:ANT catalog

{{Short description|Classified catalog of hacking tools by the NSA}}

{{Infobox

| above = ANT catalog

| abovestyle = background-color: #124471; color: #ffffff

| image1 = 200px
Seals of the NSA and Central Security Service, used on all catalog pages

| label2 = Description

| data2 = Classified ANT product catalog for the Tailored Access Operations unit

| label3 = Original author

| data3 = National Security Agency

| label4 = Number of pages

| data4 = 49

| label5 = Date of catalog sheets

| data5 = 2008–2009

| label6 = Publisher

| data6 = Der Spiegel

| label7 = Authors of publication

| data7 = Jacob Appelbaum, {{Interlanguage link|Christian Stöcker|de|3=Christian Stöcker}} and Judith Horchert

| label8 = Date of publication

| data8 = 30 December 2013

| label9 = Year of intended declassification

| data9 = 2032

}}

The ANT catalog{{efn|Whether ANT stands for Advanced Network Technology or Access Network Technology is not known.}} (or TAO catalog) is a classified product catalog by the U.S. National Security Agency (NSA) of which the version written in 2008–2009 was published by German news magazine Der Spiegel in December 2013. Forty-nine catalog pages{{Efn|The article from Der Spiegel notes that it is a "50-page document" and that "nearly 50 pages" are published. The gallery contains 49 pages. Der Spiegel also noted that the document is likely far from complete.{{Cite news |last=Appelbaum |first=Jacob |date=2013-12-30 |title=Unit Offers Spy Gadgets for Every Need |language=en |work=Der Spiegel |url=https://www.spiegel.de/international/world/nsa-secret-toolbox-ant-unit-offers-spy-gadgets-for-every-need-a-941006.html |access-date=2022-04-11 |issn=2195-1349 |archive-date=2022-04-11 |archive-url=https://web.archive.org/web/20220411090649/https://www.spiegel.de/international/world/nsa-secret-toolbox-ant-unit-offers-spy-gadgets-for-every-need-a-941006.html |url-status=live }}}} with pictures, diagrams and descriptions of espionage devices and spying software were published. The items are available to the Tailored Access Operations unit and are mostly targeted at products from US companies such as Apple, Cisco and Dell. The source is believed to be someone different than Edward Snowden, who is largely responsible for the global surveillance disclosures during the 2010s. Companies whose products could be compromised have denied any collaboration with the NSA in developing these capabilities. In 2014, a project was started to implement the capabilities from the ANT catalog as open-source hardware and software.

Background

The Tailored Access Operations unit has existed since the late 1990s. Its mission is to collect intelligence on foreign targets of the United States by hacking into computers and telecommunication networks.{{Cite web|last=Aid|first=Matthew M.|author-link=Matthew Aid|title=Inside the NSA's Ultra-Secret China Hacking Group|url=https://foreignpolicy.com/2013/06/10/inside-the-nsas-ultra-secret-china-hacking-group/|access-date=2022-02-12|website=Foreign Policy|language=en-US|archive-date=2022-02-12|archive-url=https://web.archive.org/web/20220212231030/https://foreignpolicy.com/2013/06/10/inside-the-nsas-ultra-secret-china-hacking-group/|url-status=live}} It has been speculated for years before that capabilities like those in the ANT catalog existed.

In 2012, Edward Snowden organized a CryptoParty together with Runa Sandvik, a former colleague of Jacob Appelbaum at The Tor Project. In June 2013, Snowden took internal NSA documents which he shared with Glenn Greenwald and Laura Poitras, resulting in the global surveillance disclosures.{{Cite web |last=Kelley |first=Michael B. |title=We Now Know A Lot More About Edward Snowden's Epic Heist — And It's Troubling |url=https://www.businessinsider.com/snowden-took-level-1-and-level-3-documents-2014-8 |access-date=2022-04-06 |website=Business Insider |language=en-US |archive-date=2022-04-06 |archive-url=https://web.archive.org/web/20220406152752/https://www.businessinsider.com/snowden-took-level-1-and-level-3-documents-2014-8 |url-status=live }}

