Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

NYT: NSA Put 100,000 Radio Pathway "Backdoors" In PCs

Unknown Lamer posted about 9 months ago | from the do-you-trust-your-data-center? dept.

United States 324

retroworks writes "The New York Times has an interesting story on how NSA put transmitters into the USB input devices of PCs, allowing computers unplugged from the Internet to still be monitored, via radio, from up to 8 miles away. The article mainly reports NSA's use of the technology to monitor Chinese military, and minor headline reads 'No Domestic Use Seen.' The source of the data was evidently the leak from Edward J. Snowden."

cancel ×

324 comments

Sorry! There are no comments related to the filter you selected.

Where are they? (5, Interesting)

RMH101 (636144) | about 9 months ago | (#45964289)

Genuine question - where are these devices? Has any physical evidence of them been detected? Has anyone found one? I'm not sceptical that they did it, I think it's entirely possible. I'm just curious if there's any physical evidence that's been found yet...?

Re:Where are they? (2)

L3sT4T (856344) | about 9 months ago | (#45964361)

And to this I'd like to add: Pics or it didn't happen /endsarcasm

Re:Where are they? (3, Insightful)

aeranvar (2589619) | about 9 months ago | (#45964465)

If an official from Russian, China, or Iran were to step forward saying that they had found one of the devices inserted into their machine... would anyone believe them? There's incentives for both the NSA and likely targets of the NSA to lie about this issue.

Re:Where are they? (2)

L3sT4T (856344) | about 9 months ago | (#45964649)

To be honest, after reading the whole article, I just find it odd that it comes out like a week or so after the report of bugged USB devices from China.

Re:Where are they? (1)

aeranvar (2589619) | about 9 months ago | (#45964413)

This is speculation, but I bet this is some variant on the Cottonmouth model bug [arstechnica.com] we saw a couple of weeks ago. How many people - even organizations like the Chinese military - are going to disassemble their USB cables and ports? If you're going to go to that far, you might as well build the device yourself out of off the shelf parts.

Re:Where are they? (0)

Anonymous Coward | about 9 months ago | (#45965199)

This is speculation, but I bet this is some variant on the Cottonmouth model bug [arstechnica.com] we saw a couple of weeks ago. How many people - even organizations like the Chinese military - are going to disassemble their USB cables and ports? If you're going to go to that far, you might as well build the device yourself out of off the shelf parts.

Except... don't the Chinese make all that type of shit anyways? How did the NSA get the stuff in there in the first place if it's all already made in China anyways?

Re:Where are they? (1)

CreatureComfort (741652) | about 9 months ago | (#45965357)

They licensed the technology and had it all assembled in Malaysia.

Re:Where are they? (5, Informative)

sking (42926) | about 9 months ago | (#45964427)

According to TFA, a tiny transceiver can be built into the plastic plug base of a USB cord. Of course, one has not been spotted in the wild, but it sounds theoretically possible.

Re:Where are they? (5, Insightful)

ledow (319597) | about 9 months ago | (#45964433)

I agree - however, there is the question of "who did they use them on?" and also that they were basically DESIGNED not to be detected.

Most people who they targeted probably were arrested or they never even thought they were a target. In that case they can recover their hardware.

The number of devices compromised is likely to be very small as a percentage of the devices out there. Almost certainly neither you or I have one of these devices in our kit. If we did have, how often have you popped open every keyboard/mouse/usb stick you own to make sure there's not something else in there that wasn't supposed to be?

And if they are in collusion with even a single manufacturer to produce a compromised device, then you may never know about the devices hidden functions until you do a chip-analysis of everything inside the device (probably involving decapping and analysing the whole thing which can take years and decades of expertise).

As such, it's unlikely you will ever see one, even with everyone on the Internet looking. That's also what I would expect if they were doing their job properly (or else these things would be discovered quickly and be useless to them).

Much more importantly - if this is true, and we even if we start to use only trusted hardware, this is just more reason to have more "open" machines.

Who knows what's inside a chip on your particular computer, even if it looks very similar to a mass-market item, if they could have got their hands on it and/or been the ones supplying it to you?

Re:Where are they? (1)

RMH101 (636144) | about 9 months ago | (#45964525)

That's kind of my thinking - that they would have to replace a discrete part within the laptop - possibly a motherboard, more likely a daughterboard or mini PCI device like a wifi card. If you replace the motherboard you'd have to deal with BIOS serial numbers etc which would be a PITA. The only way I can see this working is if it were done at a component level. Presumably the device would need to be connected to a data bus, e.g. USB/SATA? Or memory?

Re:Where are they? (4, Informative)

aeranvar (2589619) | about 9 months ago | (#45965197)

From TFA:

1. Tiny transceivers are built into USB plugs and inserted into target computers. Small circuit boards may be placed in the computers themselves.

Re:Where are they? (2)

PolygamousRanchKid (1290638) | about 9 months ago | (#45964447)

. . . not in mine! My laptop is wrapped in tinfoil, so they can't radio transmit a device into it!

Re:Where are they? (1)

TWX (665546) | about 9 months ago | (#45964449)

We were discussing this last night on boingboing, and I shared an equal skepticism.

The basic conclusions were:
  • A collaborator would be needed to install the device.
  • An antenna could masquerade in the form of a USB cable.
  • Municipal distances would be a problem, but eight miles is achievable with consumer-grade ham radio hardware.
  • There are means to avoid such devices working, if an IT department is security-conscious and takes steps to disable USB ports and plug-n-play services.

I'm still skeptical, mainly because a simple frequency scanner would allow one to detect the presence of transmissions by the device, and because concealing an antenna, even in the form of a USB cable, would be difficult. If the cable is cut-off, then it would be massively obvious with a simple look underneath, and it would be difficult to manufacture a functioning USB cable that contained a radio and antenna.

There was talk of manufacturer collaboration, especially against organizations that develop security (tampering with new-manufacture to replace components on the motherboards essentially) but that seems like it would be extraordinarily difficult to achieve without employees of the manufacturers questioning why they're going through so much effort to do this.

