One of the problems with the whole Snowden** story is that it tends to make the NSA into too much of a cynosure of paranoia when it comes to individuals, entities, and institutions ‘spying on us’ or ‘invading our privacy’ or whatnot.
The reality is that everybody is trying to spy on everybody else. Countries and Corporations, Lovers and Lawyers and Law Enforcement, oh my, and so on. If you’re worried about the NSA in particular you definitely aren’t worried enough.
And speaking of worries; Charlie Stross recently posted a slight conceptual extension on the relatively recent Chinese tactic of covertly placing wireless internet accessing devices inside ordinary electronic appliances. These stories have been coming out for a while now, and the problem is only getting worse.
The ‘first generation’ version of this idea is simple. Inside your electric chicken pot, tea kettle, desk lamp – whatever – is a little microprocessor always drawing a negligible amount of current and scanning for some unsecured wifi router. If it finds one, it establishes a connection and surreptitiously ‘beacons’ to headquarters. The little chip is now useful for various purposes.
Maybe it’s now a hop-point for proxying which impedes attempts at attribution. Maybe it monitors your traffic. Maybe it uses your electricity to mine Bitcoins. Maybe it reprograms your router and puts a new password on it, or installs malware on it, or fries the circuit-board from overloading, or disables the thing by corrupting the firmware. Maybe it’s just really good at pinging a particular website and acting as a bot in a DDoS attack. Lots and lots of scary possibilities.
Of course, for this to be a major threat and cause of personal – as well as national – concern, it would have to involve the obviously impossible coincidence of a peer-competitor adversary nation with a vast and highly sophisticated cyber-espionage division, that also was ruthless and brazen and had little compunction about spying or concern about getting caught. And this nation would also simultaneously have to be the same country with a huge trade surplus that exported billions of cheap, retail electronic devices to every country in the world, dozens of which are probably in your house.
Which as we know is such an unlikely concurrence so as to be totally imposs… oh. Scheiße!
Frightened of things besides just the evil NSA yet? Good; you should be. We don’t have a good name for this kind of (very reasonable) panic yet, so I’m going to dub it, ‘The Blue Scare‘. That’s after the color of the lights on my own wifi router, which … just got a new password. Can’t be too careful, you know?
Stross takes it a step further and imagines these implants being clandestinely embeddable not just in conventional plug-in appliances, but in all sorts of devices; really anything with a power source, even from batteries, and maybe even the batteries themselves. This would be particularly useful, if done cleverly, in logging your keystrokes or tablet-pokes and intercepting your passwords and credentials to gain privileged access to all your accounts and information.
You have no idea how many people can blackmail you now. You might as well just believe everything you do is being watched so you should fear the consequences and try to be on your best behavior at all times. God’s not dead; we just replaced him with technology. ‘Reincarnated’ even; if that’s not too blasphemous. ‘Don’t Be Evil’, indeed.
But fortunately there are some obvious countermeasures, and I’m sure the genuine tech people in the crowd know plenty more. For one, secure your darn router with a password. Second, it can’t be that hard to set up routers with little ‘unsecure honeypot sandbox hotspots’ (to mildly abuse all those terms), just waiting for some Chinese Chip to take the bait and reveal itself. And then probably reporting everything it does to your favorite anti-virus company. I knew some guys at University who shared an apartment and an internet connection and had something just like that on their router just for laughs that sent expectant free-riders to some very nasty websites.
Maybe you get a sniffer tool too and figure out where it is so you can return it to Walmart. Is it really a breach of warranty if your lamp works perfectly, but just happens to have a little extra invisible spying parasite attached to it like a tick? Be sure to add a microphone to the sniffer too to prevent acoustic attacks.
So, probably, we’ll quickly defeat most of the implants which have to ‘out’ themselves to perform their mischief, and the tactic will rapidly disappear.
But then what? No more Blue Scare? Quite the contrary, alas.
Putting on my inner-evil-monster, hope-the-enemy-doesn’t-read-this hat, I try to imagine what damage could be done with undetectable sleeper implants that can’t connect to the internet or any wireless network because they’d reveal themselves.
And what they could do is listen. For two things. First, they could scan for all the frequencies that are typically emitted in their area. Second, for the encrypted signal order that instructs them to 1. Suck up all the power available and jam on all those detected frequencies, 2. Constantly repeat the encrypted jam order to all other jamming devices in range, and 3. Irreversibly enter into this mode so that, even if you disconnect the power, as soon as you plug it back it, it starts jamming and order-signal-repeating again.
This is a cascade of dominoes that sets off a pretty awful avalanche, especially in high density urban areas. How awful? Well, first, how much do we rely on wireless telecommunication devices these days – the ones that will all be immediately neutralized everywhere an RF-avalanche was triggered? I think everybody is utterly dependent on them. And second, how exactly do you turn this nightmare off without scrapping everything everyone has that uses electricity or some self-directed super Nuclear-EMP? You probably can’t.
And no one has to fire a single shot to unleash this catastrophe. No one even has to put a single human being behind enemy lines, because all the fifth-column agents are electronic.
All they have to do is put the little devices in the cheap retail electronic items, flood your country with them (it’s not like it wouldn’t be hard to hide this capability from customs inspectors), and wait. Oh, you want to intervene against that Taiwan
invasion reincorporation-liberation? Are you sure? Are you sure you’re sure? You might want to reconsider.
Are you Blue Scared enough yet? Still like free trade? Don’t even remember the NSA now, do you? Except maybe you’re thinking, “Somebody’s got to do something about this!” Well, who do you think that somebody is?
**What ever happened to Snowden’s girlfriend? Does she still love him? Has she visited him in Russia. Does he have a new one? Does the FSB provide for his needs? Do they need to? The guy is a top-tier global celebrity right at the end of – but still within! – his 15 minutes of fame. He probably gets his pick of the litter of the Bolshoi Ballerinas. That is, when groupies and/or ‘journalists’ aren’t flying in from all over the world to ‘intimately interface’ with the guy. Sigh … no one covers this stuff.