Publication

Jacob Appelbaum co-authored the English publication in Der Spiegel with {{Interlanguage link|Christian Stöcker|de|3=Christian Stöcker}} and Judith Horchert, which was publicized on 29 December 2013.{{Cite news |last1=Appelbaum |first1=Jacob |author-link=Jacob Appelbaum |last2=Horchert |first2=Judith |last3=Stöcker |first3=Christian |date=2013-12-29 |title=Catalog Advertises NSA Toolbox |language=en |work=Der Spiegel |url=https://www.spiegel.de/international/world/catalog-reveals-nsa-has-back-doors-for-numerous-devices-a-940994.html |url-status=live |access-date=2021-12-21 |archive-url=https://web.archive.org/web/20140104003518/https://www.spiegel.de/international/world/catalog-reveals-nsa-has-back-doors-for-numerous-devices-a-940994.html |archive-date=2014-01-04 |issn=2195-1349 }} The related English publication on the same day about the TAO by Der Spiegel was also authored by the same people, and including Laura Poitras, Marcel Rosenbach, {{Interlanguage link|Jörg Schindler (journalist)|lt=Jörg Schindler|de|Jörg Schindler (Journalist)}} and {{Interlanguage link|Holger Stark (journalist)|lt=Holger Stark|de|Holger Stark (Journalist)}}.{{Cite news |last= |first= |date=2013-12-29 |title=Documents Reveal Top NSA Hacking Unit |language=en |work=Der Spiegel |url=https://www.spiegel.de/international/world/the-nsa-uses-powerful-toolbox-in-effort-to-spy-on-global-networks-a-940969.html |url-status=live |access-date=2022-02-09 |archive-url=https://web.archive.org/web/20190206174514/http://www.spiegel.de/international/world/the-nsa-uses-powerful-toolbox-in-effort-to-spy-on-global-networks-a-940969-2.html |archive-date=2019-02-06 |issn=2195-1349}} On December 30, Appelbaum gave a lecture about "the militarization of the Internet" at the 30th Chaos Communication Congress in Hamburg, Germany.{{cite web|title=Vortrag: To Protect And Infect, Part 2 - The militarization of the Internet|url=https://fahrplan.events.ccc.de/congress/2013/Fahrplan/events/5713.html|website=ccc.de|access-date=2021-12-18|archive-date=2021-11-02|archive-url=https://web.archive.org/web/20211102195140/https://fahrplan.events.ccc.de/congress/2013/Fahrplan/events/5713.html|url-status=live}} At the end of his talk, he encouraged NSA employees to leak more documents.{{cite web|last=Storm|first=Darlene|title=17 exploits the NSA uses to hack PCs, routers and servers for surveillance|url=https://www.computerworld.com/article/2474275/17-exploits-the-nsa-uses-to-hack-pcs--routers-and-servers-for-surveillance.html|website=Computerworld|date=3 January 2014|access-date=2021-12-18|archive-date=2021-12-18|archive-url=https://web.archive.org/web/20211218171948/https://www.computerworld.com/article/2474275/17-exploits-the-nsa-uses-to-hack-pcs--routers-and-servers-for-surveillance.html|url-status=live}}

