Let's Play NSA! The Hackers Open-Sourcing Top Secret Spy Tools
Retroreflector implant. Image: Michael Ossmann


This story is over 5 years old.


Let's Play NSA! The Hackers Open-Sourcing Top Secret Spy Tools

Michael Ossmann and a merry band of hackers are rebuilding the NSA's most secret weapons—for science.

Last August, at Defcon, the hacker conference in  Las Vegas, a boyish 40-year-old engineer and security researcher named Michael Ossmann stood on the stage of a lecture hall, about to detail a stunning new set of tools designed for spying on a wealth of electronic devices.

As quiet descended over an eager audience of hundreds of hackers, Ossmann stopped and issued a warning. "If you don't want to hear about leaked classified information, you can leave now," he told the crowd.


Ossmann was acknowledging a legal barrier: if you're a government employee, you're prevented by law from reading or hearing about leaked classified information. And leaked classified information, it turned out, was precisely the basis of his research.

Ossmann paused to see if anyone was getting out of their seats. As he peered out into the audience, he said that it was an opportune moment for a friendly game of "Spot the Fed." (From where I was on the mezzanine of the giant lecture hall, I didn't see anyone get up).

Then, with the patience and attention to detail of a likeable college science professor, he explained to the audience just how he had engineered the kind of surveillance devices that, six months earlier, only a select group of spies had even known were possible.

The ANT farm

It all began just after Christmas 2013, when a peculiar 48-page gadget catalog appeared on the website of Der Spiegel. The top of each page contained a string of letters, beginning with "TOP SECRET."

Six months earlier, the German newspaper had been one of a number of media outlets to publish thousands of classified documents disclosed by Edward Snowden. But this document wasn't like the others.

The leaked file, authored around 2008 by a group at the National Security Agency known as the Advanced Network Technology (ANT) division, was a list of spy devices designed for getting what it called "the ungettable."


These tools weren't made for the controversial blanket surveillance that had captured the world's imagination and stirred its outrage. They were for use in more targeted and, in some cases, more dazzling attacks: gadgets meant to be secreted deep inside specific computers or telephones or walls, spying on the world's most secure systems—in some cases, even when they weren't connected to the internet. These devices were for the kind of old-fashioned spying that we almost forgot about in 2013: surveilling foreign governments and agents, terrorists, criminals, and perhaps some unintended victims.

"For nearly every lock, ANT seems to have a key in its toolbox," wrote Jacob Appelbaum, the American privacy activist and security researcher, in Der Spiegel. "And no matter what walls companies erect, the NSA's specialists seem already to have gotten past them."

It wasn't clear how the catalog was leaked, but after the debacle over the NSA's tapping of Angela Merkel's "handy," the decision to publish the document in Germany must have left more than a few American officials—and technology executives—grimacing.

Five thousand miles away in Colorado, however, Michael Ossmann was delighted. Ossmann had spent much of his career taking apart, designing, and hacking together radio electronics himself, mainly in the hope of trying to find their vulnerabilities and figure out how to protect them from people who might want to interfere with or spy on them.


To him, the document was like a late Christmas present—a kind of cyberspy's Sharper Image catalog, chock full of capabilities and code names that would not disappoint fans of espionage literature.

There's a bugged set of mobile phones called PICASSO that can secretly record audio at any time (cost: $2,000), and software called MONKEYCALENDAR that transmits a mobile phone's location by hidden text message ($0). A USB plug codenamed COTTONMOUTH is designed to capture data as soon as it's plugged in to a device (as much as $1.25 million for 50 of them), and CANDYGRAM, a set of fake base stations for hijacking cell phone calls, can be yours for a mere $40,000 apiece (if you're the right "you").

Most of the document was fun for Ossmann, rather than actually revelatory. "We"—as in the global community of radio hackers—"already knew how to build most of this stuff," he told me recently.

But the ANT toolkit also included another more unusual class of devices known as "radio frequency retroreflectors." With names like NIGHTWATCH, RAGEMASTER, and SURLYSPAWN, these devices were designed to give NSA agents "the means to collect signals that otherwise would not be collectable, or would be extremely difficult to collect and process."

