NSA intercepting PC shipments to install spyware

The massive amount of surveillance conducted by the National Security Agency, all in the name of combating terrorism, continues to be revealed layer by layer. In recent weeks, there have been reports that the NSA has tried to infiltrate online gaming networks. Today, a new story from the German website Der Spiegel claims that the NSA intercepts PCs in mid-shipment to install spy software and hardware inside.

The report, which the site says is based on examining internal NSA documents, goes into the activities of the group's Office of Tailored Access Operations, or TAO. According to the story, TAO is the agency's top hacker unit and is responsible for all sorts of activities, from getting inside a Windows-based computer remotely if it generates an error message to even tapping into the Internet data lines that are placed under the ocean from Europe to North Africa.

One part of the report claims when the NSA has targeted an individual or group for investigation, and when that target later orders a new PC, that shipment can be intercepted by TAO and directed to their own workshops . The report states:

At these so-called "load stations," agents carefully open the package in order to load malware onto the electronics, or even install hardware components that can provide backdoor access for the intelligence agencies. All subsequent steps can then be conducted from the comfort of a remote computer.

Earlier in December, several technology companies sent an open letter to President Barack Obama and members of the U.S. Congress, asking them to launch a full scale reform on government surveillance activities.

Source: Der Spiegel via The Verge | Digital eye image via Shutterstock

Report a problem with article
Previous Story

Netflix quietly removing over 100 titles in January

Next Story

Samsung offers a future with lots of touchscreeen displays in concept video

87 Comments

Commenting is disabled on this article.

Hello,

I dont believe anything about NSA spying on anyone. There are just papers and talk. Until there is physically a device on a PC that we have no idea what it does and we cannot uninstall/disable it this is fake.

I believe that (most) NSA spying related news is personally fake. And even if it is real, why should I care? As long you are not doing anything illegal, you shouldnt care either!

Oh, ok let me come over to your house and search through all your stuff. It should be OK with you since you aren't hiding anything... /s

For half a century America was worried about the Communist and KGB, only to not know that the KGB became the NSA and thrives here with no limits.

it looks like the NSA have a million computer programmers, who can create perfectly working and perfectly hidden computer code that spy on everything, and they also create a big brain to analyse this data, and artificial intelligence, and super computers and blah blah blah

I don't think the government has enough people to go thru every electronic gadget made. It just seems impossible to do that. If the mods have been done at the factory then that is another thing.

Does anyone else think that if another company did this it would be considered industrial espionage and be highly illegal but when our government does it it is perfectly legal. WTF?!?!?

Yes, things break down when the government has more rights than the people. The government is supposed to be a tool of the people, they are supposed to work for us.

America deserves its horrible economy if its wasting money of things like this. Like really, when it learn that spending all its money on ****ing off the world isnt sustainable. Its too busy waging war, playing world cop, and spying on ppl to actually take care of the needs of its own population.

Did they have warrants to do that? If they use the FBI in the US, I would think they would need a warrant. The CIA outside of the US would probably just do it. Man, US tech companies are probably screwed. Who would trust them now?

You can just make anything up you want and people will believe it. The real name of this game is economic propaganda. It's the same as the people trying to discourage Chinese products because the government was allegedly installing whatever on it.

Spicoli said,
You can just make anything up you want and people will believe it.
Only if you never try and see if they're true for yourself and take everything at face value. These are things you can test for, it's important to trust your own system and the people/devices you share sensitive data with.

There will come a time when this is built into the hardware, if it isn't already.

http://www.wireshark.org/

I've always wiped the hard drive of any laptop I buy (build my own desktops) and installed my own software. Mostly to get rid of adware/bloatware but you never really know what security vulnerabilities vendor software has or what terrible configuration choices they make that can expose you to malware or make your PC vulnerable.

The problem is not everyone verifies their software and runs firewall/network analyzing software. Another problem is many Windows devices ship with OEM recovery CDs and not the original software from MS, but even then MS discloses vulnerabilities to the NSA before they release fixes, so it's hard to trust the NSA's motives on that one.

http://www.techweekeurope.co.u...a-prism-intelligence-119071

Edited by Geezy, Dec 29 2013, 8:11pm :

Yes, it allows you to view protocol and packet data that goes through a specified network interface. Know what is being sent/received from your computer on a very granular level and sniff out suspicious activity that may be occurring on your own hardware.

Geezy said,
There will come a time when this is built into the hardware, if it isn't already.

Just thinking out loud here... Say the network adapter's firmware is compromised such that it doesn't even report packets bound for or originating from the NSA's command and control servers, how would a packet sniffer help?