Apple denied the allegations that it collaborated on the development of DROPOUTJEEP in a statement to journalist Arik Hesseldahl from All Things Digital (part of The Wall Street Journal's Digital Network).{{Cite web|last=Hesseldahl|first=Arik|title=Apple Denies Working with NSA on iPhone Backdoor|url=https://allthingsd.com/20131231/apple-says-it-is-unaware-of-nsas-iphone-backdoor/|access-date=2021-12-18|website=AllThingsD|language=en-US|archive-date=2022-02-24|archive-url=https://web.archive.org/web/20220224211934/https://allthingsd.com/20131231/apple-says-it-is-unaware-of-nsas-iphone-backdoor/|url-status=live}} The Verge questioned how the program developed in later years, since the document was composed in the early period of the iPhone and smartphones in general.{{Cite web|last=Robertson|first=Adi|date=2013-12-31|title=Apple denies any knowledge of NSA's iPhone surveillance implant|url=https://www.theverge.com/2013/12/31/5260990/apple-denies-any-knowledge-of-nsas-iphone-surveillance-implant|access-date=2021-12-18|website=The Verge|language=en|archive-date=2021-12-18|archive-url=https://web.archive.org/web/20211218173441/https://www.theverge.com/2013/12/31/5260990/apple-denies-any-knowledge-of-nsas-iphone-surveillance-implant|url-status=live}} Dell denied collaborating with any government in general, including the US government. John Stewart, senior vice president and chief security officer of Cisco stated that they were "deeply concerned and will continue to pursue all avenues to determine if we need to address any new issues." Juniper stated that they were working actively to address any possible exploit paths. Huawei stated they would take appropriate audits to determine if any compromise had taken place and would communicate if so. NSA declined to comment on the publication by Der Spiegel.{{Cite web |last1=Bent |first1=Kristin |last2=Spring |first2=Tom |date=2013-12-30 |title=Dell, Cisco 'Deeply Concerned' Over NSA Backdoor Exploit Allegations |url=https://www.crn.com/news/security/240165053/dell-cisco-deeply-concerned-over-nsa-backdoor-exploit-allegations.htm |url-status=live |archive-url=https://web.archive.org/web/20220407000231/https://www.crn.com/news/security/240165053/dell-cisco-deeply-concerned-over-nsa-backdoor-exploit-allegations.htm |archive-date=2022-04-07 |access-date=2022-04-08 |website=CRN}}

Bruce Schneier wrote about the tools on his blog in a series titled "NSA Exploit of the Week". He stated that because of this, his website got blocked by the Department of Defense.{{Cite IETF|last=Farrell |first=Stephen |title=Reflections on Ten Years Past The Snowden Revelations |rfc=9446 |access-date=2023-10-28 |publisher=Internet Engineering Task Force |date=July 2023 |section=2 |sectionname=Bruce Schneier: Snowden Ten Years Later}}

= Sources =

Both Der Spiegel and Appelbaum have played an important role in the leaks of Edward Snowden, but neither clarified if the ANT catalog came from him.{{cite web|archive-url=https://web.archive.org/web/20131230233231/http://hosted.ap.org/dynamic/stories/E/EU_NSA_SURVEILLANCE?SITE=AP&SECTION=HOME&TEMPLATE=DEFAULT&CTIME=2013-12-29-13-01-13|url=http://hosted.ap.org/dynamic/stories/E/EU_NSA_SURVEILLANCE?SITE=AP&SECTION=HOME&TEMPLATE=DEFAULT&CTIME=2013-12-29-13-01-13|url-status=dead|archive-date=30 December 2013|website=Associated Press|title=Privacy advocate exposes NSA spy gear at gathering}} The source who leaked the ANT catalog to them is unknown as of {{Year}}.

Officials at the NSA did not believe that the web crawler used by Snowden touched the ANT catalog and started looking for other people who could have leaked the catalog.{{Cite book |last=Sanger |first=David E. |title=The perfect weapon: war, sabotage, and fear in the cyber age |title-link=The Perfect Weapon: War, Sabotage, and Fear in the Cyber Age |date=2018 |publisher=Crown Publishing Group |isbn=978-0-451-49789-5 |edition=1st |location=New York |pages=74 |oclc=1039082430 |author-link=David E. Sanger}}

Author James Bamford, who is specialized in the United States intelligence agencies, noted in a 2016 commentary article that Appelbaum has not identified the source who leaked the ANT catalog to him, which led people to mistakenly assume it was Edward Snowden. Bamford got unrestricted access to the documents cache from Edward Snowden and could not find any references to the ANT catalog using automated search tools, thereby concluding that the documents were not leaked by him.{{Cite news|last=Bamford|first=James|author-link=James Bamford|date=2016-08-22|title=Commentary: Evidence points to another Snowden at the NSA|language=en|agency=Reuters|url=https://www.reuters.com/article/us-intelligence-nsa-commentary-idUSKCN10X01P|access-date=2022-02-09|archive-date=2022-02-24|archive-url=https://web.archive.org/web/20220224013929/https://www.reuters.com/article/us-intelligence-nsa-commentary-idUSKCN10X01P|url-status=live}} Security expert Bruce Schneier has stated on his blog that he also believes the ANT catalog did not come from Snowden, but from a second leaker.{{cite web|last=Pasick|first=Adam|date=4 July 2014|title=The NSA may have another leaker on its hands|url=https://qz.com/230329/the-nsa-may-have-another-leaker-on-its-hands/|url-status=dead|archive-url=https://web.archive.org/web/20141023103142/https://qz.com/230329/the-nsa-may-have-another-leaker-on-its-hands/|archive-date=23 October 2014|access-date=7 February 2022|website=Quartz}}

= Content =

The published catalog pages were written between 2008 and 2009. The price of the items ranged from free up to $250,000.

scope="col" class="unsortable" \| Page ! scope="col" \| Code name ! scope="col" class="unsortable" style=width:40em \| Description{{Cite web \|date=2013-12-30 \|title=Interactive Graphic: The NSA's Spy Catalog \|url=https://www.spiegel.de/international/world/a-941262.html \|url-status=dead \|archive-url=https://web.archive.org/web/20140102051417/https://www.spiegel.de/international/world/a-941262.html \|archive-date=2014-01-02 \|access-date=2022-04-07 \|website=Der Spiegel}} ! scope="col" \| Unit price in US${{efn\|If the price is listed in bulk, a calculation is made to get the unit price}}
class="wikitable sortable mw-collapsible" \|+ Capabilities in the ANT catalog
{{anchor\|CANDYGRAM}} \| 50px	CANDYGRAM	Tripwire device that emulates a GSM cellphone tower.	40,000
{{anchor\|COTTONMOUTH-I}} \| 50px	COTTONMOUTH-I	Family of modified USB and Ethernet connectors that can be used to install Trojan horse software and work as wireless bridges, providing covert remote access to the target machine. COTTONMOUTH-I is a USB plug that uses TRINITY as digital core and HOWLERMONKEY as RF transceiver.	20,300
{{anchor\|COTTONMOUTH-II}} \| 50px	COTTONMOUTH-II	Can be deployed in a USB socket (rather than plug), and, but requires further integration in the target machine to turn into a deployed system.	4,000
{{anchor\|COTTONMOUTH-III}} \| 50px	COTTONMOUTH-III	Stacked Ethernet and USB plug	24,960
{{anchor\|CROSSBEAM}} \| 50px	CROSSBEAM	GSM communications module capable of collecting and compressing voice data	4,000
{{anchor\|CTX4000}} \| 50px	CTX4000	Continuous wave radar device that can "illuminate" a target system for recovery of "off net" information.	N/A
{{anchor\|CYCLONE-Hx9}} \| 50px	CYCLONE-HX9	GSM Base Station Router as a Network-In-a-Box	70,000{{efn\|For two months}}
{{anchor\|DEITYBOUNCE}} \| 50px	DEITYBOUNCE	Technology that installs a backdoor software implant on Dell PowerEdge servers via the motherboard BIOS and RAID controller(s).	0
{{anchor\|DROPOUTJEEP}} \| 50px	DROPOUTJEEP	"A software implant for the Apple iPhone that utilizes modular mission applications to provide specific SIGINT functionality. This functionality includes the ability to remotely push/pull files from the device. SMS retrieval, contact list retrieval, voicemail, geolocation, hot mic, camera capture, cell tower location, etc. Command, control and data exfiltration can occur over SMS messaging or a GPRS data connection. All communications with the implant will be covert and encrypted."	0
{{anchor\|ESBR}} \| 50px	EBSR	Tri-band active GSM base station with internal 802.11/GPS/handset capability	40,000
{{anchor\|ENTOURAGE}} \| 50px	ENTOURAGE	Direction finding application for GSM, UMTS, CDMA2000 and FRS signals	70,000
{{anchor\|FEEDTROUGH}} \| 50px	FEEDTROUGH	Software that can penetrate Juniper Networks firewalls allowing other NSA-deployed software to be installed on mainframe computers.	N/A
{{anchor\|FIREWALK}} \| 50px	FIREWALK	Device that looks identical to a standard RJ45 socket that allows data to be injected, or monitored and transmitted via radio technology. using the HOWLERMONKEY RF transceiver. It can for instance create a VPN to the target computer.	10,740
{{anchor\|GENESIS}} \| 50px	GENESIS	GSM handset with added software-defined radio features to record the radio frequency spectrum	15,000
