We've known for months that the NSA has penchant for intercepting packages containing commercial electronic equipment to implant backdoors in them. Now, there are images which show what that process looks like.
A new trove of documents, released alongside Glenn Greenwald's book No Place to Hide, show what the NSA does when it gets its hands on products from the likes of Western Digital, Seagate, Maxtor, Samsung, Juniper Networks Cisco and Huawei. The document explains what happens within the agency's Tailored Access Operations (TAO) unit:
Here's how it works: shipments of computer network devices (servers, routers, etc,) being delivered to our targets throughout the world are intercepted. Next, they are redirected to a secret location where Tailored Access Operations/Access Operations (AO-S326) employees, with the support of the Remote Operations Center (S321), enable the installation of beacon implants directly into our targets' electronic devices. These devices are then re-packaged and placed back into transit to the original destination. All of this happens with the support of Intelligence Community partners and the technical wizards in TAO.
So simple! The document in fact dates back to June 2010, and was from—of all things—an internal newsletter article by the chief of the NSA's Access and Target Development department. It's also still as depressing as ever. [Ars Technica]