
N.S.A. Devises Radio Pathway Into Computers - nealyoung
http://www.nytimes.com/2014/01/15/us/nsa-effort-pries-open-computers-not-connected-to-internet.html?partner=rss&emc=rss&smid=tw-nytimesworld
======
todayiamme
I do understand that it is now the status quo to disavow everything the NSA
is, but foreign intelligence gathering is their mission and releasing these
details simply doesn't help the cause of fixing the NSA's less savoury
incursions.

While arguably any foreign intelligence agency of note isn't going to be
caught off guard by these leaks, leaking these details does offer political
ammunition to the very people who stand to gain from the expansion of the
NSA's mission into civilian data gathering. It helps to make the case that the
leaks aren't such a good thing after all and are compromising the intelligence
gathering apparatus of the US of A. Add a bit of spin and you can quickly use
this to get back to business as usual and people will actually support them as
now it'll become a matter of identity instead of what it should be - a
surgical exploration of a cancer afflicting a nation state.

~~~
eru
What if the foreignerns don't want to spied up on? Or do they count for less?

~~~
IBM
What is the use of acting naive about foreign affairs, diplomacy, and
statecraft?

Are you really suggesting that your country's intelligence service doesn't
attempt to do the same?

~~~
lancewiggs
The USA has diplomatic relations with foreign countries based on trust. They
also trade with those foreign countries - and that international trade is what
makes the economy and our lifestyles work.

Targeting "all foreigners" destroys trust that foreigners have in the USA
system for trade and diplomacy, lowering the impact of the state on both.

~~~
snowwrestler
Comments like this make me think that maybe all the "acting naive about
foreign affairs, diplomacy, and statecraft" is not actually acting.

In the entire human history of diplomatic relations, nations have always
attempted to spy on one another. Diplomatic relations are not based on trust,
they are based on shared beliefs, interests, and goals.

~~~
baddox
> In the entire human history of diplomatic relations, nations have always
> attempted to spy on one another.

Yes, and it's all bad. I don't see what's naive, or even controversial, about
this.

~~~
ewoodrich
So the US shouldn't have spied on the Japanese consulate in the 40s to
anticipate the forthcoming declaration of war? Or intercepted German
transmissions to break the Enigma code?

~~~
Filligree
Both countries you were - anticipated to be - or actually at war with. That's
hardly the same thing as spying on allies.

------
PythonicAlpha
"We do not use foreign intelligence capabilities to steal the trade secrets of
foreign companies"

Nobody with an unspoiled mind and following the news last year will believe
this bullshit.

If there is anything, people all over the world (also in the US) should have
learned: Statements from people of some federal US organisations can not be
believed at all -- in many cases the complete opposite is true.

~~~
jjh42
The NSA lost all credibility for their claim not to be stealing for commercial
advantage when they were caught spying on Brazil's Petrobras (government owned
oil company). It is simply not credible to claim this spying was for the
prevention of terrorism.

------
vonnik
The only thing that's more disappointing than the NSA spying is the NYT
sitting on this scoop for more than a year, and letting Der Spiegel break it.
Only slightly less amazing is that Der Spiegel and Jacob Applebaum were
talking about this more than two weeks ago, and the NYT diddled until now.
Incredible.
[https://www.youtube.com/watch?v=vILAlhwUgIU](https://www.youtube.com/watch?v=vILAlhwUgIU)

~~~
supersystem
I'm more disappointed that very few on HN seemes to have been paying
attention.

~~~
vonnik
I agree. It was also really bad timing. No news organization should break
anything major between X-mas and New Years. People are offline...

------
danso
Given that the NSA's mission is to do surveillance against foreign targets
("There is no evidence that the N.S.A. has implanted its software or used its
radio frequency technology inside the United States.")...the techniques
described here actually seem to be in line of what you imagine the NSA is
_supposed_ to be doing. At least it's surveillance that requires them to have
a physical targeted presence, rather than just drinking from the
telecommunications firehose.

------
staunch
This sounds like a non-issue to me. Any person on this site could create
little USB devices for stealing data. It's nothing special or new. I thought I
was going to hear that they're light years beyond Tempest[1] or something.
Feels good to finally hear an NSA story that doesn't depress me.

