A Snowden leak accompanying today’s story on the NSA’s Tailored Access Operations group (TAO) details the NSA’s toolbox of exploits , developed by an NSA group called ANT (Advanced or Access Network Technology). ANT’s catalog runs to 50 pages, and lists electronic break-in tools, wiretaps, and other spook toys. For example, the catalog offers FEEDTROUGH, an exploit kit for Juniper Networks’ firewalls; gimmicked monitor cables that leak video-signals; BIOS-based malware that compromises the computer even before the operating system is loaded; and compromised firmware for hard drives from Western Digital, Seagate, Maxtor and Samsung. Many of the exploited products are made by American companies, and hundreds of millions of everyday people are at risk from the unpatched vulnerabilities that the NSA has discovered in their products. The ANT division doesn’t just manufacture surveillance hardware. It also develops software for special tasks. The ANT developers have a clear preference for planting their malicious code in so-called BIOS, software located on a computer’s motherboard that is the first thing to load when a computer is turned on. This has a number of valuable advantages: an infected PC or server appears to be functioning normally, so the infection remains invisible to virus protection and other security programs. And even if the hard drive of an infected computer has been completely erased and a new operating system is installed, the ANT malware can continue to function and ensures that new spyware can once again be loaded onto what is presumed to be a clean computer. The ANT developers call this “Persistence” and believe this approach has provided them with the possibility of permanent access. Another program attacks the firmware in hard drives manufactured by Western Digital, Seagate, Maxtor and Samsung, all of which, with the exception of latter, are American companies. Here, too, it appears the US intelligence agency is compromising the technology and products of American companies. Shopping for Spy Gear: Catalog Advertises NSA Toolbox [Jacob Appelbaum, Judith Horchert and Christian Stöcker/Spiegel]
Read the original post:
NSA has a 50-page catalog of exploits for software, hardware, and firmware
An anonymous reader writes with this news from California: “According to the article, ‘Officials at the Federal Bureau of Prisons say an inmate escaped from a minimum security area of the federal prison in Lompoc. Prison officials say Jeffrey Kilbride, 48, was discovered missing at around 1:30 p.m. on Friday….A search is reportedly underway. Prison officials say Kilbride was serving a 78-month sentence for conspiracy and fraud. He was due to be released on December 11, 2015.'” Here’s why Killbride was in prison. Read more of this story at Slashdot. 
