Compliance Management, Incident Response, Privacy, TDR

Leaks detail NSA’s arsenal for targeting disconnected computers

Snowden leaks detail the National Security Agency's ability to tap into “air gapped” computers, or machines that aren't connected to the internet or unsecured networks.

According to a Tuesday article in The New York Times, leaked government documents reveal an arsenal at NSA's disposal, which “relies on a covert channel of radio waves that can be transmitted from tiny circuit boards and USB cards inserted surreptitiously into the computers.”

Since at least 2008, the NSA technology has been used to spy on foreign targets, primarily units of the Chinese army, but also other groups of interest to the intelligence agency, like military targets in Russia, and trade institutions in Europe, the paper revealed.

Leaked documents showed no evidence that the NSA had bugged U.S. computers, or used its radio frequency technology to access the data of targets within the country.

“The radio frequency technology has helped solve one of the biggest problems facing American intelligence agencies for years: getting into computers that adversaries, and some American partners, have tried to make impervious to spying or cyber attack,” the Times article said.

The malware is often physically introduced to machines via devices implanted by spies, manufacturers, or “an unwitting user,” the paper revealed.

An unnamed U.S. official, speaking under condition of anonymity, told the Times that the NSA has implanted software on nearly 100,000 computers worldwide.

According to Snowden leaks, just one of the numerous devices used to target non-connected computers, includes hardware, dubbed “Cottonmouth I,” which looks like a “normal USB plug,” but actually contains a tiny transceiver for sending data to the NSA.

The intelligence agency's snooping technology is designed to communicate with a relay station, called “Nightstand,” small enough to fit into an oversize briefcase. 

On Monday, John Pirc, chief technology officer at information security research and advisory company NSS Labs, told that comparable exfiltration methods were used in the Stuxnet and Duqu attacks that targeted Iran's nuclear program.

“[Attackers] were able to do transmissions over Bluetooth, which gets you around air gapped networks," Pirc said.

He further explained that the advanced malware was introduced to Iranian facilities via a USB key inserted on target machines.

“Once the piece of malware is dumped onto an asset, it pretty much knows what to do, as far as what to start exploiting,” he said.

NSS Labs has begun its own research efforts to transfer data from devices using sound waves, which ventures closely towards NSA's radio frequency exploits.

"We are figuring out how to transfer data using... sound that is at such a frequency that it can't be picked up by the human ear," he said, later adding that "very sophisticated equipment" would be needed just to detect that exfiltration was occurring.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.