And they were surprising. "Wow," Ossmann thought. "Why the hell haven't I ever seen anything like these?"

Conceptually, radio frequency (RF) retroreflectors aren't novel. We encounter them on an everyday basis, since it is the technology used in RFID chips: anti-theft tags at stores, badges that grant entry to secure entrances, some credit cards, E-Z-Passes, fancy dog collars.


(Now I'm going to explain how retro-reflection works and things are going to get a little bit complicated, but bear with me, because the details are important. And  ​if I can understand it, so can you.)

Retroreflection technology utilizes what's known as "backscatter communication." A retroreflector is "illuminated" remotely by the radio signal of another device, causing the retroreflector to, well, reflect a signal back.

A simple, non-technical illustration of this phenomenon would be two children trying to send messages in Morse code across a dark valley using only a flashlight and a mirror. A girl shines a flashlight at a boy, who wiggles his mirror to reflect the light back to the girl with meaningful modifications.

Because of this special functionality, a retroreflector, unlike a classic surveillance bug, requires no connection to a power source. As a result, it can be much smaller than a traditional bug and much harder to detect. And it can pretty much last forever.

By combining these devices with tiny sensors like a microphone or a keystroke reader, the NSA's engineers had turned retroreflectors into a superb spy bug: a sleeper agent that could gather data from your computer, silently and only when activated by a radar signal—when you weren't looking, when you weren't connected to the Internet, after you were dead.

Once Ossmann had read the catalog and knew that someone could build these magical-seeming devices, he did what hackers do.


"I thought that someone should demonstrate to people how easy it is to make such things," he said, "and I couldn't think of anyone more qualified to do it than myself."

Michael Ossmann with his HackRF One, a software-defined radio device.​

It All Started With "The Thing"…

Prior to the release of the ANT catalog, the last time the public had ever heard anything about retro-reflection technology being used in a surveillance device was in 1960. And the technology became such a sensation that it earned one of the most iconic nicknames of the Cold War.

On August 4, 1945, as World War II was winding down and new tensions with the Soviets were starting to wind up, Russian schoolchildren paid a visit to the American Ambassador in Moscow and bestowed upon him a token of good will: a Great Seal of the United States. The Ambassador hung it in his residential study.

There it hung until one day in 1952, when a British radio technician in Moscow, listening in on Russian air traffic, discovered something unexpected on one frequency: the sound of the British ambassador, loud and clear, along with other American-accented conversations. Thus began one of many exhaustive tear-downs of the embassy. They were looking to find a listening device—and they did, along with a new frontier of spying. The culprit was the Great Seal.

Inside the Americans and British found a tiny device the likes of which they'd never seen. So alien was the Great Seal Bug that the only appropriate name for it seemed to be "The Thing," after the character in the Addams Family (which was then still just a New Yorker cartoon). It was a retroreflector.


"The Thing," turned out to have been invented by the legendary Russian engineer Lev Sergeyevich Termen, or Leon Theremin, who may be most famous as the father of the spooky radio-based instrument named after him, but is also considered a pioneer of RFID technology.

But perhaps surprisingly, despite all the public interest in the revelation, "The Thing" did not seem to herald more "things." In the history of espionage technology, it was a great story, but ultimately a footnote. As far as the public knew, after its fantastical discovery there were fifty-three years of radio silence, so to speak.

"In hindsight," Ossmann said, "it's obvious that these types of attacks are practical and employed. For someone who knows a little bit about electronics and a little bit about security, RF retroreflectors should be completely unsurprising. However, I couldn't find anyone who had published any research on the subject at all. That was astonishing."

(This is where things get a bit complicated again; it's worth it, but if you simply can't deal with the details, take my word for it, and skip down to the next section.)

The ANT catalog arrived at a serendipitous moment for Ossmann. For years, he'd been working in software-defined radio (SDR), an emerging field in which wireless devices are built in code rather than with hardware. Instead of modulators and oscillators, an SDR uses digital signal processing chips that give programmers the ability to automatically create radio signals and specify their frequency and power.


