Slashdot Mirror
NYT: NSA Put 100,000 Radio Pathway "Backdoors" In PCs
retroworks writes "The New York Times has an interesting story on how NSA put transmitters into the USB input devices of PCs, allowing computers unplugged from the Internet to still be monitored, via radio, from up to 8 miles away. The article mainly reports NSA's use of the technology to monitor Chinese military, and minor headline reads 'No Domestic Use Seen.' The source of the data was evidently the leak from Edward J. Snowden."
Genuine question - where are these devices? Has any physical evidence of them been detected? Has anyone found one? I'm not sceptical that they did it, I think it's entirely possible. I'm just curious if there's any physical evidence that's been found yet...?
I'd like to know how they did that. Especially with a transmitter *inside* the computer...
Ok, so I get the whole whistle blower thing but isn't this what the NSA is supposed to be doing? Spying on Americans is ok to get fussy about but why was this leaked and why doesn't the NYT realize that this actually does set back U.S. intelligence? Are they also going to release a story detailing what the Chinese are doing to spy on US from leaked Chinese intelligence?
Get a web developer
Wouldn't the USB driver have to be compromised as well?
Even though they've already lied about the range of their activities, their scope and depth, their capabilities, their intent, and their mandate.
Of course, this is spy stuff, you're supposed to lie about that.
Which is exactly why no one believes your assurances NSA.
You have too much power. No transparency, no oversight, no limits. You will destroy our country with Edward Snowdens who are not virtuous, but motivated by corruption and other agendas: political, mostly. You can't say that won't happen, it *always* happens, to every institution of your size and breadth, because you're made of fallible human beings. Proof: Edward Snowden. You think he is the last? You think the next one will be motivated by noble principles?
That is why you must be decimated and pried into and monitored. Hopefully, legislatively and via execute order. And soon. For the sake of the legitimacy of our government, which your dealings cast into doubt.
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
Looking at the nice picture they gave, it is conceivable that the transceiver effectively acts as a MITM.
What makes anyone think "The source of the data was ... the leak from Edward J. Snowden"?
And here I thought the Chinese net was slow because of the Chinese gov monitoring everything. Turns out it was the NSA.
Leaking this info is not in the "public interest" (well the Chinese public, possibly).
The NSA claims that it doesn't steal trade secrets from foreign companies in order to give US businesses a competitive edge. I suspect they are lying, given that it seems like they lie about everything, and that we already have reason to suspect they are lying about this in particular.
However, the implication is that it would be wrong or immoral for them to do so (unlike the French or Chinese who have no such qualms). E.g., in the article, we read:
At that session, Mr. Obama tried to differentiate between conducting surveillance for national security — which the United States argues is legitimate — and conducting it to steal intellectual property.
It goes on to quote Peter Singer saying that for the Chinese, economic advantage is part of national security.
Maybe the Chinese are right. And here's the thing - the U.S. already behaves as if securing economic advantages for our domestic industry is a critical interest. In trade negotiations, we ram our IP laws down the throats of every other country while dangling our domestic market in front of them, all the while never actually liberalizing agriculture at home. I don't understand why it's acceptable for us to promote our domestic businesses through trade diplomacy, but somehow it becomes unacceptable to do so through spying.
In my mind, we are trying to accomplish the same thing as the Chinese, just via a different means (or probably, via both means). Yet we criticize them as if we are somehow morally superior in the way we do it.
"Anyone who [rips a CD] is probably engaging in copyright infringement." - David O. Carson
don't forget the 'weather' report http://www.globalresearch.ca/weather-warfare-beware-the-us-military-s-experiments-with-climatic-warfare/7561
chance to see a movie;; watch the thankskilling movie unrepentant http://www.youtube.com/watch?v=88k2imkGIFA
be aware of social constrictions;; results never vary so far http://www.youtube.com/watch?v=mk9mV8qBiEk
of 100k devices in the field isn't supported by the article.
They infected 100k machines with software, most of them remotely.
(In that case, I consider the claimed number to be rather low even.)
It's right there in the first two paragraphs of TFA:
The National Security Agency has implanted software in nearly 100,000 computers around the world that allows the United States to conduct surveillance on those machines and can also create a digital highway for launching cyberattacks.