We'll just have to see what comes of it. I'm genuinely curious if we'll ever see any actual evidence or not.

Re:Where are they? (5, Interesting)

SuricouRaven (1897204) | about 9 months ago | (#45964585)

" mainly because a simple frequency scanner would allow one to detect the presence of transmissions by the device"

Burst transmission. Buffer data for days, then send it all in a burst of under a minute. Nothing to detect unless the counterintelligence people are monitoring continually or get very lucky. It's old tech, dating back to the pre-IC days. Bugs back then did it by recording onto a magnetic tape. When the tape reached the end it turned on the transmitter and re-wound at high speed. The listeners then just had to play it back slowed-down and backwards to recover the original audio.

Re:Where are they? (1)

Anonymous Coward | about 9 months ago | (#45964587)

Subtle shill is subtle. We're told, by a respectable news source (whether you disagree or not) that they're using these devices, then subtle shill begins to attack them, suggesting it's not possible on technical ground (or dubious at best), while we have a report that they're out there! Furthermore, what good does disabling USB ports do when your firmware (on various levels) is compromised? Instead of vague, inspecific FUD, how about some actual comments on the physical parameters of it? How much ERP on a given frequency would be necessary for this to have 8 mile range? What would be the actual design constraints on the antenna and transmitter/receiver? Not everyone is a ham, so what actual measures could be taken by an IT dept or individual? (Rather than vague hand waving that there is a good solution.)

Re:Where are they? (2)

Demonoid-Penguin (1669014) | about 9 months ago | (#45964609)

We were discussing this last night on boingboing, and I shared an equal skepticism. The basic conclusions were:

  • A collaborator would be needed to install the device.
  • An antenna could masquerade in the form of a USB cable.
  • Municipal distances would be a problem, but eight miles is achievable with consumer-grade ham radio hardware.
  • There are means to avoid such devices working, if an IT department is security-conscious and takes steps to disable USB ports and plug-n-play services.

I'm still skeptical, mainly because a simple frequency scanner would allow one to detect the presence of transmissions by the device, and because concealing an antenna, even in the form of a USB cable, would be difficult. If the cable is cut-off, then it would be massively obvious with a simple look underneath, and it would be difficult to manufacture a functioning USB cable that contained a radio and antenna. There was talk of manufacturer collaboration, especially against organizations that develop security (tampering with new-manufacture to replace components on the motherboards essentially) but that seems like it would be extraordinarily difficult to achieve without employees of the manufacturers questioning why they're going through so much effort to do this. We'll just have to see what comes of it. I'm genuinely curious if we'll ever see any actual evidence or not.

  1. 1. Build a minature radio transmitter powered by 5V
  2. 2. Insert transmitter into USB keyboard or mouse
  3. 3. Find some incredibly complicated and unlikely means of attaching keyboard or mouse to computer
  4. 4. Discover boing boing isn't populated by brain surgeons, electronic engineers and rocket scientist?

Not in the catalogue, but extremely do-able, develop a small device that'll run off a USB power supply and will create a secret channel using DC over the AC supply, embed device in mouse or keyboard... That's all I've got, for the life of me I can't figure out how to attach it to a computer without someone noticing.

Of course I'm joking - if it was likely it would have been in some game, or a movie.

Re:Where are they? (1)

AHuxley (892839) | about 9 months ago | (#45964801)

Re A collaborator would be needed to install the device.
That could just be a shipment of normal looking computer parts, spares, upgrades that spent a few extra hours at a 'regional' hub during postage.
Re There are means to avoid such devices working, if an IT department is security-conscious and takes steps to disable USB ports and plug-n-play services.
You can close up the port so no usb device can be plugged in but the port will still 'send' via radio.
Re simple frequency scanner.. mb the NSA ensures the device is "off' for the first weeks, months and only updates for short bursts at unique times much later.
The payload might be adjusted after the first few messages in/out depending on the system encountered and data wanted.

Re:Where are they? (5, Informative)

AHuxley (892839) | about 9 months ago | (#45964729)

The device as a layer of physical hardware in a USB device has been posted as a pic as part of the COTTONMOUTH I and II effort.
http://www.dailytech.com/Tax+and+Spy+How+the+NSA+Can+Hack+Any+American+Stores+Data+15+Years/article34010.htm [dailytech.com] (scroll down for the slide)
What it sends out to?
The usual new spy "rocks" or some other "network"
http://rt.com/usa/spy-rocks-lockheed-usa-771/ [rt.com]
http://www.theguardian.com/world/2012/jan/19/fake-rock-plot-spy-russians [theguardian.com]

Re:Where are they? (1)

rvw (755107) | about 9 months ago | (#45964833)

Genuine question - where are these devices? Has any physical evidence of them been detected? Has anyone found one? I'm not sceptical that they did it, I think it's entirely possible. I'm just curious if there's any physical evidence that's been found yet...?

Intel Core vPro [intel.com] with anti theft capability? I read a while ago that these processors have a complete OS on board, with working GPRS, but I can't find that article anymore.

Re:Where are they? (0)

Anonymous Coward | about 9 months ago | (#45965059)

Intel Core vPro [intel.com] with anti theft capability? I read a while ago that these processors have a complete OS on board, with working GPRS, but I can't find that article anymore.

Amusingly enough, Intel's now shutting down that (paid, enterprise-targeted) service. As an end user whow as intrigued right up until the point that I realized I was no longer "the administrator" of my own device, I wonder just how shut-down the backdoor really is, even if I've selected the BIOS option to permanently disable it.

