Govware
Govware [ˈɡʌvwɛə] (a portmanteau word from engl. "Governmental" and "software") refers to computer software or hardware created by a State or private companies working for the State to disrupt computer operation, gather sensitive information, or gain access to private computer systems. Govware may take the form of malware, spyware, covert sensors, implants, or other invasive technologies. The term was coined[original research?] in a 2009 Linux Magazine article about the MegaPanzer and MiniPanzer trojan viruses which the Swiss government allegedly used since October 2006.[1] In 2011, another trojan virus identified and published by the Chaos Computer Club, according to the Club, originated with the German Federal authorities.[2] This announcement lead to the widely publicized so-called State Trojan's affair and precipitated a special session of the Bundestag.[3]
More recently on December 29, 2013, documents leaked to Der Spiegel revealed that the NSA's top hacking unit, Tailored Access Operations (TAO), was implanting malware on consumer computers ordered online which were intercepted before delivery.[4] The NSA publicly advocates stronger international cybersecurity measures.[5] Critics point out that the NSA may have been weakening internet security by deploying such software and hardware.[6] Additional publications reveal that in one instance the NSA paid $10 Million to have the RSA Security company weaken their internet encryption security products,[7] and in another they infected 50,000 computer networks with malicious software.[8]
List of Govware[edit]
--> Tables need revision with info from NSA ANT catalog, http://cryptome.org/2014/01/nsa-codenames.htm, and http://www.spiegel.de/international/world/a-941262.html.←
Software[edit]
Hardware[edit]
Name | Alias(es) | Type | Subtype | Payload | Runs on | Platform | Hardware | Release Date | Isolation Date | Isolation Location | Discoverer | Author | Infections | Related | Notes |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GECKO II[25] | MRFF, GSM | NSA | IRONCHEF, UNITEDRAKE | ||||||||||||
NIGHTSTAND[47] | IEEE 802.11 wireless packet injection tool | Windows operating system | Linux | NSA | |||||||||||
SPARROW II[47] | WLAN collection tool | Linux, Mini PCI, GPS | BLINDDATE | NSA | BLINDDATE | ||||||||||
BULLDOZER[36] | PCI bus | Windows operating system | NSA | KONGUR, GINSU | |||||||||||
HOWLERMONKEY[48] | Short to Medium Range RF Transceiver compatible with CONJECTURE/SPECULATION networks and STRIKEZONE devices running a HOWLERMONKEY personality. | Windows operating system | PCB | NSA | CONJECTURE, SPECULATION, STRIKEZONE | ||||||||||
CONJECTURE[48] | Network | NSA | HOWLERMONKEY, SPECULATION, STRIKEZONE | ||||||||||||
SPECULATION[48] | Over-the-air network protocol | NSA | HOWLERMONKEY, CONJECTURE, STRIKEZONE | ||||||||||||
STRIKEZONE[48] | Network | NSA | HOWLERMONKEY, CONJECTURE, SPECULATION | ||||||||||||
JUNIORMINT[49] | Digital core packaged in both a mini printed circuit board and a miniaturized Flip chip Multi-chip module | ARM9, FPGA, Flash memory, SDRAM, DDR SDRAM | NSA | ||||||||||||
MAESTRO-II[50] | Miniaturized digital core packaged in both a mini printed circuit board and a miniaturized Flip chip Multi-chip module | ARM7, FPGA, Flash memory, SDRAM | NSA | ||||||||||||
TRINITY[51] | Miniaturized digital core packaged in both a mini printed circuit board and a miniaturized Multi-chip module | ARM9, FPGA, Flash memory, SDRAM | NSA | ||||||||||||
COTTONMOUTH-I[52] | USB hardware Wireless bridge | USB, Switches, HOWLERMONKEY RF Transceiver | NSA | STRAITBIZZARE, HOWLERMONKEY, CHIMNEYPOOL, SPECULATION, MOCCASIN, GENIE, COTTONMOUTH-II, COTTONMOUTH-III | Can communicate with other COTTONMOUTH-I devices using SPECULATION | ||||||||||