While most of the software is inserted by gaining access to computer networks, the N.S.A. has increasingly made use of a secret technology that enables it to enter and alter data in computers even if they are not connected to the Internet
So the only way to do this is get some sort of intercept from the manufacturer->seller/reseller->mail/postman. It looks like everybody is in cahoots with them.
1. The 100,000 refers to software based PC monitoring. (Total exploits.)
2. The hardware based USB monitoring is with USB devices plugged into the PC such as USB key loggers. No numbers were given.
3. The eight mile range cited, is HIGHLY dubious. Although a cellular network communication channel would make an initially short range device have far greater reach. Still HIGHLY suspect.
Any real organization with security in mind will disable any external plug-in port or remove the power supplying function of the port disabling any self contain device and requiring any connected device to the computer to have a external power supply.
Back a couple of decades ago, this was supposed to be possible remotely by monitoring RF output from those noisy, leaky VGA ports. Never saw a demonstration from 8 miles away, just across the street or from a van on the street. No special hardware in the computer, just the right gear to listen to the RF leaking all over the place.
Sorry for no link, Google is full of connecting HDMI to VGA stuff these days.
Time Bomber the Book coming soon.
Okay, so you implant a small wireless device in the connector of a USB cable. No problem - it doesn't take a genius to realize that is a trivial engineering task in this day and age. So now you have a cable that still must work as a cable connecting the computer to whatever USB device is on the other end (printer?), because obviously if the device doesn't work as normal the cable will be replaced. So the secret interface in the cable can't be an actual USB network device. Nor can it even be a USB drive. In either case then the printer can't work.
So that means the interface in the USB cable has to act like a USB hub, right? Thus the only information the interface has direct access to is whatever data is flowing to the real device on the other end (printer?) - the only thing they can access for sure is what is printed.
The other option is for the secret interface to also include a USB drive which has spyware on it that is installed if the PC autoruns external drives. In that case the spyware could then forward whatever data they want to the secret wireless interface for remote capture. But that is still dependent on poor security on the PC.
My point is that you can't plug a USB device into a computer and it somehow magically access to everything on the PC, unless you also have software on the PC as well. But as soon as you run software on the PC you vastly increase the odds of being discovered.
Is that the only way something like this could work, or am I missing something?
Better known as 318230.
Does the hardware have good Linux drivers?
Query: what would be the best way for the US to get this whole Snowden leak business to die once and for all.
Answer: Make the public doubt the veracity of the data.
Query: What would be the best way to make people doubt the data?
Answer: Create a false story saying something unbelievable and attribute it to the Snowden leak.
How long is it going to be before paper and pen communication become most popular again?
The bigger question is - what's a good bug detector nowadays! The sub-$100 are worthless, and the over $1k models - who can really tell what's good and what's not?
Yes. Here's the link.
http://en.wikipedia.org/wiki/Tempest_(codename)
In theory, there is still some signal from modern LCD monitors, but it's much harder to pick up than the old CRTs. The same technology could be used to determine what a CPU is doing or any other electronic component, but, again, it's very difficult to get a strong enough signal at a distance to make use of it.
Ok, so I get the whole whistle blower thing but isn't this what the NSA is supposed to be doing? Spying on Americans is ok to get fussy about
As an European, I don't care if US authorities spy on US citizens, that would be their own internal business. But I find it quite offensive that US spies on Europeans, in order to protect US interests. EU should really stand up and announce that such spying is totally unacceptable, any person caught to be part of such will serve serious jail time, diplomatic immunity or not. And any country caught doing so shall loose all diplomatic privileges inside EU, and have their embassies searched for more evidence (with a proper search warrant, of course).
I wouldn't mind if EU would also ground all flights and money transfers to/from the US for a few days. It would underline how seriously we view the matter, and make it clear for all Americans that we can no longer trust their government.
So, the NSA infiltrated some compromised hardware into keyboards and no hardware hacker noticed?