1\.
[http://en.wikipedia.org/wiki/Tempest_(codename)](http://en.wikipedia.org/wiki/Tempest_\(codename\))

~~~
conductor
It can be inserted by a manufacturer, as mentioned in the article.

A little chip (inside the motherboard/CPU/hard disk/graphic card) with a radio
module that can receive radio signals and write the received data directly
into hard disk and/or RAM or read bytes from the hard disk and/or RAM and/or
graphic card and transmit it back.

~~~
lancewiggs
I imagine the widgets transmit and receive over multiple spectrums, bouncing
the spectrum around as they do.

I wonder if technology now can tweak and coordinate the multiple existing
radios (Wifi, bluetooth, GSM/CDMA/3G/4G etc) on phones and computers to
deliver the same result.

Is that possible? Would that require changes in silicon or could it be done
with baseband software changes or even above that? I have no idea frankly.

~~~
nitrogen
_I imagine the widgets transmit and receive over multiple spectrums_

I seem to recall a strong opposition by the government to the development of
consumer ultra-wideband radios. I wonder if this was part of the reason.
Either way, it looks like some applications of UWB are available now, though,
such as wireless HDMI.

------
rl3
"In most cases, the radio frequency hardware must be physically inserted by a
spy, a _manufacturer_ or an unwitting user." [emphasis added]

~~~
wmf
US manufacturers sold pre-bugged equipment to the eastern bloc during the cold
war, so why not now?

~~~
VladRussian2
Today it is just a well publicly known feature of modern Intel CPU (officially
it is stated to be disabled on some CPUs :)

[http://www.realvnc.com/products/viewerplus/](http://www.realvnc.com/products/viewerplus/)

"Computers with particular Intel® Core™ vPro™ processors enjoy the benefit of
a VNC-compatible Server embedded directly onto the chip, enabling permanent
remote access and control. A RealVNC collaboration with Intel's ground-
breaking hardware has produced VNC Viewer Plus, able to connect even if the
computer is powered off, or has no functioning operating system."

~~~
nl
_well publicly known feature_

I sure didn't know about it, and wish I did. I'd love to be able to use it!

Is there any easy way to make this work (and to check if your computer
supports it)?

~~~
simcop2387
This has some more info, no idea how much it applies to current tech.

[http://blog.michael.kuron-germany.de/2011/10/using-intel-
amt...](http://blog.michael.kuron-germany.de/2011/10/using-intel-amts-vnc-
server/)

EDIT: and some more current stats

[http://software.intel.com/en-us/blogs/2012/04/23/intelr-
vpro...](http://software.intel.com/en-us/blogs/2012/04/23/intelr-vpro-
technology-release-80-processor-requirements)

------
vxxzy
Transmit as far as "EIGHT Miles". Does anyone know what type of power this
would take? I imagine if they used a less noisy frequency combined with
sensitive receiving equipment, it would not take much. I used to play with CB
radios which has a cap at 4W, with a good antenna, one could transmit 7+ miles
in good situations.

~~~
mparlane
Could it be via powerlines?

edit: I know the article mentions wireless, but it might not be true after all

~~~
plorg
I suppose it's possible, but if I were the NSA I wouldn't bet on getting a
signal past the neighborhood distribution transformer. There's often enough
disturbance on a building-wide circuit to cause problems with powerline
networking. Your 42" LCD TV probably has enough power-conditioning circuitry
to interfere with network signals.

------
beloch
Well, I suppose it's time for the tin-foil-hat crowd to turn their computer
cases into a Faraday cages then! Of course, these NSA gizmos might plug into
ground and detect radio-induced current fluctuations. Given how many computer
cases are metal, this might be the obvious way to go actually. So... Faraday
cage and a really expensive ground conditioner?

------
codex
This is another example of how Snowden has compromised national security by
leaking secret information that has nothing to do with American metadata and
everything to do with the NSA's charter and legal mission.

~~~
samstave
Any thought that the NSA is adding to our national security is a delusion.

