Threat Intelligence

A Close Look at the NSA Monitor Catalog – Server Hacking

Introduction

Summing up what happened, Der Spiegel published an internal NSA catalog that contains detailed information on spies' backdoors used by the agencies and designed to compromise a wide range of equipment from major IT vendors.

The document contains product data sheets of tools and exploits designed by NSA for cyber espionage, including backdoor for hard drives and networking appliances. The products listed in the catalog are designed by the Advanced/Access Network Technology (ANT), the Agency has built capabilities to compromise any kind of device. It is also able to infect BIOS firmware of targeted systems for long-term cyber espionage.

As anticipated in a previous post, my intention is to deeper analyze the NSA catalog, trying to better understand the real capabilities of the Agency and the attack scenarios in which the hacking tools were used.

In the last post titled "How the NSA Monitors Target Computers with Radar Wave Devices", I explained how the Intelligence agency designed components to spy on computer screens, fax/printers, audio devices, keyboards and mouse, without even installing an agent on the target machine.

I have considered the tools in the catalog belonging to the ANGRYNEIGHBOR family, a series of systems based on the continuous wave irradiation. The ANGRYNEIGHBOR family is composed of units which work even if the target device isn't online, giving to the spies much more operational opportunities.

"The series of bugs implemented as RF retro reflectors communicate with the use of an external radar wave generator such as CTX4000 or PHOTOANGLO. Appelbaum at the Chaos Communication Congress confirmed the existence of the device (CTX4000 or PHOTOANGLO) described as a portable continuous wave generator adding that it is remotely controllable that works in combination with tiny electronic implants to bounce waves of energy off monitors, keyboards and printers to analyze what has been respectively viewed, typed and printed."

In this post I will explore some other tools/exploits listed in the catalog expressly designed to compromise a server; in particular we will evaluate the following products:

• DEITYBOUNCE
  
• GODSURGE
  
• IRONCHEF
  

NSA Tools to Compromise Servers

Delivering a keynote speech at the 30th Chaos Computer Club, journalist and cyber security expert Jacob Applebaum presented dozens of zero day exploits used by the NSA for cyber espionage purposes. Within the amazing amount of information disclosed, Applebaum detailed previously unreported exploits targeting the servers manufactured by principal computer technology companies Dell and HP. The best-selling servers of Dell are among the products that have been compromised by the National Security Agency. According to the researcher, the US Intelligence had compromised many server systems at the BIOS level.The agency succeeded to the impairment of firmware components because of the technological inability of experts to locate the malware and the bugs.

"[they] don't have the forensics tools," Applebaum said.

The NSA catalog reveals that the agency has exploits practically working for servers running any Operating System, including Microsoft Windows, Linux, Sun Solaris and FreeBSD.

Despite the fact that the NSA argued the use of tools present in the catalog for defensive purposes, Applebaum highlighted that the US Government is conducting a large-scale surveillance campaign, as are many other governments.

"How many people in Al Qaida are using Solaris?" Applebaum asked the crowd

"[The NSA] are interested in compromising systems, not just people … They want to colonize systems with these tools," he added.

The tools mentioned in the introduction of this post specifically pointed out that Dell PowerEdge servers (1850, 2850, 1950, 2950) were all compromised. The NSA is able to exploit a feature in their architectures to serve a malware into the BIOS, either remote access or via USB drive.

The NSA exploit codenamed GODSURGE for example, uses a JTAG debugging component in the Dell PowerEdge 1950 and 2950, meanwhile IRONCHEF tool extracts data from HP's popular Proliant 380DL G5 server using two-way RF communication.

There is no indication in the NSA ANT Product catalog that any of the manufacturers supported the Agency, or were aware of the exploits designed by government experts. The documents also lacks information on feasibility of the hack today.

