The NSA uses good, old-fashioned radio waves to hack offline computers

NSA radio waves

If there’s one way to protect your privacy from the prying eyes of the NSA, surely it’s by keeping your computer permanently offline, right? Well, you might have thought so – but you’d be dead wrong! According to a new report from the New York Times, that simply isn’t the case – the NSA now possesses the capability, under a program code-named Quantum, to access offline computers using radio waves.

The NSA’s device, known as “Cottonmouth I”, was one of dozens of fun-looking spy devices unearthed by German publication Der Spiegal last month:

“Computer bugging devices disguised as normal USB plugs, capable of sending and receiving data via radio undetected, are available in packs of 50 for over $1 million.”

The NYT goes into a bit more detail with its report last night. It says that Cottonmouth I is disguised as a simple USB plug that contains a tiny radio transceiver within. For more subversive operations, there’s an alternative version of the device that can be inserted directly into the target computer, making it almost undetectable.

Once plugged into the target computer, the transceiver is able to broadcast to a relay station called “Nightstand”, which can be located up to eight miles away. The NYT doesn’t give an exact figure on how many of these devices were ‘installed’ onto unwitting user’s computers, and it says that there is “no evidence” they were used in the US, but its believed that “nearly 100,000” computers in other countries have some sort of device plugged into them, snooping away at their data.

The NSA says that the use of infiltration software is part of its “active defense” against cyber-attacks, though the US government has previously criticized the use of similar techniques by Chinese hackers that’ve hacked into US government agencies and companies.

“What’s new here is the scale and the sophistication of the intelligence agency’s ability to get into computers and networks to which no one has ever had access before,” said James Andrew Lewis, cyber security expert at the Center for Strategic and International Studies in Washington, to The Times.

“Some of these capabilities have been around for a while, but the combination of learning how to penetrate systems to insert software and learning how to do that using radio frequencies has given the U.S. a window it’s never had before.”

Not surprisingly, it’s China’s military that’s been the most frequent target of the NSA’s Quantum operation, followed by systems used by the Russian military, the Mexican police, drug cartels, EU trade institutions and even allied nations like Saudi Araia.

One interesting point of note is that the NYT claims that it knew details of the Quantum program as far back as 2012, when reporting on the United States’ alleged cyber-attacks on Iranian nuclear facilities. At the time, it chose to withhold “some of those details, at the request of American intelligence officials”. The paper didn’t say why it had chose to disclose what it knows now, but given the previous six month’s worth of disclosures from Ed Snowden, it’s suffice to say that few will be surprised the NSA possesses this kind of capability now.