Wednesday, January 15, 2014

How the NSA bugs computers

The New York Times has a useful story, already reported months ago in European news outlets, about how the NSA inserts malware and monitoring software into target computers.
The National Security Agency has implanted software in nearly 100,000 computers around the world that allows the United States to conduct surveillance on those machines and can also create a digital highway for launching cyberattacks.
While most of the software is inserted by gaining access to computer networks, the N.S.A. has increasingly made use of a secret technology that enables it to enter and alter data in computers even if they are not connected to the Internet, according to N.S.A. documents, computer experts and American officials.
The technology, which the agency has used since at least 2008, relies on a covert channel of radio waves that can be transmitted from tiny circuit boards and USB cards inserted surreptitiously into the computers. In some cases, they are sent to a briefcase-size relay station that intelligence agencies can set up miles away from the target.
These cyberspying techniques have already been revealed in German and Dutch newspapers.
Over the past two months, parts of the program have been disclosed in documents from the trove leaked by Edward J. Snowden, the former N.S.A. contractor. A Dutch newspaper published the map of areas where the United States has inserted spy software, sometimes in cooperation with local authorities, often covertly. Der Spiegel, a German newsmagazine, published the N.S.A.'s catalog of hardware products that can secretly transmit and receive digital signals from computers, a program called ANT. The New York Times withheld some of those details, at the request of American intelligence officials, when it reported, in the summer of 2012, on American cyberattacks on Iran.
These cyberspying techniques have largely been focused on China.
 Documents obtained by Mr. Snowden indicate that the United States has set up two data centers in China — perhaps through front companies — from which it can insert malware into computers. When the Chinese place surveillance software on American computer systems — and they have, on systems like those at the Pentagon and at The Times — the United States usually regards it as a potentially hostile act, a possible prelude to an attack. Mr. Obama laid out America’s complaints about those practices to President Xi Jinping of China in a long session at a summit meeting in California last June.
And of course, Iran. Now we know how Stuxnet was implanted in Iranian machines, leading to the destruction of Iranian centrifuges involved in nuclear production.
But the Iranians and others discovered some of those techniques years ago. The hardware in the N.S.A.'s catalog was crucial in the cyberattacks on Iran’s nuclear facilities, code-named Olympic Games, that began around 2008 and proceeded through the summer of 2010, when a technical error revealed the attack software, later called Stuxnet. That was the first major test of the technology.
One feature of the Stuxnet attack was that the technology the United States slipped into Iran’s nuclear enrichment plant at Natanz was able to map how it operated, then “phone home” the details. Later, that equipment was used to insert malware that blew up nearly 1,000 centrifuges, and temporarily set back Iran’s program.
But the Stuxnet strike does not appear to be the last time the technology was used in Iran. In 2012, a unit of the Islamic Revolutionary Guards Corps moved a rock near the country’s underground Fordo nuclear enrichment plant. The rock exploded and spewed broken circuit boards that the Iranian news media described as “the remains of a device capable of intercepting data from computers at the plant.” The origins of that device have never been determined.
On Sunday, according to the semiofficial Fars news agency, Iran’s Oil Ministry issued another warning about possible cyberattacks, describing a series of defenses it was erecting — and making no mention of what are suspected of being its own attacks on Saudi Arabia’s largest oil producer.

No comments:

Post a Comment