As President Barack Obama prepares to unveil reforms to the U.S. National Security Agency's intelligence gathering programs, there is renewed attention on how the NSA actually hacks into computers.
Some of the NSA's techniques were described in a New York Times article Wednesday, detailing how the agency implanted malicious software in nearly 100,000 computers worldwide.
According to the article, the agency made use of a secret technology that enables it to enter and alter data in computers even if they are not connected to the Internet.
These techniques are far different than the way the NSA used to gather information, says James Andrew Lewis a cyber security expert in Washington
“The NSA had a problem about 15 years ago: the way they collected intelligence changed almost overnight. It went from being a microwave, long distance phone calls and very old, telecom-based approach…to the Internet," said Lewis.
The Internet, he says, has never been secure.
“There are some programs that take advantage of the fact that the Internet is not secured and may not be secured in our lifetimes. So a lot of places, including the U.S., have decided the way to make yourself secure is not to connect your most vital networks, your most vital processes," he said.
Lewis says the NSA has developed such complex tecniques to hack into targets that are off the grid, they sound like they were ripped from the pages of a science-fiction novel.
“ When you type on a keyboard, it emits a little electronic signal; very faint. It’s possible to collect that signal. We do it, the Russians do it. Lots of countries can do this. One of the things that is surprising is that you don’t have to be that close. I know, for example, in the Russian case, they at one point were collecting the radiation of the keyboard off of the windows of the American embassy," he said.
“A lot of people are familiar with the fake rock they keep their house-key in. For decades, intelligence agencies have been using fake rocks. Suppose you could build a really sensitive receptor, it would be about this big, suppose you put it in a fake rock, and you threw it in front of, say, an Iranian nuclear weapons facility that was not connected to the Internet. Guess what! You’re in.”
This spy game, Lewis says, has been going on for more than a hundred years - and it’s not just the United States doing it.
“One of the solutions people came up with when they found out they were being listened to was to encrypt their messages," he said. "Then you get into a race: can I break the encryption? Can I make the encryption stronger? This has been going on for a century.This is just too important for nations - not just the U.S. - it’s too important for any major power to say, 'I will give up on signals intelligence.'"
As the technology gets more and more advanced, Lewis says he does not expect the spy game to stop.