Hackers reverse-engineer NSA's leaked bugging devices

Here is an interesting story published today at NewScientist

RADIO hackers have reverse-engineered some of the wireless spying gadgets used by the US National Security Agency. Using documents leaked by Edward Snowden, researchers have built simple but effective tools that can be attached to parts of a computer to gather private information in a host of intrusive ways.

A group of security researchers lead by Michael Ossmann in Evergreen, Colorado have recreated NSA spying devices that were documented in the Snowden leaks.

Ossmann specialises in software-defined radio (SDR), an emerging field in which wireless devices are created in software rather than constructed from traditional hardware such as modulators and oscillators. Instead of such circuits, an SDR uses digital-signal-processing chips to allow a programmer to define the wave shape of a radio signal, the frequency it uses and the power level. It operates much like a computer's sound card, but instead of making sounds or processing incoming audio, it makes and receives radio signals. And a single SDR can be changed to any band instantly, including AM, FM, GSM and Bluetooth.

Michael Ossmann built a software designed radio system called HackRF, a system comprised of 2 parts - a plantable "reflector" and a receiver.

One reflector, which the NSA called Ragemaster, can be fixed to a computer's monitor cable to pick up on-screen images. Another, Surlyspawn, sits on the keyboard cable and harvests keystrokes. After a lot of trial and error, Ossmann found these bugs can be remarkably simple devices – little more than a tiny transistor and a 2-centimetre-long wire acting as an antenna.

Michael Ossmann plans on presenting his work at Defcon, a hacking conference, this August.

Additional Reading
Meet “badBIOS,” the mysterious Mac and PC malware that jumps airgaps


Thing (Listening device) - The Great Seal Bug

The Thing, also known as the Great Seal bug, was one of the first covert listening devices (or "bugs") to use passive techniques to transmit an audio signal. Because it was passive, being energized and activated by electromagnetic energy from an outside source, it is considered a predecessor of current RFID technology.[1]

a reply to: ATSmediaPRO

Hot Damn! Use it to recover Lois Lerner's missing emails....

Turn about is fair play...

Des

times have surely changed..
in the past our parents might've played with a crystal radio
in the future our children may be playing with things like this

I imagine that technology within the intelligence community improves all the time, but what we are talking about here is definitely not a large scale spying or information gathering tool. This is intrusive, aside from stealing private data, mainly because it must be physically planted at the scene. I think that these agencies avoid such actions whenever possible, preferring instead to rely on remote gathering procedures. One of the main reasons this is still the case is when they do not wish for a person to know they are being spied on, which could cause them to immediately eliminate that means of communication. Someone who found out their phone was bugged would not use their phone to talk about whatever it is they don't want others hearing about. But phone bugs are ancient technology now where the intel community is concerned. That doesn't mean they aren't effective.

With programmable devices comes the risk of being spied on.

Got a PC or smart phone? you can be spied on.

The answer for rf devices is to keep your equipment inside a metal container and use shielding sleeves on cables.

originally posted by: JiggyPotamus
what we are talking about here is definitely not a large scale spying or information gathering tool. This is intrusive, aside from stealing private data, mainly because it must be physically planted at the scene.

I'm not so sure thats true. A pc has many data lines running at rf frequencies. It may be possible to simply send a PC a piece of code that could modulate one or more of those data lines. That would then mean anyone close by could capture the signal.

Why a 'false base station for a target ' why not every base station ever built by, 'our partners' just to hang a couple of the phrases mentioned together. Who are the partners? Panasonic, BBC, BT, Samsung, Amstrad rubbish Poleroid blah blah.
This is bully wooly.

originally posted by: JiggyPotamus
I imagine that technology within the intelligence community improves all the time, but what we are talking about here is definitely not a large scale spying or information gathering tool. This is intrusive, aside from stealing private data, mainly because it must be physically planted at the scene. I think that these agencies avoid such actions whenever possible, preferring instead to rely on remote gathering procedures. One of the main reasons this is still the case is when they do not wish for a person to know they are being spied on, which could cause them to immediately eliminate that means of communication. Someone who found out their phone was bugged would not use their phone to talk about whatever it is they don't want others hearing about. But phone bugs are ancient technology now where the intel community is concerned. That doesn't mean they aren't effective.

You caught the same thing as me, but at the same time it makes the story as presented a bit dodgy too.

Though software defined radio is useful, you have to know something about the frequencies and modulation at which the bugs transmit before you can use the radio. What is useful is to first find out what frequencies are present and then to analyze each of them to determine if they are or aren't part of the normal background environment. That is where the spectrum analyzer comes in, it's best to buy one built by HP, and not the computer card version either.

The most intrusive monitoring devices are the ones that monitor your thoughts in the same way as these leaked bugs monitor your computer.

originally posted by: VoidHawk

originally posted by: JiggyPotamus
what we are talking about here is definitely not a large scale spying or information gathering tool. This is intrusive, aside from stealing private data, mainly because it must be physically planted at the scene.

I'm not so sure thats true. A pc has many data lines running at rf frequencies. It may be possible to simply send a PC a piece of code that could modulate one or more of those data lines. That would then mean anyone close by could capture the signal.

No Void, Jiggy is taking it as given. The linked story talks about a 'false base station' on a target, IMO that is a misnomer, a base station is an open source for anyone who wants to explore it, all the rest is about capturing/controlling the information in a false base station, or any base station. A base station is full of stuff, with memory and the information within and those sources ready to broadcast to anyone with the means. What you say about the PC is the same thing, and has been presented on mainstream TV.

Great now all the script kiddies will be ordering from Femto.de.
Tempest was a game they played back in the 1980's