MAESTRO-II: NSA Exploit of the Day

Today's item from the NSA's Tailored Access Operations (TAO) group implant catalog:

MAESTRO-II

(TS//SI//REL) MAESTRO-II is a miniaturized digital core packaged in a Multi-Chip Module (MCM) to be used in implants with size constraining concealments.

(TS//SI//REL) MAESTRO-II uses the TAO standard implant architecture. The architecture provides a robust, reconfigurable, standard digital platform resulting in a dramatic performance improvement over the obsolete HC12 microcontroller based designs. A development Printed Circuit Board (PCB) using packaged parts has been developed and is available as the standard platform. The MAESTRO-II Multi-Chip-Module (MCM) contain an ARM7 microcontroller, FPGA, Flash and SDRAM memories.

Status: Available -- On The Shelf

Unit Cost: $3-4K

Page, with graphics, is here. General information about TAO and the catalog is here.

Finally -- I think this is obvious, but many people are confused -- I am not the one releasing these documents. Der Spiegel released these documents in December. Every national intelligence service, Internet organized crime syndicate, and clued terrorist organization has already pored over these pages. It's us who haven't really looked at, or talked about, these pages. That's the point of these daily posts.

In the comments, feel free to discuss how the exploit works, how we might detect it, how it has probably been improved since the catalog entry in 2008, and so on.

Posted on February 4, 2014 at 2:09 PM • 17 Comments

Comments

PlaidFebruary 4, 2014 3:04 PM

This looks like it's just a subcomponent for inclusion in a larger assembly. It's pretty self-contained, but it appears to be mounted on a flex circuit, and you'd need to breakout the pins you need for connection to the target. The inclusion of the Virtex FPGA on board makes this very powerful. The FPGA allows you to pretty much pick and choose the buses you'd like to connect to, and with 231 pins on board (assuming a significant fraction are GPIO), there's no reason you'd have to pick just one. You could even snoop on the LVDS signal from the display controller to the display.

The 500k gates on the FPGA is enough to implement a number of hardware features, such as an MJPEG compressor or a MPEG2 (or equivalent) compressor. You could implement crypto hardware features, assuming the ARM7 implementation they chose doesn't already have some crypto hardware on board.

So, for example, if you connected to LVDS and intercepted the USB or PCIe connecting to the target system's wireless controller you could snoop the display output on a laptop, compress it, and send it out covertly via IP.

The most powerful might be to connect to one or more JTAG interfaces. Connected to the target CPU's JTAG would give you pretty much unfettered access to the system. This allows you to snoop on/control the CPU at a hardware level, control the CPU buses, inject your own code, etc.

3kjngk34jngkjgnFebruary 4, 2014 3:06 PM

Another PCB for physical-access industrial placement. If this is the case then somewhere there are specialized firmware packages for special equipment these all use. Probably for hardware platforms used in nuclear and hydro energy, missile silos, aircraft computers, common weapons manufacturing and testing PLC masterboards etc..

The firmware for these boring PCBs is where all the magic is, but I guess we just get to see this. I imagine CIA or NSA 'turn' someone inside then have them move this into facilities via special containment and place it, then later retrieve it and return it since there is no networking or air-gaps where internal teams analyze the data for strategists and management to make reports on and ask for executive orders..

jonesFebruary 4, 2014 3:14 PM

So, when companies like Sony start installing rootkits on the computers of the their customers...

en.wikipedia.org/wiki/Sony_BMG_copy_protection_rootkit_scandal

we can assume it was some misguided executive somewhere who thought this would be a good idea.

But, when we start to see malware shipping in appliances like battery chargers

http://news.cnet.com/8301-27080_3-10465429-245.html

and on new hard drives

http://www.zdnet.com/blog/hardware/malware-found-on-new-hard-drives/928

where do we draw the line, and begin to suspect coercion by state actors?

VasiliFebruary 4, 2014 3:53 PM

To me, it looks like claim for funds.
Not very elaborated short begging letter asking for money. Unit price suggests how hungry the beggar is.
Their PCB is kind of joke. Fry's sells these in billions. And all they painted in block-scheme definitely will not fit sizes they claim at least for thermal reasons, leave alone wiring.

All in all: in Russian things like this are called "Роспил и откат". These words have earned their bad fame. In Russia.
Looks like I need to translate it to English, because this plague has its roots on your side of the ocean: it would sound like "Gnawing on funds and paying back to the one who provided them".

3fhfb3jhfbjFebruary 4, 2014 4:31 PM

@Vasili: Unless Snowden is dishonest, then these tools have likely had success inside Russian infrastructure and defenses in recent years.. So if they are mediocre what does that say about Russian technology and intelligence which they defeat?

What people are ignoring is that these PCBs don't just work with their deployments. Somewhere there are ROMs for highly secretive hardware enviroments.. Unless of course this is just low-class field equipment as was said..

YES the hardware is boring, which is why you're seeing it, the firmware that goes with them for specific deployments is what is special and actually matters..

Clive RobinsonFebruary 4, 2014 5:10 PM

@ 3fhfb...,

    YES the hardware is boring, which is why you're seeing it, the firmware that goes with them for specific deployments is what is special and actually matters.