Re:Where are they? (5, Informative)

mdragan (1166333) | about 9 months ago | (#45964913)

This devices are listed in the leaked "NSA Toolbox Catalog" document, that was reported in this Spiegel article:
http://www.spiegel.de/international/world/catalog-reveals-nsa-has-back-doors-for-numerous-devices-a-940994.html [spiegel.de]

Some pictures:
Cottonmouth-I, USB spying device
http://www.spiegel.de/static/happ/netzwelt/2014/na/v1/pub/img/USB/S3223_COTTONMOUTH-I.jpg [spiegel.de]
Cottonmouth-II, USB spying device
http://www.spiegel.de/static/happ/netzwelt/2014/na/v1/pub/img/USB/S3223_COTTONMOUTH-II.jpg [spiegel.de]
Cottonmouth-III, USB spying device
http://www.spiegel.de/static/happ/netzwelt/2014/na/v1/pub/img/USB/S3223_COTTONMOUTH-III.jpg [spiegel.de]
Firewalk, ethernet spying device
http://www.spiegel.de/static/happ/netzwelt/2014/na/v1/pub/img/USB/S3223_FIREWALK.jpg [spiegel.de]
Ragemaster, monitor cable spying device
http://www.spiegel.de/static/happ/netzwelt/2014/na/v1/pub/img/Bildschirm/S3224_RAGEMASTER.jpg [spiegel.de]

There's many more in that cataloge, including software and hardware tools and devices.

Re:Where are they? (1)

gmuslera (3436) | about 9 months ago | (#45965273)

Maybe some of them were bought online and then intercepted by NSA to install that hardware [theverge.com] . There is plenty of evidence that they are doing that kind of things, including a catalog [spiegel.de] , but not a lot of reports [reuters.com] that show how they are actually doing it.

Now, that the actual number of devices with those radios is around 100000 could be an outdated number (50k in 2008 and 85k in 2012 according to Snowden documents, and maybe 100k by now according to other sources), and anyway, seems that be considered by them an obsolete technology, and targetting mainly offline computers and closed networks. Probably the kind of installations that won't disclose that they were intruded even if they found what happened. Landline phones and faraday cages could become very popular in some installations.

Probably there aren't used in US because may have other ways to get in, even in offline networks (maybe embedded 3g radios [softpedia.com] ?) without needing to have that kind of reach.

Re:Where are they? (1)

LordLimecat (1103839) | about 9 months ago | (#45965309)

You're right to be skeptical; the headline is nonsense.

Article indicates that the NSA has used "some quantity" of these radio devices, and has in addition planted 100,000 software bugs on computers across the world. Run it through the slashdot submission process, and that becomes "NSA plants 100,000 radio spy kits in your kitchen computer"

Im at the point where I assume any article about the NSA was written by someone who doesnt understand or care about the actual issues, and is just looking to fan the flames as much as possible.

Skeptical about the 8 miles (1)

Peter Simpson (112887) | about 9 months ago | (#45964317)

I'd like to know how they did that. Especially with a transmitter *inside* the computer...

Re:Skeptical about the 8 miles (4, Informative)

TWX (665546) | about 9 months ago | (#45964503)

Well, if a computer is poorly shielded that might not be all that hard. Handheld 5W ham radios can go much more than that distance on 2m, and lower frequencies can go much further. When the weather allows it, a 5W 2m transmission can go dozens or even a hundred miles, and in especially unusual weather conditions a friend of mine in California managed to talk with someone in Hawaii, once.

So, while inside a case it might not go 20 miles to cover a whole city, I could see being able to reach 8 miles, depending on how intelligently the system was designed in order to reduce the chances of being discovered. The other downside is that strong radio transmissions can interfere with things including speakers, which might make them obvious if not handled correctly.

Re:Skeptical about the 8 miles (1)

K. S. Kyosuke (729550) | about 9 months ago | (#45965147)

Lower frequencies require large antennas, and even on 2m, the device is sort of obvious. Ditto for 5W of extra power draw. If your supposedly EM-compatible PC or a similar device is emitting multiple watts in the VHF spectrum and you don't notice that, you fully deserve what you got.

Honestly, I think the most efficient way of having the machine communicate with the attacker (especially if the attacker is NSA) is through some sort of TCP/IP based side channel. Low bandwidth, perhaps, but much less obvious.

Re:Skeptical about the 8 miles (3, Insightful)

alen (225700) | about 9 months ago | (#45964533)

the signal will go that distance, the trick is having a receiver sensitive enough to pick it up

Re:Skeptical about the 8 miles (0)

Anonymous Coward | about 9 months ago | (#45964569)

They might use an attached USB cable as antenna.

Re:Skeptical about the 8 miles (0)

Anonymous Coward | about 9 months ago | (#45964679)

Maybe the USB connector on the keyboard or mouse has the device inside and the cable functions as an antenna? If it's inside a laptop they could replace the wifi card with a dual purpose card.

Personally I think this is a great big red herring (especially with the NSA's quick denial of it affecting people in the US), but Snowden has been right about so much that I can't discount it.

Re:Skeptical about the 8 miles (1)

Charliemopps (1157495) | about 9 months ago | (#45965187)

I'm surprised there's even a limit. Think about it for a while... the USB device only has to receive. Their transmitter can be as powerful as they want, so that's not a problem. To send data back, either the USB can store what it needs and be picked up later... or, it can infect the computer and use it to transmit. If it has ANY wifi capability, they can use that to transmit, and even if it doesn't I'd imagine there's all sorts of nifty tricks they could do like varying current draw in pulses to send a signal... or maybe the NSA can see the computer through a window and they can flicker the power light.

Keep in mind they are saying "Up to" 8 miles away and the NYT has redacted info at the NSA's request. So it may be that if they're within 100 yards of it they can have direct coms with the device but beyond that they have lots of tricks and such to still be able to connect. Given an unlimited budget and resources this doesn't seem all that impossible.

wait a second.... (5, Insightful)

datapharmer (1099455) | about 9 months ago | (#45964331)

Ok, so I get the whole whistle blower thing but isn't this what the NSA is supposed to be doing? Spying on Americans is ok to get fussy about but why was this leaked and why doesn't the NYT realize that this actually does set back U.S. intelligence? Are they also going to release a story detailing what the Chinese are doing to spy on US from leaked Chinese intelligence?

