Attendees at the Chaos Communications Congress in Hamburg this weekend got a surprising rundown of the NSA's surveillance capabilities, courtesy of security researcher Jacob Appelbaum.
Appelbaum, who co-wrote the Der Spiegel article that first revealed the NSA catalog, went into further detail onstage, describing several individual devices in the...
catalog and their intended purposes.THE EXPLOITS COULD BE DELIVERED BY DRONE
Alongside pre-packaged exploits that allowed control over iOS devices and any phone communicating through GSM, Appelbaum detailed a device that targets computers through packet injection, seeding exploits fromup to 8 miles away. He even speculated the exploits could be delivered by drone, although he conceded that in most cases, an unmarked van would likely be more practical.
The brochure in question dates from 2007, suggesting capabilities may have advanced even further since then — but Appelbaum left little doubt that he believes these tactics are still in use, and offered several instances in which he's seen them in action.
One case involved Julian Assange's current home at the Ecuadorian Embassy in London, where visitors were surprised to receive welcome messages from a Ugandan telephone company. It turned out the messages were coming from a foreign base station device installed on the roof, masquerading as a cell tower for surveillance purposes. Appelbaum suspects the GCHQ simply forgot to reformat the device from an earlier Ugandan operation.
Update: Cisco, cited in the original Der Spiegel article, is formally investigating the potential hack. "On Monday, December 30th, Der Spiegel magazine published additional information about the techniques allegedly used by NSA TAO to infiltrate the technologies of numerous IT companies," wrote senior VP John Stewart. "As a result of this new information coming to light, the Cisco Product Security Incident Response Team (PSIRT) has opened an investigation."
Source:http://www.theverge.com/2013/12/30/5256636/nsa-tailored-access-jacob-appelbaum-speech-30c3
No comments:
Post a Comment