NSA’s Revealed Surveillance State: Hacking Keyboards, USB Drives, Firmware, Monitors and More
Article submitted by guest contributor Ezra Van Auken.
What’s been said so far about the National Security Agency (NSA) is certainly frightening to privacy and civil libertarian advocates; but with the newest revelations of them all, it’s clear that more of the revealing leaks have only arrived. Whether the leaks are a positive or negative move by whistleblower Edward Snowden is debatable, but the fact remains that what Snowden did has changed the landscape of government discussion.
Digging right in, computer hackers and gurus converged on Brazil for the 2013 Chaos Communication Conference (CCC), the thirtieth year in a row the event has taken place. Of course though, this year around, government spying revelations have hit tech junkies and privacy backers like a ton of bricks. Featured at the CCC event were speakers well known to the current tech community such as Jacob Applebaum and Julian Assange.
Given the current government surveillance debate, Applebaum and Assage were pretty much expected, considering both have dealt heavily with intrusive spying. During the event, Assange video-chatted into the Brazilian conference and offered solution, telling hackers and computer gurus to fight against state-sanctioned surveillance. What Applebaum had to offer though, is what brought down the house for listeners.
Just moments before Applebaum’s CCC speech, Germany’s newspaper Der Spiegel dropped new revelations – probably the most revealing yet – showing the NSA’s vast backdoor access into systems worldwide. Applebaum, member of the Tor project, which is an Internet web browser dedicated to increasing anonymity, decided to gear his speech around the latest revelations. What came during Applebaum’s hour-long speech turned wake-up call, shook the room and YouTube views.
To begin, Applebaum revealed a handful of programs, tools and backdoor hacks, which the NSA uses to monitor people’s systems and data. Let’s take a detailed look into each.
The first newly leaked NSA component called “RAGEMASTER” is a hardware implant that detects and seizes image signals from VGA monitors. The implant itself is hidden in the ferrite insulation of the monitor cable, behind the plug. What is even more mind numbing is the way it works.
When RAGEMASTER is illuminated by the radar unit, the signal is inflected with the red video information. As explained on the released slide, “This information is re-radiated, where it is picked up at the radar, demodulated, and passed onto the processing unit and an external monitor,” which then recreates the horizontal and vertical sync of the monitor, giving NSA personnel the ability to see exactly what’s on the monitor.
Now that we’ve learned how the NSA is able to view exactly what is on your monitor, let’s take a look at “SURLYSPAWN”. This particular hack allows NSA personnel to record and analyze keystrokes, even when the computer isn’t connected to the Internet. SURLYSPAWN is a hardware implant as well, and assists in the transmitting of what a user is typing. The slide noted that “An invisible signal emitted by the implant is modified by every keystroke, and then a radar signal emitted by a device located outside the building makes the implant’s invisible signal visible.”
Once the signal is visible, personnel around the target can see everything being stroked on the keyboard. Using similar processes as RAGEMASTER, the SURLYSPAWN hack requires the implant onto a keyboard.
Then there’s “COTTONMOUTH”: another hardware implant inserted into a USB drive. It is disguised as either a keyboard’s USB plug or a USB extension cord that can be connected between a device and the intended computer. Its role is either to intercept communications or to interject Trojans, while also being able to respond to other already-implanted COTTONMOUTH implants. COTTONMOUTH can monitor the network as well as command the computer and network.
Switching over to the computer in its entirety, “GINSU” is a software hack, which allows other NSA hardware and software programs like BULLDOZER and KONGUR to maintain its stay in the system. When installed, GINSU can catch system reboots and upgrades, so that when the upgrade or reboot takes place, the software is restored to the system. Leaving the target entirely infected, rebooted or not.
And don’t think your wireless LAN is free from constraint. Der Spiegel explains, “The NSA’s ANT division also develops methods for gaining access to wireless LAN networks from the outside, allowing them to tap into these networks and plant their own software on them.” This brings us to the NSA’s “NIGHTSTAND”, which can remotely insert data packets into various Windows systems. The list includes insertions of malware into the wireless networks’ traffic. NIGHTSTAND’s process is mobile and works up to 8 miles.
Some of the targets that NIGHTSTAND can successfully exploit include Win2k, WinXP and WinXPS1P2 running IE, and the packet injection can go after either one target or multiple targets, remaining undetectable by users. Overall, the NIGHTSTAND packet injection would be used during situations when the intended target has no access to a wired connection.
Unfortunately for the privacy advocates and opponents to the surveillance state, Der Spiegel, its journalists involved and Applebaum didn’t stop here. Other NSA backdoors include phone software/hardware hacks, which allow the remote ability to control the hotmic, camera, voicemail details and other areas in the mobile phone. In addition, it’s been revealed that the NSA’s personnel have successfully exploited larger server systems and firewalls with programs such as IRONCHEF and JETPLOW. At the same time of hype however, those concerned with state spying are only confirming their previously unsure speculation. From reading a user’s monitor, to keyboard stroke detection, to hacking wireless LANs, your footsteps on the Internet are being constantly preserved and stored by the watchers: the NSA. In the end, as government spying grows, it’ll be left up to the market of hackers, computer gurus and other specialists to block, exploit and encrypt around the NSA’s prying eyes, which even now seems like a stretch.