New reports have emerged today about the NSA’s practices of inserting tiny circuit boards and USB cards surreptitiously into computers that then send out radio-frequency signals that can be picked up by listeners even if the computer is not hooked up to the internet.
The National Security Agency has implanted software in nearly 100,000 computers around the world that allows the United States to conduct surveillance on those machines and can also create a digital highway for launching cyberattacks.
While most of the software is inserted by gaining access to computer networks, the N.S.A. has increasingly made use of a secret technology that enables it to enter and alter data in computers even if they are not connected to the Internet, according to N.S.A. documents, computer experts and American officials.
The US government has issued its usual justification that they only use this to spy on those evil foreigners and us god-loving Americans have nothing to fear. But if foreigners are fair game, then what if other countries use these techniques to spy on Americans? In what has become routine hypocrisy, the US government loudly accused the Chinese of doing similar things, taking up the issue at the highest presidential level.
While refusing to comment on the scope of the Quantum program, the N.S.A. said its actions were not comparable to China’s.
“N.S.A.’s activities are focused and specifically deployed against — and only against — valid foreign intelligence targets in response to intelligence requirements,” Vanee Vines, an agency spokeswoman, said in a statement. “We do not use foreign intelligence capabilities to steal the trade secrets of foreign companies on behalf of — or give intelligence we collect to — U.S. companies to enhance their international competitiveness or increase their bottom line.”
These people lie as easily as they breathe. The NSA has already been caught spying on Brazilian petroleum companies and Belgian telecommunications companies among businesses, so Vines continues the time-honored US government practice of simply lying about past practices, hoping that no one will remember.
Is it any wonder that despite the US government’s concerted attempt at vilification, by a large majority of 57-34%, the American public views Edward Snowden as a whistleblower and not a traitor? He has proven himself to be both honest and honorable, which is not something that can be said of president Obama, Director of National Intelligence James Clapper, or the two top officials at the NSA Keith Alexander and James Inglis.
Marcus Ranum says
But if foreigners are fair game, then what if other countries use these techniques to spy on Americans?
If you recall back in 2010, the great “US/China cyberwar” that didn’t happen -- the U.S. made a lot of accusations that the Chinese government had backdoored routers being sold to US firms and government agencies. Including routers made by Huawei, which we now know the NSA has backdoored. And Juniper and Cisco.
It makes me wonder if the Chinese did any of it, at all, or if it was all just the NSA.
Meanwhile I have a friend who is trying very hard to obtain a few samples of the NSA’s embedded devices, on the premise that if he can reverse-engineer them enough to take over their control, he’ll have a 100,000 node botnet pre-constructed courtesy of the NSA and FBI, which he will not hesitate to exploit commercially. … Ugh. How much would the organized cyber-criminal gangs pay for the keys to a few of those embedded devices? The NSA appears to have been targeting the HP and Dell server lines; basically we’re talking pre-owned data centres.
As a computer security professional, I’d just like to thank the assholes at the NSA, “HEY ASSHOLES, THANKS FOR MAKING MY JOB A LOT HARDER!!! AND FOR USING MY TAX MONEY TO DO IT!!”
Marcus Ranum says
Oh, more careful parsing to consider: it does not necessarily say that those 100,000 computers that have been rooted are foreign. It would appear that they have been targeted under FISA-style rules of engagement, which may mean that the computers targeted are US computers that hold foreign data or communicate with foreign targets. I have a short stack of $20 bills that says we’ll find that some of those “foreign” computers are at American companies like Yahoo! and Google … Anyone want to bet?
doublereed says
That’s so cool.
I mean bad. Right. Bad.
Erich Engel says
I remember reading about some malware that could hop from computer to computer even though they weren’t connected by any network or usb devices. Maybe this is how it did it…
Lassi Hippeläinen says
“We do not use foreign intelligence capabilities to steal the trade secrets of foreign companies on behalf of — or give intelligence we collect to — U.S. companies to enhance their international competitiveness or increase their bottom line.”
Of course not. They give the intelligence to pay the U.S. companies for their undercover services with something that cannot be traced. Totally different.
And of course Huawei routers have backdoors. Some time ago Chinese routers were accused for copying their software from Cisco. They obviously copied also the NSA backdoor as well. Those boxes even have “Made in China” labels, just like Cisco.