NSA Spying Includes Wireless Transmitters To Get Data Off 'Air Gapped' Computers
from the of-course-it-does dept
The latest report from the NY Times based on Snowden's revelations seems to jump all over the place, talking about a variety of efforts by the NSA to spy on people. Much of it seems to repeat earlier claims about the NSA's malware program, codenamed QUANTUM. It updates the earlier claims that there are 50,000 QUANTUM-infected computers to claim that the number is now 100,000. However, it also notes that most of the targets are exactly the kinds of things you'd expect the NSA to be spying on: the Chinese and Russian militaries, mainly.Perhaps more interesting is that it builds on the reporting in Der Spiegel concerning the NSA's catalog of tech tools to infiltrate computers, to tie those back to the QUANTUM program, and note that many of the tools rely not on an internet connection, but on a secretly inserted radio transmitter, which can be picked up by a device in an "oversized suitcase" that can be placed miles away. By itself, none of this is all that surprising, but the documents certainly suggest the NSA is doing this on a larger scale than suspected in the past:
“What’s new here is the scale and the sophistication of the intelligence agency’s ability to get into computers and networks to which no one has ever had access before,” said James Andrew Lewis, the cybersecurity expert at the Center for Strategic and International Studies in Washington. “Some of these capabilities have been around for a while, but the combination of learning how to penetrate systems to insert software and learning how to do that using radio frequencies has given the U.S. a window it’s never had before.”Again, these activities certainly seem more in line with what you'd expect the NSA to be doing, and raise (yet again) the question of why the NSA needs to "collect it all" when it appears that programs like these can be quite effective in doing targeted surveillance against those actually seeking to attack the US in some manner?
Separately, as the article notes, this has made the US's moral high ground concerning claims that China is doing similar surveillance on the US seem quite questionable. As the article notes, the US's attempted distinction between "national security" and "economic espionage" doesn't make much sense to many.
When the Chinese place surveillance software on American computer systems — and they have, on systems like those at the Pentagon and at The Times — the United States usually regards it as a potentially hostile act, a possible prelude to an attack. Mr. Obama laid out America’s complaints about those practices to President Xi Jinping of China in a long session at a summit meeting in California last June.Of course, if the US were focused on actually increasing security on US computing systems and networks, rather than undermining them with backdoors and vulnerabilities, perhaps we'd be more protected from the Chinese. It's too bad that the NSA hasn't actually been helping on that front at all.
At that session, Mr. Obama tried to differentiate between conducting surveillance for national security — which the United States argues is legitimate — and conducting it to steal intellectual property.
“The argument is not working,” said Peter W. Singer of the Brookings Institution, a co-author of a new book called “Cybersecurity and Cyberwar.” “To the Chinese, gaining economic advantage is part of national security. And the Snowden revelations have taken a lot of the pressure off” the Chinese.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: malware, nsa, quantum, spying, surveillance, wireless transmitters
Reader Comments
Subscribe: RSS
View by: Time | Thread
Wait...
Why is it now okay for the government to do it?
[ link to this | view in chronology ]
Re: Wait...
[ link to this | view in chronology ]
Re: Re: Wait...
Which is not nice but ffs, don't leave your wifi unprotected!
[ link to this | view in chronology ]
Re: Wait...
[ link to this | view in chronology ]
Re: Wait...
[ link to this | view in chronology ]
Re: Re: Wait...
The Federal Appeals Court specifically said (in a stupid and completely devoid of reality ruling, I might add,) that Google was liable because unsecure wifi hotspots are not radio communications which are readily accessible to the general public and thus listening to the broadcasted signal was wiretapping.
Everything else is entirely accurate.
[ link to this | view in chronology ]
Re: Re: Re: Wait...
[ link to this | view in chronology ]
Re: Re: Wait...
[ link to this | view in chronology ]
NSA subverts National
[ link to this | view in chronology ]
You guys still hate the russians and the chinks? I thought that was just a weak propaganda move from hollywood.
[ link to this | view in chronology ]
Response to: Anonymous Coward on Jan 15th, 2014 @ 5:53am
[ link to this | view in chronology ]
Re: Response to: Anonymous Coward on Jan 15th, 2014 @ 5:53am
I'd rather put up with a foul mouthed but straightforward man than a politically correct liar.
