Today comes a story about a talk that privacy advocate Jacob Appelbaum gave at a conference where he says that the NSA has the ability to tap into everyone’s iPhones.
Independent journalist and security expert Jacob Appelbaum on Monday told a hacker conference in Germany that theNSA could turn iPhones into eavesdropping tools and use radar wave devices to harvest electronic information from computers, even if they weren’t online.
Appelbaum told hundreds of computer experts gathered at Hamburg’s Chaos Communications Conference that his revelations about the NSA’s capabilities “are even worse than your worst nightmares.”
“What I am going to show you today is wrist-slittingly depressing,” he said.
Even though in the past six months there have been an unprecedented level of public scrutiny of the NSA and its methods, Appelbaum’s claims — supported by what appeared to be internal NSA slideshows — still caused a stir.
One of the slides described how the NSA can plant malicious software onto Apple Inc.’s iPhone, giving American intelligence agents the ability to turn the popular smartphone into a pocket-sized spy.
…One of the slides described how the NSA can plant malicious software onto Apple Inc.’s iPhone, giving American intelligence agents the ability to turn the popular smartphone into a pocket-sized spy.
Another slide showcased a futuristic-sounding device described as a “portable continuous wave generator,” a remote-controlled device which — when paired with tiny electronic implants — can bounce invisible waves of energy off keyboards and monitors to see what is being typed, even if the target device isn’t connected to the Internet.
A third slide showcased a piece of equipment called NIGHTSTAND, which can tamper with wireless Internet connections from up to 8 miles (13 kilometers) away.
Apple has said that it is unaware of this backdoor entry into its systems but one has to be skeptical of the claims of innocence by these big technology companies that depend a lot on having a close and cordial relationship with the government.
This comes just a couple of days after Der Spiegel issued another Snowden-based revelation by Appelbaum. Laura Poitras, Marcel Rosenbach, Christian Stöcker, Jörg Schindler and Holger Stark about NSA’s hacking unit called TAO for Tailored Access Operations that goes into action when all the other methods of spying fail in their attempts to gain access. Again, the goal is to gather as much data as possible on everyone, not on selected targets.
According to internal NSA documents viewed by SPIEGEL, these on-call digital plumbers are involved in many sensitive operations conducted by American intelligence agencies. TAO’s area of operations ranges from counterterrorism to cyber attacks to traditional espionage. The documents reveal just how diversified the tools at TAO’s disposal have become — and also how it exploits the technical weaknesses of the IT industry, from Microsoft to Cisco and Huawei, to carry out its discreet and efficient attacks.
…Indeed, TAO specialists have directly accessed the protected networks of democratically elected leaders of countries. They infiltrated networks of European telecommunications companies and gained access to and read mails sent over Blackberry’s BES email servers, which until then were believed to be securely encrypted. Achieving this last goal required a “sustained TAO operation,” one document states.
Again, we should be skeptical of denials by these companies that they were complicit in these NSA operations.
TAO also does individualized targeting.
Take, for example, when they intercept shipping deliveries. If a target person, agency or company orders a new computer or related accessories, for example, TAO can divert the shipping delivery to its own secret workshops. The NSA calls this method interdiction. At these so-called “load stations,” agents carefully open the package in order to load malware onto the electronics, or even install hardware components that can provide backdoor access for the intelligence agencies. All subsequent steps can then be conducted from the comfort of a remote computer.
These minor disruptions in the parcel shipping business rank among the “most productive operations” conducted by the NSA hackers, one top secret document relates in enthusiastic terms. This method, the presentation continues, allows TAO to obtain access to networks “around the world.”
Does anyone seriously still think that all this is just to counter the efforts of groups of low-budget malcontents with primitive technology? What we are seeing is the attempt by elements within the US government for full-spectrum dominance over the entire world. All of us are just ciphers, with no more privacy or rights than the rats who are the subjects of behavioral research in laboratories, to be manipulated at will.
Those who claim that if we have nothing to hide, we have nothing to be afraid of are like the rats who are satisfied to be given a bit of cheese if they behave well.
And as can be seen by what happened to Qwest CEO Joseph Naccio, standing up to the NSA can result in spurious charges resulting in serious prison time.
I also wonder what “tech support” at CISCO and Juniper know. When bios’ are being reflashed, don’t tell me that doesn’t cause bugs down the line that resulted hardware replacement and tech’s wondering why the firmware seems corrupted.
…but one has to be skeptical of the claims of innocence by these big technology companies that depend a lot on having a close and cordial relationship with the government.
Also, isn’t it the case that when the state security agents make these requests, they aren’t allowed to tell other people about it?
Yes, if they are served with a National Security Letter, which is likely the case.
Going by the lack of outrage in the US, it is safe to say that we have turned into a nation of cheese loving rodents. Meanwhile, our know-nothing, do-nothing elected representatives are busy cutting the cheese.
Next step: Department of PreCrime modeled after Minority Report.
Can’t find anymore details about the continuous wave generator. Everywhere it’s the same sketchy description. eg are they bouncing waves from my monitor to my keyboard and beyond into the room?