MOCCASIN[52] | USB hardware Wireless bridge | USB, Switches, HOWLERMONKEY RF Transceiver | NSA | STRAITBIZZARE, HOWLERMONKEY, CHIMNEYPOOL, SPECULATION, COTTONMOUTH-I, GENIE | Permanently attached to a USB keyboard. Can communicate with other COTTONMOUTH-I devices using SPECULATION | ||||||||||
COTTONMOUTH-II[53] | COTTONMOUTH-I USB hardware host tap, Long haul relay Wireless bridge | USB, USB hub, Network switch, HOWLERMONKEY RF Transceiver, STRAITBIZARRE, COTTONMOUTH-I | NSA | STRAITBIZZARE, HOWLERMONKEY, CHIMNEYPOOL, SPECULATION, MOCCASIN, GENIE, COTTONMOUTH-I, COTTONMOUTH-III | Can communicate with other COTTONMOUTH-I or COTTONMOUTH-II devices using SPECULATION | ||||||||||
COTTONMOUTH-III[54] | COTTONMOUTH-I USB hardware host tap, COTTONMOUTH-II Long haul relay Wireless bridge, TRINITY | USB, USB hub, Network switch, HOWLERMONKEY RF Transceiver, STRAITBIZARRE, COTTONMOUTH-I, COTTONMOUTH-II | NSA | STRAITBIZZARE, HOWLERMONKEY, CHIMNEYPOOL, SPECULATION, MOCCASIN, GENIE, COTTONMOUTH-I, COTTONMOUTH-II, TRINITY | Can communicate with other COTTONMOUTH-I, COTTONMOUTH-II, or COTTONMOUTH-III devices using SPECULATION | ||||||||||
FIREWALK[41] | 10/100/1000bt Ethernet or USB host tap, Long haul relay Wireless bridge, TRINITY, DANDERSPRITZ | USB, USB hub, Network switch, HOWLERMONKEY RF Transceiver | NSA | HOWLERMONKEY, PROTOSS, TRINITY, DANDERSPRITZ | Filters and egresses network traffic over a custom RF link and injects traffic as commanded. Allows a VPN ethernet tunnel to be created. | ||||||||||
SURLYSPAWN[55] | Data and Keystroke logging Radar RF Retroreflector tap | Keystrokes, Data from low data rate digital device | USB, Laptop, and PS/2 keyboards | NSA | ANGRYNEIGHBOR | A member of the ANGRYNEIGHBOR family of radar retroreflectors. Board taps the dataline from the keyboard to the processor. Generates a square wave oscillating at a preset frequency modulated by the data-line signals to become Frequency Shift Keyed (FSK). Nearby illuminating radar amplitude modulates the square wave causing it to be reradiated, received, and processed to recover keystrokes. | |||||||||
RAGEMASTER[56] | VAGRANT video image signal Radar RF Retroreflector tap | Keystrokes, Data from low data rate digital device | VGA red video line | NSA | VAGRANT, NIGHTWATCH, GOTHAM, VIEWPLATE | Taps the red video line between the video card and the computer monitor. When illuminated by radar, the signal is modulated with the red video information and re-radiated for demodulation and processing and viewing from a distance on an external monitor, NIGHTWATCH, GOTHAM, or VIEWPLATE to see video appearing on the target monitor. | |||||||||
NIGHTWACH[56] | NSA | VAGRANT, RAGEMASTER, GOTHAM, VIEWPLATE | |||||||||||||
GOTHAM[56] | NSA | VAGRANT, RAGEMASTER, NIGHTWATCH, VIEWPLATE | |||||||||||||
VIEWPLATE[56] | NSA | VAGRANT, RAGEMASTER, NIGHTWATCH, GOTHAM | |||||||||||||
PICASSO[57] | GPS and GSM geolocation, call log, contact list, hot mic, and other user data | EASTCOM 760c+, Samsung E600 and X450, Samsung C140 | Modified handset, SIM SMS, GPS, GPRS | NSA | |||||||||||
CROSSBEAM[58] | GSM voice data | GPRS, Circuit Switched, Data Over Voice, DTMF | Cell Phone Network Tower / Switch | NSA | WAGONBED, CHIMNEYPOOL, ROCKYKNOB | A reusable, CHIMNEYPOOL-compliant, GSM communications module capable of collecting, compressing, and transmitting voice data. | |||||||||
CANDYGRAM[58] | GSM base station router | SMS | GPS, GSM, GPRS | Cell Phone Network Tower / Switch | NSA | WAGONBED, CHIMNEYPOOL, ROCKYKNOB | Detects physical location of a target's mobile phone and verifies the exact location through a silent SMS. | ||||||||
CYCLONE Hx9[59] | GSM base station router | GPS, MS, IEEE 802.11 command and control, Voice & High Speed Data, GSM Security & Encryption | GPS, GSM, GPRS | Macro-class network in a box | NSA | TYPHON, CHIMNEYPOOL, ROCKYKNOB | GSM network simulator that enables attacks on GSM 900 mobile phones, eavesdropping and capturing data from them. | ||||||||
