On Wed, Dec 11, 2013 at 6:34 AM, Dan Staples <danstaples@disman.tl> wrote:
This morning's NSA article from WaPo contains some slides mentioning USRP equipment[1]. It's hard to say without more context whether it's referring to the GSM equipment from Ettus...anyone care to speculate? The USRP series doesn't exactly seem like carrier-grade equipment, but perhaps the NSA has a good reason to use it.
the partnership with NGA to deploy them gives a hint: this is putting USRPs up close and personal to target for exploitation. (the USRP's are definitely more portable than my favorite SDR, the Noctar[0]!) given the obtained bits mentioned (WLLids, DSL accounts, Cookies, GooglePREFIDs) gathered and then handed off to TAO for further QUANTUM INSERT fucking of target systems it is likely they are doing GSM/cell MitM to observe identifiers, along with WiFi attacks, and other egress rather than deploying baseband exploits or deep active attacks directly against the devices or other networks they're communicating with. thus CNE in this case is cell MitM/WiFi pwn with a USRP rogue tower to get identifiers for TAO. and TAO is where they get dirty with "remote exploitation" of the device itself and other targets on networks it uses. we've seen how they have a smorgasbord of weaponized exploits to cover the gamut of target hardware and technical acumen in the QUANTUM INSERT / TURMOIL / TRAFFICTHIEF / MUTANT BROTH / etc, etc. style efforts. it appears they're using this same infrastructure where possible for mobile; restricting CNE on the ground only to target. best regards, 0. Pervices Noctar http://www.pervices.com/support/