You use it on a different verified device to sniff the traffic of the unknown device. You have to be sure the OS, driver, and hardware on the sniffing device are not compromised. I still have a 286 and 486 with an ISA Ethernet adapter lol

Geezy said,
Yes, it allows you to view protocol and packet data that goes through a specified network interface. Know what is being sent/received from your computer on a very granular level and sniff out suspicious activity that may be occurring on your own hardware.

Only when data is sent out properly, I'd assume a place like the FBI would be able to come up with ways of sending out data via the network port that you'd never know about.
A bit like how some bueiness dells can 'phone home' at the hardware level without any trace appearing in wireshark and some business intel systems which also do it at the hardware level, again, not detectable from wireshark.

Wireshark would be running on a device you trust, between the WAN and the untrusted device, not directly on the untrusted device itself. It would be up to you to analyze the data and find possible leaks and issues, and yes it's possible to cleverly hide data in seemingly innocuous ways, but hopefully you're smart enough to find out

recently i bought a 500gb hdd and i noticed after installing windows and logging in for the first time vlc and other apps automatically start to install from somewhere without even asking me, i barely have enough time to terminate them with task manager and have to uninstall them later with your uninstaller

i had to reinstall windows so i formated the whole hdd, like i do every time, yet the same apps started installing themselves again

is the NSA doing that sort of thing too?
is there a way to rid myself of that bloatware on my hdd?

Geezy said,
What copy of Windows are you using where VLC installs automatically?

Bingo. Has to be a modified copy; you know, the ones that have some of the integrated components removed/nLited, updates/hotfixes/SPs slipstreamed, scripts set up to silently install software once the OS is up and running... If the poster didn't make it himself (which is evident) and doesn't know who did and he's not restoring from a manufacturer provided disc (which may contain third-party apps like VLC but is highly unlikely), he's most probably using a pirated downloaded copy of the OS.

And who knows what nefarious apps could also be installed. Keyloggers, screencap software, webcam/mic snapshot software, botnet software. Always have a legitimate copy. Aside from pirated copies that are tampered with, unfortunately many OEMs don't give you pure Windows but only a recovery disk with third party software.

Edited by Geezy, Dec 29 2013, 10:25pm :

Geezy said,
And who knows what nefarious apps could also be installed. Keyloggers, screencap software, webcam/mic snapshot software, botnet software.

Yeah, I never do understand what they get out of it. Either use an unmodified copy or modify your own if you know how (you don't even need to be too technically minded since there are apps that make it easy to do). Who in their right mind blindly installs an OS modified by some stranger on the internet?

Even with pure original Windows though, you may be safer against unknown attackers who don't have zero day exploits, but you are not safe against the NSA since MS discloses vulnerabilities to the NSA as soon as they are discovered, which means before they release this information to anyone else and before they patch them.
http://www.techweekeurope.co.u...a-prism-intelligence-119071

At least you're better off than with a bunch of keyloggers and malware on your system though!

genuine windows 7 x64, i can bet if i install a different version of windows, the same apps will start self installing again

ive used the same copy of windows on my old hdd, and no apps

its more than evident they are being preloaded on the hdd, is there any chance of getting rid of them?

genuine windows 7 x64, i can bet if i install a different version of windows, the same apps will start self installing again

ive used the same copy of windows on my old hdd, and no apps

You might be better off starting a thread in a support forum here. First step would be to look at your partition configuration.

Geezy said,
Even with pure original Windows though, you may be safer against unknown attackers who don't have zero day exploits, but you are not safe against the NSA since MS discloses vulnerabilities to the NSA as soon as they are discovered, which means before they release this information to anyone else and before they patch them.
http://www.techweekeurope.co.u...a-prism-intelligence-119071

At least you're better off than with a bunch of keyloggers and malware on your system though!

No doubt that's true of all American tech companies, be it MS, Apple, Google... If security is such a big issue then why not use Linux, which hopefully has no backdoors? (I'm sure though that there are enough bugs that the NSA and others can exploit and penetrate Linux systems of suspects too.)

Saex_Conroy said,
genuine windows 7 x64, i can bet if i install a different version of windows, the same apps will start self installing again

ive used the same copy of windows on my old hdd, and no apps

its more than evident they are being preloaded on the hdd, is there any chance of getting rid of them?

If you're booting from an unmodified retail copy of Windows and installing onto a new completely blank HDD like you said, what you state is simply not possible. Where would these apps like VLC materialize from magically? Either the HDD has an infected installation on it already, or your installation source is infected/modified.

