SLIDE 1
Ruxcon 2014 Joe FitzPatrick Mike Ryan
Tools of the NSA Playset Ruxcon 2014 Joe FitzPatrick Mike Ryan - - PowerPoint PPT Presentation
Tools of the NSA Playset Ruxcon 2014 Joe FitzPatrick Mike Ryan - - PowerPoint PPT Presentation
Tools of the NSA Playset Ruxcon 2014 Joe FitzPatrick Mike Ryan What is the NSA Playset? () nsaplayset.org 3D NSA Playset Price Sheet CONGAFLOCK - <$1 A Retroreflector, which is a passive device that reflects differently when a
SLIDE 2
SLIDE 3
()
SLIDE 4
nsaplayset.org
3D
SLIDE 5
NSA Playset Price Sheet
CONGAFLOCK - <$1
A ‘Retroreflector’, which is a passive device that reflects differently when a monitored wire changes ()
SLIDE 6
()
SLIDE 7
NSA Playset Price Sheet
TWILIGHTVEGETABLE - $50
Custom Boot environment for basic GSM monitoring
- Sandisk 16G Extreme USB
- NooElec RTL-SDL dongle + antenna
3D
SLIDE 8
TWILIGHTVEGETABLE
3D
SLIDE 9
NSA Playset Price Sheet
LEVITICUS - $50
OsmocomBB Phone for use with TWILIGHTVEGETABLE
- Motorola C139 phone
- Osmocom Cable
3D
SLIDE 10
LEVITICUS
3D
SLIDE 11
NSA Playset Price Sheet
DRIZZLECHAIR - $100
A5/1 Rainbow Tables + Kraken for use with TWILIGHTVEGETABLE
- WD Elements 2TB USB 3.0 Hard Drive
3D
SLIDE 12
DRIZZLECHAIR
3D
SLIDE 13
NSA Playset Price Sheet
CHUCKWAGON - $25
I2C implant ()
SLIDE 14
CHUCKWAGON
()
SLIDE 15
Upcoming Toys in the NSA Playset
() ()
SLIDE 16
NSA Playset Price Sheet
FLEABRAIN - $10
USB Cable implant that can store and transmit USB data 3D
SLIDE 17
3D
SLIDE 18
NSA Playset Price Sheet
DUCHESSRIDE - $45
USB Implant that allows for USB middling ()
SLIDE 19
DUCHESSRIDE
()
SLIDE 20
Our Favorite NSA Playset Toys:
()
SLIDE 21
NSA Playset Price Sheet
TINYALAMO - $10
Bluetooth keystroke surveillance and injection ()
SLIDE 22
TINYALAMO
+ PyBT
()
SLIDE 23
()
SLIDE 24
TINYALAMO Demo!
()
SLIDE 25
NSA Playset Price Sheet
SLOTSCREAMER - $100
PCIe Attack Platform
- USB3380-AB Evaluation Board with custom firmware
3D
SLIDE 26
http://www.hwtools.net/PLX.html
SLOTSCREAMER Hardware
SLIDE 27
SLIDE 28
Diagram: PCIe 2.1 specification
SLIDE 29
NSA Playset Price Sheet
HALIBUTDUGOUT - $300
PCIe Attack Platform
- SLOTSCREAMER enclosed in a Thunderbolt Enclosure
3D
SLIDE 30
HALIBUTDUGOUT
3D
SLIDE 31
NSA Playset Price Sheet
GUPPYDUGOUT - $200
PCIe Attack Platform
- Expresscard SLOTSCREAMER in a tiny thunderbolt
enclosure
3D
SLIDE 32
GUPPYDUGOUT
3D
SLIDE 33
SLOTSCREAMER Demo!
3D
SLIDE 34
Building ALLOYVIPER
3D
SLIDE 35
Building ALLOYVIPER
3D
SLIDE 36
Building ALLOYVIPER
3D
SLIDE 37
Building ALLOYVIPER
3D
SLIDE 38
Building ALLOYVIPER
3D
SLIDE 39
Building ALLOYVIPER
3D
SLIDE 40
Building ALLOYVIPER
3D
SLIDE 41
Building ALLOYVIPER
3D
SLIDE 42
MITMing
3D
SLIDE 43
NSA Playset Price Sheet
ALLOYVIPER - $50
PCIe Attack Platform
- Decoy cable for use with HALIBUTDUGOUT
3D
SLIDE 44
Who?
Security Researchers Hardware Hackers Hardware Developers Hobbyists Other Nerds, Geeks, and Dorks* An undercover agent or two* Tinfoil hat wearers*
*presumed 3(D)
SLIDE 45
But Why?
Intelligence agencies are not magic
()
SLIDE 46
But Why?
If the capability exists, designers need to know to protect against it
3D
SLIDE 47
But Why?
‘Nation-state’ capabilities are out of scope. Cheap DIY hacker tools should not be.
()
SLIDE 48
But Why?
If any 12-year old can do it, the design flaw will be fixed
3D
SLIDE 49
Joe FitzPatrick @securelyfitz joefitz@securinghardware.com https://www.securinghardware.com
Questions?
Mike Ryan @mpeg4codec mikeryan@isecpartners.com https://lacklustre.net
3(D)