Security researcher Jacob Appelbaum revealed what he calls “wrist-slitting depressing” details about the National Security Agency’s spy programs at a computer conference in Germany on Monday where he presented previously unpublished NSA files.
Appelbaum is among the small group of experts, activists and journalists who have seen classified United States intelligence documents taken earlier this year by former contractor Edward Snowden, and previously he represented transparency group WikiLeaks at an American hacker conference in 2010. Those conditions alone should suffice in proving to most anybody that Appelbaum has been around more than his fair share of sensitive information, and during his presentation at the thirtieth annual Chaos Communication Congress in Hamburg on Monday he spilled his guts about some of the shadiest spy tactics seen yet through leaked documents.
Presenting in-tandem with the publishing of an article in Germany’s Der Spiegel magazine, Appelbaum explained to the audience of his hour-long “To Protect and Infect” address early Monday that the NSA has secretly sabotaged US businesses by covertly — and perhaps sometimes with the cooperation of the tech industry — coming up with ways to exploit vulnerabilities in the products sold by major American companies, including Dell and Apple, among others.
That was only the main theme of many covered throughout the presentation, during which Appelbaum repeatedly revealed previously unpublished top-secret NSA documents detailing the tactics and techniques used by the NSA to intercept the communications of seemingly anyone on Earth.
“Basically the NSA, they want to be able to spy on you. And if they have ten different options for spying on you that you know about, they have 13 ways of doing it and they do all 13. So that’s a pretty scary thing,” he said.
While nearly seven months’ worth of stories made possible by leaked files pilfered by Snowden have helped explain the extent of the spy agency’s surveillance operations, Appelbaum used his allotted time to help shine light on exactly how the NSA compromises computers and cell phones to infect the devices of not just targeted users, but the entire infrastructure that those systems run on.
“Basically their goal is to have total surveillance of everything that they are interested in,” he said. “There really is no boundary to what they want to do. There is only sometimes a boundary of what they are funded to be able to do, and the amount of things they are able to do at scale they seem to just do those things without thinking too much without it.”
“They would be able to break into this phone, almost certainly, and turn on the microphone,” Appelbaum said at one point as he re-inserted the battery into his mobile device. “All without a court, and that to me is really scary.” Indeed, classified files shown later during his presentation revealed a device that for $175,800 allows the NSA or another license client to construct a fake cell tower than can allow officials to eavesdrop on texts and talks alike.
“They replace the infrastructure they connect to. It’s like replacing the road that we would walk on and adding tons of spy gear,” he said. “And they do that too!”
Writer Glenn Greenwald — who has also worked closely with the Snowden files as well — had similar words earlier this month when he told the European Parliament’s Committee on Civil Liberties and Home Affairs that he believed the ultimate goal of the NSA is to“eliminate individual privacy worldwide.”
To do as much, Appelbaum added, the intelligence agency has deployed an intricate system of tools and tactics which could eavesdrop not just by hacking into computers with viruses, but by outfitting machines with miniature, remote-controlled bugs and in some instances by relying on beams of radio waves to help identify sensitive information sent across systems. Routinely, he explained, the NSA takes advantage of flaws in computer code. Otherwise, however, documents suggest they’ve opened shipping containers and installed their own, stealthy spy chips into the computers of targets.
Stories based on leaked Snowden files have previously linked the US agency and its British counterpart — the GCHQ — with an array of nefarious activity, including operations that sucked up signals intelligence, or SIGINT, from foreign citizens and leaders alike, including Germany Chancellor Angela Merkel. By using a program codenamed TURMOIL and another TURBINE, Appelbaum said, the NSA and GCHQ can inspect the packets being sent anywhere across the web and then insert its own code when it wants to not just eavesdrop, but infiltrate, respectively.
The NSA says the routine collection of data isn’t illegal, Appelbaum said, because the government relies on perverse language to justify scooping the intelligence — and not necessarily scouring it.
“It’s only surveillance if after they collect it and record it to a database and analyze it with machines, only if I think an NSA agent basically looks at it personally and then clicks ‘I have looked at this do they call it surveillance,” Appelbaum said. “Fundamentally, I really object to that.”
In contrast, he added, the federal Computer Fraud and Abuse Act, or CFAA, has been used a handful of times just in 2013 alone to put away suspected hackers accused of modifying computer programs for arguably harmless crimes.
“It’s so draconian for regular people, and the NSA gets to do something like intercepting 7 billion people all day long with no problems, and the rest of us are not even allowed to experiment for improving the security of own our lives without being put in prison or under threat of serious indictment,” he said.
“This is what [Thomas] Jefferson talked about when he talked about tyranny,” he said. “This is turnkey tyranny and it is here.”