Like Google, I do use Linux, although BSD is attractive, which Apple uses. It's possible the NSA can exploit these, though I feel BSD is pretty safe, but at least it's not guaranteed like it is on Windows. The use of separate VMs for various tasks and airgaps between sensitive machines is highly important though, and you have to make sure off-site backups are encrypted, verifiable, and trustworthy. Use of coreboot is also encouraged when possible.

Edited by Geezy, Dec 30 2013, 8:00pm :

Please - like Microsoft has to disclose anything. Here's something you have apparently chosen NOT to remember, NSA (and GCHQ, and the SIGINT/ELINT spy agencies of most nations) are ALSO responsible for making sure that the software used by their national governments is secure as well - for NSA and GCHQ, that includes Windows (since it IS used on government computers, along with Linux distributions, and UNIX, etc.). If you want to sell software to the government, the odds are one hundred percent (certainty) that your software WILL get scrutineered. (For the PRC, that means that Er Bu (their equivalent of CIA and NSA) scrutinizes official copies of Windows - and likely tacks a substantial fee onto the price there. And for those of you thinking that the idea sounds nuts, think - this is the SAME PRC that actually duns the relatives of those executed by firing squad for the cost of the ammo.)

i'm really surprised that foreign nations haven't put their whole country on their own separate internet. i don't think that even china's great firewall can keep this **** out.

Exactly what PC shipments? If it's foreign imports, of course we should intercept and inspect them. And if terrorist are using gaming networks to communicate, we need to intercept and tap in to those communications too. Whatever it takes to destroy them, and protect us.

I thought the article explained it quite clearly... they intercept PC deliveries to people on a pre-defined target list. So the person or persons in question would have to be already on their "radar" as it were.

I did see that, mid article. But the piece opened with a generalization. If the entire story is centered around the specific targets, then I'm not sure why this is news. Without the opening generalization, it is not news, and it would be negligence if the NSA did not do this.

I'm just curious, at what point do we as American citizens stand up and say enough is enough and demand these people's heads on a pike? This has gone so far beyond ridiculous at this point it isn't even funny. It isn't even scary. It's terrifying.

Even if you're ready to do that, what's the first step? Getting organized? Well, now that'll set off NSA alarms and they won't see a difference between freedom fighters and terrorists. Heck, most terrorists believe they are the freedom fighters!

Yes, because as we all know, if it's posted on the internet, it has to be true. If this report is accurate, kudos to the NSA. Sorry, I'd rather be spied upon than... you know... dead. Who thinks a terrorist would hesitate one nanosecond if they could harm innocent citizens to further their cause?

Things will never ever go back to the way they used to be.

"They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety."
Benjamin Franklin

What do you mean, "the way they used to be?" The world has always had terrorists. It has always had murderers, criminals, and freak events of nature. 9/11 brought it to the attention of many people, and then caused them to over-react.

You can never be 100% safe. As much as we try to control everything, it is impossible. It is up to society to decide how much freedom they want to sacrifice for marginal increases in safety.

As long as people listen to the news and don't review the statistics for themselves, I anticipate that decisions will always be overblown one way or another. Just by way of example, statistics indicate that approximately the number of people killed in 9/11 die each month in car accidents. Why is it that we spend so much money on the NSA and other agencies that "fight terrorism" instead of putting that money into things like self-driving cars or greater auto safety features? Of course, it's because when a car accident makes the news it's only a few individuals who may be injured or dead, and it's common; terrorist attacks tend to kill and injure greater numbers, and they're less common. Yet the numbers indicate priorities, and I dare say that we have a much greater chance of being able to reduce auto deaths than we do terrorist attacks.

I guess the parent post just hasn't been alive long enough to realize that. Maybe when they were young they weren't aware because politics and history was difficult to wrap your head around at that age. But yes, it's always been going on.

I think Snowden is a hero and I am appalled by the mass surveillance revelations.

However, this interception program sounds like standard spy craft. It's not being done on a mass scale (obviously), and it's not being done randomly (also obviously, I hope). It's focused on suspected or known persons of interest, to put it broadly. This is what the NSA was supposed to be doing, not putting us all under a microscope.

By the way, the USB thumb drive mentioned in the article, as well as other NSA approved spy gear, is available to the public through Spymall. There are usually Spymall advertisements inside the in-flight magazine on most spy planes.

Gaara sama said,
I think Snowden is a hero and I am appalled by the mass surveillance revelations.

However, this interception program sounds like standard spy craft. It's not being done on a mass scale (obviously), and it's not being done randomly (also obviously, I hope). It's focused on suspected or known persons of interest, to put it broadly. This is what the NSA was supposed to be doing, not putting us all under a microscope.