The tools proposed in this post exploit hardware and firmware-based backdoors. They request an "interdiction"phase, which means that the attackers have to have physical access to the target implanting additional devices or persistent software. The Der Spiegel hypothesized that the target systems are diverted during shipping to "load stations", where the implants are installed. There is no news on possible cooperation of shipping companies or other government agencies in this scenario. In other cases, the NSA could use an insider that would "reflash" BIOS firmware though a USB device or via a remote access tool deployed by other means to gain access to the targeted computer.

The implanted backdoor was designed to survive a total operating system wipe and re-installation. The document refers to a BIOS attack, codenamed SWAP, developed to attack a number of types of computers and operating systems by loading surveillance and control software at boot-up. SWAP exploits the Host Protected Area on the system's hard drive to drop the payload and installs it before the operating system boots.

DEITYBOUCE

The DEITYBOUNCE tool designed by NSA provided application persistence on the Dell PowerEdge server family. It exploits BIOS and utilizes System Management Mode (SMM) to run periodically code while the target system is operating. The frequency of execution of DEITYBOUNCE for malicious code dropping is configurable and will occur when the victim's system powers on.

The NSA catalog states that it targets Dell PowerEdge 1850/2850/1950/2950 Raid using specific BIOS versions (A02, A05, A06, 1.1.0, 1.2.0, 1.3.7). System Management Mode (SMM) is an operating mode in which all normal execution, including the operating system, is suspended and special separate software, usually firmware or a hardware-assisted debugger, is executed in high-privilege mode. If an attacker could permanently disable security features on the target and exploit BIOS utilizing System Management Mode, he would sensibly reduce the security of the victim machine.

The technique is not new to the IT security community. Last year, at the Black Hat security conference in Las Vegas, researcher Jonathan Brossard proposed a strain of malware that's quite impossible to disinfect once it compromises the victim host. Brossard named his agent "Rakshasa", defining it a "permanent backdoor" hard to detect, and quite impossible to remove. It must be clear that the researcher hasn't found a new vulnerability, but he has demonstrated how much harder is to detect a backdoor that uses similar mechanisms of infection.

"It's a problem with the architecture that's existed for 30 years. And that's much worse."

The abstract demonstrated that permanent backdooring of hardware is certainly feasible; Rakshasa in fact is able to compromise more than a hundred of different motherboards.

DEITYBOUNCE supports multi-process systems with RAID hardware and based on Microsoft OSs Windows 2000, Windows 2003 and XP. The NSA specialists use the ARKSTREAM program to flash BIOS remotely and drop the malicious payload, the application was also used in combination with another exploit known as SWAP (a combination of a malicious BIOS modification and a malicious Hard Disk firmware modification to maintain software-based malware on the victim computer).

The inoculation of malicious BIOS was possible also via interdiction on the target machine. In this case, the catalog suggests the implantation accomplished by non-technical operators through the use of a USB thumb drive.

Figure 1 - The DEITYBOUCE tool

Be aware, the DEITYBOUNCE would likely not be possible today, as noted ZDNet writer Larry Seltzer:

"UEFI (Unified Extensible Firmware Interface), along with Secure Boot apply a PKI-based authentication system for code running on the computer. Unless they had access to the keys, the NSA shouldn't be able to flash malicious BIOS on a system so-equipped. Dell and Microsoft have supported UEFI and secure boot for many years. System certification for Windows 8 actually requires UEFI and secure boot to be enabled by default using a Microsoft private key," said Seltzer.

Dell recently released an official statement on the story published by the Der Spiegel magazine:

"Dell is aware of a story originally reported by Der Spiegel, which has subsequently been picked up in other media outlets, that refers to alleged security 'backdoors' implanted by the United States National Security Agency into products from several technology companies, including Dell.

Dell has a long-standing commitment to design, build and ship secure products and quickly address instances when issues are discovered. Our highest priority is the protection of customer data and information, which is reflected in our robust and comprehensive privacy and information security program and policies. We take very seriously any issues that may impact the integrity of our products or customer security and privacy. Should we become aware of a possible vulnerability in any of Dell's products we will communicate with our customers in a transparent manner as we have done in the past. Dell does not work with any government – United States or otherwise – to compromise our products to make them potentially vulnerable for exploit. This includes 'software implants' or so-called 'backdoors' for any purpose whatsoever. " the company said in a statement responding to the Der Spiegel story.

