The October 2022 issue of IEEE Spectrum is here!

Close bar

NSA Spies Who Purchased This Snooping Device Also Bought…

Plus: Snapchat hacked, PINs taken in Target hack, and the law enforcement can search indiscriminately at U.S. borders

3 min read
NSA Spies Who Purchased This Snooping Device Also Bought…
Photo: iStockPhoto

This Week in Cybercrime

We were already aware of the existence of illicit marketplaces teeming with tools for cybercriminals looking to subvert the security of online networks. But one of the latest revelations from the cache of documents stolen by NSA whistleblower Edward Snowden is the fact that NSA hackers have access to a spy catalog from which they can buy gadgets and malware that make the idea of online security virtually meaningless. According to der Spiegel, the newly disclosed documents reveal that specialists in the NSA’s Tailored Access Operations division manage to access data that is supposedly inaccessible even by tapping undersea cables or by strong arming companies such as Google, AT&T, and Yahoo. Their bag of tricks, which includes mapping and monitoring networks and rerouting and modifying data, comes largely from a 50-page catalog produced by another NSA Division.

“For nearly every lock, ANT seems to have a key in its toolbox,” der Spiegel writes. “And no matter what walls companies erect, the NSA’s specialists seem already to have gotten past them.”

The 2008 catalog features items ranging in price from free to US $250 000. They include a $30 pack of rigged monitor cables that let the NSA see whatever the user sees, a $40 000 GSM base station that spoofs a mobile phone tower so that it receives signals from nearby handsets, and a digital lock pick for firewalls made by Juniper Networks that keeps the backdoor open even after reboots and software upgrades. Worse, the Snowden documents reveal, is that the catalog contains malware capable of infecting a machine’s BIOS so that it continues to compromise the device’s security even after the most drastic measures—wiping the hard drive clean and reinstalling the operating system.

PINs Compromised in Target Hack

Target’s troubles are mounting. The retailer, whose systems were hacked at the height of the holiday shopping season, has confirmed that the cybercrooks were able to access a listing of customer debit card PINs. The company had earlier said that the PINs weren’t taken in the data breach. Now Target is insisting that customers are safe and that the hackers won’t be able to turn the data into easy cash by making spoofed debit cards that let them take money out of ATMs. “We remain confident that PIN numbers are safe and secure. The PIN information was fully encrypted at the keypad, remained encrypted within our system, and remained encrypted when it was removed from our systems,” the company said in a statement posted on its website on Friday.

Target didn’t reveal how much PIN data was divulged.

Despite the retailer’s insistence that “The PIN information is encrypted within Target’s systems and can only be decrypted when it is received by our external, independent payment processor,” company officials may be the only people shocked when the other shoe drops and we find out that the hackers have managed to find the keys to decrypt it.

Snapchat Hacked

It was supposed to be simple. And easy. And safe. Just send someone a pic on Snapchat and, poof—it would disappear from the recipient’s device before it could come back to haunt you. But now there’s reason for worry. Snapchat has been hacked. Though no one’s heard of any funny business with images being diverted, the usernames and phone numbers of 4.6 million alleged Snapchat users were posted online this week. The posting, on a website called SnapchatDB.info, came a few days after an outfit called Gibson Security publicly reported a vulnerability in the social sharing service it said would allow that very thing to occur. (According to Computer World the site has been taken down by its hosting service, but a cached version can still be viewed.)

Gibson says it first made Snapchat aware of the vulnerability in August, but the service didn’t respond. “The company was too reluctant at patching the exploit until they knew it was too late and companies that we trust with our information should be more careful when dealing with it," Gibson said in a statement.

In Other Cybercrime News…

  • FireEye, a major cybersecurity company, announced the purchase of Mandiant, a privately-held cyber forensics firm, for roughly US $990 million. FireEye, a leading seller of security services designed to identify and combat cybercrime via the Internet, e-mail, and mobile devices, has previously collaborated with Mandiant to stave off attacks. The purchase, FireEye said in a statement, will improve its ability “to stop advanced attacks at the earliest phases of the attack life cycle.”
  • This week, A U.S. federal court upheld a government policy allowing law enforcement officers at or near U.S. borders to seize and search electronic devices for any reason. The decision [pdf] by U.S. District Judge Edward Korman in New York is the result of a case brought by the American Civil Liberties Union (ACLU), which argued that U.S. border officials shouldn’t be able to conduct searches of gadgets without reasonable suspicion that a crime has been committed. But the judge held that the so-called “border exemption,” which gives the government the right to warrantless and suspicionless searches within 160 kilometers of the border, applies to data and the devices that contain it.

Photo: iStockphoto

The Conversation (0)

Metamaterials Could Solve One of 6G’s Big Problems

There’s plenty of bandwidth available if we use reconfigurable intelligent surfaces

12 min read
An illustration depicting cellphone users at street level in a city, with wireless signals reaching them via reflecting surfaces.

Ground level in a typical urban canyon, shielded by tall buildings, will be inaccessible to some 6G frequencies. Deft placement of reconfigurable intelligent surfaces [yellow] will enable the signals to pervade these areas.

Chris Philpot

For all the tumultuous revolution in wireless technology over the past several decades, there have been a couple of constants. One is the overcrowding of radio bands, and the other is the move to escape that congestion by exploiting higher and higher frequencies. And today, as engineers roll out 5G and plan for 6G wireless, they find themselves at a crossroads: After years of designing superefficient transmitters and receivers, and of compensating for the signal losses at the end points of a radio channel, they’re beginning to realize that they are approaching the practical limits of transmitter and receiver efficiency. From now on, to get high performance as we go to higher frequencies, we will need to engineer the wireless channel itself. But how can we possibly engineer and control a wireless environment, which is determined by a host of factors, many of them random and therefore unpredictable?

Perhaps the most promising solution, right now, is to use reconfigurable intelligent surfaces. These are planar structures typically ranging in size from about 100 square centimeters to about 5 square meters or more, depending on the frequency and other factors. These surfaces use advanced substances called metamaterials to reflect and refract electromagnetic waves. Thin two-dimensional metamaterials, known as metasurfaces, can be designed to sense the local electromagnetic environment and tune the wave’s key properties, such as its amplitude, phase, and polarization, as the wave is reflected or refracted by the surface. So as the waves fall on such a surface, it can alter the incident waves’ direction so as to strengthen the channel. In fact, these metasurfaces can be programmed to make these changes dynamically, reconfiguring the signal in real time in response to changes in the wireless channel. Think of reconfigurable intelligent surfaces as the next evolution of the repeater concept.

Keep Reading ↓Show less
{"imageShortcodeIds":[]}