*** Welcome to piglix ***

NSA ANT catalog


The NSA ANT catalog is a 50-page classified document listing technology available to the United States National Security Agency (NSA) Tailored Access Operations (TAO) by the Advanced Network Technology (ANT) Division to aid in cyber surveillance. Most devices are described as already operational and available to US nationals and members of the Five Eyes alliance. According to Der Spiegel, which released the catalog to the public on December 30, 2013, "The list reads like a mail-order catalog, one from which other NSA employees can order technologies from the ANT division for tapping their targets' data." The document was created in 2008.

Security researcher Jacob Appelbaum gave a speech at the Chaos Communications Congress in Hamburg, Germany, in which he detailed techniques that the simultaneously published Der Spiegel article he coauthored indicate the NSA uses in its surveillance efforts in the US and internationally.

The prices of the items in the catalog range from free (typically for software) to US$250,000.

In 2013, Der Spiegel published an article, co-written by Jacob Appelbaum, Judith Horchert and Christian Stöcker, that exposed the NSA "toolbox". Their source of the document was not disclosed. While it came from one of the news agencies in possession of documents leaked by former NSA contractor Edward Snowden, security expert Bruce Schneier said he doesn't "believe the TAO catalog came from the Snowden documents. I think there's a second leaker out there."

Exploits described in the document are mostly targeted at devices manufactured by US companies, including Apple,Cisco, Dell, Juniper Networks, Maxtor, Seagate, and Western Digital, although there is nothing in the document that suggests that the companies were complicit. After Der Spiegel revealed that NSA has the ability to inject software onto iPhones using an ANT product called DROPOUTJEEP, Apple issued a statement denying any prior knowledge of the NSA spyware and stated that they would take steps to protect their customers from security attacks "regardless of who's behind them". Cisco has mustered their Cisco Product Security Incident Response Team (PSIRT) to investigate the hack vulnerability.


...
Wikipedia

...