COTTONMOUTH-III: NSA Exploit of the Day
Today’s item from the NSA’s Tailored Access Operations (TAO) group implant catalog:
COTTONMOUTH-III
(TS//SI//REL) COTTONMOUTH-III (CM-III) is a Universal Serial Bus (USB) hardware implant, which will provide a wireless bridge into a target network as well as the ability to load exploit software onto target PCs.
(TS//SI//REL) CM-III will provide air-gap bridging, software persistence capability, “in-field” re-programmability, and covert communications with a host software implant over the USB. The RF link will enable command and data infiltration and exfiltration. CM-III will also communicate with Data Network Technologies (DNT) software (STRAITBIZARRE) through a covert channel implemented on the USB, using this communication channel to pass commands and data between hardware and software implants. CM-III will be a GENIE-compliant implant based on CHIMNEYPOOL.
(TS//SI//REL) CM-III conceals digital components (TRINITY), USB 2.0 HS hub, switches, and HOWLERMONKEY (HM) RF Transceiver within a RJ45 Dual Stacked USB connector. CM-I has the ability to communicate to other CM devices over the RF link using an over-the-air protocol called SPECULATION. CM-III can provide a short range inter-chassis link to other CM devices or an intra-chassis RF link to a long haul relay subsystem.
Status: Availability—May 2009
Unit Cost: 50 units: $1,248K
Page, with graphics, is here. General information about TAO and the catalog is here.
In the comments, feel free to discuss how the exploit works, how we might detect it, how it has probably been improved since the catalog entry in 2008, and so on.
Matt β’ March 7, 2014 3:40 PM
It’s quite clearly a hardware chip put in a computer by an agent (a “hardware implant”). Not an exploit. And finding it and exposing it puts the person that planted that bug at serious real risk of harm.
You’ve said yourself Bruce, and I quote (link: http://edition.cnn.com/2014/02/20/opinion/schneier-nsa-too-big/ )
This sort of thing [TAO] represents the best of the NSA and is exactly what we want it to do. That the United States has these capabilities, as scary as they might be, is cause for gratification.
Undermining the bits of the NSA that are “cause for gratification” by deliberately seeking to expose them forces the NSA to rely more heavily on the bits that you disagree with, and makes the Intelligence Community move from SIGINT-reliance which is safe, to HUMINT-reliance, which puts real agents at risk.
I appreciate that you have a bunch of secrets and you want to leak them because secrets always make for good stories. But exposing tools and techniques that you yourself have said are “exactly what we want the NSA to do” – and in doing so putting CIA agents at risk to get the intelligence the NSA can no longer get – is at best stupid and self-defeating, and at worst unethical and dangerous.