Yesterday we told you about a report in Germany’s Der Spiegel about the ability of the U.S. National Security Agency to plant spyware in IT equipment headed for people the agency targets.
Today we’ll delve a little deeper into a second article, which goes into more detail about the tools the NSA has that employees can order for intercepting data from unsuspecting users.
They include FEEDTROUGH, an application that allegedly can get into Juniper Network firewalls so NSA code can get into data centres; DEITYBOUNCE, which gets into the BIOS of certain Dell PowerEdge servers; IRONCHEF, which gets into the BIOS of certain Hewlett-Packard 360DL G5 servers; and GINSU, which helps get into Windows desktops up to Vista for setting up wireless remote control.
Ars Technica has taken a deeper look into the documents and found NIGHTSTAND, a Wi-Fi hacking system that can break into networks up to eight miles away.
As both articles point out, there is no evidence IT companies are working with the NSA to enable these exploits.
But as I have said elsewhere, these and other reports make it clear that security will be the number one issue in 2014.
In some ways these revelations should be no surprise: Every coder ought to know the weaknesses of an application, ditto every manufacturer. One question is if the NSA has these capabilities, do other governments and criminal organizations?
Read the Spiegel article here