Hackers Recreate NSA Snooping Kit Using Off-the-shelf Parts

Keep on Guard!


So some curious hardware hackers grabbed the leaked catalogue that detailed the hardware involved in the NSA Snooping Kit, and have recreated some of the ‘high-tech’ top secret tools with off-the-shelf parts and items that can be bought from Kickstarter.

I mean some of it seems pretty simplistic though, a monitor mirror and a hardware keystroke logger? Nothing ground-breaking there.

NSA Snooping

The Catalogue itself can be found here:

NSA ANT Catalog

The project itself is open, so if you’re into hardware hacking you could have a look and perhaps even contribute something.

Last year Edward Snowden leaked the NSA’s Advanced Network Technology catalog, a listing of the hardware and software tools the agency makes available to agents for spying. Now enterprising security experts are using the catalog to build similar tools using available electronics.

The team, led by Michael Ossmann of Great Scott Gadgets, examined the leaked catalog and found that a number of the devices the NSA developed can be very simple to recreate.

Ossmann was able to build a software-defined radio (SDR) system capable of recording and transmitting data from a target PC using a Kickstarter project, and reckons the hardware can be bought to market for $300 or less.

“SDR lets you engineer a radio system of any type you like really quickly so you can research wireless security in any radio format,” he told New Scientist.


It’s not often we get something interesting regarding hardware hacking, the last time something really interesting popped up was the story about the Researchers who Cracked 4096-bit RSA Encryption With a Microphone.

This project is in early days though, so I’m sure we’ll see some more interesting items coming out of it in the coming months.

Ossmann also said he was able to build two devices from the NSA’s catalog using little more than a few transistors and a two-inch length of wire as an antenna. These mimic the NSA products Ragemaster (a plug that sits on the monitor cable of a computer and broadcasts screen images) and the Surlyspawn keystroke logger, but at a fraction of the cost the government gets charged.

In a presentation at the Hack In The Box conference in Amsterdam this May, Ossmann detailed some of his creations and the methods he and his team used to build them using off-the-shelf components. These devices aren’t as small as the NSA’s hardware, but are just as effective, he said.

The team has now set up a website, NSAPlayset.org, detailing the different spying products they have reverse-engineered, and more details will be given out at presentations at the DEFCON hacking conference being hosted in Las Vegas in August.

Ossmann’s goal isn’t to help hackers conduct their own spying operations, nor to make it easier for the government to get low-cost surveillance hardware. While he has developed tools for the federal government, the goal of this project is to help the security industry understand the range of threats it should be protecting against.

It’s also possible they’ve already developed more devices, but are saving them for future stops on the infosec conference circuit. It does mention DEFCON and some more stuff will be released there in August.

I also find the chaps name pretty apt – Ossmann (Open Source Softare Man).

Source: The Register

Posted in: Hardware Hacking, Privacy


Latest Posts:


OWASP ZSC - Obfuscated Code Generator Tool OWASP ZSC – Obfuscated Code Generator Tool
OWASP ZSC is an open source obfuscated code generator tool in Python which lets you generate customized shellcodes and convert scripts to an obfuscated script.
A Look Back At 2017 – Tools & News Highlights A Look Back At 2017 – Tools & News Highlights
So here we are in 2018, taking a look back at 2017, quite a year it was. Here is a quick rundown of some of the best hacking/security tools released in 2017, the biggest news stories and the 10 most viewed posts on Darknet as a bonus.
Spectre & Meltdown Checker - Vulnerability Mitigation Tool For Linux Spectre & Meltdown Checker – Vulnerability Mitigation Tool For Linux
Spectre & Meltdown Checker is a simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.
Hijacker - Reaver For Android Wifi Hacker App Hijacker – Reaver For Android Wifi Hacker App
Hijacker is a native GUI which provides Reaver for Android along with Aircrack-ng, Airodump-ng and MDK3 making it a powerful Wifi hacker app.
Sublist3r - Fast Python Subdomain Enumeration Tool Sublist3r – Fast Python Subdomain Enumeration Tool
Sublist3r is a Python-based tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.
coWPAtty Download - Audit Pre-shared WPA Keys coWPAtty Download – Audit Pre-shared WPA Keys
coWPAtty is a C-based tool for running a brute-force dictionary attack against WPA-PSK and audit pre-shared WPA keys.


Comments are closed.