NSA Intercepts Laptops Purchased Online to Install Malware

An aerial view of the NSA's Utah Data Center in Bluffdale, Utah.

An aerial view of the NSA's Utah Data Center in Bluffdale, Utah. Rick Bowmer/AP File Photo

Featured eBooks
AI in the Workplace
Read Now

CX in Action

Read Now

Next Steps for CMMC

Read Now
By Connor Simpson,
The Wire

By Connor Simpson,
The Wire

|

When remote access hacking strategies don't work, the agency goes old school.

According to a new report from Der Spiegel on the National Security Agency's top team of hackers, the agency intercepted electronics purchased online before delivery to install malware and other spying tools. 

NSA's Tailored Access Operations (TAO) division is responsible for the biggest hacks we've learned about in the last year, so Der Spiegel's report is a special look at the methods and madness behind the NSA's all-star team. When a world leader's cell phone is hacked by the NSA, the TAO team is responsible. They're the hackers who can access anyone, anywhere, under any condition. 

TAO hackers can track your digital movements remotely by exploiting security flaws in an operating system, like Windows, for example. (It's a TAO favorite.) But when new-fangled remote access hacking strategies don't work, though, the NSA goes old school. The agency's most-skilled team of hackers does not always work from behind a computer screen. Occasionally a target must be physically intercepted before the NSA can access their information. In these instances, TAO waits for the target to order new electronics. When their surveillance system alerts that Target X just bought a new laptop, the TAO intercepts the mail order, and has the computer delivered to an NSA facility. They then open the package, and install their malware technology onto the target's new computer. The product is then repackaged and sent along its merry way

If a target person, agency or company orders a new computer or related accessories, for example, TAO can divert the shipping delivery to its own secret workshops. The NSA calls this method interdiction. At these so-called "load stations," agents carefully open the package in order to load malware onto the electronics, or even install hardware components that can provide backdoor access for the intelligence agencies. All subsequent steps can then be conducted from the comfort of a remote computer.

These minor disruptions in the parcel shipping business rank among the "most productive operations" conducted by the NSA hackers, one top secret document relates in enthusiastic terms. This method, the presentation continues, allows TAO to obtain access to networks "around the world."

You have to be on the NSA's target list already in order for this to happen.

Read the full story at TheWire.com.

NEXT STORY: The Ten Worst Hacks of 2013