By the way, the USB thumb drive mentioned in the article, as well as other NSA approved spy gear, is available to the public through Spymall. There are usually Spymall advertisements inside the in-flight magazine on most spy planes.


Well said. I too am not really all that bothered by this but I do not like whatever NSA sponsored spyware that is no doubt spamming the Internet with useless traffic and infecting the computers of innocent people.

tomasse said,
I always reformat every single new device i ever buy, as soon as i unpack it!
I do this for years now, ALWAYS!

And I assume you also re-flash every single device's firmware?... every single chip on the device that has it's own firmware also?......

tomasse said,
I always reformat every single new device i ever buy, as soon as i unpack it!
I do this for years now, ALWAYS!

Too bad that wont help you if its a hardware device (modified bios, north/southbridge)

Good luck with that.

What's not to say that they don't have back doors embedded into the hardware's chipsets?
We already know china have embedded code in a lot of the routers out there, and almost every board com chip has software you can login to for debug running on it's firmware, and that's just the ones i know of.

It wouldn't be too hard to conceive the BIOS, or even the CPU having additional code ready to be executed above the OS to the point you don't even know it's happening.

Not going to help if they've installed cheeky hardware though. I don't know if you remember but a dev managed to find a way to write malicious values to the Mac Keyboard EEPROM and as such he had a permanent backdoor boot code, no matter what the user did he could always reinfect the host.

Comforting fact, the NSA probably don't do it to everyone, less comforting is the fact that OEM PC manufacturers have been installing crapware like this for years. Kill it with fire is my only solution!

Comforting fact, the NSA probably don't do it to everyone, less comforting is the fact that OEM PC manufacturers have been installing crapware like this for years. Kill it with fire is my only solution!

They'd do it to everyone. The current operating mode is collect everything and then figure out persons of interest by patterns of interaction/activity. This is accomplished most effectively by gathering as much data as possible, from every source.

zhangm said,

They'd do it to everyone. The current operating mode is collect everything and then figure out persons of interest by patterns of interaction/activity. This is accomplished most effectively by gathering as much data as possible, from every source.

I don't think even the NSA has the logistics capabilities to do it "to everyone" when it comes to the hardware level Trojans...

Lamp0 said,
Because the NSA might be trying to bug you?
Not you specifically, but simply as wide a sample as possible, in the hopes that they might find that needle in the haystack. Whether the needle actually turns out to even be harmful or just some flake that makes for a false positive is another matter.

I don't think even the NSA has the logistics capabilities to do it "to everyone" when it comes to the hardware level Trojans...

Yeah, that's why I said they would, not they do. The logistics of getting data loggers out aside, they'd also have an obscene amount of data to sort through afterwards, so the problem isn't trivial or limited to obtaining the ones and zeroes to begin with.

Thats just bull crap! The amount of resources needed to do this would far outweigh any intelligence gathered. Its like steaming opening letters lol!

ChuckFinley said,
Thats just bull crap! The amount of resources needed to do this would far outweigh any intelligence gathered. Its like steaming opening letters lol!

You know steam opening letters was a huge thing that governments did and most likely still do to some degree?

Intercepting a PC shipment is hardly rocket science and it is a far more efficient way of getting a bug into somewhere be it software or hardware. The NSA and Xerox did this for photocopiers supplied to the Soviet Union back in the cold war days. The same thing will be happening today without a doubt.

Not really. Lockheed Martin already develop some amazing technology for mail sorting and processing used by almost every major mail company around the world. These range from automatic mail direction via OCR scanning of address labels, including hand written ones, and an automated sorting office machinery.
None recognised addresses that fail OCR have their images sent to a data centre where they're manually assisted with the missing information, usually just part of the zip/post code to get it going to where it needs to be at the sorting office... sometimes this can be 100's of miles away from where the data centres are. It certainly wouldn't be hard to have the packages routed to another address automatically just by asking the OCR software to do so.
Then when said packages are at spy HQ, they just unbox them do what they need and put them back in and return it back to the mail system with the correct OCR address so it's forwarded on.

ChuckFinley said,
Thats just bull crap! The amount of resources needed to do this would far outweigh any intelligence gathered. Its like steaming opening letters lol!

Sure but they don't look at each individual piece of data, they let algorithms analyze it for something that stands put to them, and go deeper if necessary. They will cross-reference data to look for irregularities and to build a map of relationships. They will also retain this data indefinitely and look through it with more granularity if something in the future highlights a particular person or event and then analyze particular people based on that or at the very least it will raise their noteriety.

The NSA have an incredibly paranoid corporate culture. They're kind of isolated from everyone else and their imagination is free to run wild and speculate on every little off the cuff remark that is made. It's like an epic case of cabin fever. They've gone a little fruit loopy.

