NSA can spy on computers via radio, Snowden leaks show

Snowden fallout continues, as news organizations use leaks to probe how the NSA is breaking into computers not linked to the Internet and, mistakenly, believed to be not open to attack.

|
AP/File
This file photo shows the building housing Unit 61398 of the People’s Liberation Army on the outskirts of Shanghai. The facility, which many experts say is a key cog in Chinese computer hacking, has been targeted by the NSA's 'Quantum' program, the New York Times reports.

The National Security Agency can spy on computers that aren’t physically connected to the Internet. That’s a takeaway from a big New York Times story Wednesday on NSA technical capabilities.

How? One method is to use small radio transceivers concealed within otherwise normal-looking USB plugs. These spy plugs (code name: “Cottonmouth I”) can sweep through an affected machine and broadcast stolen information to hidden relay stations up to eight miles away.

A relative of this program involves tiny circuit boards physically inserted into computers, either at the factory or via clandestine methods on-site. They allow the NSA to connect to computers which users believe to be safely insulated from Internet-based hacker attacks.

All told, the US has implanted spy software in some 100,000 computers around the world, according to David Sanger and Thom Shanker of the Times, under the overall auspices of a program named “Quantum." (Yes, a 2008 James Bond movie was called “Quantum of Solace," but that’s apparently a coincidence.) Iran has been a target, as well as Russian military networks, drug cartels, and European Union trade institutions. But the biggest focus of US interest here is China, particularly Chinese cyberwar capabilities.

“The United States has targeted Unit 61398, the Shanghai-based Chinese Army unit believed to be responsible for many of the biggest cyberattacks on the United States, in an effort to see attacks being prepared,” write Messrs. Sanger and Shanker.

Parts of this story have previously appeared elsewhere. The German news magazine Der Spiegel has published a list of NSA products that included “Cottonmouth," for instance. A Danish paper has printed a map showing where Quantum incursions occurred.

These pieces all appear based on documents provided by NSA leaker Edward Snowden, though the Times supplemented its story with extensive further reporting. In fact, the Times may have had the gist of these revelations for some time: The paper notes that, at the request of US intelligence officials, it previously withheld some details of the foreign infiltration program when writing about clandestine US efforts to derail Iran’s nuclear program in 2012.

That history shows how much publication standards have changed, writes Harvard Law School professor Jack Goldsmith at the Lawfare national security legal blog.

Wednesday’s revelations don’t deal with the privacy of US citizens, he notes. The infiltration program appears to deal exclusively with surveillance of foreign systems and intelligence – precisely the sort of thing the NSA is supposed to do. Quantum does not appear to push against any sort of NSA legal limits.

In 2012, the Times agreed not to talk about the program. In 2014, it went ahead. The big difference may be the environment created by Mr. Snowden in which all of the NSA’s activities appear to be fair game for public discussion.

“The particularly bad news for the NSA is that the NYT is more discreet than foreign journalistic outlets,” writes Mr. Goldsmith.

Goldsmith adds that US intrusion of foreign networks appears to be similar to the sorts of things the US complains that China is doing. This obvious hypocrisy isn’t going to help the US in its efforts to get Beijing to rein in Chinese cyber units.

The US doesn’t use NSA capabilities to steal trade secrets in the name of bettering the bottom line of particular US firms, an NSA spokesman told the Times for Wednesday’s story. But China considers economic secrets a legitimate intelligence target and may not be swayed by this argument, given that US diplomats routinely pressure other countries to do things – such as buy US aircraft – that benefit specific national firms.

“It’s all cheating in the name of national strength. If it’s acceptable for us to do it, we really can’t perform moral outrage that our rivals are doing it,” writes surveillance and intelligence expert Marcy Wheeler on her "emptywheel" blog.

Against this background, President Obama on Friday is expected to announce some tightening in the way the NSA handles millions of US phone records,  among other things. He’s also expected to outline some broader oversight procedures for the process which determines which foreign leaders become NSA targets.

The speech caps a months-long review of NSA activities by a White House panel of outside experts appointed in response to Snowden’s revelations.

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.

QR Code to NSA can spy on computers via radio, Snowden leaks show
Read this article in
https://www.csmonitor.com/USA/Politics/DC-Decoder/2014/0115/NSA-can-spy-on-computers-via-radio-Snowden-leaks-show
QR Code to Subscription page
Start your subscription today
https://www.csmonitor.com/subscribe