EBSR[60] | GSM base station router | GPS, MS, IEEE 802.11, Wifi, and RF command and control, Voice & High Speed Data, GSM Security & Encryption | GPS, GSM, GPRS | Pico-class tri-band GSM base station. Internal IEEE 802.11/GPS/handset capability. | NSA | LANDSHARK, CANDYGRAM | GSM network simulator that enables attacks on tri-band GSM mobile phones, eavesdropping and capturing data from them. | ||||||||
ENTOURAGE[61] | Hardware receiver | GPS, IEEE 802.11 | HOLLOWPOINT, GPS, GSM, Wifi, WiMAX, LTE | NSA | NEBULA, HOLLOWPOINT platform, ARTEMIS | GSM and LTE receiver for "direction finding" of mobile phone coordinates. | |||||||||
HOLLOWPOINT[62] | Software Defined Radio | GPS, IEEE 802.11 | GPS, GSM, Wifi, WiMAX, LTE | NSA | NEBULA, ENTOURAGE, ARTEMIS | ||||||||||
NEBULA[63] | GSM base station router | GPS, MS, IEEE 802.11 command and control, Voice & High Speed Data, GSM, UMTS, CDMA, RF | GPS, GSM, GPRS, MS, UMTS, CDMA, GPRS, HSDPA, LTE | Macro-class network in a box | NSA | TYPHON, ENTOURAGE | Base station router for 2G and 3G networks. | ||||||||
TYPHON HX[64] | GSM base station router | GPS, GSM, Call Processing, SMS | GPS, GSM, GPRS, SMS | Network in a box | NSA | NEBULA, ENTOURAGE | Base station router for 2G and 3G networks. | ||||||||
TYPHON HX[64] | GSM base station router | GPS, GSM, Call Processing, SMS | GPS, GSM, GPRS, SMS | Network in a box | NSA | NEBULA, ENTOURAGE | Base station router for 2G and 3G networks. |
References[edit]
- ↑ Hilzinger, Marcel. "MegaPanzer: Parts of Possible Govware Trojan Released under GPL". Retrieved 23 January 2014.
- ↑ Sebayang, Andreas. "Mutmaßlicher Bundestrojaner in den Händen des CCC". Retrieved 23 January 2014.
- ↑ Krempl, Stefan. "Staatstrojaner sorgen für Schlagabtausch im Bundestag". Retrieved 23 January 2014.
- ↑ Staff, SPIEGEL. "Inside TAO: Documents Reveal Top NSA Hacking Unit". Der Spiegel. Retrieved 3 January 2014.
- ↑ "Cryptologic Excellence: Yesterday, Today and Tomorrow" (PDF). National Security Agency. 2002. p. 17. Retrieved June 30, 2013.
- ↑ "NSA subversion of internet security: bad for the US, good for criminals". The Guardian. Retrieved 23 January 2014.
- ↑ "RSA paid $10m by NSA to use weakened security in its products". Incisive Financial Publishing Limited. Retrieved 23 January 2014.
- ↑ Boon, Floor. "NSA infected 50,000 computer networks with malicious software". NRC Handelsbad. Retrieved 23 January 2014.
- ↑ "Last-minute paper: An indepth look into Stuxnet". Virus Bulletin.
- ↑ "Stuxnet worm hits Iran nuclear plant staff computers". BBC News. 26 September 2010.
- ↑ "PCS 7". Siemens. Retrieved 3 January 2014.
- ↑ "SIMATIC STEP 7: the comprehensive engineering system". SIMATIC STEP 7. Siemens. Retrieved 3 January 2014.
- ↑ Jim Finkle (28 December 2011). "Stuxnet weapon has at least 4 cousins: researchers". Reuters.
- ↑ Cherry, Steven. "Sons of Stuxnet: Hackers are learning new lessons from the most sophisticated virus code ever written". IEEE Spectrum. Retrieved 4 January 2014.
- ↑ Keizer, Gregg. "Is Stuxnet the 'best' malware ever?". InfoWorld. Retrieved 4 January 2014.
- ↑ Zetter, Kim. "Stuxnet Missing Link Found, Resolves Some Mysteries Around the Cyberweapon". Wired. Retrieved 3 January 2014.
- ↑ 17.0 17.1 17.2 McMillan, Robert. "New spy rootkit targets industrial secrets". TechWorld. Retrieved 3 January 2014.
- ↑ Kupreev, Oleg. "Trojan-Spy.0485 And Malware-Cryptor.Win32.Inject.gen.2 Review". WildersSecurity. Retrieved 3 January 2014.
- ↑ 19.0 19.1 Thomson, Iain. "Snowden: US and Israel did create Stuxnet attack code". The Register. Retrieved 3 January 2014.
- ↑ Emspak, Jesse. "Why We Won't Soon See Another Stuxnet Attack". Tech News Daily. Retrieved 3 January 2014.
- ↑ 21.0 21.1 King, Rachael. "Stuxnet Infected Chevron's IT Network". Retrieved 3 January 2014.
- ↑ 22.0 22.1 22.2 McMillan, Robert. "Iran was prime target of SCADA worm". Computer World. Retrieved 3 January 2014.
