RADIO hackers have reverse-engineered some of the wireless spying gadgets used by the US National Security Agency. Using documents leaked by Edward Snowden, researchers have built simple but effective tools that can be attached to parts of a computer to gather private information in a host of intrusive ways.
The NSA's Advanced Network Technology catalogue ( https://www.eff.org/document/20131230-appelbaum-nsa-ant-catalog ) was part of the avalanche of classified documents leaked by Snowden, a former agency contractor. The catalogue lists and pictures devices that agents can use to spy on a target's computer or phone. The technologies include fake base stations for hijacking and monitoring cellphone calls and radio-equipped USB sticks that transmit a computer's contents.
Because no one outside the NSA and its partners knows how retro reflectors operate, security engineers cannot defend against their use. Now a group of security researchers led by Michael Ossmann of Great Scott Gadgets ( https://greatscottgadgets.com/ ) in Evergreen, Colorado, have not only figured out how these devices work, but also recreated them.
http://www.nsaplayset.org/
http://www.newscientist.com/article/mg22229744.000-hackers-reverseengineer-nsas-leaked-bugging-devices.html
Related Stories
Software engineer, Debian developer, and recognized Free/Open Source Software innovator Daniel Pocock scratches the surface on the 2016 explusion of journalist, security researcher, and hacker Jacob Appelbaum from Debian. He asserts that the leadership in Debian at the time falsified evidence and hid conflicts of interest when dealing with the allegations against Appelbaum.
In 2016, there was an enormous amount of noise about Jacob Appelbaum from the Tor Project and winner of the Henri Nannen Prize for journalism.
An anonymous web site had been set up with allegations of harassment, abuse and rape. Unlike the #MeToo movement, which came later, nobody identified themselves and nobody filed a police complaint. It appears that the site was run by people who live in another country and have no daily contact with Appelbaum. Therefore, many people feel this wasn't about justice or immediate threats to their safety.
Long discussions took place in the private mailing lists of many free software communities, including Debian. Personally, as a I focus on my employer, clients and family and as there are so many long email discussions in Debian, I don't follow most of these things. I've come to regret that as it is now clear that at least some claims may have been falsified, a serious injustice has transpired and this could have been easily detected.
I don't wish to discount the experiences of anybody who has been a victim of a crime. However, in the correspondence that was circulated within Debian, the only person who has technically been harassed is Jacob Appelbaum himself. If Appelbaum does have a case to answer then organizations muddying the waters, inventing additional victims, may undermine the stories of real victims.
He then goes on to provide supporting evidence — including what was falsified and how the falsifications were used by the press — and then, from there, used against Appelbaum.
Previously:
(2016) Jacob Appelbaum Leaves the Tor Project
(2014) Hackers Replicate NSA's Leaked Bugging Devices
(Score: 1) by Gremlin on Thursday June 19 2014, @10:15AM
I notice there is a Huawei specific implant. I wonder if the ban on importing them to the US was perhaps a pre-emptive cover up for anyone finding a bug on their router?
(Score: 1) by khakipuce on Thursday June 19 2014, @12:12PM
Beyond the shiny things on almost every item of out-door clothing these days, would someone care to explain the paragraph on retro reflectors, it seems out of context and following the link was not all that informative.
(Score: 2, Interesting) by middlemen on Thursday June 19 2014, @02:07PM
The article on newscientist.com states:
What !? When did I2C buses start becoming available on the computer without having to open it up ? I have about 10 systems here purchased in the years 2006-2014 and none of them have an "I2C bus" visible on the back.
Could someone please clarify ?
(Score: 2) by quitte on Thursday June 19 2014, @04:01PM
Monitor EDID Data - the information that lets your computer know the available resolutions and refresh rates of your displays uses I2C.
(Score: 2) by emg on Thursday June 19 2014, @05:39PM
How does that let you attack the PC? Does Windows crash and burn when you send it bad EDID data?
(Score: 2) by DrMag on Thursday June 19 2014, @08:28PM
This article [hackaday.com] may help explain one way this could be done, assuming the computer has a VGA port.