📜 Post with us on Reddit
📝 Create a new article
🏭 Create a company page
🇬🇧 - in English
🇫🇷 - en Français (FR)
🇵🇹 - em Português (PT)
🇩🇪 - in Deutsch (DE)
🇯🇵 - 日本語で (JA)
Sponsored articles

You can edit almost every page by Creating an account. Otherwise, see the FAQ.

Govware

From EverybodyWiki Bios & Wiki


Govware [ˈɡʌvwɛə] (a portmanteau word from engl. "Governmental" and "software") refers to computer software or hardware created by a State or private companies working for the State to disrupt computer operation, gather sensitive information, or gain access to private computer systems. Govware may take the form of malware, spyware, covert sensors, implants, or other invasive technologies. The term was coined[original research?] in a 2009 Linux Magazine article about the MegaPanzer and MiniPanzer trojan viruses which the Swiss government allegedly used since October 2006.[1] In 2011, another trojan virus identified and published by the Chaos Computer Club, according to the Club, originated with the German Federal authorities.[2] This announcement lead to the widely publicized so-called State Trojan's affair and precipitated a special session of the Bundestag.[3]

More recently on December 29, 2013, documents leaked to Der Spiegel revealed that the NSA's top hacking unit, Tailored Access Operations (TAO), was implanting malware on consumer computers ordered online which were intercepted before delivery.[4] The NSA publicly advocates stronger international cybersecurity measures.[5] Critics point out that the NSA may have been weakening internet security by deploying such software and hardware.[6] Additional publications reveal that in one instance the NSA paid $10 Million to have the RSA Security company weaken their internet encryption security products,[7] and in another they infected 50,000 computer networks with malicious software.[8]

List of Govware[edit]

--> Tables need revision with info from NSA ANT catalog, http://cryptome.org/2014/01/nsa-codenames.htm, and http://www.spiegel.de/international/world/a-941262.html.←

Software[edit]

