Spy agencies around the world use radio signals to tap data from targeted systems

NSA's program, dubbed Quantum, surreptitiously taps data from 100,000 systems worldwide, according to <i>New York Times</i> report

Reports this week that the National Security Agency uses radio signals to collect data from tens of thousands of non-U.S. computers, some not connected to the Internet, is sure to fuel more acrimony towards the U.S. spy agency.

But observers note that the NSA is not the first of the world's spy agencies to use such technology to surreptitiously gather classified information from other countries.

For instance, intelligence personnel in the former Soviet Union used similar tactics to secretly gather information from electric typewriters at U.S. government offices in Moscow and Leningrad more than 30 years ago. And experts say it's a near certainty that the spy agencies of other advanced nations are doing the same thing today.

"Physical compromise of a target's technology is what we expect intelligence agencies to do," said John Pescatore, director of emerging technology at the SANS Institute and a former NSA security engineer.

"The Chinese have been doing it to the laptops and smartphones of foreign executives visiting China. Years ago the French did similar things in their country and I'm sure British intelligence has done the same thing," Pescatore said. "What the NSA is doing now is what all superpower intelligence agencies have done, are doing, and will do."

The New York Times reported Tuesday that documents leaked last year by former NSA contractor Edward Snowden disclosed that the NSA has embedded software and hardware "bugs" in some 100,000 targeted systems around the world. The "bugs" allow the NSA to collect information from the systems even when they are not connected to the Internet.

The technology, which has to be physically installed in most cases, has been available since at least 2008. It "relies on a covert channel of radio waves that can be transmitted from tiny circuit boards and USB cards inserted surreptitiously into the computers," according to the Times report. Data captured by the devices are sent to small briefcase-sized relay stations often set up miles away from the target system.

The software has apparently allowed the NSA to do an end-run around whatever cybersecurity controls are installed on the compromised systems.

The spy technology is said to be part of an intelligence operation, code-named Quantum, that mostly targets units of the Chinese Army, Russian military networks and systems used by drug cartels and police in Mexico. The program also targets European Union trade institutions, and government agencies in India, Pakistan and Saudi Arabia.

"They [bugs] are very impressive," said noted security researcher and cryptographer Bruce Schneier, CTO at Co3 Systems. "These hardware implants show that the NSA has been continuing its research and development since the Cold War, which is what we should expect."

However, experts do note that the collection of information via radio frequency is not new.

In the mid-1980s, Soviet secret police planted electromechanical bugs in numerous electric typewriters at the U.S. embassy in Moscow and its consular office in Leningrad. Like the NSA implants described in the Times story, the Soviet bugs transmitted data using radio waves.

Declassified NSA documents describe how the bugged typewriters allowed the Soviets to access copies of routine memos and classified documents, oftentimes before U.S officials read them.

Between 1976 and 1984, the Soviets installed the bugs on 16 IBM Selectric typewriters. The bugs operated at 30, 60 or 90 Mhz range via radio frequency and were concealed in a metal bar, called the comb supporter, in the typewriters.

The Soviets upgraded the implants several times and eventually completed work on five generations, three that operated on DC power and two on AC power. The bugs could be installed in 30 minutes or less, could be switched on and off remotely and contained integrated circuits that were very advanced for the times, according to the NSA documents. Some had beacons that indicated when the electric typewriters were turned on or off.

The implants were designed to pick up the magnetic energy generated when a typewriter key was struck, convert it into digital electrical signals and transmit it via radio frequency to a nearby Soviet listening post. According to the NSA post-mortem, the bug marked the first time that data was captured in this fashion from a device that held plaintext information.

The discovery of the implants triggered an NSA response, codenamed GUNMAN, that eventually led to the replacement of more than 11 tons of equipment in the offices targeted by the Soviets. It also prompted sweeping changes in U.S. State Department security practices and an overhaul of the U.S. technology and techniques used to detect and respond to electronic threats.

"This was in the 1980s when electric typewriters were the PCs of the day," Pescatore said. "The NSA was also doing the same thing to the Soviets back then -- the Soviets were just better at the time."

Schneier added and the NSA "might have a larger budget than anyone else in the world, but they're not made of magic. These are the sorts of techniques that any well funded national intelligence agency would employ and -- as they get cheaper -- criminals will employ."

Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan, or subscribe to Jaikumar's RSS feed . His email address is jvijayan@computerworld.com.

Read more about cyberwarfare in Computerworld's Cyberwarfare Topic Center.

Join the CSO newsletter!

Error: Please check your email address.

Tags Government ITnew york timesNational Security AgencySANS Institutesecuritycyberwarfarensa

More about IBM AustraliaNational Security AgencyNSAQuantumSANS InstituteTopic

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Jaikumar Vijayan

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place