recommended reading

NSA Leak Spawns Fake Spyware Site

Github

A scroll through the Web has turned up a parody of the leaked National Security Agency catalog for ordering hacking instruments that Der Spiegel published on Dec. 30.

The NSA product name generator website was “inspired by the recent dump of NSA's TAO product catalog, containing weirdly-codenamed products beyond the wildest paranoid's dreams,” the top of the prank site states. TAO refers to the NSA Office of Tailored Access Operations, the agency’s elite hacker wing. On the satire site, new crazy-monikers pop up when people hit refresh.

Among the NSA traps listed: "CHEFARK," which is "a nano-scale microcode instrument intended to decrypt encrypted journalist information. Using it, the analyst can entrap foreigners' SMSes wirelessly."

The creator of the site, Christian Ternus apparently is the son of a fed and a security pro for cloud company Akamai, according to his website

Akamai officials reportedly are not too happy about allegations that NSA intercepts communications managed by Internet companies.

After accusations arose that NSA gained access to the emails of German Chancellor Angela Merkel, the firm’s chief executive officer said the revelations probably will hurt Akamai’s business in Germany, according to Bloomberg.

“It’s clearly bad for American companies,” CEO Tom Leighton said in November at a conference hosted by Bloomberg. “It’s particularly bad now in Germany, where it’s really being played up, to whip up anti-American corporate sentiment. We’ll probably lose some business there.”

Ternus’ jab at NSA makes no mention of his affiliation with Akamai. But it displays his Twitter handle, which links to his personal website.

"In real life, I'm a security researcher with Akamai's Adversarial Resilience team, guarding the Internet from attacks by finding weaknesses before the bad guys do," Ternus writes on his own site. "After growing up all over the world as a Foreign Service kid," he now tries to visit three new countries each year. 

The real spy shopping guide apparently offers products such as a digital lock pick called "FEEDTROUGH" that busts through firewalls presumably to install surveillance programs on mainframe computers. The bugging device can withstand "reboots and software upgrades," according to documents ex-NSA contractor Edward Snowden leaked to the newspaper. 

Threatwatch Alert

Network intrusion / Spear-phishing

Researchers: Bank-Targeting Malware Sales Rise in Dark Web Markets

See threatwatch report

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
 
 

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

    Download
  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

    Download
  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

    Download
  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

    Download
  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

    Download
  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security

    Download

When you download a report, your information may be shared with the underwriters of that document.