Name Alias(es) Type Subtype Payload Runs on Platform Written in Compiled in Release Date Isolation Date Isolation Location Discoverer Author Infections Related Notes
Stuxnet Computer worm Polymorphic Malware, Programmable logic controller (PLC) Rootkit.[9][10] Windows operating system, Siemens PCS 7,[11] WinCC, STEP 7[12] Tilded[13] C, C++[14][15] 2007[16] June 17, 2010[17][18] Belarus[17] VirusBlokAda[17] United States NSA, Israel[19] Iran,[20] United States,[21] United Kingdom, Germany,[22] North America, Korea,[23] Indonesia,[22] India[22] Duqu, Stars, Flame Written by the NSA and Israel.[19] Iranian nuclear facilities targeted with it under the Obama administration.[24] Recently discovered in US networks such as at Chevron.[21]
IRONCHEF[25] HP ProLiant 380DL G5 BIOS using System Management Mode Server NSA UNITEDRAKE, GECKO II
UNITEDRAKE[25] HP ProLiant 380DL G5 BIOS using System Management Mode Server NSA IRONCHEF, GECKO II
DIETYBOUNCE[26] Dell PowerEdge servers BIOS using System Management Mode Server NSA ARKSTREAM, TUNING FORK
ARKSTREAM[26] Re-flashes the BIOS Dell PowerEdge servers BIOS using System Management Mode Server NSA DIETYBOUNCE, TUNING FORK, SWAP
TUNING FORK[26] Re-flashes the BIOS Dell PowerEdge servers BIOS using System Management Mode Server NSA DIETYBOUNCE, TUNING FORK
JETPLOW[27] Re-flashes the BIOS BANANAGLEE Malware Cisco PIX firewalls, Firewall NSA BANANAGLEE
HALLUXWATER[28] Boot-ROM upgrade TURBOPANDA Huawei Eudemon firewalls Firewall NSA TURBOPANDA
FEEDTROUGH[29] Re-flashes the BIOS BANANAGLEE, ZESTYLEAK Juniper Networks Netscreen firewalls Firewall NSA BANANAGLEE, ZESTYLEAK
GOURMETTROUGH[30] Re-flashes the BIOS BANANAGLEE Juniper Networks nsg5t, ns50, ns25, isg1000, ssg140, ssg5, ssg20 firewalls Firewall NSA BANANAGLEE
SOUFFLETROUGH[31] Re-flashes the BIOS BANANAGLEE Juniper Networks SSG 500 and SSG 300 series firewalls Firewall NSA BANANAGLEE
HEADWATER[32] Boot-ROM upgrade HAMMERMILL Huawei routers Router NSA HAMMERMILL
SCHOOLMONTANA[33] Re-flashes the BIOS using System Management Mode, modifies Junos VALIDATOR Juniper J-Series routers Router NSA VALIDATOR
SIERRAMONTANA[34] Re-flashes the BIOS using System Management Mode, modifies Junos VALIDATOR Juniper M Series routers Router NSA VALIDATOR
STUCCOMONTANA[35] Re-flashes the BIOS using System Management Mode, modifies Junos VALIDATOR Juniper T-Series routers Router NSA VALIDATOR
KONGUR[36] Windows operating system NSA GINSU, BULLDOZER
GINSU[36] Software persistence for KONGUR KONGUR Windows operating system NSA KONGUR, BULLDOZER
IRATEMONK[37] Western Digital, Seagate, Maxtor, Samsung hard drives NSA UNITEDRAKE, SLICKERVICAR, STRAITBAZZARE
SLICKERVICAR[37] Western Digital, Seagate, Maxtor, Samsung hard drives NSA UNITEDRAKE, IRATEMONK, STRAITBAZZARE
STRAITBAZZARE[37] Western Digital, Seagate, Maxtor, Samsung hard drives NSA UNITEDRAKE, IRATEMONK, SLICKERVICAR
TWISTEDKILT[38] Writes to the host protected area Microsoft Windows, Linux, FreeBSD, Solaris Host Protected Area NSA SWAP, ARKSTREAM
SWAP[38] Malware installer Microsoft Windows, Linux, FreeBSD, Solaris NSA TWISTEDKILT, ARKSTREAM
WISTFULLTOLL[39] UNITEDRAKE and STRAITBIZZARE plug-in or as stand-alone executable, uses Windows Management Instrumentation Microsoft Windows Windows Management Instrumentation NSA UNITEDRAKE, STRAITBIZZARE
SOMBERKNAVE[40] Microsoft Windows IEEE 802.11 NSA OLYMPUS, VALIDATOR Routes TCP traffic from a designated process to a secondary network via an unused embedded 802.11 network device. Can be used with OLYMPUS or VALIDATOR.
OLYMPUS[40] Microsoft Windows IEEE 802.11 NSA SOMBERKNAVE, VALIDATOR
DANDERSPRITZ[41] Spoofs IP & MAC addresses NSA HOWLERMONKEY, PROTOSS, TRINITY, FIREWALK Intermediate traffic redirector node toolkit.
DROPOUTJEEP[42] Remotely push/pull data iOS SMS, GPRS NSA CHIMNEYPOOL, FREEFLOW, TURBULENCE All data from DROPOUTJEEP is encrypted.
CHIMNEYPOOL[42] Framework NSA DROPOUTJEEP, FREEFLOW, TURBULENCE
TURBULENCE[42] ARCHITECTURE NSA DROPOUTJEEP, FREEFLOW, CHIMNEYPOOL
GOPHERSET[43] Remotely push/pull Phonebook, SMS, and Call log data GSM SIM card SIM, SIM Application Toolkit, SMS, USB smartcard reader, over-the-air provisioning NSA Loaded via a USB smartcard reader or via over-the-air provisioning, GOPHERSET uses the SIM Application Toolkit to issue commands and make requests to the mobile handset via SMS to and from a user-defined phone number.
MONKEYCALENDAR[44] Remotely push/pull GPS data GPS SIM card SIM, SIM Application Toolkit, GPS, SMS, USB smartcard reader, over-the-air provisioning NSA Loaded via a USB smartcard reader or via over-the-air provisioning, MONKEYCALENDAR uses the SIM Application Toolkit to issue commands and make requests to the mobile handset for geolocation information via SMS to and from a user-defined phone number.
TOTECHASER[45] Flashrom GPS and GSM geolocation, call log, contact list, and other user data Windows CE Thuraya 2520, SMS, GPS, GSM, GPRS, NSA TOTEGHOSTLY
TOTEGHOSTLY[46] Flashrom Push/pull files, contact list, voicemail, hot mic, camera, cell tower location, geolocation, call log, and other user data Windows Mobile STRAITBIZARRE, CHIMNEYPOOL, FRIEZERAMP interface, HttpsLink2, GPS, GSM, GPRS NSA STRAITBIZARRE, CHIMNEYPOOL, FRIEZERAMP, HttpsLink2, GENIE Compliant with the FREEFLOW project. Uses the CHIMNEYPOOL framework. Supported in the TURBULENCE architecture.
FRIEZERAMP[46] Interface NSA TOTEGHOSTLY, STRAITBIZARRE, CHIMNEYPOOL, HttpsLink2, GENIE
HttpsLink2[46] Encryption NSA TOTEGHOSTLY, STRAITBIZARRE, CHIMNEYPOOL, FRIEZERAMP, GENIE

