Report: NSA intercepts computer deliveries to plant spyware

Germany's Der Spiegel, citing secret documents, also reported the NSA has backdoors in Juniper, Cisco, Huawei and Dell products

A special hacking unit of the U.S. National Security Agency intercepts deliveries of new computer equipment en route to plant spyware, according to a report on Sunday from Der Spiegel, a German publication.

The method, called "interdiction," is one of the most successful operations conducted by the NSA's Office of Tailored Access Operations (TAO), which specializes in infiltrating computers, wrote the publication, citing a top-secret document.

"If a target person, agency or company orders a new computer or related accessories, for example, TAO can divert the shipping delivery to its own secret workshops," Der Spiegel wrote.

The workshops, called "load stations," install malware or hardware components that give the NSA access to the computer, it wrote.

Der Spiegel did not say where the documents were obtained, although it is one of several news outlets, including The Washington Post and The Guardian, which possess information leaked by former NSA contractor Edward Snowden. He is not mentioned in the story, which was co-authored by filmmaker Laura Poitras, whom Snowden contacted.

The documents leaked by Snowden have prompted a U.S. government review of the NSA's spying activities and its impact on civil liberties and law. Technology companies, calling for stronger privacy controls, contend the agency's tampering with their networks could undermine their businesses.

Der Spiegel wrote that a 50-page "product catalog" it viewed from the NSA described a division called "ANT," which specializes in engineering access to products from companies such as firewall maker Juniper Networks, networking giants Cisco Systems and Huawei Technologies, and Dell.

"For nearly every lock, ANT seems to have a key in its toolbox," the publication wrote.

Another internal NSA presentation showed the agency has access to crash reports sent by computers to Microsoft, Der Spiegel reported. A prompt is sometimes shown during certain problems with Windows, and users are asked if they'd like to send an automated report to the company.

Der Spiegel wrote that the presentation indicated the NSA can intercept these reports from a sea of internet traffic using its XKeyscore tool, an internet monitoring tool revealed in July by The Guardian.

Intercepting the reports "appears to have little importance in practical terms" but provides insights into a targeted person's computer, Der Spiegel wrote.

Another top-secret document described NSA efforts to tap into the SEA-ME-WE-4 undersea telecommunications cable, which stretches from southern France to Thailand and connects Europe with North Africa and the Middle East.

On Feb. 13, the TAO "successfully collected network management information" for the cable, including Layer 2 information that shows circuit mapping, Der Spiegel reported, quoting the document.

Der Spiegel further described some of the TAO's computer exploitation activities, which include trying to redirect a targeted person's computer to servers controlled by the agencies that can deliver spyware.

The NSA and its U.K. counterpart, GCHQ, use a tool called QUANTUMINSERT to tracks a person's internet browsing and at opportune moments direct the user's computer to one of its FOXACID exploitation servers.

One document showed that QUANTUMINSERT was most effective when people were trying to visit the professional networking site LinkedIn, Der Spiegel said. The success rate was more than 50 percent, it said.

The NSA could not be immediately reached for comment Sunday night.

Send news tips and comments to Follow me on Twitter: @jeremy_kirk

Join the CSO newsletter!

Error: Please check your email address.

Tags Huawei TechnologiesCisco SystemsDer SpiegelMicrosoftsecurityUS National Security AgencyExploits / vulnerabilitiesspywarejuniper networks

More about CiscoCiscoDellGCHQHuaweiJuniperJuniperMicrosoftNational Security AgencyNSASpiegelTechnology

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Jeremy Kirk

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place