A secret technology which relied on radio transmissions has allowed the National Security Agency to spy on computers disconnected from the internet – a security measure known as an ‘air gap’, and commonly used to protect machines containing highly sensitive data, according to a New York Times report.
The agency has used the technology since 2008, according to documents released by Edward Snowden. Rather than access networks, the agency inserted tiny components into computers, either using agents or component manufacturers, to create a “covert channel of radio waves that can be transmitted from tiny circuit boards and USB cards.”
The Register’s report notes that the transmitters would relay and receive data from a briefcase-sized array known as Nightstand, and had a range of around eight miles. The components could also alter data on host PCs, the site noted.
Targets of the technology, codenamed ‘Quantum’, included foreign military networks, drug cartels and trade institutes.
“The radio frequency technology has helped solve one of the biggest problems facing American intelligence agencies for years: getting into computers that adversaries, and some American partners, have tried to make impervious to spying or cyberattack,” the Times reported.
“In most cases, the radio frequency hardware must be physically inserted by a spy, a manufacturer or an unwitting user.”
News agency Reuters reported that there was no evidence the technology had been used within the USA.
“NSA’s activities are focused and specifically deployed against — and only against — valid foreign intelligence targets in response to intelligence requirements,” Business Insider quoted an agency spokesperson as saying.
Consumers have become increasingly concerned about privacy and spying in the wake of Snowden’s revelations, as reported in this year’s ESET Threat Trends Predictions for 2014, which was subtitled The Challenge of Internet Privacy.
In the report, ESET’s experts warn that ensuring data is locked from prying eyes (by the use of encryption, for instance) is merely a good first step.
“The challenge to internet privacy has not meant a decrease in cases of people affected by any malicious code or other kind of computer threat,” the researchers write. “Concern about privacy is a good starting point, but it is essential for people to be aware of all aspects of Information Security. Otherwise, it is not possible to mitigate the impact of computer threats.”
Author Rob Waugh, We Live Security