Ossmann has designed his own SDR that he sells on his website called the HackRF One, which plugs into any computer's USB. He compares it to a computer's sound card, except instead of making sounds or processing audio, it makes and receives radio signals. Think of it as a kind of radio hacker's Swiss Army Knife, capable of engaging with any radio band on the fly: AM, FM, GSM, Bluetooth—you name it. (As of publication, the HackRF One is sold out; Ossmann is currently readying a new batch.)

Devices like these can be used to test the security of radio systems, but Ossmann figured that its versatility could also be used to send signals to a retroreflector and receive them back with minimal interference. He poured over the ANT catalog, began communicating with other hardware and software engineers on online message boards, and enlisted the help of a number of other hardware tinkerers he knew from the internet. The project's name—the NSA Playset—originated with a friend of Ossmann's, an engineer named Dean Pierce, who had originally suggested it for another hacking project that began when news of the government's secret domestic surveillance program was ​first reported in 2006.

"Some of these implants aren't as difficult to miniaturize as I thought." Michael Ossmann's etroreflectors, clockwise from top left: the general purpose CONGAFLOCK, a FLAMENCOFLOCK PS/2 implant, TANGOFLOCK for USB, and SALSAFLOCK for VGA monitors. Image: Michael Ossmann

Ossmann's first successful retroreflector experiment involved spying on a simple electrical signal using a toy. First, he hacked a Hot Wheels Radar Gun (about $30 on eBay) to connect to an oscilloscope, which displays electrical signals on a screen. Then he soldered a small piece of wire—an antenna—onto a basic transistor called a MOSFET, and attached this to a function generator configured to produce a simple square wave, and he powered it up.


"I aimed the radar gun at the retroreflector and was able to see the square wave on the oscilloscope." With some fiddling, the bug could be used to surveil a TV monitor, or the keystrokes on a keyboard, or a telephone line, or an automobile's internal network, all quietly and from a safe distance. Ossmann got to work on turning his transistor/antenna combination into a retroreflector he called CONGAFLOCK.

"I made a few," he said. "And they're really small, so I made a thousand."

Ossmann brought his retroreflectors, codenamed CONGAFLOCK, to Defcon. Image: Michael Ossmann

Pulling back the curtain

Every tool in the NSA Playset has been designed on top of open-source hardware and software so that anyone can build their own, often in no more than a few hours. Over a dozen engineers are involved in the project, Ossmann said, but anyone is invited to join and contribute their own device. The first requirement: a silly name riffing on the original NSA codename. "For example, if your project is similar to FOXACID, maybe you could call it COYOTEMETH," says the NSA Playset website. (A separate website, NSA Name Generator, is designed to help.)

Just like the ANT catalog, the NSA Playset includes more than just retroreflectors. In a separate talk at Defcon, another NSA Playset engineer from Colorado named Joshua Datko showed off the CHUCKWAGON, a device he built that allows malware to be reinstalled on a computer even after being erased by antivirus software. By attaching the bug to an exposed portion of a computer's wiring system, something called the I2C bus, "you can attack somebody's PC without even opening it up," Ossmann said.


At a table outside the conference hall at Defcon, where a number of members of the NSA Playset team gave presentations, attendees could buy some of the devices, at prices that might have shocked the authors of the ANT catalog.

One device, dubbed TWILIGHTVEGETABLE, is a knock off of an NSA-built GSM cell phone that's designed to sniff and monitor internet traffic. The ANT catalog lists it for $15,000; the NSA Playset researchers built one using a USB flash drive, a cheap SDR, and an antenna, for about $50. The most expensive device, a drone that spies on WiFi traffic called PORCUPINEMASQUERADE, costs about $600 to assemble. At Defcon, a complete NSA Playset toolkit was auctioned by the EFF for $2,250.

