Remote-access Guide

codenamed cottonmouth usb hardware implant nsa remote access

by Braeden Will Published 3 years ago Updated 2 years ago

What is the cottonmouth series of implants?

The COTTONMOUTH series of implants are USB devices that provide a covert wireless bridge into a target network. They can be integrated into any USB plug, so check your mouse.

Does the NSA use USB cables to spy?

And in still others, the NSA has built and deployed its own USB cables at target locations—complete with spy hardware and radio transceiver packed inside.

What kind of implants does the NSA have?

There are a number of other implanted devices that the NSA has in its TAO arsenal, including USB and Ethernet implants that can transmit short-range radio signals and more robust implanted hardware for longer-range transmissions.

How does the NSA control computers remotely?

Enlarge / GINSU allows the NSA to slice and dice computers' hard drives and control them remotely over a covert radio connection. An implanted wireless device is the NSA’s go-to approach for dealing with “air-gapped” networks—networks that don’t have an Internet connection for security reasons.

If you have purchased a laptop online, the NSA may have implanted spy malware on your device before it was shipped to your address

If you have purchased a laptop online, the NSA may have implanted spy malware on your device before it was shipped to your address.

Baxter Dmitry

Baxter Dmitry is a writer at News Punch. He covers politics, business and entertainment. Speaking truth to power since he learned to talk, Baxter has travelled in over 80 countries and won arguments in every single one. Live without fear.

How does the NSA get to cell phone data?

Also in the bag of tricks are a number of wireless monitoring devices, as well as “networks in a box” and other gear that can pose as cell towers and networks— intercepting devices as they enter an area and grabbing up their voice, data, and SMS traffic. A "tripwire" program called CANDYGRAM can send out alerts whenever a cell phone hits a specified cell tower.

How does the NSA install backdoors?

In some cases, the NSA’s operators install backdoor hardware and firmware directly onto the systems by “interdiction”— the systems are diverted during shipping to “load stations” where the surveillance components are installed. (This interception may have been accomplished with the cooperation of shipping companies or other government agencies; details of the process remain murky.) In other cases, the NSA uses an insider with a USB device or remote access tools deployed by other means to gain access to computer systems, allowing the NSA to “reflash” their low-level BIOS firmware.

What is a SWAP attack?

Either way, the altering of systems’ firmware or hardware gives the NSA the ability to install backdoors that can survive a total operating system wipe and re-installation. One BIOS attack, called SWAP, was developed by the NSA to attack a number of types of computers and operating systems by loading surveillance and control software at boot-up. SWAP uses the Host Protected Area on a computer’s hard drive to store the payload and installs it before the operating system boots.

What routers were exploited in 2007?

Juniper routers weren’t the only targets of these sorts of BIOS “implants,” either—firewalls and routers from Cisco and Huawei were also on the 2007 menu for firmware and software exploits. Such router exploits didn’t even require interception of the hardware but could in many cases be remotely installed by way of another hack.

What is GINSU in NSA?

Enlarge / GINSU allows the NSA to slice and dice computers' hard drives and control them remotely over a covert radio connection.

How far can the NSA hack into a network?

For networks that the NSA can't get to physically, there's NIGHTSTAND, a self-contained Wi-Fi hacking system that can break into networks up to eight miles away , in optimum conditions. NIGHTSTAND hijacks the target network and uses packet injection attacks to install exploits on the target network's computers. Combined with a Windows exploit called SOMBERKNAVE, which uses a computer's Wi-Fi adapter to "phone home" with data, it could be used to collect data from target computers even when they're not intentionally connected to a network.

How old are the NSA exploits?

It’s important to note that the exploits in the documents are largely over five years old, so they don’t necessarily give a complete picture of what the NSA is capable of today. That doesn’t mean that these techniques are no longer in circulation—given the stubbornness of Windows XP, many of the exploits developed for older Windows platforms may have years left in them, and some of the adversaries the NSA is trying to monitor don’t have Fortune 500 hardware refresh rates.

Who detailed all these attacks in an article published last year in the ScienceDirect journal?

The Ben-Gurion team detailed all these attacks in an article published last year in the ScienceDirect journal.

What is autorun exploit?

21) AutoRun Exploits - depending on how host computers were configured, some PCs would auto-execute predetermined files located on a USB device's storage. There's an entire malware category dedicated to this called autorun malware.

What is B1 in USB?

B1) By reprogramming the USB device's firmware to execute malicious actions (such as malware downloading, data exfiltration, etc.).

What is iSeeYou POC?

17) iSeeYou - POC program that reprograms the firmware of a class of Apple internal iSight webcams so that an attacker can covertly capture video without the LED indicator warning.

What is a cold boot attack?

22) Cold Boot Attacks - aka the RAM dump attack. Attackers can store a memory dumper on a USB flash drive and extract left-over data from RAM by booting from a USB device.

How many ways can USB devices compromise computers?

Researchers from the Ben-Gurion University of the Negev in Israel have identified 29 ways in which attackers could use USB devices to compromise users' computers.

What is HID attack?

10) Smartphone-based HID attacks - first described in a research paper for which researchers created custom Android gadget drivers to overwrite how Android interacted with USB devices. The malicious driver interacted with the Android USB gadget API to simulate USB keyboard and mouse devices connected to the phone.

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 1 2 3 4 5 6 7 8 9