Slashdot Mirror
NYT: NSA Put 100,000 Radio Pathway "Backdoors" In PCs
retroworks writes "The New York Times has an interesting story on how NSA put transmitters into the USB input devices of PCs, allowing computers unplugged from the Internet to still be monitored, via radio, from up to 8 miles away. The article mainly reports NSA's use of the technology to monitor Chinese military, and minor headline reads 'No Domestic Use Seen.' The source of the data was evidently the leak from Edward J. Snowden."
Genuine question - where are these devices? Has any physical evidence of them been detected? Has anyone found one? I'm not sceptical that they did it, I think it's entirely possible. I'm just curious if there's any physical evidence that's been found yet...?
I'd like to know how they did that. Especially with a transmitter *inside* the computer...
Ok, so I get the whole whistle blower thing but isn't this what the NSA is supposed to be doing? Spying on Americans is ok to get fussy about but why was this leaked and why doesn't the NYT realize that this actually does set back U.S. intelligence? Are they also going to release a story detailing what the Chinese are doing to spy on US from leaked Chinese intelligence?
Get a web developer
Wouldn't the USB driver have to be compromised as well?
Even though they've already lied about the range of their activities, their scope and depth, their capabilities, their intent, and their mandate.
Of course, this is spy stuff, you're supposed to lie about that.
Which is exactly why no one believes your assurances NSA.
You have too much power. No transparency, no oversight, no limits. You will destroy our country with Edward Snowdens who are not virtuous, but motivated by corruption and other agendas: political, mostly. You can't say that won't happen, it *always* happens, to every institution of your size and breadth, because you're made of fallible human beings. Proof: Edward Snowden. You think he is the last? You think the next one will be motivated by noble principles?
That is why you must be decimated and pried into and monitored. Hopefully, legislatively and via execute order. And soon. For the sake of the legitimacy of our government, which your dealings cast into doubt.
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
And here I thought the Chinese net was slow because of the Chinese gov monitoring everything. Turns out it was the NSA.
Leaking this info is not in the "public interest" (well the Chinese public, possibly).
The NSA claims that it doesn't steal trade secrets from foreign companies in order to give US businesses a competitive edge. I suspect they are lying, given that it seems like they lie about everything, and that we already have reason to suspect they are lying about this in particular.
However, the implication is that it would be wrong or immoral for them to do so (unlike the French or Chinese who have no such qualms). E.g., in the article, we read:
At that session, Mr. Obama tried to differentiate between conducting surveillance for national security — which the United States argues is legitimate — and conducting it to steal intellectual property.
It goes on to quote Peter Singer saying that for the Chinese, economic advantage is part of national security.
Maybe the Chinese are right. And here's the thing - the U.S. already behaves as if securing economic advantages for our domestic industry is a critical interest. In trade negotiations, we ram our IP laws down the throats of every other country while dangling our domestic market in front of them, all the while never actually liberalizing agriculture at home. I don't understand why it's acceptable for us to promote our domestic businesses through trade diplomacy, but somehow it becomes unacceptable to do so through spying.
In my mind, we are trying to accomplish the same thing as the Chinese, just via a different means (or probably, via both means). Yet we criticize them as if we are somehow morally superior in the way we do it.
"Anyone who [rips a CD] is probably engaging in copyright infringement." - David O. Carson
of 100k devices in the field isn't supported by the article.
They infected 100k machines with software, most of them remotely.
(In that case, I consider the claimed number to be rather low even.)
It's right there in the first two paragraphs of TFA:
The National Security Agency has implanted software in nearly 100,000 computers around the world that allows the United States to conduct surveillance on those machines and can also create a digital highway for launching cyberattacks.
While most of the software is inserted by gaining access to computer networks, the N.S.A. has increasingly made use of a secret technology that enables it to enter and alter data in computers even if they are not connected to the Internet
So the only way to do this is get some sort of intercept from the manufacturer->seller/reseller->mail/postman. It looks like everybody is in cahoots with them.
Back a couple of decades ago, this was supposed to be possible remotely by monitoring RF output from those noisy, leaky VGA ports. Never saw a demonstration from 8 miles away, just across the street or from a van on the street. No special hardware in the computer, just the right gear to listen to the RF leaking all over the place.
Sorry for no link, Google is full of connecting HDMI to VGA stuff these days.
Time Bomber the Book coming soon.