Hardware[edit]

Name Alias(es) Type Subtype Payload Runs on Platform Hardware Release Date Isolation Date Isolation Location Discoverer Author Infections Related Notes
GECKO II[25] MRFF, GSM NSA IRONCHEF, UNITEDRAKE
NIGHTSTAND[47] IEEE 802.11 wireless packet injection tool Windows operating system Linux NSA
SPARROW II[47] WLAN collection tool Linux, Mini PCI, GPS BLINDDATE NSA BLINDDATE
BULLDOZER[36] PCI bus Windows operating system NSA KONGUR, GINSU
HOWLERMONKEY[48] Short to Medium Range RF Transceiver compatible with CONJECTURE/SPECULATION networks and STRIKEZONE devices running a HOWLERMONKEY personality. Windows operating system PCB NSA CONJECTURE, SPECULATION, STRIKEZONE
CONJECTURE[48] Network NSA HOWLERMONKEY, SPECULATION, STRIKEZONE
SPECULATION[48] Over-the-air network protocol NSA HOWLERMONKEY, CONJECTURE, STRIKEZONE
STRIKEZONE[48] Network NSA HOWLERMONKEY, CONJECTURE, SPECULATION
JUNIORMINT[49] Digital core packaged in both a mini printed circuit board and a miniaturized Flip chip Multi-chip module ARM9, FPGA, Flash memory, SDRAM, DDR SDRAM NSA
MAESTRO-II[50] Miniaturized digital core packaged in both a mini printed circuit board and a miniaturized Flip chip Multi-chip module ARM7, FPGA, Flash memory, SDRAM NSA
TRINITY[51] Miniaturized digital core packaged in both a mini printed circuit board and a miniaturized Multi-chip module ARM9, FPGA, Flash memory, SDRAM NSA
COTTONMOUTH-I[52] USB hardware Wireless bridge USB, Switches, HOWLERMONKEY RF Transceiver NSA STRAITBIZZARE, HOWLERMONKEY, CHIMNEYPOOL, SPECULATION, MOCCASIN, GENIE, COTTONMOUTH-II, COTTONMOUTH-III Can communicate with other COTTONMOUTH-I devices using SPECULATION
MOCCASIN[52] USB hardware Wireless bridge USB, Switches, HOWLERMONKEY RF Transceiver NSA STRAITBIZZARE, HOWLERMONKEY, CHIMNEYPOOL, SPECULATION, COTTONMOUTH-I, GENIE Permanently attached to a USB keyboard. Can communicate with other COTTONMOUTH-I devices using SPECULATION
COTTONMOUTH-II[53] COTTONMOUTH-I USB hardware host tap, Long haul relay Wireless bridge USB, USB hub, Network switch, HOWLERMONKEY RF Transceiver, STRAITBIZARRE, COTTONMOUTH-I NSA STRAITBIZZARE, HOWLERMONKEY, CHIMNEYPOOL, SPECULATION, MOCCASIN, GENIE, COTTONMOUTH-I, COTTONMOUTH-III Can communicate with other COTTONMOUTH-I or COTTONMOUTH-II devices using SPECULATION
COTTONMOUTH-III[54] COTTONMOUTH-I USB hardware host tap, COTTONMOUTH-II Long haul relay Wireless bridge, TRINITY USB, USB hub, Network switch, HOWLERMONKEY RF Transceiver, STRAITBIZARRE, COTTONMOUTH-I, COTTONMOUTH-II NSA STRAITBIZZARE, HOWLERMONKEY, CHIMNEYPOOL, SPECULATION, MOCCASIN, GENIE, COTTONMOUTH-I, COTTONMOUTH-II, TRINITY Can communicate with other COTTONMOUTH-I, COTTONMOUTH-II, or COTTONMOUTH-III devices using SPECULATION
FIREWALK[41] 10/100/1000bt Ethernet or USB host tap, Long haul relay Wireless bridge, TRINITY, DANDERSPRITZ USB, USB hub, Network switch, HOWLERMONKEY RF Transceiver NSA HOWLERMONKEY, PROTOSS, TRINITY, DANDERSPRITZ Filters and egresses network traffic over a custom RF link and injects traffic as commanded. Allows a VPN ethernet tunnel to be created.