[ link to this | view in chronology ]
Re: Re: Response to: Anonymous Coward on Jan 15th, 2014 @ 5:53am
[ link to this | view in chronology ]
Re: Re: Re: Response to: Anonymous Coward on Jan 15th, 2014 @ 5:53am
That doesn't mean he is right, of course, but that were never implied.
Also, foul language is a sign of mental bankrptcy, and bigotry, well, its' just sad.
[citation needed]
[ link to this | view in chronology ]
Re: Re: Re: Re: Response to: Anonymous Coward on Jan 15th, 2014 @ 5:53am
[ link to this | view in chronology ]
Re: Re: Re: Re: Response to: Anonymous Coward on Jan 15th, 2014 @ 5:53am
It used to be eavesdropping now it's wiretapping. Should have stayed with eavesdropping. "It's just metadata" they should explain every time they say that what it is and what are the examples! I know Guide metadata consists of KEYWORDS example when you search for a site using google. What you are typing is keywords. Wake up and let's get our liberty back from all these fear mongering assholes! They should be going to jail for violating the constitution. The NSA already leaks information to the FBI DEA CIA and IRS. They in turn leak it to local law enforcement. They are told to keep it a secret and act like they found out by themselves and not by a tip. That's violating your RIGHT to a fair trial at the least and possibly violating a lot more GUARENTTED RIGHTS than that depending on the situation.
[ link to this | view in chronology ]
Re: Re: Re: Response to: Anonymous Coward on Jan 15th, 2014 @ 5:53am
Regarding the first half, not always, sometimes 'aw fudge' just don't cut it, though much like any seasoning, 'spicy' words should be used in moderation. The second half though, that would certainly fit the 'mental bankruptcy' category, as bigotry requires a special kind of stupid to achieve.
[ link to this | view in chronology ]
Re: Re: Response to: Anonymous Coward on Jan 15th, 2014 @ 5:53am
[ link to this | view in chronology ]
Re: Re: Re: Response to: Anonymous Coward on Jan 15th, 2014 @ 5:53am
*actually* part of the sissification of contemporary yard apes, is that they *don't* eat 'mudpies'/etc like we did as kids...
okay, like i did as a kid...
that exposure to various germies, etc is what stimulates our immune systems...
is why the medicos think we have such a high percentage of asthmatic kids: they don't get exposed to 'stuff' outside we need to be exposed to in order to develop resistance, etc...
more dirt, less bleach ! ! !
[ link to this | view in chronology ]
Re: Re: Re: Re: Response to: Anonymous Coward on Jan 15th, 2014 @ 5:53am
[ link to this | view in chronology ]
Re: Re: Response to: Anonymous Coward on Jan 15th, 2014 @ 5:53am
[ link to this | view in chronology ]
Re: Re: Re: Response to: Anonymous Coward on Jan 15th, 2014 @ 5:53am
Unless you are a mason (brick-layer, not quasi secret society member) or one who is looking for weakness in an armored something like a Hobbit...
[ link to this | view in chronology ]
Re: Response to: Anonymous Coward on Jan 15th, 2014 @ 5:53am
[ link to this | view in chronology ]
Getting your tech now from "old media" NYTimes the #1 Establishment organ?
Since here is re-written NYTimes gloss level, don't know if same.
I take it for certain that NSA has gotten to manufacturers, requires only a couple dozen people influenced one way or another. It's SUCH an obvious step, said of Huawei for instance perhaps to prepare for this "leak", that it's all but certain: the real question would be why didn't.
"New media" outlets are just like "old media" outlets except aren't yet known to be Establishment outlets, but that's the way to bet. Don't trust anything you read.
02:00:47[c-1-2]
[ link to this | view in chronology ]
what would be the power requirement
[ link to this | view in chronology ]
Re: what would be the power requirement
Because the built-in nsa transmitter hogs all the power and bandwidth XD
[ link to this | view in chronology ]
Re: what would be the power requirement
[ link to this | view in chronology ]
Re: Re: what would be the power requirement
[ link to this | view in chronology ]
Re: what would be the power requirement
The power requirement can be quite low (a few milliwatts), it all depends on quite a number of factors. What distance do you need, what throughput do your require? If you are piggybacking onto another signal (say WIFI) you may only need the power to inject your signal before the transmitter.