Re:wait a second.... (0, Troll)

Anonymous Coward | about 9 months ago | (#45964375)

Spying on Americans is ok to get fussy about but why was this leaked and why doesn't the NYT realize that this actually does set back U.S. intelligence?

Spying on innocent people in general is wrong.

Re:wait a second.... (0)

Anonymous Coward | about 9 months ago | (#45964771)

Spying on innocent people in general is wrong.

No one is innocent until deemed so by the government. Until then they are all potential terrorists or unwitting accomplices to terrorists.

Re:wait a second.... (2, Insightful)

Anonymous Coward | about 9 months ago | (#45965093)

In the game of international intelligence, a foreign military asset is not "innocent." To presume it's so is to invite disaster. Anyone with an ounce of common sense and honesty can see and admit this. Which do you lack?

Re:wait a second.... (-1, Troll)

TheP4st (1164315) | about 9 months ago | (#45964459)

Are they also going to release a story detailing what the Chinese are doing to spy on US from leaked Chinese intelligence?

Seriously?! Are you trying to insinuate that they wouldn't if such leaks were available to them? If so, then maybe you should actually read the actual article alternatively work on your reading comprehension before commenting again as there is a paragraph clearly indicating that they would.

Re:wait a second.... (1)

Anonymous Coward | about 9 months ago | (#45964461)

I don't think this "leak" is necessarily from Snowden, despite what the summary says, that remains to be seen,

Re:wait a second.... (0)

Anonymous Coward | about 9 months ago | (#45964537)

http://www.spiegel.de/international/world/nsa-secret-toolbox-ant-unit-offers-spy-gadgets-for-every-need-a-941006.html

The more you know. And its a testament to Slashdot's stupidity and ignorance that they read it here first today. Look, it even shows pictures and tech specs of the bugs in the interactive...INTERACTIVE...display. Idiots! Morons!

-- Ethanol-fueled

Re:wait a second.... (0)

Anonymous Coward | about 9 months ago | (#45964463)

Ok, so I get the whole whistle blower thing but isn't this what the NSA is supposed to be doing?

An intelligence service that spies on foreign governments for the sake of national security, well, I guess that could be fine.
The problem is that they have used it for trade negotiations too. The information they have gathered have been leaked to US companies to make it possible for them to win bidding wars and such.
At first glance this might seem like a good thing. Until other nations found out about it. (Don't blame Snowden for this, it was "known" outside of the US years before he leaked it.)
The result is that other nations have learned that it is wise to not do business with US companies and now US companies will have to suffer from it.
Being able to prevent half of all attacks against the nation sounds great, if you are the reason most of them happen in the first place, not so much.

Here's what I don't understand (5, Interesting)

langelgjm (860756) | about 9 months ago | (#45964481)

The NSA claims that it doesn't steal trade secrets from foreign companies in order to give US businesses a competitive edge. I suspect they are lying, given that it seems like they lie about everything, and that we already have reason to suspect they are lying about this in particular. [bbc.co.uk]

However, the implication is that it would be wrong or immoral for them to do so (unlike the French or Chinese who have no such qualms). E.g., in the article, we read:

At that session, Mr. Obama tried to differentiate between conducting surveillance for national security — which the United States argues is legitimate — and conducting it to steal intellectual property.

It goes on to quote Peter Singer saying that for the Chinese, economic advantage is part of national security.

Maybe the Chinese are right. And here's the thing - the U.S. already behaves as if securing economic advantages for our domestic industry is a critical interest. In trade negotiations, we ram our IP laws down the throats of every other country while dangling our domestic market in front of them, all the while never actually liberalizing agriculture at home. I don't understand why it's acceptable for us to promote our domestic businesses through trade diplomacy, but somehow it becomes unacceptable to do so through spying.

In my mind, we are trying to accomplish the same thing as the Chinese, just via a different means (or probably, via both means). Yet we criticize them as if we are somehow morally superior in the way we do it.

Re:Here's what I don't understand (0)

cold fjord (826450) | about 9 months ago | (#45964889)

The NSA claims that it doesn't steal trade secrets from foreign companies in order to give US businesses a competitive edge. I suspect they are lying, given that it seems like they lie about everything, and that we already have reason to suspect they are lying about this in particular.

The NSA, like other intelligence agencies, prefers to say nothing. That isn't the same thing as lying. As to the rest ...

Why We Spy on Our Allies [cryptome.org]
Boeing Called A Target Of French Spy Effort [nwsource.com]

In my mind, we are trying to accomplish the same thing as the Chinese, just via a different means (or probably, via both means). Yet we criticize them as if we are somehow morally superior in the way we do it.

Suppose you are trying to improve your personal economics by increasing the amount of money you have in the bank. You could cut back on your spending, open a new business, or steal. Are some of those morally superior to another? Diplomacy is preferable to war, trade and exchange are preferable to espionage. Other countries are free to not accept US positions on trade and treaties, just as the US is in return. Countries don't really have a say about Chinese espionage.

I think you need to rethink some things.

Re:Here's what I don't understand (4, Insightful)

FriendlyLurker (50431) | about 9 months ago | (#45964925)

FTFA: Leaked documents show: "the program, code-named Quantum, has also been successful in inserting software into... trade institutions inside the European Union"

NSA propaganda reply: "Vanee Vines, an agency spokeswoman, said in a statement. 'We do not use foreign intelligence capabilities to steal the trade secrets of foreign companies on behalf of — or give intelligence we collect to — U.S. companies to enhance their international competitiveness or increase their bottom line.' "

The NSA really go out of their way to deny Industrial espionage, yet they have been caught targeting trade institutions in the EU. Yeah, I also suspect the NSA is lying as usual. From past marketing releases they really try to downplay Industrial Espionage as their motivation, which probably means it is their #1 bread and butter function.

Re:wait a second.... (0)

Anonymous Coward | about 9 months ago | (#45964497)

What set back? Any electronics nerd can build one of these. Thinkgeek used to sell USB keyloggers, without the radio part, so they needed to be retrieved to get the results.