SURLYSPAWN[55] Data and Keystroke logging Radar RF Retroreflector tap Keystrokes, Data from low data rate digital device USB, Laptop, and PS/2 keyboards NSA ANGRYNEIGHBOR A member of the ANGRYNEIGHBOR family of radar retroreflectors. Board taps the dataline from the keyboard to the processor. Generates a square wave oscillating at a preset frequency modulated by the data-line signals to become Frequency Shift Keyed (FSK). Nearby illuminating radar amplitude modulates the square wave causing it to be reradiated, received, and processed to recover keystrokes.
RAGEMASTER[56] VAGRANT video image signal Radar RF Retroreflector tap Keystrokes, Data from low data rate digital device VGA red video line NSA VAGRANT, NIGHTWATCH, GOTHAM, VIEWPLATE Taps the red video line between the video card and the computer monitor. When illuminated by radar, the signal is modulated with the red video information and re-radiated for demodulation and processing and viewing from a distance on an external monitor, NIGHTWATCH, GOTHAM, or VIEWPLATE to see video appearing on the target monitor.
NIGHTWACH[56] NSA VAGRANT, RAGEMASTER, GOTHAM, VIEWPLATE
GOTHAM[56] NSA VAGRANT, RAGEMASTER, NIGHTWATCH, VIEWPLATE
VIEWPLATE[56] NSA VAGRANT, RAGEMASTER, NIGHTWATCH, GOTHAM
PICASSO[57] GPS and GSM geolocation, call log, contact list, hot mic, and other user data EASTCOM 760c+, Samsung E600 and X450, Samsung C140 Modified handset, SIM SMS, GPS, GPRS NSA
CROSSBEAM[58] GSM voice data GPRS, Circuit Switched, Data Over Voice, DTMF Cell Phone Network Tower / Switch NSA WAGONBED, CHIMNEYPOOL, ROCKYKNOB A reusable, CHIMNEYPOOL-compliant, GSM communications module capable of collecting, compressing, and transmitting voice data.
CANDYGRAM[58] GSM base station router SMS GPS, GSM, GPRS Cell Phone Network Tower / Switch NSA WAGONBED, CHIMNEYPOOL, ROCKYKNOB Detects physical location of a target's mobile phone and verifies the exact location through a silent SMS.
CYCLONE Hx9[59] GSM base station router GPS, MS, IEEE 802.11 command and control, Voice & High Speed Data, GSM Security & Encryption GPS, GSM, GPRS Macro-class network in a box NSA TYPHON, CHIMNEYPOOL, ROCKYKNOB GSM network simulator that enables attacks on GSM 900 mobile phones, eavesdropping and capturing data from them.
EBSR[60] GSM base station router GPS, MS, IEEE 802.11, Wifi, and RF command and control, Voice & High Speed Data, GSM Security & Encryption GPS, GSM, GPRS Pico-class tri-band GSM base station. Internal IEEE 802.11/GPS/handset capability. NSA LANDSHARK, CANDYGRAM GSM network simulator that enables attacks on tri-band GSM mobile phones, eavesdropping and capturing data from them.
ENTOURAGE[61] Hardware receiver GPS, IEEE 802.11 HOLLOWPOINT, GPS, GSM, Wifi, WiMAX, LTE NSA NEBULA, HOLLOWPOINT platform, ARTEMIS GSM and LTE receiver for "direction finding" of mobile phone coordinates.
HOLLOWPOINT[62] Software Defined Radio GPS, IEEE 802.11 GPS, GSM, Wifi, WiMAX, LTE NSA NEBULA, ENTOURAGE, ARTEMIS
NEBULA[63] GSM base station router GPS, MS, IEEE 802.11 command and control, Voice & High Speed Data, GSM, UMTS, CDMA, RF GPS, GSM, GPRS, MS, UMTS, CDMA, GPRS, HSDPA, LTE Macro-class network in a box NSA TYPHON, ENTOURAGE Base station router for 2G and 3G networks.
TYPHON HX[64] GSM base station router GPS, GSM, Call Processing, SMS GPS, GSM, GPRS, SMS Network in a box NSA NEBULA, ENTOURAGE Base station router for 2G and 3G networks.
TYPHON HX[64] GSM base station router GPS, GSM, Call Processing, SMS GPS, GSM, GPRS, SMS Network in a box NSA NEBULA, ENTOURAGE Base station router for 2G and 3G networks.

References[edit]

  1. Hilzinger, Marcel. "MegaPanzer: Parts of Possible Govware Trojan Released under GPL". Retrieved 23 January 2014.
  2. Sebayang, Andreas. "Mutmaßlicher Bundestrojaner in den Händen des CCC". Retrieved 23 January 2014.
  3. Krempl, Stefan. "Staatstrojaner sorgen für Schlagabtausch im Bundestag". Retrieved 23 January 2014.
  4. Staff, SPIEGEL. "Inside TAO: Documents Reveal Top NSA Hacking Unit". Der Spiegel. Retrieved 3 January 2014.
  5. "Cryptologic Excellence: Yesterday, Today and Tomorrow" (PDF). National Security Agency. 2002. p. 17. Retrieved June 30, 2013.
  6. "NSA subversion of internet security: bad for the US, good for criminals". The Guardian. Retrieved 23 January 2014.
  7. "RSA paid $10m by NSA to use weakened security in its products". Incisive Financial Publishing Limited. Retrieved 23 January 2014.
  8. Boon, Floor. "NSA infected 50,000 computer networks with malicious software". NRC Handelsbad. Retrieved 23 January 2014.
  9. "Last-minute paper: An indepth look into Stuxnet". Virus Bulletin.
  10. "Stuxnet worm hits Iran nuclear plant staff computers". BBC News. 26 September 2010.
  11. "PCS 7". Siemens. Retrieved 3 January 2014.
  12. "SIMATIC STEP 7: the comprehensive engineering system". SIMATIC STEP 7. Siemens. Retrieved 3 January 2014.
  13. Jim Finkle (28 December 2011). "Stuxnet weapon has at least 4 cousins: researchers". Reuters.
  14. Cherry, Steven. "Sons of Stuxnet: Hackers are learning new lessons from the most sophisticated virus code ever written". IEEE Spectrum. Retrieved 4 January 2014.
  15. Keizer, Gregg. "Is Stuxnet the 'best' malware ever?". InfoWorld. Retrieved 4 January 2014.
  16. Zetter, Kim. "Stuxnet Missing Link Found, Resolves Some Mysteries Around the Cyberweapon". Wired. Retrieved 3 January 2014.
  17. 17.0 17.1 17.2 McMillan, Robert. "New spy rootkit targets industrial secrets". TechWorld. Retrieved 3 January 2014.
  18. Kupreev, Oleg. "Trojan-Spy.0485 And Malware-Cryptor.Win32.Inject.gen.2 Review". WildersSecurity. Retrieved 3 January 2014.
  19. 19.0 19.1 Thomson, Iain. "Snowden: US and Israel did create Stuxnet attack code". The Register. Retrieved 3 January 2014.
  20. Emspak, Jesse. "Why We Won't Soon See Another Stuxnet Attack". Tech News Daily. Retrieved 3 January 2014.
  21. 21.0 21.1 King, Rachael. "Stuxnet Infected Chevron's IT Network". Retrieved 3 January 2014.
  22. 22.0 22.1 22.2 McMillan, Robert. "Iran was prime target of SCADA worm". Computer World. Retrieved 3 January 2014.
  23. McMillan, Robert. "Siemens: Stuxnet worm hit industrial systems". Computer World. Retrieved 3 January 2014.
  24. SANGER, DAVID E. "Obama Order Sped Up Wave of Cyberattacks Against Iran". New York Times. Retrieved 3 January 2014.
  25. 25.0 25.1 25.2 "IRONCHEF". Der Spiegel. Retrieved 3 January 2014.
