TOPICS > World

How the NSA used special devices, radio waves to spy on offline computer

January 15, 2014 at 6:32 PM EDT
The newest revelations from documents leaked by Edward Snowden show that since at least 2008, the National Security Agency has implanted hardware to tap into as many as 100,000 offline computers overseas. Gwen Ifill talks to David Sanger of The New York Times and Cedric Leighton, a former deputy training director for the NSA.

GWEN IFILL: Since at least 2008, the National Security Agency has been using secret technology to hack into and take control of computers not connected to the Internet. These revelations come from the trove of documents leaked by former NSA contractor Edward Snowden.

Late today, the NSA said in a statement: “Continuous and selective publication of specific techniques and tools used by the NSA to pursue legitimate foreign intelligence targets is detrimental to the security of the United States and our allies.”

Joining me now to discuss what they’re talking about that is David Sanger of The New York Times and Cedric Leighton, a former Air Force intelligence officer who served as deputy training director for the NSA in 2009 and 2010.

Welcome to you both, gentlemen.

David, tell us about this technology that the NSA was pushing back against in that statement.

DAVID SANGER, The New York Times: Sure.

Gwen, the technology solves a big problem that the NSA has long had. Most of its taps into computers, most of its cyber-activity is through those big optical telephone cables that run across the Atlantic and Pacific or through regional networks.

But what do you do with a computer that is separated from all networks, that an intelligence agency or some other agency, a government or a company might separate out to keep all the data secret? And that’s a problem that the NSA has had for years. And they had it in particular with the Iranian computers that were running their nuclear enrichment program.

And so this technology puts a small radio transmitter into, say, a thumb drive or sometimes even into a circuit board in the compute that can broadcast back to a facility called a nightstand — it’s basically the size of a briefcase — that would pick up the data and also allow the NSA to insert malware, as they did in the Iranian case.

GWEN IFILL: Physically insert, presumably in the production process or at some point like that.

DAVID SANGER: In the production process or maybe in the shipping process, or, you know, a scientist is at a trade show or a scientific conference and gets a thumb drive, or there is a maintenance person who comes in.

And in the course of my reporting Olympic Games, the program against Iran, it was clear that some device like this had been used back and forth. We withheld a few of the details at that time, at the government’s request. But then the Snowden papers came out, and Der Spiegel published some of the details of this several weeks ago.

GWEN IFILL: In fact, Der Spiegel published an actual catalogue of these kinds of devices.

DAVID SANGER: That’s right.

GWEN IFILL: So, tell me, Colonel Leighton, how is this used? Is this just simple surveillance just knowing — for the sake of knowing?

COL. CEDRIC LEIGHTON, retired U.S. Air Force: For the most part, it is simple surveillance.

But it can also be used in — as a means, as a precursor really to an attack. So, for example, if the United States decides to go into what is known as computer network attack, then they could use the information that is gleaned through technologies like this to serve as the pathway in order to conduct an attack of that type.

So that’s what they’re doing. They’re looking at — they’re reconnoitering the network. They’re doing a reconnaissance mission. And then if they need to attack for whatever policy reason, then they can do so based on the information that they gain from techniques like this.

GWEN IFILL: Is this — are techniques like this only limited to potential warfare, or are they limited to keeping an eye on foreign governments, or is it also applicable domestically?

CEDRIC LEIGHTON: It is — technically, it would be applicable domestically, but policy-wise and from a legal standpoint, it is not used domestically. And these techniques are only used for foreign intelligence purposes.

Now — at least by the NSA. Now, when it comes to the target set itself, that is based on intelligence priorities. And those intelligence priorities are decided not only by the director of national intelligence, but also in the White House by the president.

GWEN IFILL: Now, the intelligence priorities we’re talking about in this case, China, Russia.

DAVID SANGER: Right. Right.

So anything that would deal with terrorism would be an early example. And we published a map — or we have seen a map — and I think you will see it up on the Internet as well — that shows where a number of these computer networks exploitation sites are. Many of them are in the Middle East, as you would expect. But China is a big target, and particularly the Chinese PLA units that are responsible or believed to be responsible for cyber-attacks on the U.S., because this would enable the U.S. to sit on those networks, see an attack massing, and then maybe make a decision about whether they wanted to take a preemptive strike against them.

Now, we don’t have any evidence they have ever done that. The only — only case where we have really had solid evidence of a major U.S. attack using these kind of techniques is Iran.

GWEN IFILL: One hundred thousand computers is the latest kind of guesstimate.

DAVID SANGER: Round number.

GWEN IFILL: Round number.

Do we have reason to believe, given that the information we have is some years old, that it’s much more than that by now?

CEDRIC LEIGHTON: I think one can extrapolate and say that it probably is more than that.

I’m not sure what the order of magnitude would be, but it’s a natural technical progression that the numbers that you are going after in a case like this would increase, just because the proliferation of technology is such and the potential adversaries are much more adept at using technologies. So it’s just natural that we would be interested in finding out what they’re doing, how they are doing it and to what devices they’re using.

GWEN IFILL: How different is this than the kind of action, behavior, surveillance that we accuse other governments of doing to us? And we say, that’s a bad, bad thing. How is it different than, the way we are doing it?

DAVID SANGER: It is a fascinating question, Gwen.

And this went to one of the NSA’s statements to us as we were preparing the story. They wouldn’t talk about the technology itself, but they did say that they thought this was quite different from the kind of activities that a country like China participates in. They have said that China comes in and steals intellectual property from American companies.

Certainly, all the evidence seems to suggest that’s the case. The U.S. says, if it conducts this kind of activity, it’s only in its national security interests. Now, the problem with this argument is that if you ask the Chinese, the search for economic secrets, for manufacturing secrets, for any of the things they’re looking for from, say, Boeing or Lockheed or an American electronics company, is in their mind part of their national security.

And it’s one of the reasons that there’s been some of this dialogue.

GWEN IFILL: Matter of definition.


And so this — President Obama says, no, we don’t engage in this kind of thing. And the Chinese say, well, you’re engaging in something that uses very similar techniques.

GWEN IFILL: Colonel Leighton, in your experience, how do you balance this out, the dangerous potential and the lines we walk up to diplomatically vs. the usefulness of a tool like this?

CEDRIC LEIGHTON: Well, Gwen, it’s — that is really the $64,000 question when it comes to this.

So, from the military standpoint — and we all have to keep in mind that NSA is technically a combat support agency in the Department of Defense. So that means that their primary mission should always be to support military forces.

So, from an intelligence and military support perspective, it becomes very important to prosecute war efforts, especially in this day and age, when cyber-war is not just a theory. It is actually a reality out there. And because cyber-war is a reality, you have to have the techniques and procedures that allow you to engage in at least defensive aspects of cyber-warfare, but also need to be able to switch to offense in order to have a credible deterrent.

And that is something that the United States has to wrestle with very, very carefully, because we’re not only plotting new ground, but we’re also going into a situation where the legal constraints have not kept pace with the technology as it currently exists today.

GWEN IFILL: Definitely peeling back the skin on an onion.

Colonel Cedric Leighton, David Sanger, national security correspondent for The New York Times, thank you both very much.

DAVID SANGER: Thank you.

CEDRIC LEIGHTON: My pleasure, Gwen. Thank you.