According to a new report from Der Spiegel on the National Security Agency's top team of hackers, the agency intercept electronics purchased online before delivery to install malware and other spying tools.
The NSA's Tailored Access Operations (TAO) division is responsible for the biggest hacks we've learned about in the last year, so Der Spiegel's report is a special look at the methods and madness behind the NSA's all-star team. When a world leader's cell phone is hacked by the NSA, the TAO team is responsible. They're the hackers who can access anyone, anywhere, under any condition.
TAO hackers can track your digital movements remotely by exploiting security flaws in an operating system, like Windows, for example. (It's a TAO favorite.) But when new-fangled remote access hacking strategies don't work, though, the NSA goes old school. The agency's most-skilled team of hackers does not always work from behind a computer screen. Occasionally a target must be physically intercepted before the NSA can access their information. In these instances, TAO waits for the target to order new electronics. When their surveillance system alerts that Target X just bought a new laptop, the TAO intercepts the mail order, and has the computer delivered to an NSA facility. They then open the package, and install their malware technology onto the target's new computer. The product is then repackaged and sent along its merry way:
If a target person, agency or company orders a new computer or related accessories, for example, TAO can divert the shipping delivery to its own secret workshops. The NSA calls this method interdiction. At these so-called "load stations," agents carefully open the package in order to load malware onto the electronics, or even install hardware components that can provide backdoor access for the intelligence agencies. All subsequent steps can then be conducted from the comfort of a remote computer.
These minor disruptions in the parcel shipping business rank among the "most productive operations" conducted by the NSA hackers, one top secret document relates in enthusiastic terms. This method, the presentation continues, allows TAO to obtain access to networks "around the world."
And you wondered why your Amazon order took so long. Of course, you have to be on the NSA's target list already in order for this to happen. They don't just indiscriminately intercept every laptop sold on Amazon.
Usually the team sticks to new school hacking methods, like using a complicated system of tools called QUANTUM, focusing on social networks a target visits frequently, like Facebook, Yahoo, Twitter and YouTube, to remotely gain access to a their computer. Once the team has done enough surveillance and is ready to strike, TAO's QUANTUM system will alert hackers when a target tries to visit a particular website. If TAO's work is done properly, the system races to intercept the target's information request, and will hopefully instead infect the target's system with malware. For some reason LinkedIn is especially effective:
The technique can literally be a race between servers, one that is described in internal intelligence agency jargon with phrases like: "Wait for client to initiate new connection," "Shoot!" and "Hope to beat server-to-client response." Like any competition, at times the covert network's surveillance tools are "too slow to win the race." Often enough, though, they are effective. Implants with QUANTUMINSERT, especially when used in conjunction with LinkedIn, now have a success rate of over 50 percent, according to one internal document.
Sometimes TAO hackers do need some help, so they go to the NSA's unique "mail-order catalog" for hacking tools that can gain access to any computer system you could possibly dream of. Your security measures don't matter, either. NSA hackers have tools to crack systems created by Cisco, Western Digital, Huawei, or any other major cyber security firm. No target's computer is safe.
This article is from the archive of our partner The Wire.