Hackers reverse-engineer NSA's leaked bugging devices

[planetdoc]

link
(highlights)

Quote:

RADIO hackers have reverse-engineered some of the wireless spying gadgets used by the US National Security Agency. Using documents leaked by Edward Snowden, researchers have built simple but effective tools that can be attached to parts of a computer to gather private information in a host of intrusive ways.

The technologies include fake base stations for hijacking and monitoring cellphone calls and radio-equipped USB sticks that transmit a computer's contents.

But the catalogue also lists a number of mysterious computer-implantable devices called "retro reflectors" that boast a number of different surreptitious skills, including listening in on ambient sounds and harvesting keystrokes and on-screen images.

One reflector, which the NSA called Ragemaster, can be fixed to a computer's monitor cable to pick up on-screen images. Another, Surlyspawn, sits on the keyboard cable and harvests keystrokes. Joshua Datko of Cryptotronix in Fort Collins, Colorado, will reveal a version of an NSA device he has developed that allows malware to be reinstalled even after being dealt with by antivirus software. It works by attaching its bug to an exposed portion of a computer's wiring system – called the I2C bus – on the back of the machine. "This means you can attack somebody's PC without even opening it up," says Ossmann.

Having figured out how the NSA bugs work, Ossmann says the hackers can now turn their attention to defending against them – and they have launched a website to collate such knowledge, called NSAPlayset.org. "Showing how these devices exploit weaknesses in our systems means we can make them more secure in the future," he says.