(TS//SI//REL) SCHOOLMONTANA provides persistence for DNT implants. The DNT implant will survive an upgrade or replacement of the operating system — including physically replacing the router’s compact flash card.
(TS//SI//REL) Currently, the intended DNT Implant to persist is VALIDATOR, which must be run as a user process on the target operating system. The vector of attack is the modification of the target’s BIOS. The modification will add the necessary software to the BIOS and modify its software to execute the SCHOOLMONTANA implant at the end of its native System Management Mode (SMM) handler.
(TS//SI//REL) SCHOOLMONTANA must support all modern versions of JUNOS, which is a version of FreeBSD customized by Juniper. Upon system boot, the JUNOS operating system is modified in memory to run the implant, and provide persistent kernel modifications to support implant execution.
(TS//SI//REL) SCHOOLMONTANA is the cover term for the persistence technique to deploy a DNT implant to Juniper J-Series routers.
Status: (U//FOUO) SCHOOLMONTANA completed and released by ANT May 30, 2008. It is ready for deployment.
Thank you for taking the time to read this article! As always keep the faith!
The NSA’s original documentation on SCHOOLMONTANA
Preston Hood
Latest posts by Preston Hood (see all)
- Information Security in Our World Today - 03/26/2015
- 49 Ways the NSA Can Spy On You - 01/30/2015
- NSA Device – STUCCOMONTANA - 01/27/2015
- NSA Device – PICASSO - 01/26/2015
- NSA Device – IRONCHEF - 01/23/2015
Leave a Reply