My guess is this story is distorted bullshit. Mainly because of science. First, show me *ANY* radio transmitter at *ANY* frequency that can convey a signal EIGHT MILES away with a footprint small enough to be hidden and completely unnoticeable. (Think about the average handheld walkie-talkie size on GPRS or FRS which sure as hell can't come anywhere close to 8 miles.)
Second, it would be *EVER* so much easier to detect RF signal harmonic leakage from a USB device from about 8 feet away. With something with a known signal profile (like a particular brand(s) of keyboard(s)), it may well be possible to create a profile of the device whereby any particular keystroke is detectable. Detection and relay gear could be miniaturized down to modem-box size or smaller, hidden nearby the target device, and Bob's Your Uncle.
AND, back in the day, one could do something similar with the speaker-amplifier from the old TRS-80 Model III that plugged into the cassette port to give 'sound' to certain games. You could hear the processor and drive controller chunking away and detect changes in pattern or pitch to know what the CPU was up to. (Couldn't translate it to exact by ear, but it was a wonderful diagnostic tool.)
NSA or no, Occam's Razor still applies sometimes.
catpcha: warfare
This cat wasn't going to stay in the bag very long.
For all of the folks screaming on about this revelation being damaging to national security, I would recommend a 10 minute introductory read on RF. There really is no hiding RF transmissions, particularly when you're trying to transmit through buildings and over long distances. Even with FHSS, random burst, or other masking techniques, RF is easily detected with widely available equipment. Any foreign rival with a modicum of competence has already discovered this exploit.
I believe Mr. Appelbaum gave a presentation on the hardware two weeks ago at 30c3:
http://media.ccc.de/browse/congress/2013/30C3_-_5713_-_en_-_saal_2_-_201312301130_-_to_protect_and_infect_part_2_-_jacob.html
Or I'll have to do it for you.
OK, let's try:
"OMFG, US intelligence is being weakened by those leaks! The enemy will eat our lunch! WAAAAH! 1! !!1!"
(now: where do I collect my check?)
http://www.dump.com/compromisingelectromagnetic/
To reach a distance of 8 miles one would have to be transmitting a significant amount of power - probably in the range of several watts. From that, a lot of heat would be generated, and it would be unlikely to go unnoticed.
Assuming that the usb cables were used as antennae, it is also likely that the radiation pattern is for shit, so I find the claim of an 8 mile range to be highly suspect, absent an extremely high gain receiver antenna and a clear line of sight.
Nevermind the 500mA USB limit on *most* laptops...
to date, while most slashdotters have been accustomed for some time to the governments radio pathways implanted in their teeth, the idea that somehow these same menacing devices may have found their way into the basement and, god forbid, into the VAX or Altair is truly terrifying.
Good people go to bed earlier.
How do you make a radio signal hidden of covert? Yes, some spread spectrum techniques make it appear to be just noise, but even so if you sweep in the near field you should be able to detect that something is going on. This might work for soft targets, but for any really secure location it should be detectable pretty easily.
Forty years ago I worked in a secure facility that was subject to random TEMPEST sweeps at frequent intervals. Even though I was never told what they were doing one look at the equipment they were using, especially the antennas, seemed to indicate that they were looking for any signals from D.C. to Daylight.
So, this article is saying that the NSA has hardware that must be physically installed or connected to a computer that allows them to interact with said computer 8 miles away? What's the big deal with that? There is a whole host of things I can do if you let me have physical access to your computer.
Seriously, I don't see an issue here, nor do I see anything ground breaking. Yes, wireless devices are getting smaller and smaller, I've seen extremely small blue tooth adapters, WiFi adapters and even key loggers which where capable of covertly being installed. WiFi and BlueTooth can go a LONG way using high gain antennas on one end or the other of the link. I have a 2.5 mile link using a cheap commercially available 26db gain antenna that uses only standard WiFi (WRT54) equipment that I run on my part 95 license. It has issues when it rains, but it works most of the time. Imagine what you can do with purpose built hardware, antennas, preamps and the like.
If you are surprised by this, you must have your head in the sand or be extremely ignorant of how computers and RF work. That there is somebody who can plugin a USB device and then access your computer remotely is certainly NOT a surprise to most of us.
