The consequences of collusion with the NSA


Jacob Appelbaum, a US computer security researcher who works with WikiLeaks and about whom I wrote back in 2012 because of the harassment he receives every single time he returns to the US after traveling abroad, gave a presentation at the 30C3 Conference held in Germany in December 2013.

He said that the NSA’s goal is to control people by controlling their machines and NSA spying is only limited by their budgets and time. The talk is long and parts of it were quite technical and over my head (the audience consisted of technical people) but the parts that I could understand were both fascinating and, as he described it, “wrist-splitting depressing”. For me, the most interesting bit begins at the 42-minute mark. You can read an article that describes much of the talk if you don’t want to watch the whole thing.

I wrote a little about his talk earlier but want to pick up on another aspect that he touched upon.

He spoke about how the NSA is able to penetrate into Apple’s systems because of its weak protections against infiltration and he posed the question as to whether this was because Apple was colluding with the US government or whether since Steve Jobs’s death, the quality of the company’s software has been declining.

“Either they have a huge collection of exploits that work against Apple products — meaning they are hoarding information about critical systems American companies product and sabotaging them — or Apple sabotages it themselves… Everything that the United States government accused the Chinese of doing — which they are also doing, I believe—we are learning that the US government has been doing to American companies.”

He said that one way that the NSA gets data from computers is by adding backdoors in the computer casing so that it cannot be detected by examining the motherboard. He also said that the NSA uses devices that beam one kilowatt of radio-frequency energy at people at short range without having done any study of the health and safety considerations of irradiating people that way for long times.

In his talk, he spoke about the difficulties created by the Edward Snowden documents for the reporters working on them. Although the documents name the perpetrators of the spying as well as their victims, he said that they had to redact those as the price they had to pay to be able to continue to publish stories based on the documents. Their goal was to expose the programs not the individuals.

He said that the US government’s actions are sabotaging American companies in the global marketplace because foreign governments and companies will no longer want to hire Americans because of suspicions that they are acting as agents of the US government. He also said that any weakness that the NSA can exploit, others can too. So by deliberately weakening encryption standards and creating other backdoors, they are weakening security precautions that can be exploited by anyone with any motives.

One serious consequence of the US government co-opting American tech companies as accomplices in its spying programs is that now all American computer security specialists (like him) are viewed with suspicion around the globe as possible agents of the NSA and thus their businesses are affected.

Marketplace also ran a report back on January 16, 2014 on the impact of Obama’s spying programs on the computer business world. It interviewed Brough Turner, the founder and CTO at netBlazr, an internet service provider in Watertown, Mass.

“I was in Germany in October, and it was pretty clear that American services are completely suspicious and American products are somewhat suspicious,” Turner said. “That was three months ago. At this point, the situation is much more negative.”

Turner says that Obama can start putting some of these concerns at ease if he proposes a policy to protect the privacy of foreign internet users.

The NSA revelations are also calling into question the security of cloud computing, said Matt Simons, the director of social and economic justice at ThoughtWorks, which builds custom software for business around the world. He says moving software to the cloud has, in part, fueled this tech boom

But “people are seeking to build their own clouds, people are seeking to use clouds that are not storing their data inside the United States,” Simons said.

He added that the NSA revelations appear to be having a bigger impact on small and medium sized businesses. While there are few alternatives to Google, Facebook and Amazon, the global competition for smaller scale products is fierce.

Now that everyone in the tech industry knows about the spying and many of the ways it is being carried out, they have the opportunity to begin to organize and fight back.

Comments

  1. Dean says

    Interesting, though as far as the radiating with radio frequencies, for the same reason that there’s no concern from WiFi, there’s no concern from that.

  2. astrosmashley says

    This is gonna be totally weird. It looks like we’re seeing the emergence of a capitalist driven, free market economy solely based on protecting us from our OWN fucking government! Talk about meta- collusion!

  3. tbrandt says

    A kilowatt of radio frequencies at short range? That must draw an awful lot of power--the heat it would generate would be a dead giveaway (unless it’s just a pulse). And how and why would they beam that much energy at someone anyway, unless the frequency is in resonance with some circuitry they’re trying to fry? This makes no sense for communication. If the point is just destroying circuits, it seems like a rather ham-handed way of doing so--is it really that much stealthier than just walking up to someone, taking their laptop/phone/whatever, and smashing it? Physics says that for such a radio source to be targeted, it can’t be small. For a 2 GHz device, the frequency cordless phones use, you’d need at least a 1 meter dish to beam the energy to 10 degrees. It’s at least easy to aim a hammer.

  4. eternalstudent says

    I have steel wires in my chest, the result of some corrective surgery when I was a teen.

    In college I discovered I can detect a leaky microwave oven from 15 feet away. It feels like someone is standing on my chest. The wires are just the right length to act as a dipole.

    1KW is a *lot*. That’s communications satellite strength, enough to put a signal over a whole continent.

  5. says

    the question as to whether this was because Apple was colluding with the US government or whether since Steve Jobs’s death, the quality of the company’s software has been declining.

    Jobs was an oligarch, why would anyone in their right mind imagine Jobs didn’t sell them out? He sold them out over marketing, he sold them out over processor choices, etc. I never did understand why he had such a personality cult (other than that he was white, rich, and slightly odd)
    As far as the quality of Apple’s software: it can’t decline because there’s already no worse it could get. Apple substituted exhaustive testing of bloated code for software architecture, to the point where they finally had to forklift a UNIX kernel under their POS operating system; they don’t write good software -- they write lots of bad software and test it pretty thoroughly.

  6. says

    FWIW, I work in computer security and have for 25+ years. Everything Applebaum is saying is technically accurate. Whether it’s actually happening, I cannot say for sure, but I’d say it’s extremely likely. Note that some of the stuff, like the light-speed insertion trick, would require collusion from telecoms or service providers because they would be the re-injection point.

  7. says

    Another data point: one of my peers spent a month or so in China, trying to track down a mysterious signal that was emanating from a client’s data center. It appeared to be exfiltrating a substantial amount of data using a new packet format up in the cellular data range, but was not 802.11; the data was highly entropic so the assumption was it was encrypted. At the time my friend assumed it was the Chinese, but now he thinks it was more likely the NSA. The target was a fairly major European company that has a manufacturing facility over there. After they got a ways into it the investigation was suspended rather suddenly.

  8. Pierce R. Butler says

    I once knew a man who, while in the US Navy, climbed up a mast to repair something and spent a couple of hours directly in front of a radar dish. He didn’t think much about it at the time, but later came to believe that was the cause of the lifelong narcolepsy he suddenly developed not long after.

    A high-powered microwave beam, though apparently it messed up his life pretty good, seems like a rather ineffectual weapon to use against anybody (except possibly those with electronic pacemakers).

  9. steve oberski says

    A kilowatt is what a typical microwave oven generates.

    Put a cup of water in your microwave and set it on high and in a minute or so it’s boiling.

    Now I think the inverse-square law applies here so your cup of water is only inches away from the transmitter while presumably the people mentioned above are sitting a few feet away from the transmitter.

    But still, this particular claim smacks of conspiracy theory fodder.

Leave a Reply

Your email address will not be published. Required fields are marked *