Tuesday, 31 December 2013

NSA to Q's lab - eat your heart out

Lots of interesting gadgets as describe by Speigel, here and here.

The detail is a little disappointing but some details, which are fascinating, are described at leaksources.

Example from Leaksources.
A few take home points.  Ever since the Russians hoodwinked the US with the radiating gifted great seal in their embassy, it seems that the US has embraced that lesson. Quite a few RF devices are the hard to track resonate and reflect type.  Some effort is occasionally used to point out that devices use COTS parts so that they are deniable also indicating, more importantly, some breadth of custom tech, including semiconductors, at their disposal.

The slides are a bit old at around the 2007 vintage. Not bad for a Cabernet but not so good for a chip. No modern 3D stacking or other cool techniques evident in this particular set yet.  Packaging techniques are used to make neatly tiny things out of not so innovative parts, such as ARMS, FPGAs (generally Xilinx), Flash and RAM.  Neat packages (e.g. TRINITY) around the size of a penny with an ARM9, 96MB RAM, 4MB Flash and an FPGA (1M gates).

You may have a little chuckle at the NSA cell base station (CANDYGRAM - GSM Telephone Tripwire) that required Windows XP on a laptop.  I hope they don't send in error reports that may be interdicted on seg faults.  Windows XP on a laptop is perhaps good cover for an agent ;-)

Very little on audio, visual/optical, RF/magnetic, pressure, tempest, power exploits.  The cases are focused on semi-regular network hacks.

The RF solutions look innovative.  The tech is otherwise not that exciting but well packaged.  Budget and organisation, in terms of hierarchy and catalogue at least, gives much power.  The implants, tempest and persistent firmware are especially neat in terms of their attention to detail and the effort that would have been required even if the tech is not that remarkable.  The implied multi-level covert network, especially with respect to RF, seems comprehensive, expensive and clever.

Imagine what progress has been made in the last seven years from 2007 to 2014.

It is clear that firewalls are like screen doors, good for insects but not bears.  Homogeneity of manufacture makes exploits cheaper.

The take home message is security is a matter of cost. Especially with respect to the constant and diligent attention to detail that is necessary.  Such a security effort is expensive if you want your people to compartmentalise and probably not fail at it with the boundaries. Compromise is just a matter of cost and effort from the adversary.  Don't overspend on a fancy lock when someone can kick the door in. You have to be clever about raising the cost bar.

It looks like the world needs a new vendor that will securely develop, test and even deliver to your hands, very simple network appliances, servers and operating systems that can also attempt to confirm their integrity.

Regardless, if there is a desire to infiltrate you, it will be so.

--Matt.

[PS: Applebaum's recent talk on it all]


