An iPhone backdoor was just one of 50 items in the NSA's catalog of covert cyber tricks.
FORTUNE — If it weren’t for the Apple AAPL angle, I’m not sure I would have watched the entire YouTube video Jacob Appelbaum posted Monday of his hour-long lecture at a hackers conference in Hamburg last weekend.
I’m glad I did, although I’m still not sure what to make of it.
Applebaum is a private security expert with connections to Edward Snowden and Julian Assange and a long history with U.S. intelligence agencies. According to his Wikipedia entry, he has been detained a dozen times and had his laptop and several mobile phones seized — which helps explain the video’s undercurrent of wounded outrage.
Appelbaum was one of the co-authors of Sunday’s big expose on the NSA in Der Spiegel. His particular expertise is the top-secret document from 2008 that provided most of the magazine’s revelations: A 50-page “catalog” of NSA capabilities — some still under development five years ago, some already deployed. They include:
- CANDYGRAM: A telephone tripwire that mimics a cellphone tower.
- COTTONMOUTH: A modified USB plug for intercepting communications, installing trojans etc.
- WATERWITCH: A handheld “finishing tool” for finding the exact location of nearby handsets.
- SURLYSPAWN: Monitors keystrokes when a target computer isn’t connected to the Internet.
- FOXACID: A system for installing spyware with a “quantum insert” that infects spyware at the packet level.
- IRONCHEF: Infects networks by installing itself in a computer’s input-output BIOS.
- JETPLOW: A firmware implant that provides a permanent backdoor through a Cisco CSCO firewall.
- HEADWATER: Does the same for China’s Huawai routers.
- RAGEMASTER: Taps the line between a desktop computer’s video card and its monitor.
- HOWLERMONKEY: A radio transceiver for extracting data from systems or making them remote-controllable.
- MONKEYCALENDAR: Attack software that sends a mobile phone’s location by covert text message.
- DIETYBOUNCE: Installs a secret payload in a Dell DELL computer by reflashing the motherboard BIOS when the machine is turned on.
- NIGHTSTAND: A mobile system for wirelessly installing exploits of Microsoft MSFT Windows from up to eight miles away.
- SOMBERKNAVE: A Windows XP implant to connect computers to NSA headquarters, from where they can be remotely controlled.
- ANGRYMONK: Inserts itself into the firmware of hard drives made by Western Digital WDC , Seagate STX , Maxtor and Samsung.
- SWAP: Reflashes the BIOS of multiprocessor systems running Windows, Solaris, Linux or FreeBSD.
- SPARROW II: A tool for detecting and mapping wireless networks via drone.
- TOTEGHOSTLY: An implant that allows full remote control of Window Mobile phones.
- DROPOUTJEEP: (I quote) “A software implant for the Apple iPhone that utilizes modular mission applications to provide specific SIGINT functionality. This functionality includes the ability to remotely push/pull files from the device. SMS retrieval, contact list retrieval, voicemail, geolocation, hot mic, camera capture, cell tower location, etc. Command, control and data exfiltration can occur over SMS messaging or a GPRS data connection. All communications with the implant will be covert and encrypted.”
But it was the last item, DROPOUTJEEP, the only exploit out of 50 that specifically targeted at an Apple product, that became every editor’s favorite second-day story. By Tuesday morning Techmeme had assembled more than 30 headlines about DROPOUTJEEP and made the Daily Dot’s The NSA has nearly complete backdoor access to Apple’s iPhone its lead story.
I don’t mind. If more Americans watch Appelbaum’s video because an Apple headline drew them in, so much the better.
For the record, there’s no evidence that DROPOUTJEEP was ever deployed (it was marked “under development” in 2007), or that Apple knew anything about it.
But Appelbaum seems to think it was, and that Apple did. Here, for the record, is how he put it:
UPDATE: Apple on Tuesday denied working with the NSA. The official statement, via AllThingsD:
Below, while it’s still available, Appelbaum’s full video.