Schneier on Security
A blog covering security and security technology.
« Debating Snowden's Actions |
| RCS Spyware and Citizen Lab »
February 19, 2014
TOTEGHOSTLY 2.0: NSA Exploit of the Day
Today's item from the NSA's Tailored Access Operations (TAO) group implant catalog:
(TS//SI//REL) TOTEGHOSTLY 2.0 is STRAITBIZARRE based implant for the Windows Mobile embedded operating system and uses the CHIMNEYPOOL framework. TOTEGHOSTLY 2.0 is compliant with the FREEFLOW project, therefore it is supported in the TURBULENCE architecture.
(TS//SI//REL) TOTEGHOSTLY 2.0 is a software implant for the Windows Mobile operating system that utilizes modular mission applications to provide specific SIGINT functionality. This functionality includes the ability to remotely push/pull files from the device, SMS retrieval, contact list retrieval, voicemail, geolocation, hot mic, camera capture, cell tower location, etc. Command, control, and data exfiltration can occur over SMS messaging or a GPRS data connection. A FRIEZERAMP interface using HTTPSlink2 transport module handles encrypted communications.
(TS//SI//REL) The initial release of TOTEGHOSTLY 2.0 will focus on installing the implant via close access methods. A remote installation capability will be pursued for a future release.
(TS//SI//REL) TOTEGHOSTLY 2.0 will be controlled using an interface tasked through the NCC (Network Control Center) utilizing the XML based tasking and data forward scheme under the TURBULENCE architecture following the TAO GENIE Initiative.
Unit Cost: $0
Status: (U) In development
Page, with graphics, is here. General information about TAO and the catalog is here.
In the comments, feel free to discuss how the exploit works, how we might detect it, how it has probably been improved since the catalog entry in 2008, and so on.
Posted on February 19, 2014 at 2:18 PM
• 9 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
@ Justin, NobodySpecial,
Wow, I don't known a single human being that is using a Windows phone.
It's an observation that is ripe for a "conspiracy nut" to work on ;-)
Here as they say --in the UK -- "is a starter for ten",
We know MS entry into mobile market was a very expensive disaster, with journalists saying things like it was so bad "you couldn't give it away" (I gather MS did try to give it away but it had hiden hooks so it got few bites, so they simply enginered the take over of a mobile phone manufacturer in more recent times).
Now it could be argued that in order to try to make it less of a disaster MS gave the source code etc to the NSA in the hope they would do an Obamaberry with it or say it was OK for USG use (which it's cearly not !).
Or even argued that MS developed the hooks for this attack vector deliberatly and "gifted them" to the NSA to try and get a USG "benevolance".
! ie circular argument logic - it's got a flaw that enabled this attack vector, therefor it could be attacked by USG hostile entities (such is the joy of conspiracy theory argument).
 It comes from a UK quiz show "University Challenge" compared by Jermy Paxman, who also compares a news&politics show and is fairly famous for the way he takes bites out of Political representatives and several others. He appears to not suffer fools gladly and is known to make public things that vex him like "M&S underware for men" being significantly ungenerous in it's cut to be shall we say a bit of a let down at inconveniant times...
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.