  26. 26.0 26.1 26.2 "DIETYBOUNCE". Der Spiegel. Retrieved 3 January 2014.
  27. "JETPLOW". Der Spiegel. Retrieved 3 January 2014.
  28. "HALLUXWATER". Der Spiegel. Retrieved 3 January 2014.
  29. "FEEDTROUGH". Der Spiegel. Retrieved 3 January 2014.
  30. "GOURMETTROUGH". Der Spiegel. Retrieved 3 January 2014.
  31. "SOUFFLETROUGH". Der Spiegel. Retrieved 3 January 2014.
  32. "HEADWATER". Der Spiegel. Retrieved 3 January 2014.
  33. "SCHOOLMONTANA". Der Spiegel. Retrieved 3 January 2014.
  34. "SIERRAMONTANA". Der Spiegel. Retrieved 3 January 2014.
  35. "STUCCOMONTANA". Der Spiegel. Retrieved 3 January 2014.
  36. 36.0 36.1 36.2 "GINSU". Der Spiegel. Retrieved 3 January 2014.
  37. 37.0 37.1 37.2 "IRATEMONK". Der Spiegel. Retrieved 3 January 2014.
  38. 38.0 38.1 "SWAP". Der Spiegel. Retrieved 3 January 2014.
  39. "WISTFULLTOLL". Der Spiegel. Retrieved 3 January 2014.
  40. 40.0 40.1 "SOMBERKNAVE". Der Spiegel. Retrieved 3 January 2014.
  41. 41.0 41.1 "FIREWALK". Der Spiegel. Retrieved 3 January 2014.
  42. 42.0 42.1 42.2 "DROPOUTJEEP". Der Spiegel. Retrieved 3 January 2014.
  43. "GOPHERSET". Der Spiegel. Retrieved 3 January 2014.
  44. "MONKEYCALENDAR". Der Spiegel. Retrieved 3 January 2014.
  45. "TOTECHASER". Der Spiegel. Retrieved 3 January 2014.
  46. 46.0 46.1 46.2 "TOTEGHOSTLY 2.0". Der Spiegel. Retrieved 3 January 2014.
  47. 47.0 47.1 "NIGHTSTAND". Der Spiegel. Retrieved 3 January 2014.
  48. 48.0 48.1 48.2 48.3 "HOWLERMONKEY". Der Spiegel. Retrieved 3 January 2014.
  49. "JUNIORMINT". Der Spiegel. Retrieved 3 January 2014.
  50. "MAESTRO-II". Der Spiegel. Retrieved 3 January 2014.
  51. "TRINITY". Der Spiegel. Retrieved 3 January 2014.
  52. 52.0 52.1 "COTTONMOUTH-I". Der Spiegel. Retrieved 3 January 2014.
  53. "COTTONMOUTH-II". Der Spiegel. Retrieved 3 January 2014.
  54. "COTTONMOUTH-III". Der Spiegel. Retrieved 3 January 2014.
  55. "SURLYSPAWN". Der Spiegel. Retrieved 3 January 2014.
  56. 56.0 56.1 56.2 56.3 "RAGEMASTER". Der Spiegel. Retrieved 3 January 2014.
  57. "PICASSO". Der Spiegel. Retrieved 3 January 2014.
  58. 58.0 58.1 "CROSSBEAM". Der Spiegel. Retrieved 3 January 2014.
  59. "CYCLONE Hx9". Der Spiegel. Retrieved 3 January 2014.
  60. "EBSR". Der Spiegel. Retrieved 3 January 2014.
  61. "ENTOURAGE". Der Spiegel. Retrieved 3 January 2014.
  62. "HOLLOWPOINT". Der Spiegel. Retrieved 3 January 2014.
  63. "NEBULA". Der Spiegel. Retrieved 3 January 2014.
  64. 64.0 64.1 "TYPHON HX". Der Spiegel. Retrieved 3 January 2014.


This article "Govware" is from Wikipedia. The list of its authors can be seen in its historical. Articles copied from Draft Namespace on Wikipedia could be seen on the Draft Namespace of Wikipedia and not main one.


Retrieved from "https://en.everybodywiki.com/index.php?title=Govware&oldid=2482610"
License CC BY-SA 3.0
Powered by MediaWiki
Powered by Semantic MediaWiki