Line of sight communications is a fairly straight forward process. Power requirements vary based on a number of factors including frequency, distance, antenna (both transmitting and receiving) and frequency congestion. If I were going to try to transmit something "Undetected" and for a fair distance, and if that system used say WIFI, I would piggyback my signal onto that signal. This will introduce some error rates into the primary signal, WIFI in this case( could that be the answer to your second question?), but will allow my signal to go un-noticed by most. For receiving the signal I would use a very directional antenna with an extremely high gain.
Another possible method would be to use power lines of the equipment as an antenna and transmit at a harmonic frequency of the A/C power supplied to the equipment. Again, this would be fairly difficult to detect. There is no obvious antenna or transmitter. This method also leaves you two possible way to pick up the signal. One is another device physically connected to the powerline on the same side of the transformer. The other way to capture the signal would be via a highly directional antenna with a high gain from some distance.
Connecting to WiFi routers is problematic because you have a ton of manufactures and equipment that were made at different times and to different standards. Add to that that 2.4 GHz is a very full part of the Radio Spectrum in a lot of areas. Besides WIFI, Bluetooth, Cordless Phones, Baby Monitors, and a lot of other devices operate in the exact same frequency space.
Custom building your equipment to exacting specs makes it much easier to reliably send and receive those signals. It is much harder when the equipment you build today must interface with a range of consumer devices and power levels made over the last 10+ years. That leave open not only problems the the actual radio transmission, but with the software used to encode / decode the signals as well.
[ link to this | view in chronology ]
Re: Re: what would be the power requirement
need some clarity on this if you can.
[ link to this | view in chronology ]
Re: Re: Re: what would be the power requirement
Line of site is generally considered to be at least 10 miles and more if either the transmitter or receiver are on 'high ground'. True it may be less than that in a densely populated city with high rises, so a top of a building might be the appropriate place, or a drone... The point is it isn't as hard as most people think to do, it just requires a little knowledge and skill.
The frequency you transmit at has a lot to do with not only the distance, but power required and data throughput available as well.
[ link to this | view in chronology ]
Re: Re: Re: Re: what would be the power requirement
if you release enough unbelievable bullshit, when something real comes along, no one will believe it.
Its just TD crying "WOLF" about a thousand times too often.
Its no longer news its just pure tinfoil hat bullshit.
I am glad some people are willing to question how this is even possible. Or the craziness of the claims from a "tech" web site..
Just because "tech" is in the name does not mean its in your nature, 16 years running a blog is not a grand technical qualification (clearly)..
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: what would be the power requirement
Includes two TPL-406E adapters
500 Mbps networking from an electrical outlet
Compact form factor saves space
Up to 80% power savings
Use one unit to transmit, and up to 7 additional TPL-406Es to receive a network signal
Standards:
IEEE 1901, HomePlug AV, IEEE 802.3, IEEE 802.3x, IEEE 802.3u
1 x 10/100 Mbps Auto-MDIX RJ-45 port
2 ~ 68 MHz
Features:
Up to 500 Mbps (Full Duplex mode)
Up to 8 nodes (max)
Up to 4 Overlapping Powerline Networks (per electrical system)But the NSA couldn't purpose build anything that would be as good or better than what is available to consumers.... Right.
What useful data could anyone get at 500Mbps. It would not have to be one way, though two way would make it harder to keep 'hidden'.
I don't run a blog, but I have worked with electronics for near on 40 years and do hold an Armature Extra Ham License, so I do know a little bit about electronics and RF. (No I don't claim to know it all, and if anyone does they are lying)
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: what would be the power requirement
Oh wait, my cellphone has SEVERAL tiny two way radios in it (Off the top of my head it has GSM, LTE, HSPA+ WiFi, Bluetooth, NFC, DLNA, and a GPS receiver all in less than 25% of the space); runs for days on a 1800mah (in standby) or a full day under heavy use getting LTE transfer speeds; is able to transmit 10 miles; is quite controllable remotely; there are hundreds of thousands of them and yet there are relatively few communication issues.
I guess your version of physics doesn't apply in the real world. You might want to lay off whatever it is your smoking for a while.
[ link to this | view in chronology ]
Re: Re: Re: Re: what would be the power requirement
replace the power supply for data over power lines,
You do understand data over power lines is VERY RF noisy, you can pick it up with an AM radio, if every computer or even a few had this it would be detected IN A SECOND.
there is simply no way this can be done on a large scale (OR AT ALL) without easy ass detection, no there is no radio transmitter in your CPU, with radio size matters, you simply cannot make capacitors or inductors small enough for the inside of a cpu and have room for the CPU.