_____________________________________________
Larger images - a bit easier to read at a glance - below:



















































  1. NSA KEYWORD LIST 1: PLEASE SHARE THANKS IN ADVANCE
  2.  
  3. download here:
  4.  
  5. http://94ccbc52.linkbucks.com
  6.  
  7. NSA KEYWORD LIST 2: PLEASE SHARE THANKS IN ADVANCE
  8. Explosives, guns, assassination, conspiracy, primers, detonators, initiators, main charge, nuclear charges, ambush, sniping, motorcade, IRS, BATF, jtf-6, mjtf, hrt, srt, hostages, munitions, weapons, TNT, rdx, amfo, hmtd, picric acid, silver nitrite, mercury fulminate, presidential motorcade, salt peter, charcoal, sulfur, c4, composition b, amatol, petn, lead azide, lead styphante, ddnp, tetryl, nitrocellulose, nitrostarch, mines, grenades, rockets, fuses, delay mechanism, mortars, rpg7, propellants, incendiaries, incendiary device, thermite, security forces, intelligence, agencies, hrt, resistance, psyops, infiltration, assault team, defensive elements, evasion, detection, mission, communications, the football, platter charge, shaped charges, m118, claymore, body armor, charges, shrapnel, timers, timing devices, boobytraps, detcord, pmk 40, silencers, Uzi, HK-MP5, AK-47, FAL, Jatti, Skorpion MP, teflon bullets, cordite, napalm, law, Stingers, RPK, SOCIMI 821 SMG, STEN, BAR, MP40, HK-G3,FN-MAG, RPD,PzB39, Air Force One, M60, RPK74, SG530, SG540, Galil arm, Walther WA2000, HK33KE, Parker-Hale MOD. 82, AKR, Ingram MAC10, M3, L34A1, Walther MPL, AKS-74, HK-GR6, subsonic rounds, ballistic media, special forces, JFKSWC, SFOD-D! , SRT, Rewson, SAFE, Waihopai, INFOSEC, ASPIC, Information Security, SAI, Information Warfare, IW, IS, Privacy, Information Terrorism, Kenya, Terrorism Defensive Information, Defense Information Warfare, Offensive Information, Offensive Information Warfare, NAIA, SAPM, ASU, ECHELON ASTS, National Information Infrastructure, InfoSec, SAO, Reno, Compsec, JICS, Computer Terrorism, Firewalls, Secure Internet Connections, RSP, ISS, JDF, Passwords, NAAP, DefCon V, RSO, Hackers, Encryption, ASWS, Espionage, USDOJ, NSA, CIA, S/Key, SSL, FBI, Secret Service, USSS, Defcon, Military, White House, Undercover, NCCS, Mayfly, PGP, SALDV, PEM, resta, RSA, Perl-RSA, MSNBC, bet, AOL, AOL TOS, CIS, CBOT, AIMSX, STARLAN, 3B2, BITNET, Tanzania, SAMU, COSMOS, DATTA, E911, FCIC, HTCIA, IACIS, UT/RUS, JANET, ram, JICC, ReMOB, LEETAC, UTU, VNET, BRLO, SADCC, NSLEP, SACLANTCEN, FALN, 877, NAVELEXSYSSECENGCEN, BZ, CANSLO, CBNRC, CIDA, JAVA, rsta, Awarehouse, Active X, Compsec 97, RENS, LLC, DERA, JIC, ri! p, rb, Wu, RDI, Mavricks, BIOL, Meta-hackers, ^?, SADT, Steve Case, Tools, RECCEX, Telex, OTAN, monarchist, NMIC, NIOG, IDB, MID/KL, NADIS, NMI, SEIDM, BNC, CNCIS, STEEPLEBUSH, RG, BSS, DDIS, mixmaster, BCCI, BRGE, SARL, Military