In short: Everybody has known for years, that it's easy to do. They've been doing the same thing with microphones in every spy movie made during the cold war. Replacing the microphone with a USB plug - that's not this super secret idea.

This isn't even the surveilance we've come to expect from the NSA. Putting the transmitter in requires physical access. That is, get a warrant, do some old fashioned police work.

In short: It's not even a leak.

Re:wait a second.... (1)

neoform (551705) | about 9 months ago | (#45964577)

Does it not seem strange to you that you're ok with spying on others, but you're not ok with spying on you?

So spying on China is ok, what about other countries? Can we spy on Canadians? They're not American, so I guess that's a yes?

Re:wait a second.... (1, Flamebait)

Above (100351) | about 9 months ago | (#45964657)

More importantly, if it's ok for the US to spy on China, then it's A-Ok for China to spy on the US. Right? Good thing none of our electrics are made in a country that might want to spy on us and controls industry so they can hide spy tech inside of it easily. Wait, uh, oops.

Re:wait a second.... (0)

Anonymous Coward | about 9 months ago | (#45964579)

Ok, so I get the whole whistle blower thing but isn't this what the NSA is supposed to be doing? Spying on Americans is ok to get fussy about but why was this leaked and why doesn't the NYT realize that this actually does set back U.S. intelligence? Are they also going to release a story detailing what the Chinese are doing to spy on US from leaked Chinese intelligence?

Remember Citizens the NSA is reading these responses, so be "reasonable" when you answer the questions above.

Re:wait a second.... (0)

Anonymous Coward | about 9 months ago | (#45964691)

Frankly I feel that the Constitution means something. The NSA doesn't.

Re:wait a second.... (1)

geoffrobinson (109879) | about 9 months ago | (#45965057)

Spying on foreign citizens is completely constitutional.

Re:wait a second.... (2)

c0lo (1497653) | about 9 months ago | (#45964731)

Ok, so I get the whole whistle blower thing but isn't this what the NSA is supposed to be doing? Spying on Americans is ok to get fussy about but why was this leaked and why doesn't the NYT realize that this actually does set back U.S. intelligence? Are they also going to release a story detailing what the Chinese are doing to spy on US from leaked Chinese intelligence?

The problem with security by obscurity: one never knows when the adversary manages to shed a light into the obscure and start exploting the backdoor without your knowledge.

The implication: how would you like ... (if you feel so strong to cast them into an adversary, be it)... the Chinese Intelligence to discover that backdoor by themselves and start spying on you from 8 miles away? Or spy on some computers in universities running some defense research? (you got the gist... I hope). How do you know it haven't already happened?
Or... do you use to take your adversaries for the stupid?

(BTW: nice nick, datapharmer)

Americans (4, Interesting)

Anonymous Coward | about 9 months ago | (#45964797)

Ok, so I get the whole whistle blower thing but isn't this what the NSA is supposed to be doing? Spying on Americans is ok to get fussy about

As an European, I don't care if US authorities spy on US citizens, that would be their own internal business. But I find it quite offensive that US spies on Europeans, in order to protect US interests. EU should really stand up and announce that such spying is totally unacceptable, any person caught to be part of such will serve serious jail time, diplomatic immunity or not. And any country caught doing so shall loose all diplomatic privileges inside EU, and have their embassies searched for more evidence (with a proper search warrant, of course).

I wouldn't mind if EU would also ground all flights and money transfers to/from the US for a few days. It would underline how seriously we view the matter, and make it clear for all Americans that we can no longer trust their government.

Re:Americans (5, Informative)

geoffrobinson (109879) | about 9 months ago | (#45965027)

News flash: Europeans spy on American companies.

Re:Americans (3, Insightful)

Njovich (553857) | about 9 months ago | (#45965231)

I'm from the Netherlands. Are you saying my government is spying on IBM and Microsoft? This is like being caught robbing a bank with an assault rifle, and then saying it's alright, because everyone steals something sometimes, 'Danny from down the road stole a piece of chocolate too!' or such. Newsflash for you: Most intelligence agencies spy on things that they believe are actual threats to their security. They don't go mass-intercept Facebook traffic in foreign countries of innocent people.

Now, I'm sure that intelligence agencies here do things they shouldn't do sometimes. And there are also a handful of other countries doing really shitty stuff from their intelligence agencies. I suggest we try to stop all of the wrongdoings, rather than just point and say 'they do it too!'

Re:Americans (1)

ewieling (90662) | about 9 months ago | (#45965281)

Are you saying it is OK for Americans to spy on European companies because Europeans to spy on American companies? By that logic I am allowed kill someone because other people are doing it.

Re:wait a second.... (1)

Charliemopps (1157495) | about 9 months ago | (#45965237)

It says clearly int he article they are using these devices against the European Union, which we have treaties with that ban this sort of thing. Your argument is like the dude at the highschool party telling the cops "Well everyone else was drinking!" Just because we suspect our government was doing illegal/immoral things, and just because other government are doing illegal/immoral things, does not mean we should just roll over and say "Oh well, I guess that's how the world works" Instead we should use this opportunity to change how the world works. To make it clear that we do not find this acceptable and that it needs to end.

Here's a silly question (1)

NoNonAlphaCharsHere (2201864) | about 9 months ago | (#45964335)

Wouldn't the USB driver have to be compromised as well?

Re:Here's a silly question (2)

buchner.johannes (1139593) | about 9 months ago | (#45964381)

No, if the device is a keyboard, it knows what keys you pressed, and can send that directly. Transmitting over 12 km is extremely impressive if true, and could be useful for civil purposes.

Re:Here's a silly question (4, Insightful)

ledow (319597) | about 9 months ago | (#45964487)

I'm dubious about the distance but remember that they are TARGETTING their devices.

As such, they could be on a roof 12km away with a whole array of receivers pointed to within inches of the radio source, and so 12km isn't as insane as it sounds. But it doesn't mean they have a commercially viable tech that others don't.