Aside from the erosion of privacy, though, Appelbaum added that the top-secret operations of the NSA raise a number of questions about exploits that could be used by competing foreign powers. Many of the NSA’s tactics involve taking advantage of little known or hidden vulnerabilities in hardware and software, then exploiting them for gain.
If the manufacturers of those products are aware of the vulnerability, Appelbaum suggested, then they are being complicit in the NSA’s crimes. And if they are ignorant, then the existence of those vulnerabilities means any competing nation-station could likely exploit them as well.
“If the Chinese, if the Russians if people here wish to build this system, there is nothing to stop them,” he said. “The NSA has in a literal sense retarded the process by which we would secure the internet because it establishes a hegemony of power — Their power in secret to do these things.”
“This strategy is undermining the internet in a direct attempt to keep it insecure,” one of Appelbaum’s slides read.
The revelations made possible during the last half-year thanks to Snowden’s supply of documents and the programmers who have worked to patch exploits known to the NSA have driven many privacy-focused individuals around the globe to adopt new practices. Even as that wave of countersurveillance grows, however, Appelbaum cautioned that quite literally no one can be spared from the US government’s dragnet snooping.
“You can’t hide from these things, and thinking that they won’t find you is a fallacy,” said Appelbaum, a core member of the anonymity routing program Tor.
And while calls for congressional reform in Washington have only intensified in the weeks, then months since the first Snowden leak in early June, Appelbaum — a US citizen has not returned to the US since before the Summer of Snowden — said lawmakers lack both the knowhow and ability to act on these issues.
“Members of the US Congress they have no clue about these things — literally in the case of the technology,” he said. “You can’t even get a meeting with them. I tried. Doesn’t matter. Even if you know the secret interpretation of Section 215 of the PATRIOT Act act and you go to Washington, DC and you meet with their aides they still won’t talk to you about it. Part of that is that they don’t have a clue. And another part of it is they can’t talk about it because they don’t have a political solution. Absence a political solution it’s very difficult to get someone to admit that there is a problem. Well, there is a problem.”
If anyone outside of the NSA is aware of what’s going on, Appelbaum said, then it’s like the tech industry players whose devices contain exploits known to governments like the US.
“Fuck those guys,” Appelbaum said, “for collaborating when they do. And fuck them for leaving us vulnerable when they do.”
A server made by Texas-based Dell Computers, for instance — the Dell PowerEdge 2950 — contains a flaw that can let the NSA or any other entity hack the machinery and then run amok with its motherboard.
And even the Apple iPhone — one of the most popular handheld devices in the world — can be exploited by the NSA, according to one of the classified documents, to let officials surreptitiously take pictures with the mobile’s camera or stealthy turn on its microphone, access text messages or listen to voicemail.
According to Appelbaum, it’s likely that it’s not just a coincidence that the NSA can infiltrate iPhones with ease. In one document he saw, he said the NSA “literally claim that any time they target an iOS device, that it will succeed for implantation.”
“Either they have a huge collection of exploits that work against Apple products — meaning they are hoarding information about critical systems American companies product and sabotaging them — or Apple sabotages it themselves,” he said.
Other products made by the likes of Western Digital, Seagate, Maxtor and Samsung all contain vulnerabilities as well, according to those documents, and the secret software used by the NSA and others to exploit them are available for free to properly-credentialed agencies.
“Everything that the United States government accused the Chinese of doing — which they are also doing, I believe—we are learning that the US government has been doing to American companies,” Appelbaum said. “That to me is really concerning, and we’ve had no public debate about these issues. And in many cases, all the technical details are obfuscated away.”
Until now, that is. During Monday’s presentation, Appelbaum named no fewer than a half-dozen US companies linked to NSA operations and is asking them to explain why they didn’t patch up their vulnerabilities.
Some of the NSA’s tactics, however, might warrant more than just a minor operation. Appelbaum far from caught his crowd off guard when he showed slides demonstrating how the NSA can hack Wi-Fi signals from eight miles away and when he proved they insert ant-sized computer chips into USB cables to conduct surveillance.
“Well what if I told you that the NSA had a specialized technology for beaming energy into you and to the computer systems around you?” Appelbaum asked before wrapping up his presentation. “Would you believe that that is true, or would that be paranoid speculation of a crazy person?”
Slides shared by Appelbaum suggest that the NSA is indeed in the business of transmitting radio frequency waves to targets, which, in effect, can help decode the images displayed on computer monitors or typed on keyboards using technology not unlike what Russian inventor Leon Theremin used to spy for the KGB. This time, though, the NSA may be sending waves with the intensity of 1 kW at a target from only a few feet away.
“I bet the people who were around Hugo Chavez are going to wonder what caused his cancer,” Appelbaum said WikiLeaks founder Julian Assange told him after hearing about the latest NSA leaks.