Okay, so you implant a small wireless device in the connector of a USB cable. No problem - it doesn't take a genius to realize that is a trivial engineering task in this day and age. So now you have a cable that still must work as a cable connecting the computer to whatever USB device is on the other end (printer?), because obviously if the device doesn't work as normal the cable will be replaced. So the secret interface in the cable can't be an actual USB network device. Nor can it even be a USB drive. In either case then the printer can't work.
So that means the interface in the USB cable has to act like a USB hub, right? Thus the only information the interface has direct access to is whatever data is flowing to the real device on the other end (printer?) - the only thing they can access for sure is what is printed.
The other option is for the secret interface to also include a USB drive which has spyware on it that is installed if the PC autoruns external drives. In that case the spyware could then forward whatever data they want to the secret wireless interface for remote capture. But that is still dependent on poor security on the PC.
My point is that you can't plug a USB device into a computer and it somehow magically access to everything on the PC, unless you also have software on the PC as well. But as soon as you run software on the PC you vastly increase the odds of being discovered.
Is that the only way something like this could work, or am I missing something?
Better known as 318230.
Does the hardware have good Linux drivers?
Query: what would be the best way for the US to get this whole Snowden leak business to die once and for all.
Answer: Make the public doubt the veracity of the data.
Query: What would be the best way to make people doubt the data?
Answer: Create a false story saying something unbelievable and attribute it to the Snowden leak.
How long is it going to be before paper and pen communication become most popular again?
The bigger question is - what's a good bug detector nowadays! The sub-$100 are worthless, and the over $1k models - who can really tell what's good and what's not?
Yes. Here's the link.
http://en.wikipedia.org/wiki/Tempest_(codename)
In theory, there is still some signal from modern LCD monitors, but it's much harder to pick up than the old CRTs. The same technology could be used to determine what a CPU is doing or any other electronic component, but, again, it's very difficult to get a strong enough signal at a distance to make use of it.
Ok, so I get the whole whistle blower thing but isn't this what the NSA is supposed to be doing? Spying on Americans is ok to get fussy about
As an European, I don't care if US authorities spy on US citizens, that would be their own internal business. But I find it quite offensive that US spies on Europeans, in order to protect US interests. EU should really stand up and announce that such spying is totally unacceptable, any person caught to be part of such will serve serious jail time, diplomatic immunity or not. And any country caught doing so shall loose all diplomatic privileges inside EU, and have their embassies searched for more evidence (with a proper search warrant, of course).
I wouldn't mind if EU would also ground all flights and money transfers to/from the US for a few days. It would underline how seriously we view the matter, and make it clear for all Americans that we can no longer trust their government.
This cat wasn't going to stay in the bag very long.
For all of the folks screaming on about this revelation being damaging to national security, I would recommend a 10 minute introductory read on RF. There really is no hiding RF transmissions, particularly when you're trying to transmit through buildings and over long distances. Even with FHSS, random burst, or other masking techniques, RF is easily detected with widely available equipment. Any foreign rival with a modicum of competence has already discovered this exploit.
To reach a distance of 8 miles one would have to be transmitting a significant amount of power - probably in the range of several watts. From that, a lot of heat would be generated, and it would be unlikely to go unnoticed.
Assuming that the usb cables were used as antennae, it is also likely that the radiation pattern is for shit, so I find the claim of an 8 mile range to be highly suspect, absent an extremely high gain receiver antenna and a clear line of sight.
Nevermind the 500mA USB limit on *most* laptops...
to date, while most slashdotters have been accustomed for some time to the governments radio pathways implanted in their teeth, the idea that somehow these same menacing devices may have found their way into the basement and, god forbid, into the VAX or Altair is truly terrifying.
Good people go to bed earlier.
How do you make a radio signal hidden of covert? Yes, some spread spectrum techniques make it appear to be just noise, but even so if you sweep in the near field you should be able to detect that something is going on. This might work for soft targets, but for any really secure location it should be detectable pretty easily.
Forty years ago I worked in a secure facility that was subject to random TEMPEST sweeps at frequent intervals. Even though I was never told what they were doing one look at the equipment they were using, especially the antennas, seemed to indicate that they were looking for any signals from D.C. to Daylight.
So, this article is saying that the NSA has hardware that must be physically installed or connected to a computer that allows them to interact with said computer 8 miles away? What's the big deal with that? There is a whole host of things I can do if you let me have physical access to your computer.