- ↑ McMillan, Robert. "Siemens: Stuxnet worm hit industrial systems". Computer World. Retrieved 3 January 2014.
- ↑ SANGER, DAVID E. "Obama Order Sped Up Wave of Cyberattacks Against Iran". New York Times. Retrieved 3 January 2014.
- ↑ 25.0 25.1 25.2 "IRONCHEF". Der Spiegel. Retrieved 3 January 2014.
- ↑ 26.0 26.1 26.2 "DIETYBOUNCE". Der Spiegel. Retrieved 3 January 2014.
- ↑ "JETPLOW". Der Spiegel. Retrieved 3 January 2014.
- ↑ "HALLUXWATER". Der Spiegel. Retrieved 3 January 2014.
- ↑ "FEEDTROUGH". Der Spiegel. Retrieved 3 January 2014.
- ↑ "GOURMETTROUGH". Der Spiegel. Retrieved 3 January 2014.
- ↑ "SOUFFLETROUGH". Der Spiegel. Retrieved 3 January 2014.
- ↑ "HEADWATER". Der Spiegel. Retrieved 3 January 2014.
- ↑ "SCHOOLMONTANA". Der Spiegel. Retrieved 3 January 2014.
- ↑ "SIERRAMONTANA". Der Spiegel. Retrieved 3 January 2014.
- ↑ "STUCCOMONTANA". Der Spiegel. Retrieved 3 January 2014.
- ↑ 36.0 36.1 36.2 "GINSU". Der Spiegel. Retrieved 3 January 2014.
- ↑ 37.0 37.1 37.2 "IRATEMONK". Der Spiegel. Retrieved 3 January 2014.
- ↑ 38.0 38.1 "SWAP". Der Spiegel. Retrieved 3 January 2014.
- ↑ "WISTFULLTOLL". Der Spiegel. Retrieved 3 January 2014.
- ↑ 40.0 40.1 "SOMBERKNAVE". Der Spiegel. Retrieved 3 January 2014.
- ↑ 41.0 41.1 "FIREWALK". Der Spiegel. Retrieved 3 January 2014.
- ↑ 42.0 42.1 42.2 "DROPOUTJEEP". Der Spiegel. Retrieved 3 January 2014.
- ↑ "GOPHERSET". Der Spiegel. Retrieved 3 January 2014.
- ↑ "MONKEYCALENDAR". Der Spiegel. Retrieved 3 January 2014.
- ↑ "TOTECHASER". Der Spiegel. Retrieved 3 January 2014.
- ↑ 46.0 46.1 46.2 "TOTEGHOSTLY 2.0". Der Spiegel. Retrieved 3 January 2014.
- ↑ 47.0 47.1 "NIGHTSTAND". Der Spiegel. Retrieved 3 January 2014.
- ↑ 48.0 48.1 48.2 48.3 "HOWLERMONKEY". Der Spiegel. Retrieved 3 January 2014.
- ↑ "JUNIORMINT". Der Spiegel. Retrieved 3 January 2014.
- ↑ "MAESTRO-II". Der Spiegel. Retrieved 3 January 2014.
- ↑ "TRINITY". Der Spiegel. Retrieved 3 January 2014.
- ↑ 52.0 52.1 "COTTONMOUTH-I". Der Spiegel. Retrieved 3 January 2014.
- ↑ "COTTONMOUTH-II". Der Spiegel. Retrieved 3 January 2014.
- ↑ "COTTONMOUTH-III". Der Spiegel. Retrieved 3 January 2014.
- ↑ "SURLYSPAWN". Der Spiegel. Retrieved 3 January 2014.
- ↑ 56.0 56.1 56.2 56.3 "RAGEMASTER". Der Spiegel. Retrieved 3 January 2014.
- ↑ "PICASSO". Der Spiegel. Retrieved 3 January 2014.
- ↑ 58.0 58.1 "CROSSBEAM". Der Spiegel. Retrieved 3 January 2014.
- ↑ "CYCLONE Hx9". Der Spiegel. Retrieved 3 January 2014.
- ↑ "EBSR". Der Spiegel. Retrieved 3 January 2014.
- ↑ "ENTOURAGE". Der Spiegel. Retrieved 3 January 2014.
- ↑ "HOLLOWPOINT". Der Spiegel. Retrieved 3 January 2014.
- ↑ "NEBULA". Der Spiegel. Retrieved 3 January 2014.
- ↑ 64.0 64.1 "TYPHON HX". Der Spiegel. Retrieved 3 January 2014.
This article "Govware" is from Wikipedia. The list of its authors can be seen in its historical. Articles copied from Draft Namespace on Wikipedia could be seen on the Draft Namespace of Wikipedia and not main one.