Thursday, 16 January 2014
NSA Spying Possible Without Active Internet Connection
A continually developing story out of the United States is serving as a stark reminder to organisations involved in networking and data communications that security can never be taken lightly. The story comes by way of the US National Security Agency (NSA) and its global espionage efforts.
According to a report published by the BBC, the NSA has acknowledged using secret technology for global espionage purposes – technology that allows it to monitor computer activity even when targeted machines are not actively connected to the Internet. While we've known for a while that this technology exists, the new revelations mark the first time a government agency has publicly acknowledged using it to spy on others.
This should be troubling to those of us in the networking and data communications sectors on several fronts: first and foremost is the real potential that the NSA might be monitoring individual computers and data centres right here in this country. Moreover, where the potential exists, extra vigilance is demanded.
Secondly, if the NSA can effectively use this technology for spying purposes, so can criminals. According to the BBC, US whistleblower Edward Snowden has already produced documents showing at least 100,000 computers being monitored by the NSA. It is easy to imagine hundreds of computers - if not, hundreds of thousands - also being compromised by criminals who might get a hold of the technology.
In order to spy without an active Internet connection, the NSA has been installing small radio transmitters via computer circuit boards or USB cards. As long as the affected computers are running, all sorts of information can be monitored via radio transmissions.
The NSA has tried to quell criticism of their programme by assuring the world they do not use the data collected for any purposes other than identifying and dealing with foreign intelligence threats however, the record of the current Administration suggests there is little comfort in those assurances. The public revelations surrounding the NSA activity need to be taken seriously by the entire networking and data communications community.
At this time, there are no opportunities for a direct response among companies in Europe that may have been affected. Nevertheless, we can indirectly respond by adjusting security training and management to take into account the actions of the NSA. Security experts need to be briefed in the technology, how to detect it, and what to do if it is found. Software tools also need to be developed capable of thwarting the spying efforts of anyone who would use the technology.
The world is becoming an increasingly insecure place in terms of worldwide data communications. It is the responsibility of those of us involved in the industry to do whatever is necessary to ensure the privacy and security of our clients. We can never let our guards down where Internet security is concerned; the moment we do, we open the door to individuals and organisations that would seek to take advantage of any vulnerabilities they can identify.