Wi-Fi Bug Lets NSA Cross Impentrable Air Gap

Top-secret map shows 20 NSA efforts to penetrate secure systems all over the world

Before wireless, the air gap was the one impenetrable barrier in computer security.

The air gap made it impossible (at least theoretically) for anyone to read, copy or corrupt data on any unplugged server: no connected wires, no entryway for hacking. WiFi, Bluetooth and other wireless networking methods made that approach more complicated, but the principle held: remove all the network interfaces and possible ways to penetrate a server’s connections to storage, system- or network monitors (and anything other than its direct-connected monitor and keyboard), and only an operator with the proper security clearance to enter the room and touch the top-secret server could possibly access the data within.

That is no longer true, according to the newest round of documents detailing the astonishing range of tools and techniques developed by the National Security Administration (NSA) to subvert the computer security of its adversaries, often by compromising the computers themselves before an adversary even buys them.

Under a program code-named Quantum, the NSA has been inserting tiny circuit boards or doctoring USB devices to create a new wireless network interface that can allow its operatives to remotely link to even air-gapped computers using coded signals, obscure frequencies and radio-signal relays that could be miles away from the target and sometimes occupy no more space than a briefcase, according to a Jan. 14 story in The New York Times.

That capability is one of many detailed in a cache of documents that former NSA contractor and current fugitive whistleblower Edward Snowden leaked to newspapers including the Times, Britain’s The Guardian, Germany’s Der Spiegel and others.

The Times revelation of Quantum is part of a roundup of recent exposes on the eve of a major policy announcement, scheduled for Friday, in which President Obama will announce his administration’s response to an advisory panel’s conclusion that the NSA had systematically overstepped the legal restraints placed on it. There is no indication whether that response will amount to greater effort to hold the spy agency to current rules, or an entirely new set of restrictions designed to discipline the agency and reassure foreign governments and trading partners outraged by intrusions outlined in the Snowden documents.

The Times admits having withheld some of the details – at the request of U.S. intelligence officials – from stories revealing the U.S. role in cyberattacks on Iran, but other publications had no such compunctions.

A Dutch newspaper revealed in November that the NSA had infected more than 50,000 networks with malware designed to give it backdoor access to computer systems all over the world. It also published a map showing the results of more than 20 NSA programs aimed at creating what the agency called “covert, clandestine or cooperative large accesses” by tapping the fiber-optic network cables of telcos and ISPs both in the U.S. and abroad, accessing the datacenter networks of major search providers to track information-gathering efforts of adversaries as well as the actual data they moved across those networks, and distributing “implants” in the form of malware, secret backdoors in the BIOS and other systems software of newly manufactured computer- and networking systems.

Image: NRC Handelsblad/NSA