The NSA ANT document contains code word references to hardware and software surveillance technology available to the NSA.
| BULLDOZER |
Technology that creates a hidden wireless bridge allowing NSA personnel to remotely control a system wireless. |
| CANDYGRAM |
A $40,000 tripwire device that emulates a GSM cellphone tower. |
| COTTONMOUTH |
A family of modified USB and Ethernet connectors that can be used to install Trojan horse software and work as wireless bridges, providing covert remote access to the target machine. COTTONMOUTH-I is a USB plug that uses TRINITY as digital core and HOWLERMONKEY as RF transceiver. Cost in 2008 was slightly above $1M for 50 units. |
| COTTONMOUTH-II |
Is deployed in a USB socket (rather than plug), and costs only $200K per 50 units, but requires further integration in the target machine to turn into a deployed system. |
| COTTONMOUTH-III |
Is a stacked Ethernet and USB plug costing approximately $1.25M for 50 units. |
| CROSSBEAM |
Is "a GSM communications module capable of collecting and compressing voice data". |
| CTX4000 |
Continuous wave radar device that can "illuminate" a target system for recovery of "off net" information. |
| CYCLONE-HX9 |
A GSM Base Station Router. |
| DEITYBOUNCE |
Technology that installs a backdoor software implant on Dell PowerEdge servers via the motherboard BIOS and RAID controller(s). |
| DROPOUTJEEP |
"A software implant for the Apple iPhone that utilizes modular mission applications to provide specific SIGINT functionality. This functionality includes the ability to remotely push/pull files from the device. SMS retrieval, contact list retrieval, voicemail, geo-location, hot mic, camera capture, cell tower location, etc. Command, control and data ex-filtration can occur over SMS messaging or a GPRS data connection. All communications with the implant will be covert and encrypted.". |
| EBSR |
Is a "tri-band active GSM base station with internal 802.11/GPS/handset capability". |
| ENTOURAGE |
A software platform that leverages the 4 Software Defined Radio units in the HOLLOWPOINT platform. Allowing itself to mimic 2G, 3G, and others. Also works besides NEBULA active interrogator as part of the "Find/Fix/Finish" capabilities of the GALAXY program. |
| FEEDTROUGH |
Software that can penetrate Juniper Networks firewalls allowing other NSA-deployed software to be installed on mainframe computers. |
| FIREWALK |
A device that looks identical to a standard RJ45 socket that allows data to be injected, or monitored and transmitted via radio technology. Using the HOWLERMONKEY RF transceiver. It can for instance create a VPN to the target computer. Cost in 2008: $537K for 50 units. |
| FOXACID |
Technology that can install spyware using a "quantum insert" capable of infecting spyware at a packet level. |
| GENESIS |
A modified commercial GSM platform adding Software Defined Radio capabilities and additional system memory. The internal Software Defined Radio allows a user to covertly perform network surveys, record SF spectrum, or perform handset location. |
| GINSU |
Technology that uses a PCI bus device in a computer, and can reinstall itself upon system boot-up. |
| GOPHERSET |
GSM software that uses a phone's SIM card's API (SIM Toolkit or STK) to control the phone through remotely sent commands. |
| GOURMETTROUGH |
User-configurable persistence implant for certain Juniper Networks firewalls. |
| HALLUXWATER |
Back door exploit for Huawei Eudemon firewalls. |
| HEADWATER |
Persistent backdoor technology that can install spyware using a "quantum insert" capable of infecting spyware at a packet level on Huawei routers. |
| HOWLERMONKEY |
A RF transceiver that makes it possible (in conjunction with digital processors and various implanting methods) to extract data from systems or allow them to be controlled remotely. |
| IRATEMONK |
Technology that can infiltrate the firmware of hard drives manufactured by Maxtor, Samsung, Seagate, and Western Digital. |
| IRONCHEF |
Technology that can "infect" networks by installing itself in a computer I/O BIOS. IRONCHEF includes also "Straitbizarre" and "Unitedrake" which have been linked to the spy software REGIN. |
| JUNIORMINT |
A digital core packaged with both a mini Printed Circuit Board to be used in typical concealment, and a miniaturized Flip Chip Module to be used in implants with size constraints. |
| JETPLOW |
Firmware that can be implanted to create a permanent backdoor in a Cisco PIX series and ASA firewalls. |