NSA Playset items for sale at Defcon. Image: Dean Pierce

There are, of course, a few concerns about loosing this kind of spy gear into the public realm. In the cab on my way to the conference to see Ossmann speak, I mentioned Defcon to my taxi driver. "I've never seen so many criminals under one roof," he joked. He was echoing the popular conception of hackers: They're going to rob you, they're going to stalk you; they're the peroxide-haired master villain played by Javier Bardem in that latest Bond movie.

It's self-evident that spies need all kinds of sophisticated spy gear; it's not self-evident exactly how much they need, and how far they should go in the use of that technology. But does Ossmann and his merry bunch of geeks need to know how to create tiny, undetectable bugs that, once installed, can last forever? Frankly, it seems like pretty bad news for ex-girlfriends everywhere.


Those concerned about this might also point out that anyone can come to Defcon. If you have $220 in cash, and you're willing to wait in long lines, you're in. Plenty of people at the conference don't use their real names or take off their sunglasses. Sure, there's a friendly, open-source atmosphere at the conference, but that doesn't mean that foreign spies or criminals aren't hidden among the crowd. And there's even less of a barrier to entry for those who want to see Ossmann's plans for building these devices. They're on Github. All you need is an internet connection.

Well before the Snowden revelations, the security community has been debating the merits of "full" disclosure of known vulnerabilities versus "responsible" disclosure. On the NSA Playset's Google Group, I found little discussion about this. But in one post from June, a hardware hacker named Tony DiCola, who was building his own NSA-inspired device designed to spy on keystrokes over WiFi, expressed some hesitation.

"I did have a concern about ethics," he wrote. "Are there any thoughts or processes to help keep stuff in the NSA Playset from being too easily used for 'bad'? I worry that releasing and documenting an easy to use WiFi keylogger could make it too easy for someone without much skill to get themselves in trouble. Obviously the whole point of the NSA Playset seems like it's to show people just how easy and possible it is for these spy devices to be built and used. However is there a point where it might cause more trouble than it's worth?"


In a follow-up comment, DiCola proposed one solution—building a countermeasure to his device—but his initial question received scant response.

The aftermath

Looking for answers after the talk, I found Ossmann in the pool area at the Rio Hotel, surrounded by faux waterfalls and swimming vacationers, holding an informal Q&A. Wearing well-fitting jeans, a checked Oxford shirt, and Prada glasses, nodding attentively as he listened to the ideas of his excited young fans, he could hardly have looked less like a digital radical.

Speaking to a smaller, less formal audience, Ossmann ruminated about the future. He mentioned the possibility that some of this spying technology doesn't require a piece of embedded hardware at all, and may be able to work with the unmodified elements of everyday electronic devices. Potentially, that means that your totally average, everyday stereo could, if beamed at by the right kind of equipment, turn into a surveillance device.

"I have not yet seen this work," Ossmann said, "so I can't be certain, but I suspect that this is a legitimate threat, and it is one of the areas of future research that I think is most important."

I took the opportunity to break into the conversation to ask Ossmann about the concerns I imagined people would have with this kind of work: what are the consequences of making information and tools like this public? What does it mean to put these kinds of capabilities into the hands of people who don't have the motives of a national security organization?


I tried to choose my words carefully, but I could tell immediately from the frustrated brows of the other people in the crowd that I had revealed myself as an outsider. They were the smartest kids in the class, happily bounding ahead of the curriculum, and I was the person asking the teacher to go back to the beginning because I hadn't understood the original equation.

But Ossmann was as generous and patient with me as he was with all the others.

"The point is to raise awareness within the security field," he said. "If we [in the information security field] are going to take ourselves seriously, we've got to understand these threats. If we don't know much about attacks, we don't know counter-measures. There is no security in obscurity."

The NSA Playset website.​

"Once you know that it's being done, it's rudimentary and obvious to anyone with minimal electronics and security background," he said. "So it's safe to assume that lots of people are doing it. Maybe foreign governments. Maybe criminals."

"When things are difficult and obscure," he said, "they're not widely available and then only the bad guys can use them."

In the circumstances—Defcon, surrounded by young hackers—I wasn't sure what he meant by "the bad guys." The US government? The Kremlin?

