Online espionage isn’t exactly uncommon, as much as we’d like to pretend it is a novelty. What the NSA does can be done and is done by many others around the world.The only thing that differs is the depth of the pockets that finance the surveillance. Obviously, a government is going to have much bigger funds to finance such activities, but hackers can do pretty much the same things, and for reasons that are just as shady.
There are, however, people that have the necessary knowledge to engage in the same spying practices as the likes of the NSA and the GCHQ, but who choose not to.
For instance, a team of security experts led by Michael Ossman of Great Scott Gadgets looked closely at one particular Snowden leak regarding the NSA’s Advanced Network Technology catalog. This is a list of hardware and software tools that the spies can use to make their jobs easier, such as PCs, phones, routers, hard disks and others.
Ossman was able to build an SDR system (software-defined radio) that can record and transmit data from one of the targeted PCs with the help of a Kickstarter project. According to estimates, the entire hardware can be bought for less than $300.
“SDR lets you engineer a radio system of any type you like really quickly so you can research wireless security in any radio format,” he explained for New Scientist.
According to his statement, he was able to build two devices from the NSA’s catalog by using basic items such as a few transistors, and a piece of wire as an antenna. One is similar to the Ragemaster, a product that sits on the monitor cable of a computer and broadcasts the images going to the screen, effectively giving the NSA eyes into whatever someone is doing on the computer without even having to bother with bypassing encryption layers, if any are applied.
The second is a copy of the Surlyspawn keystroke logger, which transmits to the NSA everything that a person is typing at any given time, but for a lot less than what the intelligence agency pays.
The goal of this project isn’t to put even more dangerous equipment in the hands of hackers, but rather to make it obvious just how widely ranged this kind of threats are and stress the fact that we should all be trying to protect ourselves.
“Showing how these devices exploit weaknesses in our systems means we can make them more secure in the guture,” Ossmann pointed out.