The GODSURGE

The GodSurge is a component that was designed to operate with FluxBabbitt hardware, a spy gadget designed by NSA, to provide persistence to software inside the Dell family of servers coded as PowerEdge. The hack is possible exploiting the JTAG debugging interface implemented by the processors on the server. A JTAG debugging interface is inserted by manufacturers for testing purposes, and it could be also used to reflash the BIOS from scratch, for example loading a compromised version of the software.

"Why did they release these servers with that software? … Is that a bug or a backdoor? This is an Advanced Persistent Threat." Applebaum asked the audience.

Robert Graham, a U.S. security consultancy at Errata Security, more than one year ago disproved the presence of a Chinese backdoor inside US electronic components. The bug in reality hasn't a malicious purpose. The researcher discovered that it was an entry point installed by the manufacturer for debugging operations.

"It's remotely possible that the Chinese manufacturer added the functionality, but highly improbable. It's prohibitively difficult to change a chip design to add functionality of this complexity."

Graham added that anyway a backdoor could pose a security threat:

"It not only allows the original manufacturer to steal intellectual-property, but any other secrets you tried to protect with the original [encryption] key."

Graham argues that the presence of backdoor is widespread: about 20% of home routers and around 50% of industrial control computers have a bug. Not every backdoor has a malicious purpose; in many cases, they are used to debug software and firmware contained in the product.

Chip designers project a circuit from building-blocks, including a module with debug functionality such as JTAG. Almost every commercial product includes the famous module for chip debugging.

The expert says that companies have to disable the debug features in the final version of products, but usually they don't do it because of great expenses to design of the chip without the component. They leave the JTAG interface enabled, and typically the component is disconnected, or even if it is connected, they don't route to the pins on the circuit board.

A JTAG "port"on the target component could give the attacker an access to CPU registers, dump and modification of the contents of memory, issue bus read/write cycles.

Figure 2 - JTAG DEBUG Module

It is clear that the NSA may have requested manufacturers don't remove the JTAG debug module, or it has elaborated a process to compromise the supply chain to insert the debugging circuit. According to the catalog, the bug could be used to compromise servers belonging to the families Dell Power Edge 1950 and Power Edge 2950 based on Xeon 5100 and 5300 processors.

Through interdiction, the JTAG component must be reconnected on the device to the monitor by removing the motherboard from the chassis and attaching the depopulated parts back onto the circuit board. Once done, the attacker just needs to connect the hardware implant to the motherboard. The implant could run the GODSURGE software and its payload, and the GODSURGE could be programmed to drop a malicious code under specific connection, for example serving a malware when triggered by power on of the server.

Microcircuits and firmware are present in every device around us, from the control of our cars to satellite communications systems. The NSA could have developed such a category of components to control hardware systems.

Each GODSURGE Unit is quoted in the catalog at $500, which includes hardware and installation.

Figure 3 – The GODSURGE Tool

The IRONCHEF

Like the tools DEITYBOUNCE and GODSURGE, the IRONCHEF provides persistent access to the target systems. IRONCHEF exploits the BIOS and utilizes the System Management Mode to communicate with a hardware implant that allows bidirectional RF communication.

The system supports the HP's popular Proliant 380DL G5 server, targets have to be modified with the introduction of a hardware implant that communicates over the I2C interface (WAGONBED). WAGONBED is a malicious hardware device that provides covert 2-way RF communications. Another version codenamed WAGONBED 2 can be mated with a Motorola G20 GSM module to form CROSSBEAM.