But he wasn't being political: "Bad guys" was just an expression. "If you're trying to defend a system," he said, "everyone attacking it is a bad guy."

At this point, a hacker standing nearby said that there was another, totally different way to look at the NSA Playset. To him, the work Ossmann is doing is helping many of the government's engineers resolve a catch-22 that's emerged in the wake of the Snowden revelations: government security researchers who didn't have access to the ANT catalog when it was classified aren't legally permitted to read it or transmit it now, even though everyone else can. Arguably, that leaves the public sector at a disadvantage next to the private sector—or to spies in, say, Beijing or Moscow.


Ossmann confirmed this. "I've been thanked by several US government employees for my work on the NSA Playset and particularly for my RF retroreflector research," he told me. "They don't have the opportunity to understand state-of-the-art threats against their systems unless someone like me produces unclassified information about such threats."

A security specialist who goes by the name Clive Robinson, and who appears to be familiar with the NSA's implants, echoed this concern in ​one of many comments on Bruce Schneier's blog in June. "The annoying thing" for experts who have been trained in the government's secret surveillance tools, "is not being able to talk about things until some independent researcher has put a paper into the public domain. If it's from a classified source that's been leaked like the Ed Snowden revelations it still can not be talked about or even looked at."

This is far more frustrating, he wrote, because, "if you can read Russian as a friend of mine can then you will find there is quite a bit of info available up on the web" about this material, a reminder not just about what information is out there but who is looking at it.

"Government people don't have all the tools to protect their own networks," Ossmann told me, and he knows this first-hand. Before he quit his day job to focus on his own security and electronics company, Great Scott Gadgets, he was working as a wireless security researcher in a government-funded lab. His research wasn't classified, but it "wasn't widely disseminated," he said. "Since then I have made a deliberate effort to work only on open source and public research."

In one top secret slide from 2010, NSA technicians are shown intercepting a Cisco router in order to implant a digital bug.

At this point, the most visible elements in the transparency debate seem to be those on the far reaches of both sides of the spectrum. On one side, there's Anonymous and WikiLeaks and the rest of the "hacktivist" community, for whom total transparency is a self-evident good that rarely needs further justification. On the other, there are the officials in the intelligence community and others who think it's always unsafe to expose classified information and behavior, even if those classified things might make us unsafe to begin with. What's yet to emerge is a reasonable middle ground that takes into account all the grays of a topic as complex and nuanced as information security.

One concern often voiced by critics of the intelligence community relates to its culture of excessive surveillance and over-classification—a land of too many secrets, where knowledge can be a casualty and paranoia and corruption can thrive. Thomas Drake, a former NSA official-turned-whistleblower, doesn't think a document like the ANT catalog should have been classified to begin with. In his opinion, that kind of protection should be reserved for troop movements and nuclear secrets.

"People in secret knowing about others becomes very seductive, and you get addicted to it, and you're not accountable," Drake said. "There's a natural tendency to expand what is secret."

But while policy people debate what should or shouldn't be public, the scientists are doing what they always do: learning more. Ossmann doesn't take a firm stance on whether the ANT Catalog should have been released in the first place.

"I do not know who leaked it or why," he wrote in an email. "I find nothing shocking about the fact that the NSA possesses any of the tools in the catalog, and this makes me wonder about the motivation of the leaker." He said he was skeptical that Edward Snowden was behind it. "Snowden's motives have been fairly clear," he said.

To Ossmann and people like him—people in whose hands the consequences of this kind of information arguably actually rest—the political aspects and the motives are incidental. "I do not support the idea that knowledge can or should be withheld from anyone," he said. "As a security researcher, my interest in the ANT catalog is that it informs me about potentially interesting areas of research."

It almost sounds simple when he says it.

With additional reporting by Alex Pasternack.


Read How To Not Get Hacked at the World's Preeminent Hacker Conference
Watch The Atomic Trucker: How a Truck Driver "Rebuilt" the Atomic Bomb
Watch Why We Need a Magna Carta for the Internet: Motherboard Meets Bruce Schneier