recommended reading

NSA Intercepts Laptops Purchased Online to Install Malware

An aerial view of the NSA's Utah Data Center in Bluffdale, Utah.

An aerial view of the NSA's Utah Data Center in Bluffdale, Utah. // Rick Bowmer/AP File Photo

According to a new report from Der Spiegel on the National Security Agency's top team of hackers, the agency intercepted electronics purchased online before delivery to install malware and other spying tools. 

NSA's Tailored Access Operations (TAO) division is responsible for the biggest hacks we've learned about in the last year, so Der Spiegel's report is a special look at the methods and madness behind the NSA's all-star team. When a world leader's cell phone is hacked by the NSA, the TAO team is responsible. They're the hackers who can access anyone, anywhere, under any condition. 

TAO hackers can track your digital movements remotely by exploiting security flaws in an operating system, like Windows, for example. (It's a TAO favorite.) But when new-fangled remote access hacking strategies don't work, though, the NSA goes old school. The agency's most-skilled team of hackers does not always work from behind a computer screen. Occasionally a target must be physically intercepted before the NSA can access their information. In these instances, TAO waits for the target to order new electronics. When their surveillance system alerts that Target X just bought a new laptop, the TAO intercepts the mail order, and has the computer delivered to an NSA facility. They then open the package, and install their malware technology onto the target's new computer. The product is then repackaged and sent along its merry way

If a target person, agency or company orders a new computer or related accessories, for example, TAO can divert the shipping delivery to its own secret workshops. The NSA calls this method interdiction. At these so-called "load stations," agents carefully open the package in order to load malware onto the electronics, or even install hardware components that can provide backdoor access for the intelligence agencies. All subsequent steps can then be conducted from the comfort of a remote computer.

These minor disruptions in the parcel shipping business rank among the "most productive operations" conducted by the NSA hackers, one top secret document relates in enthusiastic terms. This method, the presentation continues, allows TAO to obtain access to networks "around the world."

You have to be on the NSA's target list already in order for this to happen.

Read the full story at TheWire.com.

Threatwatch Alert

Stolen credentials

Hackers Steal $31M from Russian Central Bank

See threatwatch report

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
 
 

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

    Download
  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

    Download
  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

    Download
  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

    Download
  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

    Download
  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security

    Download

When you download a report, your information may be shared with the underwriters of that document.