Information Technology

Information Security in Our World Today

Information security (InfoSec) is a very static yet dynamic field of study. One thing that is important to understand about information security is that over time it transforms, but the underline concept always remains the same: to protect information or data (bits) from unauthorized access. This is only the underlying concept of information security; there are many other parts to it. Several decades ago InfoSec was all about how secure of a lock you had on your physical data room. These days it has transformed quite-a-bit. Today we have the Internet; a large network of interconnected routers. With the Internet
Read More

Categories: Information Technology, IT Security, and Preston Hood.

49 Ways the NSA Can Spy On You

Over the past few months I have published all forty-nine of the NSA documents that were leaked by Edward Snowden to various media organizations on PJHoodsCo’s blog. I have included a link below to view a list of all the articles that contain these forty-nine NSA documents and a link to download all forty-nine of the documents in one compressed (zipped) file. These documents were released by the NSA to the rest of FVEY during the period of 2008 – 2009. Today FVEY (which includes Australia, Canada, New Zealand, the United Kingdom, and the United States) have much greater tactics
Read More

Categories: Information Technology, IT Security, and Preston Hood.

NSA Device – STUCCOMONTANA

(TS//SI//REL) STUCCOMONTANA provides persistence for DNT implants. The DNT implant will survive and upgrade or replacement of the operating system – including physically replacing the router’s compact flash card. (S//SI//REL) STUCCOMONTANA Concept of Operations (TS//SI//REL) Currently, the intended DNT implant to persist is VALIDATOR, which must be run as a user process on the target operating system. The vector of attack is the modification of the target’s BIOS. The modification will add the necessary software to the BIOS and modify its software to execute the STUCCOMONTANA implant at the end of its native System Management Mode (SMM) handler. (TS//SI//REL) STUCCOMONTANA
Read More

Categories: Information Technology, IT Security, and Preston Hood.

NSA Device – PICASSO

(S//SI//REL) Modified GSM (target) handset that collects user data, location information and room audio. Command and data exfill is done from a laptop and regular phone via SMS – (Short Message Service), without alerting the target.   (S//SI) Target Data via SMS: • Incoming call numbers • Outgoing call numbers • Recently registered networks • Recent Location Area Codes (LAC) • Cell power and Timing Advance information (GEO) • Recently Assigned TMSI, IMSI • Recent network authentication challenge responses • Recent successful PINs entered into the phone during the power-on cycle • SW version of PICASSO implant • ‘Hot-mic’ to
Read More

Categories: Information Technology, IT Security, and Preston Hood.

NSA Device – IRONCHEF

(TS//SI//REL) IRONCHEF provides access persistence to target systems by exploiting the motherboard BIOS and utilizing System Management Mode (SMM) to communicate with a hardware implant that provides two-way RF communication. (TS//SI//REL) This technique supports the HP Proliant 380DL G5 server, onto which a hardware implant has been installed that communicates over the I2C Interface (WAGONBED). (TS//SI//REL) Through interdiction, IRONCHEF, a software CNE implant and the hardware implant are installed onto the system. If the software CNE implant is removed from the target machine, IRONCHEF is used to access the machine, determine the reason for removal of the software, and then
Read More

Categories: Information Technology, IT Security, and Preston Hood.

NSA Device – GODSURGE

(TS//SI//REL) GODSURGE runs on the FLUXBABBITT hardware implant and provides software application persistence on Dell PowerEdge servers by exploiting the JTAG debugging interface of the server’s processors. (TS//SI//REL) FLUXBABBITT Hardware Implant for PowerEdge 2950 (TS//SI//REL) FLUXBABBITT Hardware Implant for PowerEdge 1950 (TS//SI//REL) This technique supports Dell PowerEdge 1950 and 2950 servers that use the Xeon 5100 and 5300 processor families. (TS//SI//REL) Through interdiction, the JTAG scan chain must be reconnected on the target system by removing the motherboard from the chassis and attaching the depopulated parts back onto the circuit board. After this step is complete, the hardware impant itself
Read More

Categories: Information Technology, IT Security, and Preston Hood.

NSA Device – WISTFULTOLL

(TS//SI//REL) WISTFULTOLL is a UNITEDRAKE and STRAITBIZZARE plug-in used for harvesting and returning forensic information from a target using Windows Management Instrumentation (WMI) calls and Registry extractions. (TS//SI//REL) This plug-in supports systems running Microsoft Windows 2000, 2003, and XP. (TS//SI//REL) Through remote access or interdiction, WISTFULLTOLL is executed as either a UNITEDRAKE or STRAITBAZZARE plug-in or as a stand-alone executable. If used remotely, the extracted information is sent back to NSA through UNITEDRAKE or STRAITBAZZARE. Execution via interdiction may be accomplished by non-technical operator through use of a USB thumb drive, where extracted information will be saved to that thumb
Read More

Categories: Information Technology, IT Security, and Preston Hood.

NSA Device – WATERWITCH

(S//SI) Hand held finishing tool used for geolocating targeted handsets in the field. (S//SI) Features: • Split display/controller for flexible deployment capability • External antenna for DFing target; internal antenna for communication with active interrogator • Multiple technology capability based on SDR Platform; currently UMTS, with GSM and CDMA2000 under development • Approximate size 3″ x 7.5″ x 1.25″ (radio), 2.5″ x 5″ x 0.75″ (display); radio shrink in planning stages • Display uses E-Ink technology for low light emissions (S//SI) Tactical Operators use WATERWITCH to locate handsets (last mile) where handset is connected to Typhon or similar equipment interrogator.
Read More

Categories: Information Technology, IT Security, and Preston Hood.

NSA Device – TYPHON HX

(S//SI//FVEY) Base Station Router – Network-In-a-Box (NIB) supporting GSM bands 850/900/1800/1900 and associated full GSM signaling and call control. (S//SI//FVEY) Tactical SIGINT elements use this equipment to find, fix and finish targeted handset users. (S//SI) Target GSM handset registers with BSR unit. (S//SI) Operators are able to geolocate registered handsets, capturing the user. (S//SI//REL) The macro-class Typhon is a Network-In-a-Box (NIB), which includes all the necessary architecture to support Mobile Station call processing and SMS messaging in a stand-alone chassis with a pre-provisioning capability. (S//SI//REL) The Typhon system kit includes the amplified Typhon system, OAM&P Laptop, cables, antennas and AD/DC
Read More

Categories: Information Technology, IT Security, and Preston Hood.

NSA Device – TRINITY

(TS//SI//REL) TRINITY is a miniaturized digital core packaged in a Multi-Chip Module (MCM) to be used in implants with size constraining concealments. (TS//SI//REL) TRINITY uses the TAO standard implant architecture. The architecture provides a robust, reconfigurable, standard digital platform resulting in a dramatic performance improvement over the obsolete HC12 microcontroller based designs. A development Printed Circuit Board (PCB) using packaged parts has been developed and is available as the standard platform. The TRINITY Multi-Chip-Module (MCM) contains an ARM9 microcontroller, FPGAA, Flash and SDRAM memories.   Status: Special Order due vendor selected. Unit Cost: 100 units: $625K   Thank you for
Read More

Categories: Information Technology, IT Security, and Preston Hood.