NSA ‘Intercepted PC Shipments To Install Malware’

Spy agency said to have diverted targets’ PC orders to “load stations”

The US National Security Agency (NSA) managed to sneak malware onto people’s PCs by intercepting them before they even shipped out of the country, according to previously top secret documents.

In an attack the NSA calls “interdiction”, the body can divert deliveries of machines to its own “load stations”, where it can either install software or hardware to spy on those computers. One document suggested this tactic was one of the “most productive” of the NSA’s hacking operations.

NSA-LogoNSA hacking

The operations were carried out by the NSA’s Office of Tailored Access Operations (TAO), which has carried out numerous offensive hacking operations. Documents showed the body took on 279 missions in 2010, according to German publication Der Spiegel.

The revelations came a matter of days after a US judge declared the NSA’s hoovering up of phone metadata to be legal, contradicting a previous ruling that declared the actions “likely unconstitutional”.

A case brought by the American Civil Liberties Union (ACLU) was dismissed by Judge William Pauley III, who said the metadata collection was lawful under Section 215 of the Patriot Act and under the Fourth Amendment. The ACLU has promised to appeal, meaning a fight in the US Supreme Court is looking likely.

TAO has other sneaky ways of gaining access to targets’ machines. When a known machine is in need of a Windows update, TAO can determine what potentially exploitable flaws are resident on that PC.

The tools used by NSA agents carry names such as Angry Neighbour, HowlerMonkey and Waterwitch. The US government hopes to compromise around 85,000 computers with such offensive tools by the end of 2013.

The NSA told the German paper: “Tailored Access Operations is a unique national asset that is on the front lines of enabling NSA to defend the nation and its allies.” It would not respond to questions on the specific activities noted above.

 What do you know about tech whistleblowers? Take our quiz!