{{anchor\|GODSURGE}} \| 50px	GODSURGE	Software implant for a JTAG bus device named FLUXBABBITT which is added to Dell PowerEdge servers during interdiction. GODSURGE installs an implant upon system boot-up using the FLUXBABBITT JTAG interface to the Xeon series CPU.	500{{efn\|Including installation costs}}
{{anchor\|GINSU}} \| 50px	GINSU	Technology that uses a PCI bus device in a computer, and can reinstall itself upon system boot-up.	0
{{anchor\|GOPHERSET}} \| 50px	GOPHERSET	GSM software that uses a phone's SIM card's API (SIM Toolkit or STK) to control the phone through remotely sent commands.	0
{{anchor\|GOURMETTROUGH}} \| 50px	GOURMETTROUGH	User-configurable persistence implant for certain Juniper Networks firewalls.	0
{{anchor\|HALLUXWATER}} \| 50px	HALLUXWATER	Back door exploit for Huawei Eudemon firewalls.	N/A
{{anchor\|HEADWATER}} \| 50px	HEADWATER	Persistent backdoor technology that can install spyware using a quantum insert capable of infecting spyware at a packet level on Huawei routers.	N/A
{{anchor\|HOWLERMONKEY}} \| 50px	HOWLERMONKEY	A RF transceiver that makes it possible (in conjunction with digital processors and various implanting methods) to extract data from systems or allow them to be controlled remotely.	750{{efn\|When ordering 25 units, the price per item is US$1000}}
{{anchor\|IRATEMONK}} \| 50px	IRATEMONK	Technology that can infiltrate the firmware of hard drives manufactured by Maxtor, Samsung, Seagate, and Western Digital.	0
{{anchor\|IRONCHEF}} \| 50px	IRONCHEF	Technology that can "infect" networks by installing itself in a computer I/O BIOS. IRONCHEF includes also "Straitbizarre" and "Unitedrake" which have been linked to the spy software REGIN.{{cite web\|first1=Christian\|last1=Stöcker\|first2=Marcel\|last2=Rosenbach\|url=http://www.spiegel.de/netzwelt/netzpolitik/trojaner-regin-ist-ein-werkzeug-von-nsa-und-gchq-a-1004950.html\|title=Trojaner Regin ist ein Werkzeug von NSA und GCHQ\|language=de\|date=25 November 2014\|work=Spiegel Online\|access-date=2 February 2015\|archive-date=28 November 2014\|archive-url=https://web.archive.org/web/20141128093305/http://www.spiegel.de/netzwelt/netzpolitik/trojaner-regin-ist-ein-werkzeug-von-nsa-und-gchq-a-1004950.html\|url-status=live}}	0
{{anchor\|JUNIORMINT}} \| 50px	JUNIORMINT	Implant based on an ARM9 core and an FPGA.	N/A
{{anchor\|JETPLOW}} \| 50px	JETPLOW	Firmware that can be implanted to create a permanent backdoor in a Cisco PIX series and ASA firewalls.	0
{{anchor\|LOUDAUTO}} \| 50px	LOUDAUTO	Audio-based RF retro-reflector listening device.	30
{{anchor\|MAESTRO-II}} \| 50px	MAESTRO-II	Multi-chip module approximately the size of a dime that serves as the hardware core of several other products. The module contains a 66 MHz ARM7 processor, 4 MB of flash, 8 MB of RAM, and a FPGA with 500,000 gates. It replaces the previous generation modules which were based on the HC12 microcontroller.	3,000{{efn\|Up to 4,000}}
{{anchor\|MONKEYCALENDAR}} \| 50px	MONKEYCALENDAR	Software that transmits a mobile phone's location by hidden text message.	0
{{anchor\|NEBULA}} \| 50px	NEBULA	Multi-protocol network-in-a-box system.	250,000
{{anchor\|NIGHTSTAND}} \| 50px	NIGHTSTAND	Portable system that installs Microsoft Windows exploits from a distance of up to eight miles over a wireless connection.	N/A{{efn\|Varies from platform to platform}}
