NSA Device – SWAP

NSA Device – SWAP

01/09/2015 | By: Preston Hood | No Comments

(TS//SI//REL) SWAP provides software application persistence by exploiting the motherboard BIOS and the hard drive’s Host Protected Area to gain periodic execution before the Operating System loads.
(TS//SI//REL) This technique supports single or multi-processor systems running Windows, Linux, FreeBSD, or Solaris with the following file systems: FAT32, NTFS, EXT2, EXT3, or UFS1.0.
(TS//SI//REL) Through remote access or interdiction, ARKSTREAM is used to reflash the BIOS and TWISTEDKILT to write the Host Protected Area on the hard drive on a target machine in order to implant SWAP and its payload (the implant installer). Once implanted, SWAP’s frequency of execution (dropping the playload) is configurable and will occur when the target machine powers on.

 

Status: Released / Deployed. Ready for Immediate Delivery
Unit Cost: $0

 

Thank you for taking the time to read this article! As always keep the faith!
The NSA’s original documentation on SWAP

 

SWAP

The following two tabs change content below.
Preston Hood
My Twitter profileMy Facebook profileMy LinkedIn profileMy Instagram profile

Preston Hood

Owner at PJHoodsCo
Hello, my name is Preston Hood. I am the owner of PJHoodsCo, an Information Technology Service Provider (ITSP). I am also a freelance writer and information security researcher.
Preston Hood
My Twitter profileMy Facebook profileMy LinkedIn profileMy Instagram profile

Latest posts by Preston Hood (see all)

Categories: Information Technology, IT Security, and Preston Hood.
Tags: NSA, NSA Devices, and SWAP.

Leave a Reply

Your email address will not be published. Required fields are marked *

CAPTCHA Image

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>