NSA has spy software hidden in 100,000 PCs: report

[mountaineer]

New York Post
Joe Tacopino

The National Security Agency has implanted software that can communicate through radio waves with almost 100,000 computers around the world, allowing it to spy on users and carry out cyber-attacks even if the computers are not connected to the Internet, a report claimed Tuesday night.

The NSA secretly bugged the computers with the help of spies, the units’ manufacturers — and even the unwitting users themselves, according to The New York Times.

The program — code-named Quantum — has been in place since 2008 and has targeted foreign-government agencies such as the Chinese and Russian militaries.

It has not, however, been employed domestically in the United States, the Times said.

The US government has insisted that the program is intended only for defense purposes and to prevent ­cyber attacks.

The sophisticated spy program uses radio frequencies to access computers that are inaccessible through the Internet, the ­report said. In some cases, the hardware used to detect the radio frequencies are physically inserted into the foreign computer by a spy.

Sometimes, the agency sets up a relay station the size of a briefcase miles from the device in which the software is implanted. The radio waves can then be beamed straight from the remote station to the computer.

The Chinese military, which has been accused of a hacking American computers, is said to be ­using similar technology.

Other targets of the US program have been Mexican drug cartels, European Union institutions and the governments of Saudi Arabia, India and Pakistan, the report said.

An NSA spokeswoman said the programs are used for valid purposes and are not intended to poach ­financial information.

“NSA’s activities are focused and specifically deployed against — and only against — valid foreign intelligence targets in response to intelligence requirements,” Vanee Vines told the newspaper.

“We do not use foreign-intelligence capabilities to steal the trade secrets of foreign companies on behalf of — or give intelligence we collect to — US companies to enhance their international competitiveness or increase their bottom line.”

A detailed map published on the Dutch Web site NRC.nl displays various oversees targets.

The site said that the malware implanted into the target computers can be remain active for years without being detected, and can be turned off at will.

Some information about the program had earlier been included in documents released by notorious NSA leaker Edward Snowden.

In addition, the German publication Der Spiegel detailed the various methods used by the NSA to circumvent firewalls and access protected networks.

But the new revelations give more ammunition to critics of the massive data-collection agency, and increases pressure on President Obama, who is set to enact recommendations made by an advisory panel on changes in surveillance.

[mountaineer]

BBC reports:

The US National Security Agency (NSA) used secret technology to spy on computers that were not even connected to the internet, it has been reported.

Citing documents from whistleblower Edward Snowden, the New York Times said 100,000 machines were fitted with small devices that emitted radio waves.

Targets included the Chinese and Russian military as well as drug cartels, the newspaper claimed.

On Friday, the US President is expected to address concerns over NSA activity.

Quoting sources "briefed" on Barack Obama's plans, the Times reported that restrictions on the scope of collecting bulk telephone data will feature, and that a person will be appointed to represent the views of the public in secret intelligence meetings.

Furthermore, tighter controls on foreign surveillance will be implemented - an attempt, the paper suggests, to dampen the political fall-out from revelations the US had obtained data from the communication tools of world leaders without their knowledge.

Offline access
 
This latest leak details how the NSA accessed targets by inserting tiny circuit boards or USB cards into computers and using radio waves to transmit data without the need for the machine to be connected to a wider network.

It is a significant revelation in that it undermines what was seen to be one of the simplest but most effective methods of making a system secure: isolating it from the internet.

While the technology involved is not new, its apparent implementation by US security services was previously unknown.

In a statement made to the New York Times, an NSA spokeswoman said none of the targets were in the US, adding: "NSA's activities are focused and specifically deployed against - and only against - valid foreign intelligence targets in response to intelligence requirements.'' ....

Read on

[mountaineer]

NSA can't say if it collected data on lawmakers, officials
By Mario Trujillo

 The National Security Agency said it is lawfully unable to search its database to determine if it has swept up phone records from members of Congress or other elected officials.

NSA Director Keith Alexander said, however, nothing the agency does can be fairly described as “spying on Members of Congress” or U.S. politicians, according to a letter dated Jan. 10.

The director said the agency could not cull its database because it can only access records that are reasonably suspected to be linked to a foreign terrorist group.

“For that reason, NSA cannot lawfully search to determine if any records NSA has received under the program have included metadata of the phone calls of any member of Congress, other American elected officials, or any other American without that predicate,” Alexander said.

Alexander was responding to Sen. Bernie Sanders (I-Vt.) who sent a letter to the director earlier this month asking if the agency had spied on members of Congress. Sanders had classified the collection of metadata under an NSA program — including call times, duration and phone numbers — as spying.

In a statement, Sanders said he remained concerned that the NSA did not deny the collection of data on lawmakers. He said elected officials' information is particularly vulnerable to abuse.

 “In my view, the information collected by the NSA has the potential to give an unscrupulous administration enormous power over elected officials,” Sanders said.

The NSA letter reiterated that President Obama’s review group had already concluded that there was no evidence that the agency abused the program to target “domestic political activity."

“NSA may not target any American for foreign intelligence collection without a finding of probable cause that the proposed target of collection is a foreign power or an agent of a foreign power,” Alexander said.

The phone metadata collected on Americans is handled with a number of privacy protections, Alexander noted.

“All those protections apply to members of Congress, as they do to all Americans,” he said in the letter.

The agency released a statement a day after Sanders sent his letter reiterating the same thing.

Sanders has been a harsh critic of the NSA program that sweeps up bulk phone metadata on millions of Americans, and he has introduced a number of reforms to curb the agency.

Obama is slated to outline a list of reforms to the agency on Friday based on recommendations by his review group.
.
The Hill