{{anchor\|NIGHTWATCH}} \| 50px	NIGHTWATCH	Portable computer used to reconstruct and display video data from VAGRANT signals; used in conjunction with a radar source like the CTX4000 to illuminate the target in order to receive data from it.	N/A
{{anchor\|PICASSO}} \| 50px	PICASSO	Software that can collect mobile phone location data, call metadata, access the phone's microphone to eavesdrop on nearby conversations.	2,000
{{anchor\|PHOTOANGLO}} \| 50px	PHOTOANGLO	A joint NSA/GCHQ project to develop a radar system to replace CTX4000.	40,000
{{anchor\|RAGEMASTER}} \| 50px	RAGEMASTER	A concealed device that taps the video signal from a target's computer's VGA signal output so the NSA can see what is on a targeted desktop monitor. It is powered by a remote radar and responds by modulating the VGA red signal (which is also sent out most DVI ports) into the RF signal it re-radiates; this method of transmission is codenamed VAGRANT. RAGEMASTER is usually installed/concealed in the ferrite choke of the target cable. The original documents are dated 2008-07-24. Several receiver/demodulating devices are available, e.g. NIGHTWATCH.	30
{{anchor\|SCHOOLMONTANA}} \| 50px	SCHOOLMONTANA	Software that makes DNT{{Efn\|Data Network Technologies, a division of the Tailored Access Operations}} implants persistent on JUNOS-based (FreeBSD-variant) J-series routers/firewalls.	N/A
{{anchor\|SIERRAMONTANA}} \| 50px	SIERRAMONTANA	Software that makes DNT implants persistent on JUNOS-based M-series routers/firewalls.	N/A
{{anchor\|STUCCOMONTANA}} \| 50px	STUCCOMONTANA	Software that makes DNT implants persistent on JUNOS-based T-series routers/firewalls.	N/A
{{anchor\|SOMBERKNAVE}} \| 50px	SOMBERKNAVE	Software that can be implanted on a Windows XP system allowing it to be remotely controlled from NSA headquarters.	50,000
{{anchor\|SOUFFLETROUGH}} \| 50px	SOUFFLETROUGH	BIOS injection software that can compromise Juniper Networks SSG300 and SSG500 series firewalls.	0
{{anchor\|SPARROW-II}} \| 50px	SPARROW II	A small computer intended to be used for WLAN collection, including from UAVs. Hardware: IBM Power PC 405GPR processor, 64 MB SDRAM, 16 MB of built-inflash, 4 mini PCI slots, CompactFlash slot, and 802.11 B/G hardware. Running Linux 2.4 and the BLINDDATE software suite. Unit price (2008): $6K.	6,000
{{anchor\|SURLYSPAWN}} \| 50px	SURLYSPAWN	Keystroke monitor technology that can be used on remote computers that are not internet connected.	30
{{anchor\|SWAP}} \| 50px	SWAP	Technology that can reflash the BIOS of multiprocessor systems that run FreeBSD, Linux, Solaris, or Windows.	0
{{anchor\|TAWDRYYARD}} \| 50px	TAWDRYYARD	Radio frequency retroreflector to provide location information.	30
{{anchor\|TOTECHASER}} \| 50px	TOTECHASER	Windows CE implant for extracting call logs, contact lists and other information.	N/A
{{anchor\|TOTEGHOSTLY}} \| 50px	TOTEGHOSTLY	Software that can be implanted on a Windows mobile phone allowing full remote control.	0
{{anchor\|TRINITY}} \| 50px	TRINITY	Multi-chip module using a 180 MHz ARM9 processor, 4 MB of flash, 96 MB of SDRAM, and a FPGA with 1 million gates. Smaller than a penny.	6,250{{efn\|100 units for 625,000}}
{{anchor\|TYPHON HX}} \| 50px	TYPHON HX	Network-in-a-box for a GSM network with signaling and call control.	N/A
{{anchor\|WATERWITCH}} \| 50px	WATERWITCH	A portable "finishing tool" that allows the operator to find the precise location of a nearby mobile phone.	N/A
{{anchor\|WISTFULTOLL}} 50px	WISTFULTOLL	Plugin for collecting information from targets using Windows Management Instrumentation	0

