My challenge to you it to read through these without saying aloud
"Holy shit. They really built this?"
Here we go:
SIERRAMONTANA provides persistence for DNT implants.
The DNT implant will survive an upgrade or replacement of the operating system -- including physically replacing the router's compact flash card.
https://www.schneier.com/blog/archives/2014/01/sierramontana_n.html
STUCCOMONTANA provides persistence for DNT implants.
The DNT implant will survive an upgrade or replacement of the operating system -- including physically replacing the router's compact flash card.
https://www.schneier.com/blog/archives/2014/01/stuccomontana_n.html
The CTX4000 is a portable continuous wave (CW) radar unit.
It can be used to illuminate a target system to recover different off net information. Primary uses include VAGRANT and DROPMIRE collection.
https://www.schneier.com/blog/archives/2014/01/ctx4000_nsa_exp.html
LOUDAUTO is an audio-based RF retro-reflector.
Provides room audio from targeted space using radar and basic post-processing.
https://www.schneier.com/blog/archives/2014/01/loudauto_nsa_ex.html
NIGHTSTAND is an active 802.11 wireless exploitation and injection tool for payload /exploit delivery into otherwise denied target space. NIGHTSTAND is typically used in operations where wired access to the target is not possible.
https://www.schneier.com/blog/archives/2014/01/nightstand_nsa.html
NIGHTWATCH is a portable computer with specialized, internal hardware designed to process progressive-scan (non-interlaced VAGRANT signals).
https://www.schneier.com/blog/archives/2014/01/nightwatch_nsa.html
PHOTOANGLO is a joint NSA/GCHQ project to develop a new radar system to take the place of the CTX4000.
https://www.schneier.com/blog/archives/2014/01/photoanglo_nsa.html
SPARROW II is an embedded computer system running BLINDDATE tools.
Sparrow II is a fully functional WLAN collection system with integrated Mini PCI slots for added functionality such as GPS and multiple Wireless Network Interface Cards.
https://www.schneier.com/blog/archives/2014/01/sparrow_ii_nsa.html
TAWDRYYARD is a beacon RF retro-reflector.
Provides return when illuminated with radar to provide rough positional location.
https://www.schneier.com/blog/archives/2014/01/tawdryyard_nsa.html
GINSU provides software application persistence for the CNE implant, KONGUR, on target systems with the PCI bus hardware implant, BULLDOZER. This technique supports any desktop PC system that contains at least one PCI connector (for BULLDOZER installation) and Microsoft Windows 9x, 2000, 20003, XP, or Vista.
https://www.schneier.com/blog/archives/2014/01/ginsu_nsa_explo.html
HOWLERMONKEY is a custom Short to Medium range implant RF Transceiver.
It is used in conjunction with a digital core to provide a complete implant.
https://www.schneier.com/blog/archives/2014/01/howlermonkey_ns.html
IRATEMONK provides software application persistence on desktop and laptop computers by implanting in the hard drive firmware to gain execution through Master Boot Record (MBR) substitution. This technique supports systems without RAID hardware that boot from a variety of Western Digital, Seagate, Maxtor, and Samsung hard drives. The supported file systems are: FAT, NTFS, EXT3 and UFS.
https://www.schneier.com/blog/archives/2014/01/iratemonk_nsa_e.html
JUNIORMINT is a digital core packaged in both a mini Printed circuit Board (PCB), to be used in typical concealments, and a miniaturized Flip Chip Module (FCM), to be used in implants with size constraining concealments.
https://www.schneier.com/blog/archives/2014/02/juniormint_nsa.html
MAESTRO-II is a miniaturized digital core packaged in a Multi-Chip Module (MCM) to be used in implants with size constraining concealments.
https://www.schneier.com/blog/archives/2014/02/maestro-ii_nsa.html
SOMBERKNAVE is a Windows XP wireless software implant that provides covert internet connectivity for isolated targets.
SOMBERKNAVE is a software implant that surreptitiously routes TCP traffic from a designated process to a secondary network via an unused embedded 802.11 network device. If an Internet-connected wireless Access Point is present, SOMBERKNAVE can be used to allow OLYMPUS or VALIDATOR to "call home" via 802.11 from an air-gapped target computer.
https://www.schneier.com/blog/archives/2014/02/somberknave_nsa.html
SWAP provides software application persistence by exploiting the motherboard BIOS and the hard drive's Host Protected Area to gain periodic execution before the Operating System loads. This technique supports single or multi-processor systems running Windows, Linux, FreeBSD, or Solaris with the following file systems: FAT32, NTFS, EXT2, EXT3, or UFS1.0.
https://www.schneier.com/blog/archives/2014/02/swap_nsa_exploi.html
TRINITY is a miniaturized digital core packaged in a Multi-Chip Module (MCM) to be used in implants with size constraining concealments.
https://www.schneier.com/blog/archives/2014/02/trinity_nsa_exp.html
WISTFULTOLL is a UNITEDRAKE and STRAITBIZARRE plug-in used for harvesting and returning forensic information from a target using Windows Management Instrumentation (WMI) calls and Registry extractions.
https://www.schneier.com/blog/archives/2014/02/wistfultoll_nsa.html
SURLYSPAWN is data RF retro-reflector.
Provides return modulated with target data (keyboard, low data rate digital device) when illuminated with radar.
https://www.schneier.com/blog/archives/2014/02/surlyspawn_nsa.html
DROPOUTJEEP is a software implant for the Apple iPhone that utilizes modular mission applications to provide specific SIGINT functionality. This functionality includes the ability to remotely push/pull files from the device, SMS retrieval, contact list retrieval, voicemail, geolocation, hot mic, camera capture, cell tower location, etc.
https://www.schneier.com/blog/archives/2014/02/dropoutjeep_nsa.html
GOPHERSET is a software implant for GSM (Global System for Mobile communication) subscriber identity module (SIM) cards. This implant pulls Phonebook, SMS, and call log information from a target handset and exfiltrates it to a user-defined phone number via short message service (SMS).
MONKEYCALENDAR is a software implant for GSM (Global System for Mobile communication) subscriber identity module (SIM) cards. This implant pulls geolocation information from a target handset and exfiltrates it to a user-defined phone number via short message service (SMS).
The textual content here is copied from an article titled "NSA Exploit of the Day" in the Crypto-Gram Newsletter dated "February 15, 2014".
The content has been reformatted to for display.