ANT catalog

National Security Agency surveillance
Map of global NSA data collection as of 2007[update], with countries subject to the most data collection shown in red
Programs Pre-1978 ECHELON MINARET SHAMROCK PROMIS Since 1978 Upstream collection BLARNEY FAIRVIEW Main Core ThinThread Genoa Since 1990 RAMPART-A Since 1998 Tailored Access Operations Since 2001 OAKSTAR STORMBREW Trailblazer Turbulence Genoa II Total Information Awareness President's Surveillance Program Terrorist Surveillance Program Since 2007 PRISM Dropmire Stateroom Bullrun MYSTIC Databases, tools etc. PINWALE MARINA Main Core MAINWAY TRAFFICTHIEF DISHFIRE XKeyscore ICREACH BOUNDLESSINFORMANT GCHQ collaboration MUSCULAR Tempora
Legislation Safe Streets Act Privacy Act of 1974 FISA ECPA Patriot Act Homeland Security Act Protect America Act of 2007 FISA Amendments Act of 2008
Institutions FISC Senate Intelligence Committee National Security Council
Lawsuits ACLU v. NSA Hepting v. AT&T Jewel v. NSA Clapper v. Amnesty Klayman v. Obama ACLU v. Clapper Wikimedia v. NSA US v. Moalin
Whistleblowers William Binney Thomas Drake Mark Klein Thomas Tamm Russ Tice Edward Snowden
Publication 2005 warrantless surveillance scandal Global surveillance disclosures (2013–present)
Related Cablegate Surveillance of reporters Mail tracking UN diplomatic spying Insider Threat Program Mass surveillance in the United States Mass surveillance in the United Kingdom
Concepts SIGINT Metadata
Collaboration United States CSS CYBERCOM DOJ FBI CIA DHS IAO Five Eyes CSEC GCHQ ASD GCSB Other DGSE BND
v t e

The ANT catalog (or TAO catalog) is a classified product catalog by the U.S. National Security Agency (NSA) of which the version written in 2008–2009 was published by German news magazine Der Spiegel in December 2013. Forty-nine catalog pages with pictures, diagrams and descriptions of espionage devices and spying software were published. The items are available to the Tailored Access Operations unit and are mostly targeted at products from US companies such as Apple, Cisco and Dell. The source is believed to be someone different than Edward Snowden, who is largely responsible for the global surveillance disclosures during the 2010s. Companies whose products could be compromised have denied any collaboration with the NSA in developing these capabilities. In 2014, a project was started to implement the capabilities from the ANT catalog as open-source hardware and software.

The Tailored Access Operations unit has existed since the late 1990s. Its mission is to collect intelligence on foreign targets of the United States by hacking into computers and telecommunication networks. It has been speculated for years before that capabilities like those in the ANT catalog existed.

In 2012, Edward Snowden organized a CryptoParty together with Runa Sandvik, a former colleague of Jacob Appelbaum at The Tor Project. In June 2013, Snowden took internal NSA documents which he shared with Glenn Greenwald and Laura Poitras, resulting in the global surveillance disclosures.

Jacob Appelbaum co-authored the English publication in Der Spiegel with Christian Stöcker [de] and Judith Horchert, which was publicized on 29 December 2013. The related English publication on the same day about the TAO by Der Spiegel was also authored by the same people, and including Laura Poitras, Marcel Rosenbach, Jörg Schindler [de] and Holger Stark [de]. On December 30, Appelbaum gave a lecture about "the militarization of the Internet" at the 30th Chaos Communication Congress in Hamburg, Germany. At the end of his talk, he encouraged NSA employees to leak more documents.

Apple denied the allegations that it collaborated on the development of DROPOUTJEEP in a statement to journalist Arik Hesseldahl from All Things Digital (part of The Wall Street Journal's Digital Network). The Verge questioned how the program developed in later years, since the document was composed in the early period of the iPhone and smartphones in general. Dell denied collaborating with any government in general, including the US government. John Stewart, senior vice president and chief security officer of Cisco stated that they were "deeply concerned and will continue to pursue all avenues to determine if we need to address any new issues." Juniper stated that they were working actively to address any possible exploit paths. Huawei stated they would take appropriate audits to determine if any compromise had taken place and would communicate if so. NSA declined to comment on the publication by Der Spiegel.

Bruce Schneier wrote about the tools on his blog in a series titled "NSA Exploit of the Week". He stated that because of this, his website got blocked by the Department of Defense.

Both Der Spiegel and Appelbaum have played an important role in the leaks of Edward Snowden, but neither clarified if the ANT catalog came from him. The source who leaked the ANT catalog to them is unknown as of 2025.

Officials at the NSA did not believe that the web crawler used by Snowden touched the ANT catalog and started looking for other people who could have leaked the catalog.

Author James Bamford, who is specialized in the United States intelligence agencies, noted in a 2016 commentary article that Appelbaum has not identified the source who leaked the ANT catalog to him, which led people to mistakenly assume it was Edward Snowden. Bamford got unrestricted access to the documents cache from Edward Snowden and could not find any references to the ANT catalog using automated search tools, thereby concluding that the documents were not leaked by him. Security expert Bruce Schneier has stated on his blog that he also believes the ANT catalog did not come from Snowden, but from a second leaker.

The published catalog pages were written between 2008 and 2009. The price of the items ranged from free up to $250,000.

Security expert Matt Suiche noted that the software exploits leaked by the Shadow Brokers could be seen as genuine because it matched with names from the ANT catalog. John Bumgarner has stated to IEEE Spectrum that US government suspicion of Huawei is based on its own ability to add backdoors as shown in the ANT catalog.

The NSA Playset is an open-source project inspired by the NSA ANT catalog to create more accessible and easy to use tools for security researchers. Most of the surveillance tools can be recreated with off-the-shelf or open-source hardware and software. Thus far, the NSA Playset consists of fourteen items, for which the code and instructions can be found online on the project's homepage. After the initial leak, Michael Ossman, the founder of Great Scott Gadgets, gave a shout out to other security researchers to start working on the tools mentioned in the catalog and to recreate them. The name NSA Playset came originally from Dean Pierce, who is also a contributor (TWILIGHTVEGETABLE(GSM)) to the NSA Playset. Anyone is invited to join and contribute their own device. The requisites for an addition to the NSA Playset is a similar or already existing NSA ANT project, ease of use and a silly name (based on the original tool's name if possible). The silly name requisite is a rule that Michael Ossman himself came up with and an example is given on the project's website: "For example, if your project is similar to FOXACID, maybe you could call it COYOTEMETH." The ease of use part stems also from the NSA Playset's motto: "If a 10 year old can't do it, it doesn't count!"

• Cyberwarfare in the United States
• Equation Group
• MiniPanzer and MegaPanzer
• Stuxnet
• WARRIOR PRIDE

• Koop, Peter. "Leaked documents that were not attributed to Snowden". Electrospaces.net. Archived from the original on 2022-02-24. Retrieved 2022-04-12.

• NSA Playset wiki Archived 2023-01-30 at the Wayback Machine
• The NSA Playset a Year of toys and tools Archived 2022-01-20 at the Wayback Machine at Black Hat 2015
• NSA Playset Archived 2021-12-18 at the Wayback Machine at Toorcamp 2014