WISTFULTOLL: NSA Exploit of the Day
Today’s item from the NSA’s Tailored Access Operations (TAO) group implant catalog:
WISTFULTOLL
(TS//SI//REL) WISTFULTOLL is a UNITEDRAKE and STRAITBIZZARE plug-in used for harvesting and returning forensic information from a target using Windows Management Instrumentation (WMI) calls and Registry extractions.
(TS//SI//REL) This plug-in supports systems running Microsoft Windows 2000, 2003, and XP.
(TS//SI//REL) Through remote access or interdiction, WISTFULLTOLL is executed as either a UNITEDRAKE or STRAITBAZZARE plug-in or as a stand-alone executable. If used remotely, the extracted information is sent back to NSA through UNITEDRAKE or STRAITBAZZARE. Execution via interdiction may be accomplished by non-technical operator through use of a USB thumb drive, where extracted information will be saved to that thumb drive.
Status: Released / Deployed. Ready for Immediate Delivery
Unit Cost: $0
Note: Inconsistencies in spelling are all [sic].
Page, with graphics, is here. General information about TAO and the catalog is here.
In the comments, feel free to discuss how the exploit works, how we might detect it, how it has probably been improved since the catalog entry in 2008, and so on.
DB • February 10, 2014 3:15 PM
The solution to all this secret subversion of morality and the rule of law is more openness. In the context of technology being subverted and used against us all, more openness means open source software, open standards, and open hardware systems. Whatever evil thrives in secret withers in the bright light of public scrutiny.