NSA's 21st century hacking tool: radio waves

The intelligence agents known as “America’s codemakers and codebreakers” are so skilled these days they can hack into a computer physically disconnected from the internet. The New York Times on Tuesday reported the U.S. National Security Agency has installed software or hardware enabling it to monitor nearly 100,000 computers around the world. Some of the hardware works by intercepting computer data and beaming it out as radio signals, allowing the agency to collect information even if the computer is offline.

The radio signals are sent from circuit boards or USB ports secretly installed on the computers by agents or unwitting surveillance targets, The Times said. Once the signals are broadcast, U.S. agents can pick them up using transceivers hauled around inside briefcases. On a clear day, they need only be within 8 miles of a target to catch the signal.

The technology demonstrates how the NSA has taken a proactive approach to foreign surveillance efforts in a day when U.S. private and government networks are plagued by hacker attacks from abroad. Some of these attacks have been traced to foreign agents, including those associated with the Chinese military. Governments routinely deny such activities, however, and the United States has itself remained largely silent about its hacking capabilities.

Rather than relying exclusively on malicious code tucked inside emails or viruses and transmitted over internet cables, the radio hacking technology is a hybrid of hardware and software surveillance tools. To penetrate computers or computer networks disconnected from the internet, agents must physically plant a radio transceiver inside a foreign computer—or dupe a surveillance target into installing one himself, perhaps by connecting a rigged USB cable.

The technique is part of a classified cyberspying program officials call Quantum, details of which have been revealed in documents stolen by former NSA contractor Edward Snowden, The Times said. The U.S. government has used the program to target the Chinese and Russian militaries, drug networks in Mexico, trade groups in the European Union, and Middle Eastern states.

Hidden within a USB cable, a transceiver would broadcast computer data using a secret radio code deciphered by the portable NSA field stations. The field station can also work in reverse, beaming malware to the compromised computer, the report said.

“NSA’s activities are focused and specifically deployed against—and only against—valid foreign intelligence targets in response to intelligence requirements,” an agency spokeswoman told media outlets in a statement. “We do not use foreign intelligence capabilities to steal the trade secrets of foreign companies on behalf of—or give intelligence we collect to—U.S. companies to enhance their international competitiveness or increase their bottom line.”

The NSA spokeswoman added: “Continuous and selective publication of specific techniques and tools used by NSA to pursue legitimate foreign intelligence targets is detrimental to the security of the United States and our allies.” The agency would not say how widely Quantum has been used, but The Times noted it had no evidence the radio hacking technology has been used within the United States.

According to the newspaper, the United States has especially targeted China for surveillance. The Snowden documents say U.S. intelligence agents have set up two covert data centers in China in order to implant spy software on computers there. The spying goes both ways, as the Chinese have targeted U.S. government and private computer networks.

A presidential advisory panel appointed to review NSA practices has determined that some of the agency’s hacking initiatives have undermined trust in American-made technology. Last year the Snowden documents revealed the NSA has coerced private U.S. businesses to turn over encryption keys or to insert “back doors” into computer chips that could allow the agency to intercept emails and other information. The agency appears to have co-opted the development of industry encryption standards in order to provide itself the ability to hack into private computers.

Last month, the panel said the U.S. government should “not undermine efforts to create encryption standards,” or “subvert, undermine, weaken, or make vulnerable generally available commercial software.” President Barack Obama is expected to speak on Friday about the panel’s recommendations.

According to unnamed current and former administration officials quoted by The Times, Obama will accept some recommendations, but decline others—or leave them to Congress to decide. He is expected to rein in the NSA’s widespread collection of metadata from Americans’ phone calls, but will not end the practice entirely. He also will not require intelligence officials to obtain a judge’s stamp of approval for “national security letters,” official documents requiring U.S. businesses to hand over private data, the officials said.