Intelligence, JICA, Scully, recondo, Flame, Infowar, Bubba, Freeh, Donaldson, Archives, ISADC, CISSP, Sundevil, jack, Investigation, JOTS, ISACA, NCSA, ASVC, spook words, RRF, 1071, Bugs Bunny, Verisign, Secure, ASIO, Lebed, ICE, NRO, Lexis-Nexis, NSCT, SCIF, FLiR, JIC, bce, Lacrosse, Bunker, Flashbangs, HRT, IRA, EODG, DIA, USCOI, CID, BOP, FINCEN, FLETC, NIJ, ACC, AFSPC, BMDO, site, SASSTIXS, NAVWAN, NRL, RL, NAVWCWPNS, NSWC, USAFA, AHPCRC, ARPA, SARD, LABLINK, USACIL, SAPT, USCG, NRC, ~, O, NSA/CSS, CDC, DOE, SAAM, FMS, HPCC, NTIS, SEL, USCODE, CISE, SIRC, CIM, ISN, DJC, bemd, SGC, UNCPCJ, CFC, SABENA, DREO, CDA, SADRS, DRA, SHAPE, bird dog, SACLANT, BECCA, DCJFTF, HALO, SC, TA SAS, Lander, GSM, T Branch, AST, SAMCOMM, HAHO, FKS, 868, GCHQ, DITSA, S! ORT, AMEMB, NSG, HIC, EDI, benelux, SAS, SBS, SAW, UDT, EODC, GOE, DOE, SAMF, GEO, JRB, 3P-HV, Masuda, Forte, AT, GIGN, Exon Shell, radint, MB, CQB, CONUS, CTU, RCMP, GRU, SASR, GSG-9, 22nd SAS, GEOS, EADA, SART, BBE, STEP, Echelon, Dictionary, MD2, MD4, MDA, diwn, 747, ASIC, 777, RDI, 767, MI5, 737, MI6, 757, Kh-11, EODN, SHS, ^X, Shayet-13, SADMS, Spetznaz, Recce, 707, CIO, NOCS, Halcon, NSS, Duress, RAID, Uziel, wojo, Psyops, SASCOM, grom, NSIRL, D-11, SERT, VIP, ARC, S.E.T. Team, NSWG, MP5k, SATKA, DREC, DEVGRP, DF, DSD, FDM, GRU, LRTS, SIGDEV, NACSI, MEU/SOC,PSAC, PTT, RFI, ZL31, SIGDASYS, TDM, SUKLO, SUSLO, TELINT, fake, TEXTA, ELF, LF, MF, SIGS, VHF, Recon, peapod, PA598D28, Spall, dort, 50MZ, 11Emc Choe, SATCOMA, UHF, SHF, ASIO, SASP, WANK, Colonel, domestic disruption, 5ESS, smuggle, Z- 200, 15kg, UVDEVAN, RFX, nitrate, OIR, Pretoria, M-14, enigma, Bletchley Park, Clandestine, NSO, nkvd, argus, afsatcom, CQB, NVD, Counter Terrorism Security, SARA, Rapid Reaction, JSOF! C3IP, Corporate Security, Police, sniper, PPS, ASIS, ASLET, TSCM, Security Consulting, M-x spook, Z-150T, High Security, Security Evaluation, Electronic Surveillance, MI-17, ISR, NSAS, Counterterrorism, real, spies, IWO, eavesdropping, debugging, CCSS, interception, COCOT, NACSI, rhost, rhosts, ASO, SETA, Amherst, Broadside, Capricorn, NAVCM, Gamma, Gorizont, Guppy, NSS, rita, ISSO, submiss, ASDIC, .tc, 2EME REP, FID, 7NL SBS, tekka, captain, 226, .45, nonac, .li, Ionosphere, Mole, Keyhole, NABS, Kilderkin, Artichoke, Badger, Emerson, Tzvrif, SDIS, T2S2, STTC, DNR, NADDIS, NFLIS, CFD, quarter, Cornflower, Daisy, Egret, Iris, JSOTF, Hollyhock, Jasmine, Juile, Vinnell, B.D.M., Sphinx, Stephanie, Reflection, Spoke, Talent, Trump, FX, FXR, IMF, POCSAG, rusers, Covert Video, Intiso, r00t, lock picking, Beyond Hope, LASINT, csystems, .tm, passwd, 2600 Magazine, JUWTF, Competitor, EO, Chan, Pathfinders, SEAL Team 3, JTF, Nash, ISSAA, B61-11, Alouette, executive, Event Security,! Mace, Cap-Stun, stakeout, ninja, ASIS, ISA, EOD, Oscor, Merlin, NTT, SL-1, Rolm, TIE, Tie-fighter, PBX, SLI, NTT, MSCJ, MIT, 69, RIT, Time, MSEE, Cable & Wireless, CSE, SUW, J2, Embassy, ETA, Fax, finks, Fax encryption, white noise, Fernspah, MYK, GAFE, forcast, import, rain, tiger, buzzer, N9, pink noise, CRA, M.P.R.I., top secret, Mossberg, 50BMG, Macintosh Security, Macintosh Internet Security, OC3, Macintosh Firewalls, Unix Security, VIP Protection, SIG, sweep, Medco, TRD, TDR, Z, sweeping, SURSAT, 5926, TELINT, Audiotel, Harvard, 1080H, SWS, Asset, Satellite imagery, force, NAIAG, Cypherpunks, NARF, 127, Coderpunks, TRW, remailers, replay, redheads, RX-7, explicit, FLAME, JTF-6, AVN, ISSSP, Anonymous, W, Sex, chaining, codes, Nuclear, 20, subversives, SLIP, toad, fish, data havens, unix, c, a, b, d, SUBACS, the, Elvis, quiche, DES, 1*, NATIA, NATOA, sneakers, UXO, (), OC-12, counterintelligence, Shaldag, sport, NASA, TWA, DT, gtegsc, owhere, .ch, hope, emc, industr! ial espionage, SUPIR, PI, TSCI, spookwords, industrial intelligence, H.N.P., SUAEWICS, Juiliett Class Submarine, Locks, qrss, loch, 64 Vauxhall Cross, Ingram Mac-10, wwics, sigvoice, ssa, E.O.D., SEMTEX, penrep, racal, OTP, OSS, Siemens, RPC, Met, CIA-DST, INI, watchers, keebler, contacts, Blowpipe, BTM, CCS, GSA, Kilo Class, squib, primacord, RSP, Z7, Becker, Nerd, fangs, Austin, no|d, Comirex, GPMG, Speakeasy, humint, GEODSS, SORO, M5, BROMURE, ANC, zone, SBI, DSS, S.A.I.C., Minox, Keyhole, SAR, Rand Corporation, Starr, Wackenhutt, EO, burhop, Wackendude, mol, Shelton, 2E781, F-22, 2010, JCET, cocaine, Vale, IG, Kosovo, Dake, 36,800, Hillal, Pesec, Hindawi, GGL, NAICC, CTU, botux, Virii, CCC, ISPE, CCSC, Scud, SecDef, Magdeyev, VOA, Kosiura, Small Pox, Tajik, +=, Blacklisted 411, TRDL, Internet Underground, BX, XS4ALL, wetsu, muezzin, Retinal Fetish, WIR, Fetish, FCA, Yobie, forschung, emm, ANZUS, Reprieve, NZC-332, edition, cards, mania, 701, CTP, CATO, Phon- e, Chicago! Posse, NSDM, l0ck, spook, keywords, QRR, PLA, TDYC, W3, CUD, CdC, Weekly World News, Zen, World Domination, Dead, GRU, M72750, Salsa, 7, Blowfish, Gorelick, Glock, Ft. Meade, NSWT, press- release, WISDIM, burned, Indigo, wire transfer, e-cash, Bubba the Love Sponge, Enforcers, Digicash, zip, SWAT, Ortega, PPP, NACSE, crypto-anarchy, AT&T, SGI, SUN, MCI, Blacknet, SM, JCE, Middleman, KLM, Blackbird, NSV, GQ360, X400, Texas, jihad, SDI, BRIGAND, Uzi, Fort Meade, *&, gchq.gov.uk, supercomputer, bullion, 3, NTTC, Blackmednet, :, Propaganda, ABC, Satellite phones, IWIS, Planet-1, ISTA, rs9512c, South Africa, Sergeyev, Montenegro, Toeffler, Rebollo, sorot, cryptanalysis, nuclear, 52 52 N - 03 03 W, Morgan, Canine, GEBA, INSCOM, MEMEX, Stanley, FBI, Panama, fissionable, Sears Tower, NORAD, Delta Force, SEAL, virtual, WASS, WID, Dolch, secure shell, screws, Black-Ops, O/S, Area51, SABC, basement, ISWG, $ @, data-haven, NSDD, black-bag, rack, TEMPEST, Goodwin, rebels, ID, MD5, ID! EA, garbage, market, beef, Stego, ISAF, unclassified, Sayeret