New NSA Playset research tools

The NSA Ant catalogue consists of tools the NSA and members of the Five Eyes Alliance use for cyber surveillance.  It was first released on December 30, 2013 by a German Newspaper.  Some of the tools were already known to the public and some were not.  At Blackhat in Las Vegas, Michael Ossmann said, “We as a security community as a whole have the benefit of learning from these leaks.”  They can be used to test defenses and build strong defense systems.  Out of the Ant leak grew the NSA Playset which Ossmann and others have been developing for the past year.  The NSA Playset is a group of “toys and tools” that will be made available to the public for research purposes.

One such device is Slotscreamer which is a PCI Express tool that will allow researchers to explore Direct Memory Access attacks.  PCI stands for Peripheral Component Interconnect.  It works by connecting microprocessors to attached devices.  It sends both data and addresses.

Another tool is Tiny Alamo.  It is a form of active radio injection.  This is used to hack into bluetooth keyboards and mice.  These bluetooth devices are very common as well as unsecure.

CongaFlock is an RF retroreflector that when implanted in a keyboard can record keystrokes.  These types of devices are attached to a wire and can pick up different things once attached.

We’ve all heard that the NSA is collecting metadata from our cell phones.  An older tool with the modern name of Leviticus is used to sniff cell phones.  Ossmann likes that this can be run on an “off the shelf” mobile device.

Last is Chuckwagon.  This uses I2C serial busses many people are unaware of.  They have direct access to the motherboard in pcs and can sometimes be accessed via VGA cables and HDMI ports.  Using these busses malware can be put on the system.

For the main article this post is based on see here:

For a brief post on retroreflectors:

For pictures of the above devices and some others:

-Brian Lustick