Seriously, I don't see an issue here, nor do I see anything ground breaking. Yes, wireless devices are getting smaller and smaller, I've seen extremely small blue tooth adapters, WiFi adapters and even key loggers which where capable of covertly being installed. WiFi and BlueTooth can go a LONG way using high gain antennas on one end or the other of the link. I have a 2.5 mile link using a cheap commercially available 26db gain antenna that uses only standard WiFi (WRT54) equipment that I run on my part 95 license. It has issues when it rains, but it works most of the time. Imagine what you can do with purpose built hardware, antennas, preamps and the like.
If you are surprised by this, you must have your head in the sand or be extremely ignorant of how computers and RF work. That there is somebody who can plugin a USB device and then access your computer remotely is certainly NOT a surprise to most of us.
So this "reporting" by the NY Times is just sensationalism designed to sell papers (or collect access fees to their website). This kind of thing has been possible for decades using off the shelf hardware. One would have to assume the NSA (or it's predecessors) has been creating purpose built custom hardware for years before that.
Nothing new to see here folks. Move along!
"File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
Translucent USB cables and connectors.
The easy MO is to to just hand out the USB devices at mil trade shows in China or Iran and other places where enemy officials will be. if 1% get inserted into a gov computer or sensitive target, that would be a great return on investment. It's not like this has to be targeted in any way.
My God can beat up your God. Just kidding...don't take offense. I know there's no God.
"In most cases, the radio frequency hardware must be physically inserted by a spy, a manufacturer or an unwitting user."
NO, in ALL cases this radio must be inserted. Honestly if you are a tech journalist and dont know crap about technology, please quit and go flip burgers. I am so tired of these "journalists" that colleges are pumping out.
Do not look at laser with remaining good eye.
"First, show me *ANY* radio transmitter at *ANY* frequency that can convey a signal EIGHT MILES away with a footprint small enough to be hidden and completely unnoticeable. "
Not a problem. Look up baofeng ham radio transcivers. far smaller than a pack of cigarettes and I can easily hide one inside of a computer with a tiny arduino controller so it hops frequencies and transmits digital data that is harvested. I can easily get the antenna outside of the case through the power cord (modified of course) with the antenna hidden inside the power cord. All of this hidden INSIDE the PC's power supply. I then need to access the PC so run the wires from the duino to one of the internal usb ports and BINGO.
This is not hard at all to do and with off the shelf parts. if I had a $100,000,000 budget and a fab lab I can make something even smaller, or even make what looks like a PCI-E audio card that is actually my transmitter at 1-5 watts to easily cover 8 miles.
Do not look at laser with remaining good eye.
I don't really find myself getting upset learning that the NSA is spying on foreign nations.
I think we want to start a war...
...I still use a IBM Model M PS/2 Keyboard to this day. That and it's clicky.
I just completed the closing of my tinfoil helmet as you suggested, what is the next st. ^IR54d (9=NO CARRIER
Get free satoshi (Bitcoin) and Dogecoins
When Edward left the NSA, all the computers, including cabling were removed. Someone thought this was just another example of government waste, which I disagreed with. Now we know why - they had a certainty that there were malicious cables available.
Sure I'm paranoid, but am I paranoid enough?
They do not even have to install hardware to do this. As Signals Intelligence has the most sophisticated remote sensors at their disposal, including 30+ radar and Electronic Intelligence satellites, they are able to remotely image electrons and emissions from long range. According to the classified TEMPEST standard page on Wikipedia, they can monitor even monitor and wired keyboard signals remotely with no physical access to the persons hardware, software, or cable connections. They can tap any electronic this way, even telephones. Brain wave emissions are another monitorable source of radiation, which a brain computer interface is used to decode thoughts, memory, and nerve impulses.
https://en.wikipedia.org/wiki/Van_Eck_phreaking
https://en.wikipedia.org/wiki/Tempest_(codename)
What you are seeing in the medias coverage of this, is complete lack of coverage of the air wave monitoring systems. And yet, whistleblowers like Russell Tice have disclosed he used these capabilities to target Americans. But not a single mainstream source covered it, because they're all censoring shit and stuck covering what Tice reports is the low-tech side to the NSAs capabilities. There has been no coverage hardly of the remote sensing capabilities of the NSA, but that's where all the real technology is in use.
