So it turns out that the NSA has weaponized radio waves in its effort to hack into computers that are isolated from the web.
Everyone’s been looking in the wrong place, the NSA’s got their own personnel Bigfoot. From a computer security perspective, the most important detail in a report by David E. Sanger and Thom Shanker of The New York Times on the NSA exploiting nearly 100,000 computers around the world is that some of those computers communicate with the Agency despite not being connected to the Internet.
While most of these computers were infected through networked attacks, some were reached physically through thumb drive transmission (by spies or unwitting accomplices) or intercepted hardware.
Once the NSA breached these computers, it was able to spy on them and transmit malware through radio waves.
Reaching non-networked computers in the first place is called “jumping the air gap.” Continuing to interact with these computers through acoustics takes that feat to a new level.
The Times breaks down one of the programs:
One, called Cottonmouth I, looks like a normal USB plug but has a tiny transceiver buried in it. According to the catalog, it transmits information swept from the computer “through a covert channel” that allows “data infiltration and exfiltration.” Another variant of the technology involves tiny circuit boards that can be inserted in a laptop computer — either in the field or when they are shipped from manufacturers — so that the computer is broadcasting to the N.S.A. even while the computer’s user enjoys the false confidence that being walled off from the Internet constitutes real protection.
Infected computers then communicate with a “relay station,” according to the Times, which the NSA calls a “Nightstand.” This gives new meaning to the idea that part of the American/Israeli Stuxnet attack on Iranian nuclear facilities was to “phone home” to intelligence agencies.
As impressive as this technology is, it may not even be the state of the art for the NSA.
The Times report was based on up to 7-year-old leaks, after all, and it mentions that the NSA is making progress in using acoustic hacking to target computers that it never accessed physically:
[Those systems] have been updated, some experts say, to make the United States less dependent on physically getting hardware into adversaries’ computer systems.
To be able to hack into a computer without first getting any physical access to it would be a world-changing leap.
Just last year, Arstechnica published a story about a security consultant named Dragos Ruiu who claimed his computer was infected with malware that enabled auditory transfer of information packets, despite not ever being connected to the Internet.
He postulated that the malware took over the BIOS firmware on his computer. Detractors said it wasn’t possible due to the size and specificity required for such a piece of malware. Furthermore, computer microphones typically aren’t designed to “hear” and “play” super high frequency sounds.
Ruiu was pretty certain, though, that his speakers were transferring packets of information, especially when disabling the speakers and microphone stopped the transfer.
Dan Goodin at Arstechnica called Ruiu’s malware “the advanced persistent threat equivalent of a Bigfoot sighting.”
Now there’s more reason to believe that Ruiu was right, and his experience may suggest that this technology goes beyond the NSA.
Bigfoot is more common than everybody thought, and at 100,000 target machines infected (mostly in Russian and Chinese military and Latin American drug cartels), the NSA is at the forefront of this strange new world.