How NSA Can Spy on Air-Gapped Networks? Meet FIREWALK (youtu.be)

submitted 2 days ago* (last edited 2 days ago) by kugmo@sh.itjust.works to c/cybersecurity@sh.itjust.works

9 comments fedilink hide all child comments

Came out in 2008 and leaked in 2013, the glowies have been able to send out malicious packets from air-gapped networks for exuberant prices.

you are viewing a single comment's thread
view the rest of the comments

[-] sun_is_ra@sh.itjust.works 3 points 1 day ago

Anyone watched the video willing to share how?

[-] higgsboson@dubvee.org 6 points 1 day ago

https://www.schneier.com/blog/archives/2014/03/firewalk_nsa_ex.html

FIREWALK is a bidirectional network implant, capable of passively collecting Gigabit Ethernet network traffic, and actively injecting Ethernet packets onto the same target network.

[-] sun_is_ra@sh.itjust.works 3 points 1 day ago

Thank you kind stranger.

I also found another website that has some images and bit more details if anyone interested

https://www.cryptomuseum.com/covert/bugs/nsaant/firewalk/index.htm

[-] kmartburrito@lemmy.world 4 points 1 day ago

It's a combination of compromising the hardware gigabit connector on the motherboard, and embedding within that connector a hidden rf device that can exfiltrate data over a wireless signal, effectively jumping across that air gap in place.

It details how the NSA captured hardware shipments in transit and replaced them with the firewalk compromised hardware and then let the shipments proceed to their intended recipient.

It's an 11 minute video, and a decent watch.

[-] kugmo@sh.itjust.works 4 points 1 day ago

Work for the NSA, seize package of a computer from person you want to spy on, install RJ45 port with hardware backdoor that also has RF emitter, gather the intercepted packets with RF receiver within distance.

[-] socsa@piefed.social 0 points 1 day ago

They put an SDR into Ethernet ports. This let them inject exploits and exfil data across air gaps using local agents or proxies who merely got close to the device.

this post was submitted on 02 May 2025

16 points (94.4% liked)

Cybersecurity

7124 readers

70 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Be respectful. Everyone should feel welcome here.
No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
No Ads / Spamming.
No pornography.

Community Rules

Idk, keep it semi-professional?
Nothing illegal. We're all ethical here.
Rules will be added/redefined as necessary.

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !securitynews@infosec.pub !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub

Notable mention to !cybersecuritymemes@lemmy.world

founded 2 years ago

MODERATORS

kid@sh.itjust.works

Lanky_Pomegranate530@midwest.social