So this "reporting" by the NY Times is just sensationalism designed to sell papers (or collect access fees to their website). This kind of thing has been possible for decades using off the shelf hardware. One would have to assume the NSA (or it's predecessors) has been creating purpose built custom hardware for years before that.
Nothing new to see here folks. Move along!
"File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
Translucent USB cables and connectors.
The easy MO is to to just hand out the USB devices at mil trade shows in China or Iran and other places where enemy officials will be. if 1% get inserted into a gov computer or sensitive target, that would be a great return on investment. It's not like this has to be targeted in any way.
My God can beat up your God. Just kidding...don't take offense. I know there's no God.
the N.S.A. said its actions were not comparable to China’s.
The US government installs backdoors into electronic hardware for spying and malware installation. The Chinese government installs backdoors into electronic hardware for spying and malware installation. It's the same fucking thing. There, comparison made.
N.S.A.'s activities are focused and specifically deployed against — and only against — valid foreign intelligence targets in response to intelligence requirements
Bullshit. I wouldn't say deploying 100,000 devices into the wild and hoping they might be used by someone you find interesting is "focused" by any stretch of the imagination. It is like you just threw a bunch of landmines down outside of a village and say, "See! Only the bad guys are dieing here. Don't mind the kid over there with his legs blown off; he's just faking it!"
We do not use foreign intelligence capabilities to steal the trade secrets of foreign companies
This has already been proven to be false. You might have gained some credibility had you stated that this specific program wasn't being used for that purpose (which I would also doubt), but this is a blatant lie.
Vanee Vines, you are a terrible person. I hope one day you come to realize what kind of tyranny you're allowing to happen under your nose because you are "just doing my job."
"In most cases, the radio frequency hardware must be physically inserted by a spy, a manufacturer or an unwitting user."
NO, in ALL cases this radio must be inserted. Honestly if you are a tech journalist and dont know crap about technology, please quit and go flip burgers. I am so tired of these "journalists" that colleges are pumping out.
Do not look at laser with remaining good eye.
I don't really find myself getting upset learning that the NSA is spying on foreign nations.
I think we want to start a war...
Do you think the targets are even in the United States? The fact that you say, "Most people who they targeted probably were arrested or they never even thought they were a target," demonstrates you have NO FUCKING CLUE what NSA does or why.
...I still use a IBM Model M PS/2 Keyboard to this day. That and it's clicky.
do they get a response from that distance with something small enough to not be noticed? My big-ass router can't reach across the house.
There are a good set of reasons why the NSA has been given the power to protect US interests. However, perhaps when it's methods THREATEN THE ENTIRE US TECHNOLOGY EXPORT ECONOMY, perhaps it's time for a review!
When the entire world (and perhaps even US citizens) lose trust in US products, the destruction caused to the economy of the United States will make terrorism look like a small issue.
IMAGINE if another country in the world (say China) would have sold products like this to the US. "How dare this communist country!" (right?)
Well, the US is proving to be the worst of the bunch. Once more proof of this is found (if it is found), it will spark the beginning of a further deep decline in US technological export. What a shame. Are there no "bigger picture" thinkers to be found in the US government?
I just completed the closing of my tinfoil helmet as you suggested, what is the next st. ^IR54d (9=NO CARRIER
Get free satoshi (Bitcoin) and Dogecoins
When Edward left the NSA, all the computers, including cabling were removed. Someone thought this was just another example of government waste, which I disagreed with. Now we know why - they had a certainty that there were malicious cables available.
Sure I'm paranoid, but am I paranoid enough?
They do not even have to install hardware to do this. As Signals Intelligence has the most sophisticated remote sensors at their disposal, including 30+ radar and Electronic Intelligence satellites, they are able to remotely image electrons and emissions from long range. According to the classified TEMPEST standard page on Wikipedia, they can monitor even monitor and wired keyboard signals remotely with no physical access to the persons hardware, software, or cable connections. They can tap any electronic this way, even telephones. Brain wave emissions are another monitorable source of radiation, which a brain computer interface is used to decode thoughts, memory, and nerve impulses.
https://en.wikipedia.org/wiki/Van_Eck_phreaking
https://en.wikipedia.org/wiki/Tempest_(codename)
What you are seeing in the medias coverage of this, is complete lack of coverage of the air wave monitoring systems. And yet, whistleblowers like Russell Tice have disclosed he used these capabilities to target Americans. But not a single mainstream source covered it, because they're all censoring shit and stuck covering what Tice reports is the low-tech side to the NSAs capabilities. There has been no coverage hardly of the remote sensing capabilities of the NSA, but that's where all the real technology is in use.