Tzanhanim, PARASAR, Gripan, pirg, curly, Taiwan, guest, utopia, NSG, orthodox, CCSQ, Alica, SHA, Global, gorilla, Bob, UNSCOM, Fukuyama, Manfurov, Kvashnin, Marx, Abdurahmon, snullen, Pseudonyms, MITM, NARF, Gray Data, VLSI, mega, Leitrim, Yakima, NSES, Sugar Grove, WAS, Cowboy, Gist, 8182, Gatt, Platform, 1911, Geraldton, UKUSA, veggie, XM, Parvus, NAVSVS, 3848, Morwenstow, Consul, Oratory, Pine Gap, Menwith, Mantis, DSD, BVD, 1984, blow out, BUDS, WQC, Flintlock, PABX, Electron, Chicago Crust, e95, DDR&E, 3M, KEDO, iButton, R1, erco, Toffler, FAS, RHL, K3, Visa/BCC, SNT, Ceridian, STE, condor, CipherTAC-2000, Etacs, Shipiro, ssor, piz, fritz, KY, 32, Edens, Kiwis, Kamumaruha, DODIG, Firefly, HRM, Albright, Bellcore, rail, csim, NMS, 2c, FIPS140-1, CAVE, E-Bomb, CDMA, Fortezza, 355ml, ISSC, cybercash, NAWAS, government, NSY, hate, speedbump, joe, illuminati, BOSS, Kourou, Misawa, Morse, HF, P415, ladylove, fi! lofax, Gulf, lamma, Unit 5707, Sayeret Mat'Kal, Unit 669, Sayeret Golani, Lanceros, Summercon, NSADS, president, ISFR, freedom, ISSO, walburn, Defcon VI, DC6, Larson, P99, HERF pipe-bomb, 2.3 Oz., cocaine, $, impact, Roswell, ESN, COS, E.T., credit card, b9, fraud, ST1, assassinate, virus, ISCS, ISPR, anarchy, rogue, mailbomb, 888, Chelsea, 1997, Whitewater, MOD, York, plutonium, William Gates, clone, BATF, SGDN, Nike, WWSV, Atlas, IWWSVCS, Delta, TWA, Kiwi, PGP 2.6.2., PGP 5.0i, PGP 5.1, siliconpimp, SASSTIXS, IWG, Lynch, 414, Face, Pixar, IRIDF, NSRB, eternity server, Skytel, Yukon, Templeton, Johohonbu, LUK, Cohiba, Soros, Standford, niche, ISEP, ISEC, 51, H&K, USP, ^, sardine, bank, EUB, USP, PCS, NRO, Red Cell, NSOF, Glock 26, snuffle, Patel, package, ISI, INR, INS, IRS, GRU, RUOP, GSS, NSP, SRI, Ronco, Armani, BOSS, Chobetsu, FBIS, BND, SISDE, FSB, BfV, IB, froglegs, JITEM, SADF, advise, TUSA, LITE, PKK, HoHoCon, SISMI, ISG, FIS, MSW, Spyderco, UOP, SSCI, NIMA, HAMASMOIS, SVR, SIN, advisors, SAP, Monica, OAU, PFS, Aladdin, AG, chameleon man, Hutsul, CESID, Bess, rail gun, .375, Peering, CSC, Tangimoana Beach, Commecen, Vanuatu, Kwajalein, LHI, DRM, GSGI, DST, MITI, JERTO, SDF, Koancho, Blenheim, Rivera, Kyudanki, varon, 310, 17, 312, NB, CBM, CTP, Sardine, SBIRS, jaws, SGDN, ADIU, DEADBEEF, IDP, IDF, Halibut, SONANGOL, Flu, &, Loin, PGP 5.53, meta, Faber, SFPD, EG&G, ISEP, blackjack, Fox, Aum, AIEWS, AMW, RHL, Baranyi, WORM, MP5K-SD, 1071, WINGS, cdi, VIA, DynCorp, UXO, Ti, WWSP, WID, osco, Mary, honor, Templar, THAAD, package, CISD, ISG, BIOLWPN, JRA, ISB, ISDS, chosen, LBSD, van, schloss, secops, DCSS, DPSD, LIF, PRIME, SURVIAC, telex, SP4, Analyzer, embassy, Golf, B61-7, Maple, Tokyo, ERR, SBU, Threat, JPL, Tess, SE, EPL, SPINTCOM, ISS-ADP, Merv, Mexico, SUR, SO13, Rojdykarna, airframe, 510, EuroFed, Avi, shelter, Crypto AG.

No comments:

Post a Comment