Spy agencies around the world use radio signals to tap data from targeted systems
NSA's program, dubbed Quantum, surreptitiously taps data from 100,000 systems worldwide, according to New York Times report
Computerworld - Reports this week that the National Security Agency uses radio signals to collect data from tens of thousands of non-U.S. computers, some not connected to the Internet, is sure to fuel more acrimony towards the U.S. spy agency.
But observers note that the NSA is not the first of the world's spy agencies to use such technology to surreptitiously gather classified information from other countries.
For instance, intelligence personnel in the former Soviet Union used similar tactics to secretly gather information from electric typewriters at U.S. government offices in Moscow and Leningrad more than 30 years ago. And experts say it's a near certainty that the spy agencies of other advanced nations are doing the same thing today.
"Physical compromise of a target's technology is what we expect intelligence agencies to do," said John Pescatore, director of emerging technology at the SANS Institute and a former NSA security engineer.
"The Chinese have been doing it to the laptops and smartphones of foreign executives visiting China. Years ago the French did similar things in their country and I'm sure British intelligence has done the same thing," Pescatore said. "What the NSA is doing now is what all superpower intelligence agencies have done, are doing, and will do."
The New York Times reported Tuesday that documents leaked last year by former NSA contractor Edward Snowden disclosed that the NSA has embedded software and hardware "bugs" in some 100,000 targeted systems around the world. The "bugs" allow the NSA to collect information from the systems even when they are not connected to the Internet.
The technology, which has to be physically installed in most cases, has been available since at least 2008. It "relies on a covert channel of radio waves that can be transmitted from tiny circuit boards and USB cards inserted surreptitiously into the computers," according to the Times report. Data captured by the devices are sent to small briefcase-sized relay stations often set up miles away from the target system.
The software has apparently allowed the NSA to do an end-run around whatever cybersecurity controls are installed on the compromised systems.
The spy technology is said to be part of an intelligence operation, code-named Quantum, that mostly targets units of the Chinese Army, Russian military networks and systems used by drug cartels and police in Mexico. The program also targets European Union trade institutions, and government agencies in India, Pakistan and Saudi Arabia.
"They [bugs] are very impressive," said noted security researcher and cryptographer Bruce Schneier, CTO at Co3 Systems. "These hardware implants show that the NSA has been continuing its research and development since the Cold War, which is what we should expect."
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- HP HAVEn: See the big picture in Big Data HP HAVEn is the industry's first comprehensive, scalable, open, and secure platform for Big Data. Enterprises are drowning in a sea of data...
- What Datapipe customers need to know about the new PCI DSS 3.0 compliance standard This handy quick reference outlines what PCI DSS 3.0 is, who needs to be compliant and how Alert Logic solutions address the new...
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well...
- The New Way to Work Knowledge Vault This Knowledge Vault focuses on how, in today's increasingly virtual world, it's more important than ever to engage deeply with employees, suppliers, partners,... All Cyberwarfare White Papers | Webcasts