How about a shift in your thinking: Instead f "securing" ourselves through
trillions in weapons and intel BS - why not work toward creating a better
world through better systems and people?

How many Norwegian terrorists have there been?

Fuck the NSA.

~~~
PythonicAlpha
>Any thought that the NSA is adding to our national security is a delusion.

Adding more security will make our life less and less secure. Anybody who
believes, such things will stop terrorism, is just dreaming.

------
Theodores
Sounds like an update to The Thing:

[http://en.wikipedia.org/wiki/Thing_(listening_device)](http://en.wikipedia.org/wiki/Thing_\(listening_device\))

------
xanth
So now one needs to run BSD, air gaped and in a Faraday cage to be 'secure'...
So now what does one do with it

~~~
dijit
every day the movie 'Enemy of the State' looks more believable.

------
__pThrow
I have to admit I was disappointed these seem to require radio transmitters be
added to the device. Was sort of hoping to discover there were little antennas
built into Intel processors or nvidia video cards.

However, I now know more about what DARPA's littlest flying robots will be
doing, especially the ones already described as little more than chips with
wings.

------
f_salmon
> Richard A. Clarke, an official in the Clinton and Bush administrations who
> served as one of the five members of the advisory panel, explained the
> group’s reasoning in an email last week, saying that “it is more important
> that we defend ourselves than that we attack others.”

Pretty frightening that such things apparently still need to be said.

------
NKCSS
I remember an article on here a while back of a well known security or
cryptology researcher that had a machine get re-infected by unknown malware
time and time again without a network connection, who also observed radio
waves and thought that was the iv...

~~~
igravious
Was it this?

[https://news.ycombinator.com/item?id=6646936](https://news.ycombinator.com/item?id=6646936)

"Mysterious Mac and PC malware that jumps airgaps?"

~~~
NKCSS
Yup, thanks!

~~~
igravious
I remember coming to the conclusion at the time that the security researcher
must be kind of going nuts or something; doesn't seem quite so nuts now.
Surely a professional would spot a rogue chip or device though?

------
lazyjones
So, any chances of finding such a device out in the wild? Suggestions for
detecting the most likely used type of radio transmissions? How can they
transmit over 5Km with USB power and no antenna?

~~~
XorNot
Under the right conditions you can send radio messages around the world on as
little as 5 watts.

You gotta remember that there's two sides to any radio system: the transmitter
and the receiver, and both determine what you can do. After all, with the
right antenna on one side, you can use wi-fi over a distance of miles.

------
oceanplexian
> The technology, which has been used by the agency since at least 2008,
> relies on a covert channel of radio waves that can be transmitted from tiny
> circuit boards and USB cards

Obviously if someone has physical access to a machine it can be compromised.
Replace "USB Cards" with "USB WiFi stick" and you've achieved the same thing.

This is just FUD. Machines that are air-gapped from the Internet with tight
physical security are as secure as ever.

~~~
falcolas
It seems to me you missed the "can be inserted by the manufacturer" portion of
the article. Doesn't require physical access, just that they purchase a
compromised machine.

~~~
acousticcoupler
Also secured facilities generally monitor for things like unauthorized WiFi
access points and clients.

~~~
nitrogen
Did the article say these devices use WiFi, or do they use something else?

~~~
falcolas
They discuss range measured in miles, so I don't think wifi would fit the
bill.

------
higherpurpose
This article feels like NSA bait to me. It's like NYT is trying to make NSA
look good.

------
ShirtlessRod
My favorite part:

"The technology, which the agency has used since at least 2008, relies on a
covert channel of radio waves that can be transmitted from tiny circuit boards
and USB cards inserted surreptitiously into the computers."

Oh, so they only need physical access to the machine, and then they can do
stuff to it? It's like magic!

------
snambi
very good use of tax payer money!

------
zerny
badBIOS and now this. Sigh.

------
notastartup
oh man when does this stop? these guys are clearly breaking the law all in the
name of "keeping us safe from terrorists". This needs to be stopped. All the
perpetrators of this program must be brought to justice with a court that
adheres to the principals of democracy and freedom.

