|Home » Industry Watch (» The Technological » Hall of Monkeys » Heroes Banquet)
The Wonders of the NSA Toolbox
Let this sink in slowly but steadily.
EVERYWHERE (Rixstep) — Flashback veteran 'Duqu' seems to know a lot about a lot of things. So in this case as well where he ties together the current Swedish junta with the release of the database of NSA code names with GOPHERSET, PICASSO, and CANDYGRAM - all tools of the NSA.
Just when you've heard what you think is the ultimate, someone brings further bad tidings to your door, showing how easy it is for the NSA to frame enemies for crimes they didn't commit.
This was posted at 10:18 local time, only the second post of 2014.
Duqu has the word.
Start by reading this article from September 2013:
[Note: Rixstep are currently collaborating on a translation of this important piece; a link will be provided later. Ed.]
Then look at the NSA 'toolbox database' released last night:
Then I'd like to remind you about the mafia-style visit by Swedish security police to Swedish mobile providers recently, where the context was that the authorities wanted full access to everyone's PINs (personal ID numbers) and PUKs (personal unlocking keys).
Then we pull out the following tools once we have the PINs and PUKs:
GOPHERSET Malware for GSM Phase 2+ SIM cards that use the SIM Toolkit (STK). Exfiltrates phonebook, SMS, and call logs, via SMS, to a predefined phone number. Installed either via a USB sim card reader, or remotely (over the air provisioning) See also: MONKEYCALENDAR
PICASSO $2,000.00 GSM handset, carried by a witting operator for bugging conversations and calls within its range. Includes a panic button for the operator.
CANDYGRAM $40,000.00 Mimics GSM cell tower. Also included in the package are a Windows XP laptop, and cell phone, that communicate with the unit via SMS messages. Capable of targeting 200 phone numbers simultaneously See also: DRTBOX, Stingray, CANDYGRAM, NEBULA, CYCLONE, TYPHON
So then I can take anyone's mobile laying at home, being recharged, still turned on, pose as this telephone, inject data into this telephone, then force the telephone to shut down, and then myself ring with a clone of this phone and create all sorts of havoc.
And then we can report this mobile owner to the police, he'll be arraigned, the police will seize his mobile, they'll find the data we ourselves injected - and we'll have successfully convicted an innocent person on completely false and completely fabricated grounds.
The FRA/NSA toolbox even has equipment which in the case of Gottfrid Svarthold-Warg shows how easy it is to do the same thing with an ordinary computer connected to the Internet.
The question is whether Gottfrid's legal counsel has the balls to demand to see the traffic logs from the routers involved in transporting his traffic: all the 'evidence' up to now has been about the hard drives in his computer, which of course anyone could have tampered with if they'd had access to the NSA toolbox.
This also shows that Daniel Domscheit-Berg didn't need physical contact with WikiLeaks servers to remove the Bank of America leaks - all he needed was to know how the files were protected, and then remotely break in and delete them.