| LOUDAUTO |
$30 audio-based RF retro-reflector listening device. |
| MAESTRO-II |
A multi-chip module approximately the size of a dime that serves as the hardware core of several other products. The module contains a 66 MHz ARM7 processor, 4 MB of flash, 8 MB of RAM, and a FPGA with 500,000 gates. Unit cost: $3–4K (in 2008). It replaces the previous generation modules which were based on the HC12 microcontroller. |
| MONKEYCALENDAR |
Software that transmits a mobile phone's location by hidden text message. |
| NEBULA |
A multi protocol macro-class network in a box. Leverages the existing Typhon GUI and supports GSM, UMTS, CDMA2000 applications. LTE Capable. |
| NIGHTSTAND |
Portable system that wireless installs Microsoft Windows exploits from a distance of up to eight miles. |
| NIGHTWATCH |
Portable computer used to reconstruct and display video data from VAGRANT signals; used in conjunction with a radar source like the CTX4000 to illuminate the target in order to receive data from it. |
| PICASSO |
Software that can collect mobile phone location data, call metadata, access the phone's microphone to eavesdrop on nearby conversations. |
| PHOTOANGLO |
A joint NSA/GCHQ project to develop a radar system to replace CTX4000. |
| RAGEMASTER |
A concealed $30 device that taps the video signal from a target's computer's VGA signal output so the NSA can see what is on a targeted desktop monitor. It is powered by a remote radar and responds by modulating the VGA red signal (which is also sent out most DVI ports) into the RF signal it re-radiates; this method of transmission is codenamed VAGRANT. RAGEMASTER is usually installed/concealed in the ferrite choke of the target cable. The original documents are dated 2008-07-24. Several receiver/demodulating devices are available, e.g. NIGHTWATCH. |
| SCHOOLMONTANA |
Software that makes DNT implants persistent on JUNOS-based (FreeBSD-variant) J-series routers/firewalls. |
| SIERRAMONTANA |
Software that makes DNT implants persistent on JUNOS-based M-series routers/firewalls. |
| STUCCOMONTANA |
Software that makes DNT implants persistent on JUNOS-based T-series routers/firewalls. |
| SOMBERKNAVE |
Software that can be implanted on a Windows XP system allowing it to be remotely controlled from NSA headquarters. |
| SOUFFLETROUGH |
BIOS injection software that can compromise Juniper Networks SSG300 and SSG500 series firewalls. |
| SPARROW II |
A small computer intended to be used for WLAN collection, including from UAVs. Hardware: IBM Power PC 405GPR processor, 64 MB SDRAM, 16 MB of built-inflash, 4 mini PCI slots, CompactFlash slot, and 802.11 B/G hardware. Running Linux 2.4 and the BLINDDATE software suite. Unit price (2008): $6K. |
| SURLYSPAWN |
Keystroke monitor technology that can be used on remote computers that are not internet connected. |
| SWAP |
Technology that can reflash the BIOS of multiprocessor systems that run FreeBSD, Linux, Solaris, or Windows. |
| TAWDRYYARD |
Beacon RF retro reflector. Provides return when illuminated with radar to provide rough positional location. 1/8th of an inch wide along its longest side. |
| TOTECHASER |
A Windows CE implant targeting the Thuraya 2520 handset. The Thuraya 2520 is a duel mode that can operate either in SAT or GSM modes. The Phone supports a GPRS data connection for web browsing, email, and MMS messages. The initial software implant capabilities include providing GPS and GSM geo-location information. Call log, contacts, and other user information can also be received from the phone. "Additional capabilities are being investigated." |
| TOTEGHOSTLY |
Software that can be implanted on a Windows mobile phone allowing full remote control. |
| TRINITY |
A more recent and more powerful multi-chip module using a 180 MHz ARM9 processor, 4 MB of flash, 96 MB of SDRAM, and a FPGA with 1 million gates. Smaller than a penny. Estimated cost (2008) $625K for 100 units. |
| WATERWITCH |
A portable "finishing tool" that allows the operator to find the precise location of a nearby mobile phone. |
| WISTFULTOLL |
A UNDERTAKE and STRAITBIZZARE plugin used for harvesting and returning forensic information from a target using Windows Management Instrumentation calls and Registry extractions. |
| WARRIOR PRIDE |
Is the GCHQ and NSA code name for a pair of spyware kits that can be installed on the iPhone and Android-based smartphones. Information about these kits was published by the press on 27 January 2014 from the documents leaked by Edward Snowden. |
