The National Security Agency's arsenal against foreign terrorists, criminals and sometimes even U.S. trade rivals includes circuit boards and USB thumb drives that can upload spyware onto a computer – a tactic the agency describes as "active defense," according to news reports.
The NSA's Quantum program has infiltrated close to 100,000 computers since 2008, and is capable of uploading spyware to monitor a computer even if the device is not connected to the Internet. It can monitor and modify data using radio signals, and sometimes incorporates a briefcase-sized relay station, according to The New York Times.
This technology does not appear to have been used within the U.S., according to the Times, but has been used to target some of its partners, including trade institutions inside the European Union, as well as Russian military networks, Mexican drug cartels and most frequently the Chinese Army. The Obama administration and U.S. spymasters have accused China's government of using hackers to steal secrets from American businesses to benefit China's private sector. But the playbook on digital warfare is evolving, and it is unclear whether the U.S. is violating international ethics by uploading viruses on rival computers during peacetime. Michael Hayden, former director of both the CIA and the NSA, has said governments steal each other's secrets all the time, but that China's government-sponsored hackers cross the line by targeting civilian businesses.
The NSA's use of hardware also could compromise trust in U.S. computer products the way Chinese telecommunications gear has been suspected of links to spies. The House Intelligence Committee investigated China-based telecom Huawei in 2012 for potentially including surveillance backdoors in equipment sold to the U.S., in part because Huawei CEO Ren Zhengfei used to be a military technologist for the People's Liberation Army.
Silicon Valley executives have pressured President Barack Obama to reign in NSA surveillance, fearing that reports about U.S. government spying could damage consumers' trust in their companies. Obama is scheduled to speak on Friday outlining his plans to reform the NSA.
Using military-created viruses during peacetime is a diplomatic gamble, but also places the Internet ecosystem at risk by exposing the existence of potent malware to hackers or foreign governments who might find and repurpose it to target companies, or even the U.S. government.
The Stuxnet virus designed by the U.S. and Israeli governments to sabotage Iranian nuclear equipment escaped onto the Internet through an engineer's computer and is now potentially available to hackers, according to a story published by The New York Times in June 2012.