Follow by Email

Thursday, February 6, 2014

SOMBERKNAVE: NSA Exploit of the Day

Today's item from the NSA's Tailored Access Operations (TAO) group implant catalog:
SOMBERKNAVE (TS//SI//REL) SOMBERKNAVE is Windows XP wireless software implant that provides covert internet connectivity for isolated targets.
(TS//SI//REL) SOMBEKNAVE is a software implant that surreptitiously routes TCP traffic from a designated process to a secondary network via an unused embedded 802.11 network device. If an Internet-connected wireless Access Point is present, SOMBERKNAVE can be used to allow OLYMPUS or VALIDATOR to "call home" via 802.11 from an air-gapped target computer. If the 802.11 interface is in use by the target, SOMBERKNAVE will not attempt to transmit.
(TS//SI//REL) Operationally, VALIDATOR initiates a call home. SOMBERKNAVE triggers from the named event and tries to associate with an access point. If connection is successful, data is sent over 802.11 to the ROC. VALIDATOR receives instructions, downloads OLYMPUS, then disassociates and gives up control of the 802.11 hardware. OLYMPUS will then be able to communicate with the ROC via SOMBERKNAVE, as long as there is an available access point.
Status: Available -- Fall 2008
Unit Cost: $50K
Page, with graphics, is here. General information about TAO and the catalog is here.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.