NSA ‘Intercepted PC Shipments To Install Malware’

The US National Security Agency (NSA) managed to sneak malware onto people’s PCs by intercepting them before they even shipped out of the country, according to previously top secret documents.

In an attack the NSA calls “interdiction”, the body can divert deliveries of machines to its own “load stations”, where it can either install software or hardware to spy on those computers. One document suggested this tactic was one of the “most productive” of the NSA’s hacking operations.

NSA hacking

The operations were carried out by the NSA’s Office of Tailored Access Operations (TAO), which has carried out numerous offensive hacking operations. Documents showed the body took on 279 missions in 2010, according to German publication Der Spiegel.

The revelations came a matter of days after a US judge declared the NSA’s hoovering up of phone metadata to be legal, contradicting a previous ruling that declared the actions “likely unconstitutional”.

A case brought by the American Civil Liberties Union (ACLU) was dismissed by Judge William Pauley III, who said the metadata collection was lawful under Section 215 of the Patriot Act and under the Fourth Amendment. The ACLU has promised to appeal, meaning a fight in the US Supreme Court is looking likely.

TAO has other sneaky ways of gaining access to targets’ machines. When a known machine is in need of a Windows update, TAO can determine what potentially exploitable flaws are resident on that PC.

The tools used by NSA agents carry names such as Angry Neighbour, HowlerMonkey and Waterwitch. The US government hopes to compromise around 85,000 computers with such offensive tools by the end of 2013.

The NSA told the German paper: “Tailored Access Operations is a unique national asset that is on the front lines of enabling NSA to defend the nation and its allies.” It would not respond to questions on the specific activities noted above.

What do you know about tech whistleblowers? Take our quiz!

Thomas Brewster

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

3 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

3 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

3 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

4 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

4 days ago