@5
It sounds similar to the purported Tempest program in the 1990s which could allegedly read the magnetic fluctuations of CRT monitor from outside a building.
There’s nothing “purported” about tempest, and it goes back to the 60s. Some of the less interesting documents were declassified in 1995, but no one really know how advanced the technology is now. There’s also nothing “alleged” about remotely monitoring a CRT:
In 1985, Wim van Eck published the first unclassified technical analysis of the security risks of emanations from computer monitors. This paper caused some consternation in the security community, which had previously believed that such monitoring was a highly sophisticated attack available only to governments; van Eck successfully eavesdropped on a real system, at a range of hundreds of metres, using just $15 worth of equipment plus a television set.
linkfail: https://en.wikipedia.org/wiki/Tempest_(codename)
My guess is the NSA guys never read 1984…or did and thought it was a comedy.
They thought it was a planning document.
Jacob’s talk is here:
http://m.youtube.com/watch?v=b0w36GAyZIA
This is important stuff. Watch it.
Minor nit: TEMPEST was the defensive program against an as-yet unnamed offense. So if your system was TEMPEST modded that meant it was designed to resist monitoring.
The big glass building at Ft Meade is called OPS2 and the glass exterior is shock-mounted off the actual walls (may be pressurized) to prevent laser-bounce eavesdropping, and the building itself is basically a faraday cage under the glass. Back in 1990 I went to a meeting there and (not knowing better) had my laptop in my briefcase. I was visiting with an Important Someone so we were not adequately searched. When I got out and was jn the parking lot and pulled open my bag for some reason, someone saw my laptop and there was considerable whispered freakage. NSA remains a bizzare mix of dangerous but incompetent -- typical 3rd world secret police, really. That’s good news. That and that they are physical cowards and will spill everything if you even threaten a waterboarding session.
Those who claim that if we have nothing to hide, we have nothing to be afraid of
Oddly, they feel they have a lot to hide. What are they afraid of?
If what NSA was aboveboard and legal, they’d be doing it openly, amirite? Checkmate, totalitarians.
Re #7
Now that CRTs are being replaced by LCDs that put out little if any radiation, what are they doing to replace TEMPEST?
So SLC is too stupid to read the link or even the rest of the comment thread. Unsurprising.
People who say they have nothing to hide should be asked if they also support mandated networked cameras in every bathroom and restroom in the country. When they say no of ccourse not, ask them what they have to hide. If they say yes, ignore them completely, they are trolling.
I’m going to stay skeptical about the “nightstand” thing but it makes me want to look at a computer in different spectrums. Not discounting it, I’d just like more info to base an opinion on.
On the other hand, the idea that malware on phones could do things people don’t like… Well yes, that’s pretty simple. Of course it can. The limitations there would have more to do with the hardware than anything else. To some degree it would depend on what sort of phone it was. A smartphone will have storage, a camera and a microphone. Which most of the time are going to record your pocket but there are ways around that and means of filtering to only get useful information. I can think of several just off the top of my head.
And speaking of hardware, TAO is a ridiculously stupid idea. Once you start down that road there’s nothing stopping anyone else from copying you and there’s no reason anyone should trust stuff from you either. Just like foreign companies now know not to trust cloud computing resources from American companies, now they’ll know the hardware isn’t to be trusted either.
Good to know the so-called intelligence industry is capable of smart action and mindful of negative consequences for the US. Go team!
The “portable continuous wave generator” doesn’t worry me as much, because you’re obviously going to be using that to target a particular individual. Which is not to say that this power isn’t abused, but in that case the problem is a lack of oversight, rather than the tool.
Technologies that enable routine surveillance of civilians worry me; policies that do not provide for sufficient oversight of who is targeted for surveillance worry me — but technologies that improve the ability to monitor targeted individuals? Meh.
“Backdoor” is a fairly specific term in IT security -- it implies the deliberate creation of a hidden means to bypass normal security features. What they seem to be talking about here is “spyware”, which does not normally rely on (vendor-provided) “backdoors” per se. The Windows ecosystem is rife with spyware, but nobody imagines that Microsoft are working with the Russian mafia to provide them with backdoor access -- they normally just rely on various (mostly social engineering) tricks to entice unsuspecting users into installing compromised software, or exploiting actual vulnerabilities, in either the OS or other software installed on the system.
So actually, all Apple are denying is having done one very specific thing, which you wouldn’t really have expected them to do anyway. Of course, there’s also the possibility that there are as-yet-unknown backdoors in the underlying cryptographic standards. (Which wouldn’t surprise me at all, as we know they’ve done it before.)
… a “portable continuous wave generator,” a remote-controlled device which — when paired with tiny electronic implants — can bounce invisible waves of energy off keyboards and monitors to see what is being typed…
Does this mean they actually have to plant hardware on targeted systems? How coarse & 20th-century!
Yet by inserting circuitry onto individual keyboards, they [@*%&^$+~¿!!] reveal themselves as the most brilliant minds on the planet, such that agency budgets & staff salaries should be doubled every year, indefinitely [/@*%&^$+~¿!!] could really stir up some mischief.