TMCnet News
Governments up the ante on cyberspying styles [Telegraph-Herald (Dubuque, IA)](Telegraph-Herald (Dubuque, IA) Via Acquire Media NewsEdge) Dear PropellerHeads: With all of the recent revelations about government-sponsored cyberspying, what are some of the most impressive techniques that have been disclosed? Answer: Are you a genuinely curious, regular reader of ours? Or a spy with the NSA looking for validation from your favorite columnists? Or both? Anyone who follows IT news is used to reading about some new advanced, futuristic-sounding virus or exploit every six months or so. Recent disclosures have shown just how many of these have been put to use by government agencies. The coverage afforded to the Heartbleed bug by the mainstream press underscores the effect these sorts of vulnerabilities can have on everyday commerce. But let's back up to June 2010, when the eyes of the general public were first opened to what the term cyberwarfare means. That was when security researchers discovered Stuxnet, a computer worm (or virus that copies itself to multiple computers) that had infected centrifuges used by Iran's nuclear program. Stuxnet took advantage of flaws in Windows to attack the centrifuge's control software. From there, it would cause the hardware's rotors to speed up and slow down erratically, which over time would destroy the machinery. You know that scene in every heist movie ever where the thieves hack into the security system's video feed and play a loop of footage where everything appears to be normal in front of the safe? Well, Stuxnet did that, too. Whenever infected centrifuges were being monitored, they "played back" fake statistics about how well they were running so people troubleshooting the problem didn't see anything wrong. Researchers suspected, and officials later confirmed, that Stuxnet was a joint project of the U.S. and Israeli governments. See Wired's write-up at wrd.cm/1eqoRaA for details. We don't mean to imply that all forms of technospying are this advanced, though. Russia was busted last year after putting infected memory sticks in gift baskets presented to world leaders at a G-20 summit (lat.ms/1gWn3Ra). And among the NSA's many tricks were intercepting shipping deliveries, planting bugs or back doors in the packaged hardware, then sending the packages on their way (bit.ly/ 1iiDw7e). But that was all decidedly low-tech compared to some of the really clever tricks. One security firm discovered that the Iranians had been targeted by a virus that used Bluetooth to track smartphones and devices, even ones that were themselves not infected. And tracking an individual phone means tracking the individual carrying that phone, so that a particular person's location could be determined at almost any time. The NSA is known to have manufactured monitor cables that let spies see what was displayed on the monitor from a remote location. They also created devices that masqueraded as cellphone base stations, allowing phone conversations to be monitored. They even distributed flash drives that could communicate with remote agents using radio signals. Apart from all the current espionage-related news - at least, as far as we know - some other interesting developments have given us a hint at the types of techniques that governments will be using to spy on each other in a few more years. (Assuming, of course, that these techniques aren't already in use.) Ars Technica reported last year on a virus that has stumped security consultants (bit.ly/1iNLtO0). Computer Security 101 dictates that the first step in securing any computer is to get it off the Internet (or any computer network, for that matter), but this particular virus emits a series of high-pitched tones from the computer speaker too high in frequency for humans to hear. Other computers nearby can "hear" the tones using their microphones, so that two machines are able to communicate even if they are not connected to a network. In similar news, Israeli researchers have been able to decode encrypted messages sent to a laptop by listening for patterns in the high-pitched whine of its CPU as it unscrambles the information. This was all done under controlled laboratory conditions, but we won't be surprised if this procedure shows up in future cyberwar- related leaks. Email questions to [email protected] or contact us at Data Directions, Inc. 8510 Bell Creek Road, Mechanicsville, Va. 23116. (c) 2014 ProQuest Information and Learning Company; All Rights Reserved. |