The US National Security Agency (NSA) has the capacity to monitor, enter and alter data on computers even if the machines are not connected to the internet, it has emerged.
This is enabled by software planted in nearly 100,000 computers around the world for conducting surveillance and creating a “digital highway” for launching cyber attacks, reports the New York Times.
Most of the software is planted by gaining access to computer networks, but the NSA has increasingly made use of a secret technology to reach computers not connected to the internet.
This technology uses a “covert channel of radio waves” that can be transmitted from circuit boards and USB cards planted in computers, the report said, citing leaked NSA documents and US officials.
Filling in some more details of the NSA surveillance programmes revealed by whistleblower Edward Snowden in June 2013, the report said the transceivers must be physically inserted by a spy, a manufacturer or an unwitting user.
Once in place, the transceivers communicate with a briefcase-sized NSA field station, or hidden relay station, up to eight miles away.
More on NSA surveillance
- RSA denies secret contract with NSA
- US tech firms call for NSA reforms
- Skype under investigation over link to NSA
- NSA tracks 5 billion phone records daily, Snowden docs show
- RSA vetoes NSA-linked encryption algorithm
- NSA planned to discredit Islamist radicals with porn web history
- NSA analysed UK data in secret deal, says Snowden
- NSA and GCHQ unlock online privacy encryption
- NSA and GCHQ mass surveillance violates EU law, study finds
- US publishes revealing review on NSA surveillance
The field station in turn communicates back to the NSA, and can also transmit malware to the target computer, including the kind used in attacks against Iran’s nuclear facilities.
“What’s new here is the scale and the sophistication of the intelligence agency’s ability to get into computers and networks to which no one has ever had access before,” James Andrew Lewis, a cyber security expert at the Center for Strategic and International Studies in Washington, told the NYT.
“Some of these capabilities have been around for a while, but the combination of learning how to penetrate systems to insert software and learning how to do that using radio frequencies has given the US a window it’s never had before.”
The paper lists Chinese and Russian military, Mexican drug cartels, and trade institutions in the European Union, Saudi Arabia, India and Pakistan as targets of the surveillance programme code-named Quantum.
The NSA insists its actions are not comparable to China’s because they are focused and specifically deployed against only “valid foreign intelligence targets in response to intelligence requirements”.
“We do not use foreign intelligence capabilities to steal the trade secrets of foreign companies on behalf of – or give intelligence we collect to – US companies to enhance their international competitiveness or increase their bottom line,” the NSA said in a statement.
US president Barack Obama is scheduled to announce on 17 January what recommendations he is accepting from an advisory panel on changing NSA practices.
An alliance of US technology firms has called for reforms, claiming that some of the techniques developed by the NSA undermine global confidence in US products, including cloud services.
The firms are concerned that public loss of trust in technology will hurt their businesses, and are calling on governments to help restore that trust.