Slashdot Mirror
NYT: NSA Put 100,000 Radio Pathway "Backdoors" In PCs
retroworks writes "The New York Times has an interesting story on how NSA put transmitters into the USB input devices of PCs, allowing computers unplugged from the Internet to still be monitored, via radio, from up to 8 miles away. The article mainly reports NSA's use of the technology to monitor Chinese military, and minor headline reads 'No Domestic Use Seen.' The source of the data was evidently the leak from Edward J. Snowden."
Genuine question - where are these devices? Has any physical evidence of them been detected? Has anyone found one? I'm not sceptical that they did it, I think it's entirely possible. I'm just curious if there's any physical evidence that's been found yet...?
Ok, so I get the whole whistle blower thing but isn't this what the NSA is supposed to be doing? Spying on Americans is ok to get fussy about but why was this leaked and why doesn't the NYT realize that this actually does set back U.S. intelligence? Are they also going to release a story detailing what the Chinese are doing to spy on US from leaked Chinese intelligence?
Get a web developer
Even though they've already lied about the range of their activities, their scope and depth, their capabilities, their intent, and their mandate.
Of course, this is spy stuff, you're supposed to lie about that.
Which is exactly why no one believes your assurances NSA.
You have too much power. No transparency, no oversight, no limits. You will destroy our country with Edward Snowdens who are not virtuous, but motivated by corruption and other agendas: political, mostly. You can't say that won't happen, it *always* happens, to every institution of your size and breadth, because you're made of fallible human beings. Proof: Edward Snowden. You think he is the last? You think the next one will be motivated by noble principles?
That is why you must be decimated and pried into and monitored. Hopefully, legislatively and via execute order. And soon. For the sake of the legitimacy of our government, which your dealings cast into doubt.
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
No, if the device is a keyboard, it knows what keys you pressed, and can send that directly. Transmitting over 12 km is extremely impressive if true, and could be useful for civil purposes.
NB: The message above might reflect my opinion right now, but not necessarily tomorrow or next year.
The NSA claims that it doesn't steal trade secrets from foreign companies in order to give US businesses a competitive edge. I suspect they are lying, given that it seems like they lie about everything, and that we already have reason to suspect they are lying about this in particular.
However, the implication is that it would be wrong or immoral for them to do so (unlike the French or Chinese who have no such qualms). E.g., in the article, we read:
At that session, Mr. Obama tried to differentiate between conducting surveillance for national security — which the United States argues is legitimate — and conducting it to steal intellectual property.
It goes on to quote Peter Singer saying that for the Chinese, economic advantage is part of national security.
Maybe the Chinese are right. And here's the thing - the U.S. already behaves as if securing economic advantages for our domestic industry is a critical interest. In trade negotiations, we ram our IP laws down the throats of every other country while dangling our domestic market in front of them, all the while never actually liberalizing agriculture at home. I don't understand why it's acceptable for us to promote our domestic businesses through trade diplomacy, but somehow it becomes unacceptable to do so through spying.
In my mind, we are trying to accomplish the same thing as the Chinese, just via a different means (or probably, via both means). Yet we criticize them as if we are somehow morally superior in the way we do it.
"Anyone who [rips a CD] is probably engaging in copyright infringement." - David O. Carson
I'm dubious about the distance but remember that they are TARGETTING their devices.
As such, they could be on a roof 12km away with a whole array of receivers pointed to within inches of the radio source, and so 12km isn't as insane as it sounds. But it doesn't mean they have a commercially viable tech that others don't.
Pringles tins on wireless dongles - the range can be immense, and if you are good at antenna design, it can get insane. If you know to within-an-inch where you're supposed to be pointing at and/or can trigger it to do a one-off high-powered transmit to download information (by a similar one-off high-powered transmit from a distance), then it's not all that impossible.
But you're not going to see another 802.11 wireless revision out of their work. It's a whole different ball game.
Well, if a computer is poorly shielded that might not be all that hard. Handheld 5W ham radios can go much more than that distance on 2m, and lower frequencies can go much further. When the weather allows it, a 5W 2m transmission can go dozens or even a hundred miles, and in especially unusual weather conditions a friend of mine in California managed to talk with someone in Hawaii, once.
So, while inside a case it might not go 20 miles to cover a whole city, I could see being able to reach 8 miles, depending on how intelligently the system was designed in order to reduce the chances of being discovered. The other downside is that strong radio transmissions can interfere with things including speakers, which might make them obvious if not handled correctly.
Do not look into laser with remaining eye.
of 100k devices in the field isn't supported by the article.
They infected 100k machines with software, most of them remotely.
(In that case, I consider the claimed number to be rather low even.)
It's right there in the first two paragraphs of TFA:
The National Security Agency has implanted software in nearly 100,000 computers around the world that allows the United States to conduct surveillance on those machines and can also create a digital highway for launching cyberattacks.
While most of the software is inserted by gaining access to computer networks, the N.S.A. has increasingly made use of a secret technology that enables it to enter and alter data in computers even if they are not connected to the Internet
the signal will go that distance, the trick is having a receiver sensitive enough to pick it up
Does the hardware have good Linux drivers?
The bigger question is - what's a good bug detector nowadays! The sub-$100 are worthless, and the over $1k models - who can really tell what's good and what's not?
Ok, so I get the whole whistle blower thing but isn't this what the NSA is supposed to be doing? Spying on Americans is ok to get fussy about
As an European, I don't care if US authorities spy on US citizens, that would be their own internal business. But I find it quite offensive that US spies on Europeans, in order to protect US interests. EU should really stand up and announce that such spying is totally unacceptable, any person caught to be part of such will serve serious jail time, diplomatic immunity or not. And any country caught doing so shall loose all diplomatic privileges inside EU, and have their embassies searched for more evidence (with a proper search warrant, of course).
I wouldn't mind if EU would also ground all flights and money transfers to/from the US for a few days. It would underline how seriously we view the matter, and make it clear for all Americans that we can no longer trust their government.
This cat wasn't going to stay in the bag very long.
For all of the folks screaming on about this revelation being damaging to national security, I would recommend a 10 minute introductory read on RF. There really is no hiding RF transmissions, particularly when you're trying to transmit through buildings and over long distances. Even with FHSS, random burst, or other masking techniques, RF is easily detected with widely available equipment. Any foreign rival with a modicum of competence has already discovered this exploit.
To reach a distance of 8 miles one would have to be transmitting a significant amount of power - probably in the range of several watts. From that, a lot of heat would be generated, and it would be unlikely to go unnoticed.
Assuming that the usb cables were used as antennae, it is also likely that the radiation pattern is for shit, so I find the claim of an 8 mile range to be highly suspect, absent an extremely high gain receiver antenna and a clear line of sight.
Nevermind the 500mA USB limit on *most* laptops...
to date, while most slashdotters have been accustomed for some time to the governments radio pathways implanted in their teeth, the idea that somehow these same menacing devices may have found their way into the basement and, god forbid, into the VAX or Altair is truly terrifying.
Good people go to bed earlier.
Its the "bus" and way back into the computer hardware. Not all electronics is a one way 'push' of data down to a port, printer. Some of the end user "interfaces" are nice and complex and can really talk back up into the OS, CPU, wireless hardware.
e.g. 'Hardening hardware and choosing a #goodBIOS" at 30c3
http://www.youtube.com/watch?v=2VvR-vsdMlQ at ~ 29 mins in
Domestic spying is now "Benign Information Gathering"
Translucent USB cables and connectors.