are the law
, so you face no real fear of charges. The public just has to bend over and deal with it, or so the NSA calculates.
The NSA, DEA, and FBI cyberstalk millions of Americans using cybercriminal tactics.
[Image Source: WSJ]
The U.S. federal government is still struggling to offer a working website for the controversial healthcare program it conscripted Americans, via creatively interpreting that the Constitution allowed the federal government to engage in any desirable market manipulation under the commerce clause. And yet, it seems to be having no difficulty
cyberstalking millions of Americans
and sabotaging their devices with and without warrant.
It seems pretty clear
where the priorities
most elected officials
in the U.S. federal government
Americans have a history of resisting mass warrants. [Image Source: Columbia Pictures]
For now the status quo is a slow erosion of lady liberty. But America's own history suggests the people may eventually awaken and fight back either with their votes or otherwise.
Der Spiegel 
“We do believe we have a moral responsibility to keep porn off the iPhone.” -- Steve Jobs
Federal Judges Divided on Whether Mass-Spying Violates 4th Amendment
December 27, 2013, 12:53 PM
NSA Contractor Edward Snowden: "Mission Accomplished"
December 25, 2013, 11:21 PM
RSA Responds to Claim that it Gave NSA Back Door Access in Exchange for $10M
December 23, 2013, 11:43 AM
Rep. King Says Sen. Paul "Disgraced" Office by Criticizing NSA
December 20, 2013, 11:37 AM
NSA, UK Spy Agencies Snooped Through Xbox Live, World of Warcraft Communications
December 9, 2013, 12:43 PM
Science & Environment
February 20, 2017, 6:37 AM
The USA’s newest weather satellite sends first photos.
January 24, 2017, 6:41 AM
Netflix took a decision to invest in original content
January 19, 2017, 7:00 AM
Amazon Airborne Fulfillment Center – Your Merchandise Drop-Shipped from the Clouds
December 29, 2016, 5:00 AM
Amazon is experimenting with a new kind of grocery stores, Amazon Go
December 8, 2016, 5:00 AM
Google has developed Deep Learning Algorithm to detect Diabetic Eye Disease
December 4, 2016, 5:00 AM
Most Popular Articles
Intel Optane SSd DC P4800X – Super Fast 3D Storage
March 20, 2017, 7:35 AM
Comparison – Samsung Galaxy TabPro S Vs Microsoft Surface Pro 4
March 21, 2017, 7:40 AM
Gigabyte GA-Z170X-Gaming G1 – Intel Thunderbolt 3 Certified Motherboard
March 9, 2017, 6:25 AM
Samsung Galaxy S8, Rumored Launch Date!
March 18, 2017, 6:45 AM
Huawei P8 Lite 2017 – Android 7 Nougat Smartphone with Octa-Core Processor
March 8, 2017, 7:03 AM
Latest Blog Posts
Are you thinking of performance and speed? Intel claims:
Mar 25, 2017, 7:45 AM
Apple buys an automation app called Workflow. The deal was completed today and brings the app along with its developers.
Mar 23, 2017, 7:35 AM
Apple Announces new color for iPhones and iPads
Mar 22, 2017, 7:45 AM
Instagram: You Can Now Save Live Videos For Later
Mar 21, 2017, 7:49 AM
Samsung Galaxy S8 to Get New Color Scheme
Mar 20, 2017, 7:45 AM
What else to worry about?
Mar 17, 2017, 6:45 AM
Icon of the Day: Intel/ NVIDIA or Mobileye
Mar 16, 2017, 6:15 AM
JUST IN - Twitter Hijacked : High-Profile Account Accesses
Mar 15, 2017, 7:07 AM
Mar 14, 2017, 7:30 AM
News and Tips
Mar 13, 2017, 6:30 AM
iPhone 8 – May Not Get Curved Screen
Mar 11, 2017, 8:00 AM
California paves way to self-driving car tests without humans
Mar 11, 2017, 7:18 AM
Smart Machines V hackers
Mar 10, 2017, 7:00 AM
Uber Can Resume Autonomous Car Testing in California
Mar 9, 2017, 6:50 AM
Mar 8, 2017, 7:09 AM
Mar 7, 2017, 8:45 AM
World news 3-6
Mar 6, 2017, 5:40 AM
Mar 4, 2017, 7:40 AM
Mixed News of the Day
Mar 4, 2017, 6:32 AM
Jaguar Land Rover invests in ride-sharing
Mar 3, 2017, 7:00 AM
Mixed News of The World:
Mar 2, 2017, 7:02 AM
World New 3-1
Mar 1, 2017, 6:30 AM
More Blog Posts
Copyright 2017 DailyTech LLC. -
Terms, Conditions & Privacy Information