Learn more on my website, with video of Russell Tice talking about it, and even patents and articles covering these capabilities. He apparently targeted Barack Obama before he was elected Senator, Senator Diane Feinstein, US Supreme Court Judge Alito, lawyers, journalists, financial institutions, and more during black operations, under Special Access Programs. All the NSA need do is point their technology at an area, and they are able to capture and recird all these signals, and see and hear you through even cover of buildings and objects. Nothing protects anyone from this, and they're still doing this today.
http://www.oregonstatehospital.net/d/russelltice-nsarnmebl.html
The nature of this FUD is this- why bother keeping your computer disconnected from the Internet, when the NSA can still get you anyway. It is the same play as the oft-pushed lie that correctly deleted data on your hard-drive can be recovered by the NSA, so why even bother properly deleting your data. Are you this stupid?
Computers with deliberate wireless hardware usually have difficulty communicating through a few walls of your house. The idea that 'hidden' electronics could send OUTWARD communication to a device EIGHT miles away is a farce. The truth is a little more obvious.
-hardware wireless backdoors that allow INWARD radio signals to place trojans and back-doors most certainly are used and exist in most SoC solutions. Worse, a modern PC (Wintel or Apple box, laptop or desktop) is littered with CPU cores- far more than the main x86 cluster. Each is a vector of subversion to the whole system, and can be used via remote communication to compromise the machine.
-collecting data from a machine NOT connected to the Internet is so hard, such a machine can be considered free from any FULL SURVEILLANCE program. However, you then must consider that the user (directly, via his/her circle of friends, via his/her political affiliations, via his/her position of 'usefulness' in society) is in a SPECIFIC SURVEILLANCE program. These take many forms, and thus involve varying levels of effort and expense.
-In the worst case, NSA goons (with Obama's full authority to murder innocents if discovered) will break into the home/office and tamper directly with the computer. Very little can protect against this (the agents even use electromagnetic disruption devices to attempt to disable hidden battery powered cameras that may record the intrusion). Anyway, the break-in will be disguised as an ordinary burglary as far as possible.
-in the more likely case, drive-by methods will be used, where vans filled with sophisticated computer hacking gear will attempt to get close enough to the target electronics to activate the wireless back-door hardware regardless of the current quality of that computer's wireless-aerial components.
-99.99% of this NSA activity occurs on American soil. When Obama, acting for Saudi and Israeli interests, wants to subject the people of Syria to the greatest aerial bombardment seen in Human History (as was the case a few months back), it is AMERICAN people of influence that Obama needs leverage over, not foreign. A simple sexual affair is leverage enough for Obama to win 'support' from some anti-holocaust politician or frontline media pundit. The NSA provides details of such indiscretions.
> I don't really find myself getting upset learning that the NSA is spying on foreign nations.
Only an American would say that.
And if the Foreign Nations were spying on you, that would be alright?
Stop and think. Should Americans respect the laws of Foreign Nations?
Should Foreign Nations respect yours?
so... how many US journalists do you think have one of these monitoring devices?
Anons need not reply. Questions end with a question mark.
try snooping on my sparcstation classic running netbsd, i dare you. but ignore my crt please (http://www.newscientist.com/blog/technology/2007/04/seeing-through-walls.html)
I have been largely sympathetic to Snowden, especially given the scope of the NSA's domestic spying. But I have a real problem with this disclosure. Assuming it is true that none of these devices were meant for US machines (a dubious assumption, I agree, but the use of these tactics domestically is a separate issue anyway), then exposing NSA capabilities to our adversaries is quite simply "aiding and abetting".