Follow-up developments

Security expert Matt Suiche noted that the software exploits leaked by the Shadow Brokers could be seen as genuine because it matched with names from the ANT catalog.{{Cite web|last=Hackett|first=Robert|title=Hackers Have Allegedly Stolen NSA-Linked 'Cyber Weapons' and Are Auctioning Them Off|url=https://fortune.com/2016/08/16/nsa-hack-auction-shadow-brokers-cyber-weapons/|access-date=2021-12-18|website=Fortune|language=en|archive-date=2021-12-18|archive-url=https://web.archive.org/web/20211218184119/https://fortune.com/2016/08/16/nsa-hack-auction-shadow-brokers-cyber-weapons/|url-status=live}} John Bumgarner has stated to IEEE Spectrum that US government suspicion of Huawei is based on its own ability to add backdoors as shown in the ANT catalog.{{Cite web|last=Hsu|first=Jeremy|date=2014-03-26|title=U.S. Suspicions of China's Huawei Based Partly on NSA's Own Spy Tricks|url=https://spectrum.ieee.org/us-suspicions-of-chinas-huawei-based-partly-on-nsas-own-spy-tricks|access-date=2021-12-21|website=IEEE Spectrum|language=en|archive-date=2021-12-21|archive-url=https://web.archive.org/web/20211221103136/https://spectrum.ieee.org/us-suspicions-of-chinas-huawei-based-partly-on-nsas-own-spy-tricks|url-status=live}}

= NSA Playset =

The NSA Playset is an open-source project inspired by the NSA ANT catalog to create more accessible and easy to use tools for security researchers. Most of the surveillance tools can be recreated with off-the-shelf or open-source hardware and software. Thus far, the NSA Playset consists of fourteen items, for which the code and instructions can be found online on the project's homepage. After the initial leak, Michael Ossman, the founder of Great Scott Gadgets, gave a shout out to other security researchers to start working on the tools mentioned in the catalog and to recreate them. The name NSA Playset came originally from Dean Pierce, who is also a contributor (TWILIGHTVEGETABLE(GSM)) to the NSA Playset. Anyone is invited to join and contribute their own device. The requisites for an addition to the NSA Playset is a similar or already existing NSA ANT project, ease of use and a silly name (based on the original tool's name if possible). The silly name requisite is a rule that Michael Ossman himself came up with and an example is given on the project's website: "For example, if your project is similar to FOXACID, maybe you could call it COYOTEMETH." The ease of use part stems also from the NSA Playset's motto: "If a 10 year old can't do it, it doesn't count!"{{cite web|author=Lucy Teitler|date=November 17, 2014|title=Let's Play NSA! The Hackers Open-Sourcing Top Secret Spy Tools|url=https://www.vice.com/en/article/michael-ossmann-and-the-nsa-playset/|publisher=Vice Motherboard|access-date=June 14, 2017|archive-date=February 25, 2017|archive-url=https://web.archive.org/web/20170225030520/https://motherboard.vice.com/en_us/article/michael-ossmann-and-the-nsa-playset|url-status=live}}{{cite web|author=Violet Blue|date=June 11, 2014|title=NSA Playset invites hackers to 'play along with the NSA'|url=https://www.zdnet.com/article/nsa-playset-invites-hackers-to-play-along-with-the-nsa/|publisher=ZDNet|access-date=June 15, 2017|archive-date=June 19, 2017|archive-url=https://web.archive.org/web/20170619034523/http://www.zdnet.com/article/nsa-playset-invites-hackers-to-play-along-with-the-nsa/|url-status=live}}{{cite web | url=http://ossmann.blogspot.co.at/2014/07/the-nsa-playset.html | publisher=Mossman's blog | title=The NSA Playset | date=July 31, 2014 | access-date=June 14, 2017 | author=Michael Ossmann | archive-date=December 28, 2017 | archive-url=https://web.archive.org/web/20171228171520/http://ossmann.blogspot.co.at/2014/07/the-nsa-playset.html | url-status=live }}{{cite web|author=Sean Gallagher|date=August 11, 2015|title=The NSA Playset: Espionage tools for the rest of us|url=https://arstechnica.com/information-technology/2015/08/the-nsa-playset-espionage-tools-for-the-rest-of-us/|publisher=Ars Technica|access-date=June 14, 2017|archive-date=September 22, 2017|archive-url=https://web.archive.org/web/20170922083309/https://arstechnica.com/information-technology/2015/08/the-nsa-playset-espionage-tools-for-the-rest-of-us/|url-status=live}}

