Sun, Jan 19, 2014 - Page 9 News List

NSA devises pathway into computers isolated from the Internet

The US spy agency denied its ‘active defense’ tactics are similar to those used by its surveillance targets, like China

By David Sanger and Thom Shanker  /  NY Times News Service, WASHINGTON

The relay station it communicates with, called Nightstand, fits in an oversize briefcase, and the system can attack a computer “from as far away as 8 miles [12.8km] under ideal environmental conditions.” It can also insert packets of data in milliseconds, meaning that a false message or piece of programming can outrace a real one to a target computer. Similar stations create a link between the target computers and the NSA, even if the machines are isolated from the Internet.

Computers are not the only targets: Dropoutjeep attacks iPhones. Other hardware and software are designed to infect large network servers, including those made by the Chinese.

Most of those code names and products are now at least five years old, and they have been updated, some experts say, to make the US less dependent on physically getting hardware into adversaries’ computer systems.

The NSA refused to talk about the documents that contained these descriptions, even after they were published in Europe.

“Continuous and selective publication of specific techniques and tools used by NSA to pursue legitimate foreign intelligence targets is detrimental to the security of the United States and our allies,” Vines said.

However, the Iranians and others discovered some of those techniques years ago. The hardware in the NSA’s catalog was crucial in the cyberattacks on Iran’s nuclear facilities, code-named Olympic Games, that began around 2008 and proceeded through the summer of 2010, when a technical error revealed the attack software, later called Stuxnet. That was the first major test of the technology.

One feature of the Stuxnet attack was that the technology the US slipped into Iran’s nuclear enrichment plant at Natanz was able to map how it operated, then “phone home” the details. Later, that equipment was used to insert malware that blew up nearly 1,000 centrifuges, and temporarily set back Iran’s program.

However, the Stuxnet strike does not appear to be the last time the technology was used in Iran. In 2012, a unit of the Islamic Revolutionary Guards Corps moved a rock near the country’s underground Fordo nuclear enrichment plant. The rock exploded and spewed broken circuit boards that the Iranian news media described as “the remains of a device capable of intercepting data from computers at the plant.” The origins of that device have never been determined.

On Jan. 12, according to the Fars news agency, Iran’s Oil Ministry issued another warning about possible cyberattacks, describing a series of defenses it was erecting — and making no mention of what are suspected of being its own attacks on Saudi Arabia’s largest oil producer.

This story has been viewed 1448 times.
TOP top