Save Money in this Sunday's paper

comments

NSA devises radio pathway into computers isolated from web

By David E. Sanger and Thom Shanker
New York Times

WASHINGTON The National Security Agency has implanted software in nearly 100,000 computers around the world that allows the U.S. to conduct surveillance on those machines and can also create a digital highway for launching cyberattacks.

While most of the software is inserted by gaining access to computer networks, the NSA has increasingly made use of a secret technology that enables it to enter and alter data in computers even if they are not connected to the Internet, according to NSA documents, computer experts and U.S. officials.

The technology, which the agency has used since at least 2008, relies on a covert channel of radio waves that can be transmitted from tiny circuit boards and USB cards inserted surreptitiously into the computers. In some cases, they are sent to a briefcase-size relay station that intelligence agencies can set up miles away from the target.

The radio frequency technology has helped solve one of the biggest problems facing U.S. intelligence agencies for years: getting into computers that adversaries, and some U.S. partners, have tried to make impervious to spying or cyberattack. In most cases, the radio frequency hardware must be physically inserted by a spy, a manufacturer or an unwitting user.

President Barack Obama announced Friday carefully calculated changes to surveillance policies on Friday, saying he would restrict the ability of intelligence agencies to gain access to telephone data, and would ultimately move that data out of the hands of the government. But Obama left in place significant elements of the broad surveillance net assembled by the NSA, and left the implementation of many of his changes up to Congress and the intelligence agencies themselves.

The NSA calls its radio frequency technology efforts more an act of “active defense” against foreign cyberattacks than a tool to go on the offensive. But when Chinese attackers place similar software on the computer systems of U.S. companies or government agencies, U.S. officials have protested, often at the presidential level.

Among the most frequent targets of the NSA and its Pentagon partner, U.S. Cyber Command, have been units of the Chinese army, which the U.S. has accused of launching regular digital probes and attacks on U.S. industrial and military targets, usually to steal secrets or intellectual property. But the program, code-named Quantum, has also been successful in inserting software into Russian military networks and systems used by the Mexican police and drug cartels, trade institutions inside the European Union, and sometime-partners against terrorism like Saudi Arabia, India and Pakistan, according to officials and an NSA map that indicates sites of what the agency calls “computer network exploitation.”

“What’s new here is the scale and the sophistication of the intelligence agency’s ability to get into computers and networks to which no one has ever had access before,” said James Andrew Lewis, the cybersecurity expert at the Center for Strategic and International Studies in Washington. “Some of these capabilities have been around for a while, but the combination of learning how to penetrate systems to insert software and learning how to do that using radio frequencies has given the U.S. a window it’s never had before.”

No domestic use seen

There is no evidence that the NSA has implanted its software or used its radio frequency technology inside the U.S. While refusing to comment on the scope of the Quantum program, the NSA said its actions were not comparable to China’s.

“NSA’s activities are focused and specifically deployed against – and only against – valid foreign intelligence targets in response to intelligence requirements,” Vanee Vines, an agency spokeswoman, said in a statement. “We do not use foreign intelligence capabilities to steal the trade secrets of foreign companies on behalf of – or give intelligence we collect to – U.S. companies to enhance their international competitiveness or increase their bottom line.”

Over the past two months, parts of the program have been disclosed in documents from the trove leaked by Edward Snowden, the former NSA contractor. A Dutch newspaper published the map of areas where the U.S. has inserted spy software, sometimes in cooperation with local authorities, often covertly. Der Spiegel, a German newsmagazine, published the NSA’s catalog of hardware products that can secretly transmit and receive digital signals from computers, a program called ANT. The New York Times withheld some of those details, at the request of U.S. intelligence officials, when it reported, in the summer of 2012, on U.S. cyberattacks on Iran.

An old technology

The NSA’s efforts to reach computers unconnected to a network have relied on a century-old technology updated for modern times: radio transmissions.

In a catalog produced by the agency that was part of the Snowden documents released in Europe, there are page after page of devices using technology that would have brought a smile to Q, James Bond’s technology supplier.

One, called Cottonmouth I, looks like a normal USB plug but has a tiny transceiver buried in it. According to the catalog, it transmits information swept from the computer “through a covert channel” that allows “data infiltration and exfiltration.” Another variant of the technology involves tiny circuit boards that can be inserted in a laptop computer – either in the field or when they are shipped from manufacturers – so that the computer is broadcasting to the NSA even while the computer’s user enjoys the false confidence that being walled off from the Internet constitutes real protection.

The relay station it communicates with, called Nightstand, fits in an oversize briefcase, and the system can attack a computer “from as far away as 8 miles under ideal environmental conditions.” It can also insert packets of data in milliseconds, meaning that a false message or piece of programming can outrace a real one to a target computer. Similar stations create a link between the target computers and the NSA, even if the machines are isolated from the Internet.

Computers are not the only targets. Dropoutjeep attacks iPhones. Other hardware and software are designed to infect large network servers, including those made by the Chinese.

Most of those code names and products are now at least five years old, and they have been updated, some experts say, to make the U.S. less dependent on physically getting hardware into adversaries’ computer systems.

The NSA refused to talk about the documents that contained these descriptions, even after they were published in Europe.

“Continuous and selective publication of specific techniques and tools used by NSA to pursue legitimate foreign intelligence targets is detrimental to the security of the United States and our allies,” Vines, the NSA spokeswoman, said.

Hide Comments

This affects comments on all stories.

Cancel OK

The Charlotte Observer welcomes your comments on news of the day. The more voices engaged in conversation, the better for us all, but do keep it civil. Please refrain from profanity, obscenity, spam, name-calling or attacking others for their views.

Have a news tip? You can send it to a local news editor; email local@charlotteobserver.com to send us your tip - or - consider joining the Public Insight Network and become a source for The Charlotte Observer.

  Read more



Hide Comments

This affects comments on all stories.

Cancel OK

The Charlotte Observer welcomes your comments on news of the day. The more voices engaged in conversation, the better for us all, but do keep it civil. Please refrain from profanity, obscenity, spam, name-calling or attacking others for their views.

Have a news tip? You can send it to a local news editor; email local@charlotteobserver.com to send us your tip - or - consider joining the Public Insight Network and become a source for The Charlotte Observer.

  Read more


Quick Job Search
Salary Databases
CharlotteObserver.com