Pringles tins on wireless dongles - the range can be immense, and if you are good at antenna design, it can get insane. If you know to within-an-inch where you're supposed to be pointing at and/or can trigger it to do a one-off high-powered transmit to download information (by a similar one-off high-powered transmit from a distance), then it's not all that impossible.

But you're not going to see another 802.11 wireless revision out of their work. It's a whole different ball game.

Re:Here's a silly question (1)

Anonymous Coward | about 9 months ago | (#45964981)

Sorry for anonymous. But I'm too lazy to login.

Here's the deal, 8 miles is a real stretch given the amount of power that can be gotten from a USB port. Additionally, they would have to be transmitting high in the microwave band, with a beam (like a yagi) for remote receive.

The bigger problem is getting an inefficient antenna, fractal or not, to put out a signal readable 8 miles away at let's say 500mW. I'm not sure it can be done. I've used wave guides to send a 2.4Ghz data connection a few miles across the Ohio river at just under one watt (hacked Linksys firmware), but the data rates were not fabulous. However the gain on the antennas was fabulous in both directions.

I'm an Amateur Extra license holder and build antennas all the time. At least on the frequencies I can legally play with- the claim is a real stretch.

Re:Here's a silly question (0)

Anonymous Coward | about 9 months ago | (#45965217)

Agreed that it's a stretch, but I've gotten several miles out of commercially-available antennas and OOB, non-amplified, sub-100mW transmitters, albeit at similarly terrible data rates. But we're both stuck on tcp/ip over a digital channel -- something more forgiving of loss, say tones sent out as a clear, analog signal, certainly wouldn't be perfect, but the range for acceptable levels of reception, with the right receiving equipment, would be impressive.

Re:Here's a silly question (0)

Anonymous Coward | about 9 months ago | (#45964651)

It has a small side effect. It causes cancer after more than 2 days of exposure for anyone in a 100m radius.

Re:Here's a silly question (0)

Anonymous Coward | about 9 months ago | (#45964397)

they probably modified the BIOS to make the RF transmitter functional.

no windows driver needed.

Here's a silly question (0)

Anonymous Coward | about 9 months ago | (#45964403)

Looking at the nice picture they gave, it is conceivable that the transceiver effectively acts as a MITM.

All these stories: the NSA continues to assure us (2)

circletimessquare (444983) | about 9 months ago | (#45964371)

Even though they've already lied about the range of their activities, their scope and depth, their capabilities, their intent, and their mandate.

Of course, this is spy stuff, you're supposed to lie about that.

Which is exactly why no one believes your assurances NSA.

You have too much power. No transparency, no oversight, no limits. You will destroy our country with Edward Snowdens who are not virtuous, but motivated by corruption and other agendas: political, mostly. You can't say that won't happen, it *always* happens, to every institution of your size and breadth, because you're made of fallible human beings. Proof: Edward Snowden. You think he is the last? You think the next one will be motivated by noble principles?

That is why you must be decimated and pried into and monitored. Hopefully, legislatively and via execute order. And soon. For the sake of the legitimacy of our government, which your dealings cast into doubt.

Snowden (0)

Anonymous Coward | about 9 months ago | (#45964439)

What makes anyone think "The source of the data was ... the leak from Edward J. Snowden"?

Censorship (1)

bombman (87339) | about 9 months ago | (#45964475)

And here I thought the Chinese net was slow because of the Chinese gov monitoring everything. Turns out it was the NSA.
Leaking this info is not in the "public interest" (well the Chinese public, possibly).

Re:Censorship (1)

c0lo (1497653) | about 9 months ago | (#45964841)

And here I thought the Chinese net was slow because of the Chinese gov monitoring everything. Turns out it was the NSA.

No, the net is still slow because of the chinese. What's slow because of the NSA it's your keyboard (and has nothing to do with Windows 8.1)
(large grin)

Leaking this info is not in the "public interest" (well the Chinese public, possibly).

At least now that's in the open you can sacrifice a bit of tinfoil to make a cover for your computer and stop the RF leaks... what if the Chinese knew about and were already listening to your computer from 8 miles away?

BTW, bombman, how do you know it's not actually the Chinese at the origin of the leak?

planning some touristy sightseeing (0)

Anonymous Coward | about 9 months ago | (#45964499)

don't forget the 'weather' report http://www.globalresearch.ca/weather-warfare-beware-the-us-military-s-experiments-with-climatic-warfare/7561

chance to see a movie;; watch the thankskilling movie unrepentant http://www.youtube.com/watch?v=88k2imkGIFA

be aware of social constrictions;; results never vary so far http://www.youtube.com/watch?v=mk9mV8qBiEk

Reading comprehension (5, Informative)

the_other_chewey (1119125) | about 9 months ago | (#45964505)

I don't doubt the existence of physical bugs, but the claimed scale
of 100k devices in the field isn't supported by the article.

They infected 100k machines with software, most of them remotely.
(In that case, I consider the claimed number to be rather low even.)

It's right there in the first two paragraphs of TFA:

The National Security Agency has implanted software in nearly 100,000 computers around the world that allows the United States to conduct surveillance on those machines and can also create a digital highway for launching cyberattacks.

While most of the software is inserted by gaining access to computer networks, the N.S.A. has increasingly made use of a secret technology that enables it to enter and alter data in computers even if they are not connected to the Internet

Re:Reading comprehension (1)

j35ter (895427) | about 9 months ago | (#45964939)

What, you actually read TFA? You silly one, you....

Re:Reading comprehension (2)

AHuxley (892839) | about 9 months ago | (#45964955)

A company or gov buys a part for an air gapped network.
The NSA sends hardware with a new tiny circuit boards or altered USB hardware via the post.
Staff install and run the hardware, noting their system works as normal and no new changes to any of their OS.
From that one infection the 'huge' hidden 'network' might get infected later and report back just like any time delayed malware expect its a hop via an unexpected radio network.
Impress the US gov staff and oversight committees with impressive "software" and "computer networks" infected numbers vs a lower physical radio device shipped count.