Its just beyond stupidity, and it degrades TD to even talk about it..
Get back to reality TD, and a grip on it..
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: what would be the power requirement
Yes the fact that Power line RF is noisy is kind of the point it is easy to hide the signal unless you know what you are looking for it could seem like a random oscillation or spurious emission from the device rather than a deliberate transmission.
They have been building micro transmitters for what 20 years or more now? Do you really think it would not be possible to conceal one in a laptop or desktop computer?
[ link to this | view in chronology ]
Re: Re: Re: Re: what would be the power requirement
" to send a signal over a power line they could simply replace the computers power supply (which is a fairly standard device anymore) with one they have modified and run an extra connection to the PCI bus."
so how that now seems a little far fetched ??
yes, it's simple just replace components, and the power supply and run a special (in invisible) 'connection' to the PCI bus..
SURE, THAT WONT GET NOTICED !!!!!
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: what would be the power requirement
Second, there are a whole lot of people that wouldn't be able to tell that there was an 'extra' cable connecting to the motherboard.
Third it could be disguised as a fan or power connector, with a little more work the signal could be passed across the DC bus of the motherboard right to the power supply. Sending a signal over a DC powered circuit is not a new idea; nor is it difficult.
[ link to this | view in chronology ]
Re: Re: what would be the power requirement
So, there's an micro transmitter that can be placed directly in things like USB cables (in the connector shroud) or tiny devices that can be placed on a motherboard or on the surface of the case itself. These all usually have a broadcast range of a few ten's of metres, e.g. 10-30 metres or so.
Then there are other catalog items, small receivers/transmitters, say the size of a disposable cigarette lighter, that can be placed within that 10-30 metre rage but outside the room/building, that can pickup the signal from the micro-transmitter and boost it for pickup by the 'briefcase' sized receiver that can be 100's of metres away. Since this booster is outside the immediate area of the device being eavesdropped on, even if the booster is detected it's unlikely to be seen as a 'bug' as the signal would be coming from outside the immediate sensitive area. It would be lost amongst (or considered a part of) all the other general background traffic you'd expect to see outdoors (cell, CBs, radio, TV etc).
[ link to this | view in chronology ]
Re: Re: Re: what would be the power requirement
what frequencies do they work on, and are these signals detected by everyone with a radio receiver ? if they are so strong and so many they would be EASILY DETECTED, by ANYONE.
They are not, they don't exist, except in the minds of the tinfoil hat brigade.
[ link to this | view in chronology ]
Re: what would be the power requirement
I call simple bullplop on this one. Techdirt why so technically incompetent ?
[ link to this | view in chronology ]
Re: what would be the power requirement
it defies physics, it is not physically possible to have a signal "undetected" that can be 'detected' miles away..
and what is going to be on that signal, the data on your data bus (which one) the contents of your memory or hard drive??
how do you 'select' what data you get off these machines, without two-way communications ?
what usable data do you think you can get off a single data bus in a multi-CPU system, with a multitasking OS and application with hundreds of threads and no way to select specific information.
TD needs to catch up on this "tech" thing, I think it has 'got away from them' somewhat.
[ link to this | view in chronology ]
Re: Re: what would be the power requirement
I think it is you that needs to 'catch up on this "tech" thing'. You come off like a raving mad NSA employee, rather than someone that can disprove much of today's readily available technology. Show us how any of this "defies physics" we will wait here.
[ link to this | view in chronology ]
Total BS
Who writes this stuff? Pity there's no requirement for research or knowledge to publish articles online.
[ link to this | view in chronology ]
Re: Total BS
[ link to this | view in chronology ]
Re: Re: Total BS
[ link to this | view in chronology ]
Re: Re: Total BS
[ link to this | view in chronology ]
Re: Total BS
Such a requirement allows for untruths to be published and that sure seems to suit many people just fine.
[ link to this | view in chronology ]
Re: Total BS
[ link to this | view in chronology ]
Re: Total BS
[ link to this | view in chronology ]
@ out_of_the_blue, Same old rumor.
[ link to this | view in chronology ]
Re: @ out_of_the_blue, Same old rumor.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Invigilation
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Singing
[ link to this | view in chronology ]
"NSA Spying Includes Wireless Transmitters.."
[ link to this | view in chronology ]
Re: "NSA Spying Includes Wireless Transmitters.."
