NSA Playset

The NSA Playset is an open source project, which was inspired by the NSA ANT catalog,[1] to create more accessible and easy to use tools for security researchers.[2] Most of the surveillance tools can be recreated with off-the-shelf or open-source hardware and software.[3] Thus far, the NSA Playset consists of fourteen items, for which the code and instructions can be found online on the project’s homepage.[4]

Background

After the initial NSA ANT catalog leak, which was published by Der Spiegel in 2013,[4][5] Michael Ossman, the founder of Great Scott Gadgets, gave a shout out to other security researchers to start working on the tools mentioned in the catalog and to recreate them.[6] The name NSA Playset[3] came originally from Dean Pierce, who is also a contributor(TWILIGHTVEGETABLE(GSM)) to the NSA Playset. Anyone is invited to join and contribute their own device. The requisites for an addition to the NSA Playset is a similar or already existing NSA ANT project, ease of use and a silly name based on the original tool’s name.[4][5] The silly name requisite is a rule that Michael Ossman himself came up with and an example is given on the project’s website: "For example, if your project is similar to FOXACID, maybe you could call it COYOTEMETH." The ease of use part stems also from the NSA Playset's motto: "If a 10 year old can’t do it, it doesn't count!"

Capabilities
  1. TWILIGHTVEGETABLE: a boot image for GSM communication monitoring.[4]
  2. LEVITICUS: a hand held GSM frequency analyzer disguised as a Motorola Phone.[4]
  3. DRIZZLECHAIR: a hard drive with all the needed tools to crack A5/1 including the rainbow tables.[4]
  4. PORCUPINEMASQUERADE: a passive Wi-Fi reconnaissance drone.[4]
  5. KEYSWEEPER: a Keylogger in form of an USB wall charger, that wirelessly and passively sniffs, decrypts, logs and reports back (over GSM).[4]
  6. SLOTSCREAMER: a PCI hardware implant, which can access memory and IO.[4]
  7. ADAPTERNOODLE: an USB exploitation device.
  8. CHUKWAGON: uses a pin on a computer's VGA port to attack via the I²C bus accessing the computer's operating system.[4]
  9. TURNIPSCHOOL: a hardware implant concealed in a USB cable which provides short range Radio frequency communication capability to software running on the host computer.[4]
  10. BLINKERCOUGH: a hardware implant that is embedded in a VGA cable which allows data exfiltration.[4]
  11. SAVIORBURST: a hardware implant exploiting the JTAG interface for software application persistence.
  12. CACTUSTUTU: Portable system that enables wireless installation of Microsoft Windows exploits.
  13. TINYALAMO: software that targets BLE (Bluetooth Low Energy) and allows keystroke surveillance(Keylogger) and injection.[4]
  14. CONGAFLOCK: Radio frequency retroreflector intended for experimentation Intended use would be the implantation into a cable and data exfiltration based on radio reflectivity of the device.(FLAMENCOFLOCK (PS/2), TANGOFLOCK(USB), SALSAFLOCK(VGA) are retroreflectors with specific interfaces to test data exfiltration. )[4]

References
  1. Rutrell Yasin (August 7, 2015). "The NSA Playset: 5 Better Tools To Defend Systems". DarkReading.com. Retrieved June 14, 2017.
  2. Lucy Teitler (November 17, 2014). "Let's Play NSA! The Hackers Open-Sourcing Top Secret Spy Tools". Motherboard. Retrieved June 14, 2017.
  3. Michael Ossmann (July 31, 2014). "The NSA Playset". Mossman's blog. Retrieved June 14, 2017.
  4. Sean Gallagher (August 11, 2015). "The NSA Playset: Espionage tools for the rest of us". Ars Technica: Technology Lab. Retrieved June 14, 2017.
  5. David Rudin (August 18, 2015). "The NSA Playset is trying to democratize surveillance using the aesthetic of child's play". Kill Screen. Retrieved June 14, 2017.
  6. Violet Blue (June 11, 2014). "NSA Playset invites hackers to 'play along with the NSA'". ZD Net. Retrieved June 15, 2017.
This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.