Learn more on my website, with video of Russell Tice talking about it, and even patents and articles covering these capabilities. He apparently targeted Barack Obama before he was elected Senator, Senator Diane Feinstein, US Supreme Court Judge Alito, lawyers, journalists, financial institutions, and more during black operations, under Special Access Programs. All the NSA need do is point their technology at an area, and they are able to capture and recird all these signals, and see and hear you through even cover of buildings and objects. Nothing protects anyone from this, and they're still doing this today.
http://www.oregonstatehospital.net/d/russelltice-nsarnmebl.html
> I don't really find myself getting upset learning that the NSA is spying on foreign nations.
Only an American would say that.
And if the Foreign Nations were spying on you, that would be alright?
Stop and think. Should Americans respect the laws of Foreign Nations?
Should Foreign Nations respect yours?
so... how many US journalists do you think have one of these monitoring devices?
Anons need not reply. Questions end with a question mark.
I have been largely sympathetic to Snowden, especially given the scope of the NSA's domestic spying. But I have a real problem with this disclosure. Assuming it is true that none of these devices were meant for US machines (a dubious assumption, I agree, but the use of these tactics domestically is a separate issue anyway), then exposing NSA capabilities to our adversaries is quite simply "aiding and abetting".
Is there any doubt that the Chinese, Russians, Iranians, etc are right now examining their equipment for the presence of this device? And when they do find something, what good does that do US citizens? None.
If the net result of Snowden's leaks are that the NSA is hobbled in its actual job - acquiring foreign intelligence - then we should not be so quick to congratulate him. It is obvious that the domestic issues must be addressed, but the idea that the NSA is an unnecessary evil is stupid and dangerous. The new sport of trashing the intelligence services should be tempered with a sober look at the real threats we face. Whether it is guaranteed trips to heaven via high explosives or nation states with an agenda, we are not out of the woods yet. What if N. Korea or Iran now knows we're tapped into their nuclear infrastructure? What if Syria or the Taliban now knows we've been intercepting military communications? What if this was all about China and we lose an important window into their thinking?
Yes, there can be legitimate doubts about the effectiveness of a given technique (and domestic use should be verboten), but does that make all of them worthless for all time? The world is still a very dangerous place, and while vigilance in the protection of our basic rights is essential, we must also remain realistic and pragmatic.
You had to see it for yourself, I suppose. It was quite clear that he didn't mean just any cable. He was talking specifically about USB cables. It was obvious that he had no idea what he was actually holding. Someone on his crew probably just grabbed a random cable off the back of a nearby PC. And since standalone USB cables aren't as common on business PC's as are ethernet cables, guess what he grabbed.
The cow says "Moo." The dog says "Woof." The Timothy says "Thanks, valued customer. We appreciate your input."
Probably because there's no power source to drive the device over a standard ethernet connection. A powered data cable that can capture keystrokes vs. a network cable that captures whole packets and must contain some kind of SOC that would need some kind of wireless power or a tiny lithium battery and frequent swapping isn't nearly the same level of feasibility or usefulness.
Goddammit just when I get my first +5 the Beta rolls out and kills everything
That catalog looks to be about 10 years out of date. The 802.11 injection tool is made to exploit win2k and win xp, so they probably have better stuff now.
For example, the NIGHTSTAND Wireless Exploitation/Injection Tool has a
standalone tool currently runnuing on a x86 laptop loaded with Linux Fedora Core 3
while exploitable targets include:
Win2k, WinXP, WinXPSP1, WinXPSP2 running Internet Explorer versions 5.0-6.0
The GINSU software application to control the hardware implant BULLDOZER or the software one KONGUR:
supports any desktop PC system that contains at least one PCI connector (for BULLDOZER installation) and Microsoft Windows 9x, 2000, 2003, XP, or Vista.[...] If KONGUR is removed from the system as a result of an operating system upgrade or reinstall, GINSU can be set to trigger one the next reboot of the system to restore the software implant.
So after all, Microsoft is not really helping them, if they have to protect themselves from system updates :)
There aren't as many as ten men in the Supreme Court, the White House, and both houses of Congress, combined, honorable enough to do what you suggest. The remainder are split between those who are embarrassed by the publicity and those who don't control it currently but want to.
Contribute to civilization: ari.aynrand.org/donate
Looking at mine in XP noone would know if all 5 of those USB root hubs or the 5 USB host controllers belong there or even the USB mass storage device. I don't have anything plugged into USB.
How many are mine and how many belong to someone else ;)
Not that anyone ever looks in there on XP unless you were looking for something abnormal already.
It's intended to reduce EMI induced on other devices, not listen in on your conversations :D
Man is the animal that laughs.
And occasionally whores for Karma.