data security

NSA uses secret radio tech to spy on offline computers

Warwick Ashford

The US National Security Agency (NSA) has the capacity to monitor, enter and alter data on computers even if the machines are not connected to the internet, it has emerged.

This is enabled by software planted in nearly 100,000 computers around the world for conducting surveillance and creating a “digital highway” for launching cyber attacks, reports the New York Times.

140113_0027_113X90.jpg

Most of the software is planted by gaining access to computer networks, but the NSA has increasingly made use of a secret technology to reach computers not connected to the internet.

This technology uses a “covert channel of radio waves” that can be transmitted from circuit boards and USB cards planted in computers, the report said, citing leaked NSA documents and US officials.

Filling in some more details of the NSA surveillance programmes revealed by whistleblower Edward Snowden in June 2013, the report said the transceivers must be physically inserted by a spy, a manufacturer or an unwitting user.

Once in place, the transceivers communicate with a briefcase-sized NSA field station, or hidden relay station, up to eight miles away.

The field station in turn communicates back to the NSA, and can also transmit malware to the target computer, including the kind used in attacks against Iran’s nuclear facilities.

“What’s new here is the scale and the sophistication of the intelligence agency’s ability to get into computers and networks to which no one has ever had access before,” James Andrew Lewis, a cyber security expert at the Center for Strategic and International Studies in Washington, told the NYT.

“Some of these capabilities have been around for a while, but the combination of learning how to penetrate systems to insert software and learning how to do that using radio frequencies has given the US a window it’s never had before.”

The paper lists Chinese and Russian military, Mexican drug cartels, and trade institutions in the European Union, Saudi Arabia, India and Pakistan as targets of the surveillance programme code-named Quantum.

The NSA insists its actions are not comparable to China’s because they are focused and specifically deployed against only “valid foreign intelligence targets in response to intelligence requirements”.

“We do not use foreign intelligence capabilities to steal the trade secrets of foreign companies on behalf of – or give intelligence we collect to – US companies to enhance their international competitiveness or increase their bottom line,” the NSA said in a statement.

US president Barack Obama is scheduled to announce on 17 January what recommendations he is accepting from an advisory panel on changing NSA practices.

An alliance of US technology firms has called for reforms, claiming that some of the techniques developed by the NSA undermine global confidence in US products, including cloud services.

The firms are concerned that public loss of trust in technology will hurt their businesses, and are calling on governments to help restore that trust.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy