Reports this week that the National Security Agency uses radio signals to collect data from tens of thousands of non-U.S. computers, some not connected to the Internet, is sure to fuel more acrimony towards the U.S. spy agency.
But observers note that the NSA is not the first of the world's spy agencies to use such technology to surreptitiously gather classified information from other countries.
For instance, intelligence personnel in the former Soviet Union used similar tactics to secretly gather information from electric typewriters at U.S. government offices in Moscow and Leningrad more than 30 years ago. And experts say it's a near certainty that the spy agencies of other advanced nations are doing the same thing today.
"Physical compromise of a target's technology is what we expect intelligence agencies to do," said John Pescatore, director of emerging technology at the SANS Institute and a former NSA security engineer.
"The Chinese have been doing it to the laptops and smartphones of foreign executives visiting China. Years ago the French did similar things in their country and I'm sure British intelligence has done the same thing," Pescatore said. "What the NSA is doing now is what all superpower intelligence agencies have done, are doing, and will do."
The New York Times reported Tuesday that documents leaked last year by former NSA contractor Edward Snowden disclosed that the NSA has embedded software and hardware "bugs" in some 100,000 targeted systems around the world. The "bugs" allow the NSA to collect information from the systems even when they are not connected to the Internet.
The technology, which has to be physically installed in most cases, has been available since at least 2008. It "relies on a covert channel of radio waves that can be transmitted from tiny circuit boards and USB cards inserted surreptitiously into the computers," according to the Times report. Data captured by the devices are sent to small briefcase-sized relay stations often set up miles away from the target system.
The software has apparently allowed the NSA to do an end-run around whatever cybersecurity controls are installed on the compromised systems.
The spy technology is said to be part of an intelligence operation, code-named Quantum, that mostly targets units of the Chinese Army, Russian military networks and systems used by drug cartels and police in Mexico. The program also targets European Union trade institutions, and government agencies in India, Pakistan and Saudi Arabia.
"They [bugs] are very impressive," said noted security researcher and cryptographer Bruce Schneier, CTO at Co3 Systems. "These hardware implants show that the NSA has been continuing its research and development since the Cold War, which is what we should expect."
Sign up for Computerworld eNewsletters.