class="wikitable" ! Name{{cite web \|title=NSA Playset homepage \|url=http://www.nsaplayset.org/ \|website=www.nsaplayset.org \|access-date=2021-12-18 \|archive-date=2023-01-30 \|archive-url=https://web.archive.org/web/20230130151012/http://www.nsaplayset.org/ \|url-status=dead }} ! style=width:40em \| Description
TWILIGHTVEGETABLE	a boot image for GSM communication monitoring.
LEVITICUS	a hand held GSM frequency analyzer disguised as a Motorola phone; named after GENESIS.
DRIZZLECHAIR	a hard drive with all the needed tools to crack A5/1 including the rainbow tables.
PORCUPINEMASQUERADE	a passive Wi-Fi reconnaissance drone.
KEYSWEEPER	a keylogger in form of a USB wall charger, that wirelessly and passively sniffs, decrypts, logs and reports back (over GSM).
SLOTSCREAMER	a PCI hardware implant, which can access memory and IO.
ADAPTERNOODLE	a USB exploitation device.
CHUKWAGON	uses a pin on a computer's VGA port to attack via the I²C bus accessing the computer's operating system.
TURNIPSCHOOL	a hardware implant concealed in a USB cable which provides short range radio frequency communication capability to software running on the host computer.
BLINKERCOUGH	a hardware implant that is embedded in a VGA cable which allows data exfiltration.
SAVIORBURST	a hardware implant exploiting the JTAG interface for software application persistence; named after GODSURGE. FLUXBABBIT is replaced by SOLDERPEEK.
CACTUSTUTU	Portable system that enables wireless installation of Microsoft Windows exploits; covers NIGHTSTAND.
TINYALAMO	software that targets BLE (Bluetooth Low Energy) and allows keystroke surveillance (keylogger) and injection.
CONGAFLOCK	Radio frequency retroreflector intended for experimentation. Intended use would be the implantation into a cable and data exfiltration based on radio reflectivity of the device.(FLAMENCOFLOCK (PS/2), TANGOFLOCK (USB), SALSAFLOCK (VGA) are retroreflectors with specific interfaces to test data exfiltration.)

Explanatory notes

References

External links

[http://www.nsaplayset.org/ NSA Playset wiki] {{Webarchive|url=https://web.archive.org/web/20230130151012/http://www.nsaplayset.org/ |date=2023-01-30 }}
[https://www.blackhat.com/docs/us-15/materials/us-15-Ossmann-The-NSA-Playset-A-Year-Of-Toys-And-Tools.pdf The NSA Playset a Year of toys and tools] {{Webarchive|url=https://web.archive.org/web/20220120035708/https://www.blackhat.com/docs/us-15/materials/us-15-Ossmann-The-NSA-Playset-A-Year-Of-Toys-And-Tools.pdf |date=2022-01-20 }} at Black Hat 2015
[http://ossmann.com/ossmann-pierce-toorcamp2014.pdf NSA Playset] {{Webarchive|url=https://web.archive.org/web/20211218171948/http://ossmann.com/ossmann-pierce-toorcamp2014.pdf |date=2021-12-18 }} at Toorcamp 2014

Category:Der Spiegel

Category:Espionage devices

Category:National Security Agency

Category:Spyware used by governments

Category:Surveillance