Manufacturers (1)

Skiron (735617) | about 9 months ago | (#45964513)

So the only way to do this is get some sort of intercept from the manufacturer->seller/reseller->mail/postman. It looks like everybody is in cahoots with them.

Re:Manufacturers (0)

Anonymous Coward | about 9 months ago | (#45964605)

It looks like everybody is in cahoots with them.

I'm not sure "forced at legal gunpoint to do what they say and utterly forbidden from telling anyone" qualifies as "in cahoots".

Unsurprisingly BAD Summary (0)

Anonymous Coward | about 9 months ago | (#45964531)

1. The 100,000 refers to software based PC monitoring. (Total exploits.)

2. The hardware based USB monitoring is with USB devices plugged into the PC such as USB key loggers. No numbers were given.

3. The eight mile range cited, is HIGHLY dubious. Although a cellular network communication channel would make an initially short range device have far greater reach. Still HIGHLY suspect.

not sure who they try to fool (0)

Anonymous Coward | about 9 months ago | (#45964553)

Any real organization with security in mind will disable any external plug-in port or remove the power supplying function of the port disabling any self contain device and requiring any connected device to the computer to have a external power supply.

VGA Ports are out now? (1)

Austrian Anarchy (3010653) | about 9 months ago | (#45964599)

Back a couple of decades ago, this was supposed to be possible remotely by monitoring RF output from those noisy, leaky VGA ports. Never saw a demonstration from 8 miles away, just across the street or from a van on the street. No special hardware in the computer, just the right gear to listen to the RF leaking all over the place.

Sorry for no link, Google is full of connecting HDMI to VGA stuff these days.

Re:VGA Ports are out now? (1)

Austrian Anarchy (3010653) | about 9 months ago | (#45964677)

By monitor I mean see what was on screen. I do not recall any demonstration of being to remotely manipulate input, data, etc.

TEMPEST (1)

crow (16139) | about 9 months ago | (#45964775)

Yes. Here's the link.

http://en.wikipedia.org/wiki/Tempest_(codename) [wikipedia.org]

In theory, there is still some signal from modern LCD monitors, but it's much harder to pick up than the old CRTs. The same technology could be used to determine what a CPU is doing or any other electronic component, but, again, it's very difficult to get a strong enough signal at a distance to make use of it.

Re:TEMPEST (1)

Austrian Anarchy (3010653) | about 9 months ago | (#45964857)

The thing I was remembering was the RF coming from the port itself, no matter if anything was plugged in or not. Saw them do the sniffing of laptops with open VGA ports too.

Re:TEMPEST (1)

silas_moeckel (234313) | about 9 months ago | (#45965137)

The CRT was a lot stronger source than just the VGA port but yes either of them (HDMI for that matter) are vulnerable to vanEck phreaking.

Re:TEMPEST (1)

Austrian Anarchy (3010653) | about 9 months ago | (#45965261)

Yes, in some of those old reports, if memory serves, the big point was that your laptop is still vulnerable even if it is not connected to a CRT.

Re:VGA Ports are out now? (1)

blueg3 (192743) | about 9 months ago | (#45964915)

The link [wikipedia.org] you're looking for.

Most people know of this from having read Cryptonomicon.

Re:VGA Ports are out now? (0)

Anonymous Coward | about 9 months ago | (#45965335)

Most people know of this from having read Cryptonomicon.

Good Lord.

How would it work? (1)

Dan East (318230) | about 9 months ago | (#45964629)

Okay, so you implant a small wireless device in the connector of a USB cable. No problem - it doesn't take a genius to realize that is a trivial engineering task in this day and age. So now you have a cable that still must work as a cable connecting the computer to whatever USB device is on the other end (printer?), because obviously if the device doesn't work as normal the cable will be replaced. So the secret interface in the cable can't be an actual USB network device. Nor can it even be a USB drive. In either case then the printer can't work.

So that means the interface in the USB cable has to act like a USB hub, right? Thus the only information the interface has direct access to is whatever data is flowing to the real device on the other end (printer?) - the only thing they can access for sure is what is printed.

The other option is for the secret interface to also include a USB drive which has spyware on it that is installed if the PC autoruns external drives. In that case the spyware could then forward whatever data they want to the secret wireless interface for remote capture. But that is still dependent on poor security on the PC.

My point is that you can't plug a USB device into a computer and it somehow magically access to everything on the PC, unless you also have software on the PC as well. But as soon as you run software on the PC you vastly increase the odds of being discovered.

Is that the only way something like this could work, or am I missing something?

Re:How would it work? (1)

sal_park (609818) | about 9 months ago | (#45965105)

unless you also have software on the PC

Agreed. How about ADVAPI.DLL ? ( http://www.whale.to/b/nsa3.html [whale.to] ) Now all you need to do is get hardware manufactures to include the necessary wireless hardware somewhere (say in a USB hub chip or wifi chip) and of course given that the drivers for these are binary blobs (it's the MOST secure way sir! (I'm joking)) who knows what code the NSA has asked them include in that driver ? (NSA talking to NEC (or some other chip fab): Include our binary blob in you binary blob or we will fuck you up m'kay ?) Now how do you feel about running your 'binary blob' driver in linux ?

Re:How would it work? (2)

AHuxley (892839) | about 9 months ago | (#45965209)

Its the "bus" and way back into the computer hardware. Not all electronics is a one way 'push' of data down to a port, printer. Some of the end user "interfaces" are nice and complex and can really talk back up into the OS, CPU, wireless hardware.
e.g. 'Hardening hardware and choosing a #goodBIOS" at 30c3
http://www.youtube.com/watch?v=2VvR-vsdMlQ [youtube.com] at ~ 29 mins in

Re:How would it work? (0)

Anonymous Coward | about 9 months ago | (#45965287)

The spyware can be infected via a different mechanism. e.g. from email, website etc. It is pretty easy to see an additional hub from Device Manager on a PC, so I don't think that would be the normal mode of operation.

