NSA radio station.
The National Security Agency (NSA) is due for an interesting day. Bloggers have received disturbing intelligence that the shadowy agency possesses an ability to monitor offline computers utilizing small radio transmitters.
While intercepting strong signals from bloggers and news outlets, the agency will also have to decode the recommendations of a FISA review panel. Recommendations that are expected to be announced by American President Barack Obama later today.
In IT Blogwatch, bloggers are bugged by computers and Capitol Hill.
Filling in for our humble blogwatcher Richi Jennings, is a humbler Stephen Glasskeys.
Darlene Storm amplifies the signal:
Hackers from the NSA’s Office of Tailored Access Operations (TAO) have been in the news since Edward Snowden leaked [details on the program]. TAO is internally known as ANT and its catalog of exploits is from 2008, but technology has advanced a great deal in the last six years so there’s no telling what the NSA can do now.
...If you’ve taken the time...to study the NSA’s Advanced Network Technology (ANT) division catalog of exploits...then you might feel like your head will explode.
...Some of the servers listed in the exploit catalog [are] targeted by an IRONCHEF tool to extract data using two-way RF communication. With DIETYBOUNCE, the NSA exploits a BIOS vulnerability...by using remote access or inserting an USB stick. MORE
But Jack Clark is on another frequency:
he NSA has compromised almost 100,000 computers around the world in its quest to get its tentacles into air-gapped computers operated by adversaries such as the Chinese Army.
...This tech has been in use since 2008 and uses a "covert channel of radio waves that can be transmitted from tiny circuit boards and USB cards."
...These ghastly widgets sometimes pass data onto a briefcase-sized relay point named "Nightstand" that can be used up to eight miles away, and can feed data packets back to the compromised host. The tech is physically inserted by agents, component manufacturers, or unwitting people who have been pwned, we're told.
...Some of this sneaky gear was crucial to the "Olympic Games" cyber-attack program which successfully inserted the Stuxnet virus into Iranian nuclear facilities. MORE
Megan Geuss interrupts our broadcast:
[Der Spiegel] published an interactive graphic two weeks ago detailing many of the ways that the NSA uses hardware to spy on its targets, including a “range of USB plug bugging devices,” which can be concealed in a common keyboard USB plug, for example.
...According to today's [New York Times] report, installing malware via such devices is part of a program which is code-named Quantum, and it has only been used against foreign targets; most often the Chinese military but also Russian military networks and Mexican drug cartels, as well as “trade institutions inside the European Union, and sometime partners against terrorism like Saudi Arabia, India, and Pakistan.”
...The NSA, for its part, sees nothing wrong with the practice, which it considers "active defense" rather than offense. MORE
Blocking signals, Warner Crocker wears a tin-foil hat:
Just when you thought you could pull one over on the NSA by using a computer that isn’t connected to the Internet comes word that that won’t necessarily keep you and your data out of the clutches of the US spy agency.
...[The spying] technology has apparently been in use since 2008 and requires a physical hands on approach to installing the radio bug. The NSA swears it isn’t being used for domestic surveillance. The NSA also says it [is] only for counterterrorism efforts.
...Coming as yet another surprise that shouldn’t be a surprise to anyone, this report is yet another in a long line...[from] Edward Snowden. Now that it seems that practically any computing device, whether connected to the Internet or not, is susceptible to...monitoring, I [half] expect the next revelation to be that dentists have been installing tiny transmitters in teeth. MORE
Grant Gross spins the dial:
Some members of the Senate Judiciary Committee questioned the recommendations of the Review Group on Intelligence and Communications Technology, a panel appointed by President Barack Obama after last year's revelations of bulk data collection and surveillance by the NSA.
..."Those of us who see it important to prevent another attack" see value in the phone records program, Senator Dianne Feinstein, a California Democrat and chairwoman of the Senate Intelligence Committee, told members of the review group.
...Senator Lindsey Graham, a South Carolina Republican, suggested that agencies fighting terrorism shouldn't have to jump through the same legal hoops as other law enforcement agencies. There's a fundamental difference "between fighting a crime and fighting a war," he said. MORE
And Adrianne Jeffries turns up the volume:
Obama may extend privacy protections to cover non-Americans, after reports that the NSA was spying on civilians of friendly countries provoked outrage across the world. The president will also probably appoint a privacy advocate to argue in front of the secretive Foreign Intelligence Surveillance Court, which approves requests for surveillance.
...He will also meet this week with members of the tech community that have been affected by the NSA's thirst for data. [An] NSA review panel...will also announce its findings this week.
...The panel has...recommendations, including ending the practice of covert "national security letters," which the agency has been sending without a judge's permission. The president may accept some of these recommendations, but it appears that he is still debating exactly what to do. MORE
A troubled Jon Russell hears an emergency broadcast:
The ongoing series of leaks from the NSA and its cyberspying programs have got many wondering how to stay safe. It’s been joked that the only guarantee is to be offline, but now even that extreme approach doesn’t guarantee an escape from the US agency’s eyes, according to a New York Times report.
...There’s no evidence that the technology has ever been used, but it is a particularly troubling development considering that the agency is already reported to have all manner of tools to gain backdoor access to popular consumer and business electronic devices. MORE
Meanwhile, Klint Finley surfs the web:
Brendan Eich is the chief technology officer of the Mozilla Foundation, the non-profit behind the Firefox web browser. Among many other things, he oversees the Firefox security team...and that team is about to get bigger. Much, much bigger.
...In a recent blog post, Eich calls for security researchers across the globe to regularly audit the Firefox source code and...ensure the same code is used to update the millions [of] machines that run the browser.
...The move is one more way that the giants of the web are responding to revelations that the National Security Agency is snooping on web traffic via popular services and software. ... Eich is worried that the feds could force Mozilla into adding a backdoor into its browser. MORE
Subscribe now to the Blogs Newsletter for a daily summary of the most recent and relevant blog posts at Computerworld.