The mid-1980s were a time of drastic change. In the United States, the Reagan era was winding down, the Cold War was heating up, and the IBM PC was the newest of newnesses. The comparatively few wires stitching together the larger university research centers around the world pulsed with a new heartbeat — the Internet Protocol (IP) — and while the World Wide Web was still a decade or so away, The Internet was a real place for a growing number of computer-savvy explorers and adventurers, ready to set sail on the virtual sea to explore and exploit this new frontier.
In 1986, having recently lost his research grant, astronomer Clifford Stoll was made a computer system admin with the wave of a hand by the management of Lawrence Berkeley Laboratory’s physics department. Commanded to go forth and administer, Stoll dove into what appeared to be a simple task for his first day on the job: investigating a 75-cent error in the computer account time charges. Little did he know that this six-bit overcharge would take over his life for the next six months and have this self-proclaimed Berkeley hippie rubbing shoulders with the FBI, the CIA, the NSA, and the German Bundeskriminalamt, all in pursuit of the source: a nest of black-hat hackers and a tangled web of international espionage.
Ever hear of the Soviet Luna program? In the west, it was often called Lunik, if you heard about it at all. Luna was a series of unmanned moon probes launched between 1959 and 1976. There were at least 24 of them, and 15 were successful. Most of the failures were not reported or named. Luna craft have a number of firsts, but the one we are interested in is that it may have been the first space vehicle to be stolen — at least temporarily — in a cold war caper worthy of a James Bond novel.
Around 1960, the Soviet Union toured several countries with exhibits of their industrial and technological accomplishments. One of the items on display was the upper stage of a Luna vehicle with windows cut out to show the payload inside. At first, the CIA suspected the vehicle was just a model. But they wanted to be sure.
The story is laid out in a CIA document from 1967 that was only declassified in 1994. Even then, the document has a lot of redactions in it. The paper is sparse on how they managed it, but when the exhibit closed — somehow — a group of intelligence operatives wound up inside the exhibition hall alone for 24 hours.
What they found was surprising. While the engine and most of the avionics were gone, the vehicle was the real article. They took measurements and photos, hoping that analysis would reveal more about the vehicle’s performance characteristics.
Here’s where you start getting into the redacted material. The team was able to get something from the probe — probably machine tooling marks — but there wasn’t enough detail to identify where and how they were made. They decided to get a team specializing in this kind of analysis to examine it more closely.
[Wikileaks] has just published the CIA’s engineering notes for Weeping Angel Samsung TV Exploit. This dump includes information for field agents on how to exploit the Samsung’s F-series TVs, turning them into remotely controlled spy microphones that can send audio back to their HQ.
An attacker needs physical access to exploit the Smart TV, because they need to insert a USB drive and press keys on the remote to update the firmware, so this isn’t something that you’re likely to suffer personally. The exploit works by pretending to turn off the TV when the user puts the TV into standby. In reality, it’s sitting there recording all the audio it can, and then sending it back to the attacker once it comes out of “fake off mode”.
It is still unclear if this type of vulnerability could be fully patched without a product recall, although firmware version 1118+ eliminates the USB installation method.
The hack comes along with a few bugs that most people probably wouldn’t notice, but we are willing to bet that your average Hackaday reader would. For instance, a blue LED stays on during “fake off mode” and the Samsung and SmartHub logos don’t appear when you turn the TV back on. The leaked document is from 2014, though, so maybe they’ve “fixed” them by now.
Do you own a Samsung F-series TV? If you do, we wouldn’t worry too much about it unless you are tailed by spies on a regular basis. Don’t trust the TV repairman!
The latest from WikiLeaks is the largest collection of documents ever released from the CIA. The release, called ‘Vault 7: CIA Hacking Tools Revealed’, is the CIA’s hacking arsenal.
While Vault 7 is only the first part in a series of leaks of documents from the CIA, this leak is itself massive. The documents, available on the WikiLeaks site and available as a torrent, detail the extent of the CIA’s hacking program.
Of note, the CIA has developed numerous 0-day exploits for iOS and Android devices. The ‘Weeping Angel’ exploit for Samsung smart TVs, “places the target TV in a ‘Fake-Off’ mode, so that the owner falsely believes the TV is off when it is on.” This Fake-Off mode enables a microphone in the TV, records communications in the room, and sends these recordings to a CIA server. Additionally, the CIA has also developed tools to take over vehicle control systems. The purpose of such tools is speculative but could be used to send a moving car off the road.
It is not an exaggeration to say this is the most significant leak from a government agency since Snowden, and possibly since the Pentagon Papers. This is the documentation for the CIA’s cyberwarfare program, and there are more leaks to come. It will be a while until interested parties — Hackaday included — can make sense of this leak, but until then WikiLeaks has published a directory of this release.
Shortwave radio is boring, right? Maybe not. You never know what intrigue and excitement you might intercept. We recently covered secret number stations, and while no one knows for sure exactly what their purpose is, it is almost surely involving cloaks and daggers. However, there’s been some more obvious espionage radio, like Radio Swan.
The swan didn’t refer to the animal, but rather an island just off of Honduras that, until 1972, was disputed between Honduras and the United States. The island got its name–reportedly–because it was used as a base for a pirate named Swan in the 17th century. This island also had a long history of use by the United States government. The Department of Agriculture used it to quarantine imported beef and a variety of government departments had weather stations there.
You might wonder why the United States claimed a tiny island so far away from its shores. It turns out, it was all about guano. The Guano Islands Act of 1856 allowed the president to designate otherwise unclaimed territory as part of the United States for the purpose of collecting guano which, in addition to being bird excrement, is also important because it contains phosphates used in fertilizer and gunpowder. (Honestly, you couldn’t make this stuff up if you tried.)
However, the most famous occupant of Swan Island was Radio Swan which broadcast on the AM radio band and shortwave. The station was owned by the Gibraltar Steamship Company with offices on Fifth Avenue in New York. Oddly, though, the company didn’t actually have any steamships. What it did have was some radio transmitters that had been used by Radio Free Europe and brought to the island by the United States Navy. Did I mention that the Gibraltar Steamship Company was actually a front for the Central Intelligence Agency (CIA)?
When you have a virtually unlimited budget, you can pull off some amazing things. This has become most evident recently as the CIA has been showing off some of its old tech. That dragonfly you see above is near life-size and actually flies. They hired a watch maker to build a tiny internal combustion engine to run it. That alone is pretty amazing, but this thing was actually flying in the 70’s. Upon further inspection of the wings, we actually have no idea how this sucker is supposed to fly. Despite our skeptical viewpoint, you can see a tiny clip of it flying after the break. You can also catch a video of “charlie” the robot catfish.
TEMPEST is the covername used by the NSA and other agencies to talk about emissions from computing machinery that can divulge what the equipment is processing. We’ve covered a few projects in the past that specifically intercept EM radiation. TEMPEST for Eliza can transmit via AM using a CRT monitor, and just last Fall a group showed how to monitor USB keyboards remotely. Through the Freedom of Information Act, an interesting article from 1972 has been released. TEMPEST: A Signal Problem (PDF link dead, try Internet Archive version) covers the early history of how this phenomenon was discovered. Uncovered by Bell Labs in WWII, it affected a piece of encryption gear they were supplying to the military. The plaintext could be read over that air and also by monitoring spikes on the powerlines. Their new, heavily shielded and line filtered version of the device was rejected by the military who simply told commanders to monitor a 100 feet around their post to prevent eavesdropping. It’s an interesting read and also covers acoustic monitoring. This is just the US history of TEMPEST though, but from the anecdotes it sounds like their enemies were not just keeping pace but were also better informed.