I can see a few different ways of bugging:
- The USB dongle disconnect the downstream device and connect itself as a one time mass storage device and use autorun to infect a PC.
- The USB dongle is a low speed transmitter that monitors the sideband traffic on the USB bus, but doesn't try to be a USB device.

May be the infected PC change the USB driver polling timing to pass a message Morse code style. May be it would send invalid USB packet (e.g. with bad CRC) that the device downstream would ignore, but the transmitter won't.

The real important question: (5, Funny)

Anonymous Coward | about 9 months ago | (#45964635)

Does the hardware have good Linux drivers?

Could be misdirection (1)

Anonymous Coward | about 9 months ago | (#45964665)

Query: what would be the best way for the US to get this whole Snowden leak business to die once and for all.
Answer: Make the public doubt the veracity of the data.
Query: What would be the best way to make people doubt the data?
Answer: Create a false story saying something unbelievable and attribute it to the Snowden leak.

God (1)

TempleOS (3394245) | about 9 months ago | (#45964735)

I can randomly open a book. I can flip coins and get random numbers. I have no crisis. God says... examine Difficulty climb Enricher unspeakable dwelling plainly commencement north any abundant fastidiousness world's advising prince fervently revealed stable believing unlooked-for null occupy varying resulting traces MONEY reasonings

Work on your handwriting (1)

Akratist (1080775) | about 9 months ago | (#45964737)

How long is it going to be before paper and pen communication become most popular again?

Re:Work on your handwriting (0)

blueg3 (192743) | about 9 months ago | (#45964943)

Because that's definitely hard to spy on.

And a bug detector...? (2)

the_B0fh (208483) | about 9 months ago | (#45964763)

The bigger question is - what's a good bug detector nowadays! The sub-$100 are worthless, and the over $1k models - who can really tell what's good and what's not?

Smell of BS in the Air (0)

Anonymous Coward | about 9 months ago | (#45964845)

So, the NSA infiltrated some compromised hardware into keyboards and no hardware hacker noticed?

My guess is this story is distorted bullshit. Mainly because of science. First, show me *ANY* radio transmitter at *ANY* frequency that can convey a signal EIGHT MILES away with a footprint small enough to be hidden and completely unnoticeable. (Think about the average handheld walkie-talkie size on GPRS or FRS which sure as hell can't come anywhere close to 8 miles.)

Second, it would be *EVER* so much easier to detect RF signal harmonic leakage from a USB device from about 8 feet away. With something with a known signal profile (like a particular brand(s) of keyboard(s)), it may well be possible to create a profile of the device whereby any particular keystroke is detectable. Detection and relay gear could be miniaturized down to modem-box size or smaller, hidden nearby the target device, and Bob's Your Uncle.

AND, back in the day, one could do something similar with the speaker-amplifier from the old TRS-80 Model III that plugged into the cassette port to give 'sound' to certain games. You could hear the processor and drive controller chunking away and detect changes in pattern or pitch to know what the CPU was up to. (Couldn't translate it to exact by ear, but it was a wonderful diagnostic tool.)

NSA or no, Occam's Razor still applies sometimes.

catpcha: warfare

Waste of time (2)

cookYourDog (3030961) | about 9 months ago | (#45964879)

This cat wasn't going to stay in the bag very long.

For all of the folks screaming on about this revelation being damaging to national security, I would recommend a 10 minute introductory read on RF. There really is no hiding RF transmissions, particularly when you're trying to transmit through buildings and over long distances. Even with FHSS, random burst, or other masking techniques, RF is easily detected with widely available equipment. Any foreign rival with a modicum of competence has already discovered this exploit.

Jacob Appelbaum on 30c3 (0)

Anonymous Coward | about 9 months ago | (#45964911)

I believe Mr. Appelbaum gave a presentation on the hardware two weeks ago at 30c3:
http://media.ccc.de/browse/congress/2013/30C3_-_5713_-_en_-_saal_2_-_201312301130_-_to_protect_and_infect_part_2_-_jacob.html

cold_fjord, do your job! (0)

Anonymous Coward | about 9 months ago | (#45964921)

Or I'll have to do it for you.

OK, let's try:

"OMFG, US intelligence is being weakened by those leaks! The enemy will eat our lunch! WAAAAH! 1! !!1!"

(now: where do I collect my check?)

REminds me of this... no bug required. (0)

Anonymous Coward | about 9 months ago | (#45964947)

http://www.dump.com/compromisingelectromagnetic/

Doesn't pass the smell test (2)

EmagGeek (574360) | about 9 months ago | (#45965087)

To reach a distance of 8 miles one would have to be transmitting a significant amount of power - probably in the range of several watts. From that, a lot of heat would be generated, and it would be unlikely to go unnoticed.

Assuming that the usb cables were used as antennae, it is also likely that the radiation pattern is for shit, so I find the claim of an 8 mile range to be highly suspect, absent an extremely high gain receiver antenna and a clear line of sight.

Nevermind the 500mA USB limit on *most* laptops...

for slashdotters this comes as quite a surprise (2)

nimbius (983462) | about 9 months ago | (#45965157)

to date, while most slashdotters have been accustomed for some time to the governments radio pathways implanted in their teeth, the idea that somehow these same menacing devices may have found their way into the basement and, god forbid, into the VAX or Altair is truly terrifying.

Spread Spectrum? (1)

Gim Tom (716904) | about 9 months ago | (#45965221)

How do you make a radio signal hidden of covert? Yes, some spread spectrum techniques make it appear to be just noise, but even so if you sweep in the near field you should be able to detect that something is going on. This might work for soft targets, but for any really secure location it should be detectable pretty easily.

Forty years ago I worked in a secure facility that was subject to random TEMPEST sweeps at frequent intervals. Even though I was never told what they were doing one look at the equipment they were using, especially the antennas, seemed to indicate that they were looking for any signals from D.C. to Daylight.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?