Of course someone could still be grabbing your screens through several walls. http://www.newscientist.com/blog/technology/2007/04/seeing-through-walls.html
[ link to this | view in chronology ]
Re: "NSA Spying Includes Wireless Transmitters.."
Maybe.
Faraday cages don't magically block 100% of EM energy. Properly engineered, what you suggest is feasible, but it's easy to mess it up, too. Test your gear, don't trust your gear.
Case in point: I once worked in a lab that included an industrial-strength Faraday cage (a large box, really) where we did experiments that involved measuring extremely tiny signals. We had to time our measurements so they were in sync with the airport's (10 miles away) radar, because the Faraday cage didn't stop that.
One day, we started getting weird interference that we couldn't track down. It would be constant for hours, then stop for a while, then start again. It was an enormous problem. In the end, it turned out to be a computer monitor three labs down. When the monitor was turned in just the right way, it beamed RF energy right through the cage.
Faraday cages are pretty awesome, but they aren't magic.
[ link to this | view in chronology ]
Re: Re: "NSA Spying Includes Wireless Transmitters.."
But for someone writing for a "TECH" blog to state "they put tiny little radio transmitters in CPU's" is just crazy tin foil hat craziness.
And to say you could pick up those signals 'miles away' well that's just BULLSHIT.
Real TINFOIL HAT STUFF,
TD lose the tin hat and buy some integrity.
[ link to this | view in chronology ]
Re: Re: Re: "NSA Spying Includes Wireless Transmitters.."
Yes, we had all that. There was clearly a fault in the cage -- that was my point! It's easy for this stuff to go wrong. Test, don't trust.
It sure would be -- but nobody said that. What we're talking about isn't speculation. This is fact, well-established.
There are two main ways that spy agencies accomplish this: either by putting additional hardware on the motherboard, or, more commonly nowadays, by inserting a special USB stick into the machine.
That you don't think a signal can be picked up over miles is really fascinating, considering that right now you can go to Amazon and buy consumer-grade equipment that will accomplish this.
Sending a signal a few miles away is a trivial task. Hell, the GPS receiver in your cell phone is picking up miniscule signals from satellites IN ORBIT.
[ link to this | view in chronology ]
Mind games
After reading about this stuff, the thing it all screams at me is that this is intermittent reinforcement -- a straight up mind-control technique that is commonly used by slot machines and cults.
Maybe the TSA is trying mind control as new way to get people to stop hating them with the burning fire of a thousand suns.
[ link to this | view in chronology ]
Re: Mind games
[ link to this | view in chronology ]
its called "tempest"
Put your tinfoil hats back on, the sky is not falling, once again, nothing to see here, move along.
next thing you will be telling us is that they can also do this while you computer is turned off!!!!
You guys really, really need to 'get a grip on reality'.
[ link to this | view in chronology ]
Re: its called "tempest"
This article is about installing additional hardware, including a radio transmitter.
This isn't tinfoil hat stuff -- this is proven fact. It's expensive, though -- it takes a lot of effort to arrange to install hardware on someone's machine and to park an agent with a radio receiver in the neighborhood. This means that it's self-limiting and will never be used for mass surveillance (and nobody is claiming that it is), only for specific people that they are very interested in.
[ link to this | view in chronology ]
look up and work out what a 'watchdog timer' is
it has nothing to do with 'secret radio transmitters' or any other such TD, (Tinfoil hat DRONES) craziness.
The more you depart from reality with the NSA the less people will believe you when (and if) you actually do have something real to say about them.
This every more crazy claims, day in and day out makes you look like the biggest SUCKERS on the planet.
You might want to investigate what a "DISINFORMATION SCHEME IS" and see how you've been suckered right into one.
Make so many stupid claims like that, lose all credibility, and no one will believe you when you actually have REAL INFORMATION..
if every cpu had a radio transmitter in it, and as there are NO frequencies that cannot be detetected by RADIO RECIEVERS, why has these signals never been detected by others, they should be EVERYWHERE, if you can detect them MILES away they need to be quite powerful, yet so far UNDETECTED !!!!!! how can that be ?????
(spoiler, IT CANNOT)..
TD suckered once again, suckered because 16 year of running a blog/web page is not a 'technical qualification'.
This is not 'Techdirt' it's dirt, but not tech, not even close..
[ link to this | view in chronology ]
TD new motto
[ link to this | view in chronology ]
[ link to this | view in chronology ]