Is there any doubt that the Chinese, Russians, Iranians, etc are right now examining their equipment for the presence of this device? And when they do find something, what good does that do US citizens? None.
If the net result of Snowden's leaks are that the NSA is hobbled in its actual job - acquiring foreign intelligence - then we should not be so quick to congratulate him. It is obvious that the domestic issues must be addressed, but the idea that the NSA is an unnecessary evil is stupid and dangerous. The new sport of trashing the intelligence services should be tempered with a sober look at the real threats we face. Whether it is guaranteed trips to heaven via high explosives or nation states with an agenda, we are not out of the woods yet. What if N. Korea or Iran now knows we're tapped into their nuclear infrastructure? What if Syria or the Taliban now knows we've been intercepting military communications? What if this was all about China and we lose an important window into their thinking?
Yes, there can be legitimate doubts about the effectiveness of a given technique (and domestic use should be verboten), but does that make all of them worthless for all time? The world is still a very dangerous place, and while vigilance in the protection of our basic rights is essential, we must also remain realistic and pragmatic.
You had to see it for yourself, I suppose. It was quite clear that he didn't mean just any cable. He was talking specifically about USB cables. It was obvious that he had no idea what he was actually holding. Someone on his crew probably just grabbed a random cable off the back of a nearby PC. And since standalone USB cables aren't as common on business PC's as are ethernet cables, guess what he grabbed.
The cow says "Moo." The dog says "Woof." The Timothy says "Thanks, valued customer. We appreciate your input."
It's protected by USA laws.
Anyone can do it if they have the methods and techniques.
Simple!
We do it to Congress, The Courts, Obama and NSA.
Lots of stop lights and traffic intersections on the way to Ft. Meade Maryland and the Utah Facility. Radio is cheap! Everybody can have a RadioShack for surveillance.
Level playing field.
Probably because there's no power source to drive the device over a standard ethernet connection. A powered data cable that can capture keystrokes vs. a network cable that captures whole packets and must contain some kind of SOC that would need some kind of wireless power or a tiny lithium battery and frequent swapping isn't nearly the same level of feasibility or usefulness.
Goddammit just when I get my first +5 the Beta rolls out and kills everything
That catalog looks to be about 10 years out of date. The 802.11 injection tool is made to exploit win2k and win xp, so they probably have better stuff now.
For example, the NIGHTSTAND Wireless Exploitation/Injection Tool has a
standalone tool currently runnuing on a x86 laptop loaded with Linux Fedora Core 3
while exploitable targets include:
Win2k, WinXP, WinXPSP1, WinXPSP2 running Internet Explorer versions 5.0-6.0
The GINSU software application to control the hardware implant BULLDOZER or the software one KONGUR:
supports any desktop PC system that contains at least one PCI connector (for BULLDOZER installation) and Microsoft Windows 9x, 2000, 2003, XP, or Vista.[...] If KONGUR is removed from the system as a result of an operating system upgrade or reinstall, GINSU can be set to trigger one the next reboot of the system to restore the software implant.
So after all, Microsoft is not really helping them, if they have to protect themselves from system updates :)
There aren't as many as ten men in the Supreme Court, the White House, and both houses of Congress, combined, honorable enough to do what you suggest. The remainder are split between those who are embarrassed by the publicity and those who don't control it currently but want to.
Contribute to civilization: ari.aynrand.org/donate
Looking at mine in XP noone would know if all 5 of those USB root hubs or the 5 USB host controllers belong there or even the USB mass storage device. I don't have anything plugged into USB.
How many are mine and how many belong to someone else ;)
Not that anyone ever looks in there on XP unless you were looking for something abnormal already.
XP is still common, especially in the third world, banking and ATMs, industrial control system, ...
So that's what the Spread Spectrum option in my BIOS is for? I heard the FCC made that mandatory and everyone says to disable it.... Now I know why!
Let me guess: ultimately you want to blame "the people" for the actions and decisions of coercive authority, right up to the point where "the people" spy on themselves, arrest themselves, and lock themselves up in a cage -- for speaking out against themselves.
How cute. The fairy tale lives on...
tore apart every single USB device in my house. Nothing found.
Anyone got a spare USB cable?