Actualy I don't think "the firmware that goes with them for specific deployments" would be that interesting as it would be very target specific.

What I would like to see is the library of modules available to build the firmawre for specific deployments.

That is I don't think the firmware is bespoke for specific targets, or that the team behind this device is actually that small. What I suspect is that there is in effect two teams, one that produces new modules and another that bolts existing modules together to make a system for customer specific requirments.

The interesting thing would be how the FPGA code is stored and how it's deployed at "run time". I suspect that the code may well be encrypted to reduce the chance of reverse engineering.

Based on the "payload code" for supposed US targeted malware, the decryption key could be generated from system parameters of the target system.

3jf3nkjfn34jkfnFebruary 4, 2014 5:41 PM

@Clive Robinson: The target environments would probably be more classified than these modules and require a lot of intelligence and reverse engineering to write code for.. Thus the firmware for these PCB modules is far more valuable and insightful than the hardware utility and source-management code..

3rd world nations are capable of producing or buying better tech than this and deploying it, so who cares about economic&deniable PCBs and boring scalability tools and source code that ANY team could do and is mostly based on public methodology anyway..

Summary: Nothing except the specifics of the highly secure environments these tools are deployed in has any worth because everyone already has the rest..

65535February 5, 2014 12:47 AM

Clive, 3jfnk, Plaid, and others, have covered my comments.

I will say that the JTAG incorporated and the micro-controller incorporated make it a potent combination.

The power consumption is the only issue. This implant could go into about anything that could power it (with little notice from the end user). That is ugly.

Next, what is the actual status of the AV venders: “How Antivirus Companies Handle State-Sponsored Malware”

https://www.schneier.com/blog/archives/2013/12/how_antivirus_c.html

Further, AV vendors must now be interested in the “firmware” side of AV. They should be interested in the intersection between the Firmware implants and persistent OS implants. The firmware implants are proven.

The AV game has changed. The AV customers must be interested in both!

Is there a discussion in the AV industry about both firmware implants and persistent OS viruses?

[Yes, it is a long term problem – I will wait for an answer]

Andrea ShepardFebruary 5, 2014 1:05 AM

@Plaid I think you're correct about it being a subcomponent; a number of the devices in the ANT catalog are described as being 'digital cores', including this one, and there's at least one instance (HOWLERMONKEY) of an RF transceiver that is described as 'used in conjunction with a digital core'

The HOWLERMONKEY catalog page includes photos of HOWLERMONKEY in combination with various other devices; interestingly, one of them is the ethernet tap FIREWALK, which does not have a photo in its own document and is not otherwise described with the phrase 'digital core'.

SNAKEOILFebruary 5, 2014 2:52 AM

why is everyone so agitated about these pieces having hardware JTAG?

The interface is primarily for managing the devices' internals, not for tinkering with the target.

Any interaction with the target hardware would go via JTAG implemented in software and GPIOs.

3kjngk34jngkjgn

Probably for hardware platforms used in nuclear and hydro energy, missile silos, aircraft computers, common weapons manufacturing and testing PLC masterboards etc

Nope. Those targets in fact may provide too little positive intelligence to be worthy of implant placement.

Think embassies and consulates on US soil and even abroad ordering computers from any US vendor.
Think protesters, dissidents and suspect spies using strong crypto.
Think foreign government officials.
Think foreign commercial targets for financial/industrial espionage.
Think US government officials, just in case.

Substitute US with FVEY for more fun.

Melissa DFebruary 5, 2014 11:32 AM

Pardon my ignorance and perhaps this was explained previously, but can someone explain the system of oval markings to the right of these documents?

paulFebruary 5, 2014 12:29 PM

So what can you do with these that you can't do with a much simpler microcontroller hooked into the same place? Or can you just do it in python instead of assembler?

SkepticalFebruary 5, 2014 2:02 PM

Finally -- I think this is obvious, but many people are confused -- I am not the one releasing these documents. Der Spiegel released these documents in December. Every national intelligence service, Internet organized crime syndicate, and clued terrorist organization has already pored over these pages. It's us who haven't really looked at, or talked about, these pages. That's the point of these daily posts.

While I've been critical of the taking and leaking of these documents, your intentions in discussing have always seemed honorable, and I don't think anyone who follows these stories is confused as to any of the parties responsible for their initial exposure.

However it seems likely that some who do not follow this closely may come across this blog, see the "let's analyze, with a goal of detecting and defeating, these NSA tools" series, and then draw a negative conclusion.

It might be worth including the quoted explanation as part of the standard "boilerplate" on these posts to avoid that kind of misunderstanding.

65535February 5, 2014 10:59 PM

@ Andrea Shepard

“@Plaid I think you're correct about it being a subcomponent; a number of the devices in the ANT catalog are described as being 'digital cores', including this one, and there's at least one instance (HOWLERMONKEY) of an RF transceiver that is described as 'used in conjunction with a digital core'”

That is a good point. We are seeing combination components that interact with other implants.

Now, I would not rule out Maestro-II as being able to implant firmware hacks (or help make "persistent" hacks). It does have a programmable micro-controller and memory.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..