This IRONCHEF exploit requires 'interdiction' to the target device, a physical access to the server for the installation of a hardware-based implant. The interdiction requires an NSA operative to "break-in to a premises, to detain a suspect and confiscate their computers and Smartphones", or as speculated by the Der Spiegel, to intercept the supply chain for computer devices, installing the implant into newly purchased systems before they are shipped to a target.

As described in the NSA catalog, during the interdiction phase the NSA operatives implant the IRONCHEF and a software CNE implant onto the targeted system. The IRONCHEF is used to gain access to the machine in case the software CNE implant is removed from the target. In this case, the hardware "backdoor" could be used to reinstall the malicious code using a listening port to the target system.

In a statement to The Desk, an HP spokesperson said Hewlett-Packard was not aware of the claims made in the Der Spiegel and added it has "no reason to believe that the HP ProLiant G5 server mentioned was ever compromised as suggested in the article."

"HP's privacy and security policies are quite clear; we do not knowingly develop products to include security vulnerabilities … We are also active in testing and updating our products regularly to eliminate threats and make our products more secure. HP takes the privacy and security of our customer information with great seriousness. We will continue to put in place measures to keep our customers' information confidential and secure," the spokesperson said.

THE NSA REACTION

Days after the German Der Spiegel newspaper disclosed the catalog of tools used by the National Security Agency during its cyber espionage campaign, the agency issued an official statement.

On December 31th, NSA statement didn't provide a reply to the claims made by Snowden, but confirmed that the technologies developed were used with unique intent to protect the US population from foreign intelligence:

"While we cannot comment on specific, alleged intelligence-gathering activities," "NSA's interest in any given technology is driven by the use of that technology by foreign intelligence targets. The United States pursues its intelligence mission with care to ensure that innocent users of those same technologies are not affected."

The NSA statement tried to exclude the US IT industry, excluding the involvement of private manufacturers for the introduction of backdoor or the design of exploits. The America's technology industry must be considered, according to the US Government, the most secure in the world and its products are fundamental components for the protection of the Homeland Security. It's clear that the government is trying to restore the trust of US security industry, which appears to be the sector most damaged by the disclosure of the document leaked by Edward Snowden.

Conclusions

The catalog is a source of valuable information that helps us to understand the potentialities of the NSA. The American government has all sorts of products and exploits to compromise virtually every technology. The catalog is dated, in the past five years, technological advances have certainly led to the design of new tools for cyber espionage and electronic warfare, it is likely that the Snowden's revelations will show many other disturbing truths. We just have to wait for the next documents ... probably we discover that the NSA was not devoted only to surveillance activities, but also to offensive operations under cover.

References

http://securityaffairs.co/wordpress/5889/security/china-made-us-military-chip-security-backdoor-or-debugging-functionality.html

http://securityaffairs.co/wordpress/7786/hacking/rakshasa-is-it-possible-design-the-perfect-hardware-backdoor.html

http://cryptome.org/2013/12/nsa-ant-raumuber.pdf

http://www.loper-os.org/?p=1441

http://en.community.dell.com/dell-blogs/direct2dell/b/direct2dell/archive/2013/12/30/comment-on-der-spiegel-article-regarding-nsa-tao-organization.aspx

http://cryptome.org/2014/01/nsa-codenames.htm

http://www.tomsitpro.com/articles/dell-nsa-ant-deitybounce-snowden,1-1524.html

http://cryptome.org/2013/12/nsa-catalog-appelbaum.pdf

http://www.govinfosecurity.com/nsa-reacts-to-report-on-device-hacking-a-6328

http://www.spiegel.de/international/world/the-nsa-uses-powerful-toolbox-in-effort-to-spy-on-global-networks-a-940969-3.html

http://www.democracynow.org/2013/12/31/jacob_appelbaum_futuristic_sounding_radar_wave

https://leaksource.wordpress.com/2013/12/30/

http://securityaffairs.co/wordpress/20819/intelligence/tao-nsa-backdoor-catalog.html

http://www.thehindu.com/news/international/world/nsa-planted-bugs-at-indian-missions-in-dc-un/article5164944.ece