Researchers create inexpensive versions of NSA’s spying tools

ShmooCon, the hacker convention that welcomes individuals interested in all aspects of computer and information security, was held last week in Washington, D.C.

Among the speakers invited to share their knowledge and projects were also Michael Ossman, a wireless security researcher who makes hardware for hackers, Dominic Spill, a developer working on many communications sniffing projects such as USBProxy, and open-source hardware designer Jared Boone.

I had the pleasure to meet Michael Ossman last year at the Hack In The Box conference in Amsterdam, where he talked about the likelihood of civilian enthusiasts being able to replicate the surveillance gadgets presented in the leaked NSA ANT catalog by using open source hardware and software, and doing it cheaply.

At the time, he pointed out that it’s not that difficult to replicate the gadgets’ capabilities, but that miniaturization of the gadgets to allow them to remain undetected might be the bigger problem.

He and fellow enthusiasts started a project dubbed NSA Playset, which aims to make cutting edge security tools more accessible. Security researchers are welcome to contribute to the NSA Playset with their own interception and reconnaissance tools and techniques and share details on how to create them.

They are also urged to come up with a “silly name” for the project, one that will mimic the names of NSA’s tools.

This is how TURNIPSCHOOL, an RF implant hidden in a USB cable, got its name. The device mirrors the capabilities of COTTONMOUTH-1, a pricy USB hardware implant that allows attackers to infiltrate air-gapped systems, load exploit software on and exfiltrate data from them, and remotely control them.

Ossman, Spill and Boone demonstrated how far they managed to come with TURNIPSCHOOL at ShmooCon.

The miniaturized device consists of custom and extremely cheap components. The exterior of the device still has to be designed, and they still need to make it function and be undetectable as COTTONMOUTH-1, but the hardware base – board, micro controller, radio transceiver, and USB hub chip – is there, and made to fit the size of a regular USB plug.

They also demonstrated new capabilities of USBProxy, an open framework for the BeagleBone Black open-source hardware single-board computer that allows the monitoring, injecting or modifying of data carried over a USB connection, and Daisho, a “SuperSpeed USB 3.0 FPGA platform.”

Don't miss