NSA hardware snoop
January 15, 2014DW: News reports say that the NSA is using a special technique in order to spy on about 100,000 computers outside the US - even if they're offline. How is that possible?
Martin Holland: According to reports, they're using special implants placed on the computer components. With the help of the implants, they can conduct surveillance on those machines. The NSA sends signals to the implants, and can then find out what was done on the computer by what's reflected back from the device.
What's the purpose of installing such software worldwide? And which countries do you think are most affected?
The NSA is saying that it wants to protect the US from cyber attacks, that they're mainly targeting hackers. But I think they're also looking at people who are suspected of being terrorists. Apart from that, telecom providers have also been hacked. That way they can get much more information than from a computer being used by a single person.
The software is said to not only be used for spying on other computers, but also to recruit them for possible cyber attacks. How is this possible?
It's possible if you hack a provider. Then, every device utilizing that provider can be hijacked for cyber attacks. So if somebody in China wants to access the Yahoo website, and you've hacked his provider in China, you could show him a fake website that only looks like Yahoo. Since your computer is closer to his, the fake website would get there faster than the original Yahoo website based in the US.
Could this surveillance method also be used in order to get trade secrets of foreign countries?
I think that's most certainly possible.
The Chinese are accusing the US of not respecting the sovereignty of their country. What do you make of this accusation?
The Chinese were always suspected of doing computer surveillance themselves. I think the Chinese government is only using this as an opportunity to criticize the US. They're most certainly also doing the same, but to a lesser extent, since they have fewer capabilities.
Some reports claim that the technology has been in use since 2008. Why do you think the information has leaked now?
According to the information we have, in 2008 about 20,000 computers or devices were hacked using this method. I think it might have gone on for even longer. I'd say from the period of time after 9/11, so for a decade.
To you, as a computer expert, did this come as a surprise?
The report by the New York Times was not a surprise. The only thing new about it was the number of computers attacked by the NSA. The other information had already come out at the Chaos Communication Congress two weeks ago.
But two weeks ago, it came as a surprise to almost any expert. It showed the capabilities of the NSA and their willingness to act. The way the software or implants actually got into the affected devices is even more shocking. The NSA did not only break into houses or rooms where they wanted to get to computers. They even took computers that were ordered online and implanted them with devices en route to the person who ordered the computer.
So far, it's been assumed that if you have a computer that is not connected to the Internet, then you're safe from such attacks. Is it possible to protect oneself?
I think if you're a target, or a possible target of such surveillance from the NSA, there really seems to be no way to safeguard your data. If they can attack your computer directly, then even encryption between computers won't help you, since they can read what's on your screen or what you're typing. For this kind of surveillance, however, the targets seem to be limited, as it's much more difficult to carry out these attacks. I would say the average computer user is relatively safe.
Is there a way to find out whether your computer has been hacked by such software or devices?
Even for computer experts, that would be next to impossible. You'd have to be very lucky.
Martin Holland is an expert on Internet security and editor at "c't", a German computer magazine.