Thank goodness Edward Snowden is kind of releasing a little steam from that pressure cooker. Sometimes it helps to take a step back and reflect on what is happening. The NSA had a very myopic view on the situation. It's difficult to be objective when there's only one viewpoint on things. Hopefully this helps the NSA to restructure and get a grip on what is actually important vs what is paranoid delusion. I mean, it's sad to let it get to the point where enough people are starting to side with the tinfoil hat crowd! Let's stop this from getting out of hand, OK NSA?

" It's difficult to be objective when there's only one viewpoint on things"

Hey!
I need to remember that line when discussing how ignorantly Charter is being ran since the new CEO took over in the forums at dslreports! Everybody there seems to think you can just drop Charter and switch to dsl or something like it's nothing.

As far as on topic,
I agree these people have extreme cabin fever mixed in with an extreme amount of hallucinogens!!

Well.. that's just crap. I get warrants to tap data and such.. but intercepting your private shipments now too?

The part about error reporting is a bit misleading though.. source article explains it better.

rippleman said,
i would too...

Yeah I would too if I were a spy agency with near limitless resources. You have evidence somebody is in touch with a suspected terrorist only seems sensible that they would intercept their parcels, etc. and installing a hardware keylogger or similar makes a hell of a lot of sense!

InTheSwiss said,

Yeah I would too if I were a spy agency with near limitless resources. You have evidence somebody is in touch with a suspected terrorist only seems sensible that they would intercept their parcels, etc. and installing a hardware keylogger or similar makes a hell of a lot of sense!

Can we please drop this terrorism pretense - This is cyber warfare on a massive scale and it has very little to do with terror. This modern cyber war affects elections and industry and has profound effects on our nation far, far beyond bombs and idealistic martyrs. Remember, the most frightening of terror attacks was on a kindergarten by a young man that knew relatively little about computers. Terrorism as we know it is very, very low-tech. Yes, the NSA must take steps to protect us, but protection against terrorists does not account for the extreme actions the NSA is taking.

Jahooba said,

Can we please drop this terrorism pretense - This is cyber warfare on a massive scale and it has very little to do with terror. This modern cyber war affects elections and industry and has profound effects on our nation far, far beyond bombs and idealistic martyrs. Remember, the most frightening of terror attacks was on a kindergarten by a young man that knew relatively little about computers. Terrorism as we know it is very, very low-tech. Yes, the NSA must take steps to protect us, but protection against terrorists does not account for the extreme actions the NSA is taking.

the actual act of terrorism is simple sure. The planning, sure. The financing is another story. how do you think some groups get their money? groups using technology like charity fronts who USE the computers to funnel money.

rippleman said,

the actual act of terrorism is simple sure. The planning, sure. The financing is another story. how do you think some groups get their money? groups using technology like charity fronts who USE the computers to funnel money.

Personally, I'd like to see all the people who support and defend the NSAs activities, the politicians funding it, and *ALL* the operatives at the NSA who have participated in the activities, lined up against a wall and shot. I don't care if there's a court involved in the process that leads to that outcome or not. It needs to happen.

Cheatyface said,

Personally, I'd like to see all the people who support and defend the NSAs activities, the politicians funding it, and *ALL* the operatives at the NSA who have participated in the activities, lined up against a wall and shot. I don't care if there's a court involved in the process that leads to that outcome or not. It needs to happen.

let me guess, you are a "freedom" fighter

Cheatyface said,

Personally, I'd like to see all the people who support and defend the NSAs activities, the politicians funding it, and *ALL* the operatives at the NSA who have participated in the activities, lined up against a wall and shot. I don't care if there's a court involved in the process that leads to that outcome or not. It needs to happen.


Cool, so you want me dead. You seem like a nice person /s

He's got the free speech to say it at least.

"I disapprove of what you say, but I will defend to the death your right to say it" - Evelyn Hall

Geezy said,
He's got the free speech to say it at least.

"I disapprove of what you say, but I will defend to the death your right to say it" - Evelyn Hall

No, I won't fight defend the rights of people who uses their freedoms to support the subversion of everyone else's rights and freedoms.

Sorry dude, I hope you make it out of North Korea. You're doing a good job staying alive though, you have the right attitude! /s

How is talking going to subvert anyone's rights and freedoms? I could say anything I want but it won't make it into law books just because some words have been said. It's important to share ideas, even if it is dissent.

Ah, so that's what the Unidentified Device with VEN_07C0&DEV_01C3 must be. Amateur hour! You guys forgot to install the proper driver for Win 8.1!

Edited by Phouchg, Dec 29 2013, 8:17pm :