F-BOMB: the $50 DARPA-funded spy computer makes widespread surveillance even easier
By End the Lie
Security researcher and head of one-man security consultancy firm Malice Afterthought, Brendan O’Connor, has developed a new dirt cheap spy computer called the Falling or Ballistically-launched Object that Makes Backdoors (F-BOMB) with the Defense Advanced Research Projects Agency (DARPA) putting up the funding.
The F-BOMB could revolutionize the surveillance industry and make it much easier for governments to monitor massive amounts of people while still being able to hold on to the all-too-precious plausible deniability.
The device is designed to use cheap, widely available computer parts which would enable the entity that placed the sensor-equipped surveillance computer to remain unknown if the F-BOMB is discovered by the individual being monitored.
Since all of the parts used in the device are common, off-the-shelf pieces of equipment, it would be near impossible to tell if it was the government (and if so, which government or more specifically, which government agency), law enforcement or even a private entity that was behind placing it.
That is, of course, if you’re even able to find it.
The tiny 3.5 by 4 by 1 inch computer can be hidden in a wide variety of objects ranging from a home carbon monoxide detector to a box of cereal to a ventilation shaft.
O’Connor was showing off the device at the Shmoocon security conference (a nicer way of saying a hacker convention) which recently met in Washington, DC.
His prototype model was built from the hardware in the PogoPlug mini-computer along with just a few antennae, a mere eight gigabytes of flash memory and a plastic casing made by a 3D printer.
PogoPlugs can be found online for as cheap as $25 dollars which allowed O’Connor to construct his prototype models for a mere $46 each, a sum which seems almost unbelievable considering the ludicrously expensive devices the Department of Defense usually pursues.
O’Connor has designed the F-BOMB to be deployed in a wide variety of situations by many different delivery methods. One could be dropped from a small drone, plugged into an out of the way wall socket, tossed over a physical barrier of some kind or placed in something hard to reach like a ventilation shaft.
The F-BOMB then can sit untouched stealing data which can later be retrieved by the owner or entity that placed it over any available wireless network.
“If some target is surrounded by bad men with guns, you don’t want to have to retrieve this, but you also don’t want to have to pay four or five hundred dollars for every use,” O’Connor told Forbes. “The idea is that it’s as close to free as possible. So you can throw a bunch of these sensors at a target and get away with losing a couple nodes in the process.”
However, this is not just useful for monitoring potentially dangerous targets where a more expensive sensor might be lost; indeed it will be very useful for monitoring large amounts of people on an immense scale.
That is likely exactly why DARPA gave O’Connor’s Malice Afterthought a contract to develop the F-BOMB under their Cyber Fast Track program.
“CFT is designed to fund research to be performed by boutique security companies, individuals, and hacker/maker-spaces, and allow them to keep the commercial Intellectual Property for what they create,” according to the official description.
Interestingly, the official webpage lists Malice Afterthought, Inc. as having received funds for a project entitled “Reticle: Leaderless Command and Control” which does not sound like the same project as the F-BOMB, which would mean that O’Connor has a much closer relationship with the government than a mere single contract might imply.
The F-BOMB is highly flexible and can be outfitted with various hardware to be deployed in a plethora of situations.
O’Connor makes an effort to point out that it can be outfitted with temperature or humidity sensors which would allow it to be “used for meteorological research or other innocent data-collecting.”
O’Connor laughably claims that the F-BOMB is only meant for penetration testing, also known as “White Hat” hacking, which is the act of probing clients’ networks to find security flaws so they can be fixed before a real attack takes place.
Unsurprisingly, however, O’Connor wouldn’t comment on what exactly DARPA intends to do with the technology, likely because he isn’t stupid enough to think that this will be used for anything other than widespread surveillance.
Entities like DARPA and those that work for them often attempt to emphasize that their research can be used for peaceful purposes, but it is clear that this is aimed at cheap, widespread surveillance and not affordable scientific research instruments.
This is made clear by the fact that it can be loaded with software to crack and monitor Wi-Fi networks or a staggeringly cheap $15 GPS module which would allow it to record data on network communications or the whereabouts of a target.
Compared to the high-price of the current GPS monitoring devices used by law enforcement, which have even led them to embarrassingly have to ask for them back, this could be deployed and if found totally disavowed.
If one were to discover one of these devices spying on them, it would be almost impossible to tell where it came from due to the widespread availability of the parts and the low price tag which means just about anyone could have paid for it.
The danger here is that the government could easily illegally monitor individuals with no fear of legal retribution whatsoever because it would be impossible to prove that it was the government actually conducting the surveillance.
They could claim that they had no idea the monitoring was taking place and that it was being done by some random private individual who was not acting under orders from the government.
I can’t think of a way in which someone could actually prove in a court of law that it was the government that placed the device to spy on them, meaning that they wouldn’t even have to worry about the already absurdly lax guidelines laid out by legislation like the PATRIOT Act.
O’Connor has already thought up novel ways to deploy the F-BOMB like the iPhone-controlled Parrot Drone which can be used to monitor a target from the air, deploy on a roof or even drop the device via a hook attached to the commercially available drone.
Forbes also provides an image (shown above) of a version of the F-BOMB which resides inside a common household carbon monoxide detector.
The detector can then be plugged into a wall outlet where it can remain indefinitely, collecting unknown amounts of personal and private data from the target.
The most basic F-BOMB model comes equipped with a module of AA batteries which thus allow for just a few hours of usage when not plugged in.
However, O’Connor says that he is indeed already working on versions which boast more longevity for longer monitoring away from a power source.
“It can fit whatever use case you want,” he says. “Put it in a box of stale Triscuits in the office kitchen, and no one will touch it. Or hide it in a carbon monoxide detector and you can leave it there for months.”
Indeed, I could come up with a near endless list of ways this could be deployed which likely would never be detected by the target of the surveillance, and obviously I find that quite troubling.
When one considers how easily it can be hidden along with the nearly unbelievably low price, it adds up to an unpleasant picture.
O’Connor was formerly employed by SET, another DARPA contractor, and says that he got the inspiration for the F-BOMB from talks at last summer’s Defcon, another hacker conference.
One of the talks was on systems for firing camera projectiles (hence the “Ballistically-launched” aspect of the F-BOMB) and the other was on the Wireless Aerial Surveillance Platform (WASP) which is an Air Force drone modified for cracking Wi-Fi networks and spying on cell phone communications.
Forbes provides two links for the subjects, but the link for “systems for firing camera projectiles” was identified as malicious by my anti-virus software so I wouldn’t recommend that you visit it unless you are properly protected.
However, the same author, Andy Greenberg, covered the WASP in July of last year for Forbes in an article which you can read here.
The major difference between O’Connor’s F-BOMB and the two projects at Defcon is the insanely low costs associated with O’Connor’s project and the fact that all components are commercially-available and thus could be acquired by anyone, it “can be left behind without its innards revealing who built it, as more custom-designed or expensive parts might.”
“If you lose it, it’s not a big deal,” O’Connor said, highlighting what I think is one of the more troublesome aspects of this device. “And if they take it apart, they don’t learn anything about you.”
This allows for illegal surveillance to become more widespread due to lower risk in terms of both liability and cost.
Seeing as our government has become obsessed with creating an invisible surveillance state which would make Orwell think Nineteen Eighty-Four was far too conservative to be realistic, the F-BOMB seems like the perfect device to help them in their quest to bathe our nation and the world in a massive surveillance grid, which can now be done at a fraction of the cost one might associate with such a behemoth task.