|
|
|
|
|
|
by shawn
2902 days ago
|
|
|
One thing the NSA is very good at is getting access to virtually every type of networking card. If they achieve access to a target, it's likely they control a path to it. If the target is a wifi device, the custom protocol becomes doubly effective: Exfiltration is a matter of having a receiver anywhere in the vicinity. And that receiver can amplify the signal to blast it a few miles. There are tools to sweep the EM spectrum looking for anomalies like this, but they seem to be rare, for the moment. |
|
|
Without specific, documented cases this is speculation of course. But I don't see why they'd use a link level protocol. 1. It requires patching multiple networking devices in the path, which is not very quiet. 2. It sticks out in any monitoring (via mirror ports) more than a UDP packet to a random host. DNS or ntp as a transport would be much simpler to hide.