Thanks to a three-part (part 1, part 2, part 3) article on the German paper, Der Spiegel, we know that the NSA not only has a secret division within the agency who’s expressed purpose is to exploit various hardware and software technologies, but that they have a ‘product catalog’ of sorts that they can pull from for various purposes. The TAO, which is their Tailored Access Operations division exists within a former Sony facility in San Antonio. This facility is officially named the Texas Cryptology Center and is an official NSA facility, but unofficially is home to the TAO, the NSA’s top hacking unit. The NSA did acknowledge the existence of the TAO division and its mission to Der Spiegel but did not explain anything beyond that.
The problem with the NSA’s TAO division or unit is that they are the NSA’s prime force that exists to accomplish complicated physical tasks. In the documents provided to Der Spiegel, it was made clear to them that the TAO was capable of incredible tasks that included the installation of backdoors or backdoors that already existed. While Der Spiegel’s information is clearly dated (documents date from 2008), it also lacks some technical explanations of the NSA’s capabilities. Little detail has been provided about how the TAO gains access to some of the hardware companies listed in the 50-page ‘product catalog’ which reads like a laundry list of technical hacking tools. Some of the tools involve USB cables that connect to a target’s computer and transmit the data from the computer over the air. Other tools involve building cellular base stations that allow the NSA to intercept cellular traffic in order to gain full access to that person’s calls, texts and or data.
Additionally, the documents showed tools that allow the NSA to hack into various networking infrastructure companies, including the two biggest, Cisco and Juniper. The documents also stated that the NSA had the ability to gain BIOS level access to certain systems and could install itself on a firmware level. This was not limited to motherboards, however, since they also mentioned that they could gain access to certain hard drive manufacturers such as Western Digital and Seagate. I suspect that this access is obtained through the hacking of the hard drive controller firmware which would likely involve hacking LSI and Marvell (Seagate and WD’s primary controller suppliers) firmware.
Der Spiegel contacted the hardware companies involved and stated that none of the companies had any knowledge of this occurring, however, Dell’s response was a bit more ambiguous. Stating that the company, "respects and complies with the laws of all countries in which it operates." Which to me is basically an admission of guilt in complying with the NSA’s requests to build in backdoors.
Such revelations regarding American-based technology companies and the vulnerability of their hardware further hurts the technology economy of the US. It is still unknown what the impact could be on the US IT industry, but I suspect that billions of dollars of business stand to be lost to non-US companies because of such major developments. The US Government, the FBI, CIA and NSA are not only jeopardizing the profit of the companies’ whom they hack, but they also risk hurting the US tech economy’s perception and strength. Not to mention, if this makes other countries not want to deal with US tech companies we will start to bleed jobs and talent and become a second class economy. Right now, the only thing keeping the US economy are the tech and medical sectors and if you stunt the fast-growing tech sector you risk taking down the whole economy with it.
People invested with these companies and executives within these companies should be lobbying to end these programs immediately and to create laws that forbid such behavior. Because now that we see what our inaction in the face of the Patriot Act has accomplished we must correct our mistakes or forever pay for them in this global economy. Many countries will simply do whatever possible to avoid business with American tech companies and start to look for alternatives which will likely spark growth in other countries rather than in the US.
Also, you know those crash reports that you get when something goes wrong and it asks you if you wish to send them to Microsoft? Anyone with a slightly paranoid/privacy obsessed personality would always say no to these assuming that Microsoft could be spying on you. And heck, Microsoft even states that these crash reports are not used to personally identify information about you or your usage but rather just to solve software problems. And that this software is specially encrypted to protect users. However, the NSA has found a way to not only intercept these crash reports which include tons of user information but also to decrypt the information and use it as a passive method of surveillance.
In addition to these recent revelations regarding computer hardware and networking companies, it was also discovered that the TAO intercepts targets’ computer purchase shipments. Once they’ve carefully gotten into the computer, they install their own malware/spyware on the machine and basically give themselves full access to the device remotely. While it remains to be seen how they accomplish this task, I have a feeling that the government must have some sort of a way to secretly divert a package from its original destination. Now you might think twice when your next smartphone or computer package is ‘delayed’ for no reason and arrives a day or two late. Heck, it might even be possible that they accomplish such tasks without any delays in delivery, which would make things all the more terrifying and unknown, yet effective.
Overall, such revelations including the spying on the Mexican version of the CIA further indicates the completely unabated nature of the NSA’s actions and their behavior. They effectively act without any accountability and do whatever they deem advantageous to the agency’s mission of gathering as much information on anyone and everyone possible. Surely, they claim that their only goal is to search for information on foreign terrorists, but it appears quite clear that the NSA spies on US allies and citizens in order to accomplish their ends. In the name of liberty and justice the ends do not justify the means, especially when they violate the fundamental principals that our country was founded upon.