New reports coming out of Germany’s Der Spiegel, based on internal NSA documents, suggest that the agency regularly intercepts new computer hardware to plant wiretapping bugs and malware. Together with the FBI and CIA, the NSA can divert a package to one of its secret workshops in a process known as interdiction.
The work is carried out by the NSA’s Tailored Access Operations (TAO) unit and can cover anything from an invisible USB implant to a software program that opens a backdoor to a particular network, according to Der Spiegel. The agency can unlock networking hardware from many of the major technology companies in the U.S. and beyond, making use of software hidden in motherboard BIOS code or hard drive firmware.
The reports make no mention of how widespread this practice is, or how the NSA picks its targets — unless you’re considered a high risk to national security, it’s unlikely that the laptop you unwrapped on Christmas Day had any kind of spying equipment installed in it — but it’s another notable revelation in the on-going debate over privacy vs security in the digital age. President Obama is due to make an official statement on the future of the NSA’s surveillance methods in January.
The new leaks are part of an extensive Der Spiegel feature on how the NSA and the TAO work. There’s also mention of using a private jet to fly “high-tech plumbers” to tap into networks that aren’t connected to the Web, and a 50-page spy catalog featuring tools able to tap into almost any system.