Quantcast

«

»

May 13 2014

NSA tampers with routers to gain backdoor access

By now it should be no surprise that whenever the US accuses another country of doing something wrong, it is also very likely the case that they are doing the same thing. This hypocrisy has become so routine that one wonders whether one should even both to comment on it, but it is still necessary. The latest is the revelation about what the US has been doing with routers.

For years, the US government loudly warned the world that Chinese routers and other internet devices pose a “threat” because they are built with backdoor surveillance functionality that gives the Chinese government the ability to spy on anyone using them. Yet what the NSA’s documents show is that Americans have been engaged in precisely the activity that the US accused the Chinese of doing.

The drumbeat of American accusations against Chinese internet device manufacturers was unrelenting. In 2012, for example, a report from the House Intelligence Committee, headed by Mike Rogers, claimed that Huawei and ZTE, the top two Chinese telecommunications equipment companies, “may be violating United States laws” and have “not followed United States legal obligations or international standards of business behaviour”. The committee recommended that “the United States should view with suspicion the continued penetration of the US telecommunications market by Chinese telecommunications companies”.

Mind you, no evidence was ever produced that Chinese companies were actually doing the things they were accused of. But the relenetless charges had the desired effect.

The constant accusations became such a burden that Ren Zhengfei, the 69-year-old founder and CEO of Huawei, announced in November 2013 that the company was abandoning the US market. As Foreign Policy reported, Zhengfei told a French newspaper: “‘If Huawei gets in the middle of US-China relations,’ and causes problems, ‘it’s not worth it’.”

But then we had the almost inevitable denouement, courtesy of Edward Snowden’s document of course.

A June 2010 report from the head of the NSA’s Access and Target Development department is shockingly explicit. The NSA routinely receives – or intercepts – routers, servers and other computer network devices being exported from the US before they are delivered to the international customers.

The agency then implants backdoor surveillance tools, repackages the devices with a factory seal and sends them on. The NSA thus gains access to entire networks and all their users. The document gleefully observes that some “SIGINT tradecraft … is very hands-on (literally!)”.

The NSA undoubtedly has some of the best cryptographers in the world. But what is becoming clear is that it gains access to the world’s data not by computer cleverness but by cheating.

3 comments

1 ping

  1. 1
    colnago80

    Hey, the folks in Prof. Singham’s least favorite country are even more aggressive then the NSA.

    http://goo.gl/dwN8ji

  2. 2
    Marcus Ranum

    The NSA’s sheer marketing genius is really helping US high tech companies penetrate new markets.

  3. 3
    Marcus Ranum

    I am a bit nonplussed by the non flood of people discovering these NSA backdoors. One would expect that, knowing where to look, security researchers would be finding them, disassembling them, and publishing details about them. But so far … nothing. I used to adopt a position of skepticism as to whether the Chinese would be so stupid as to backdoor the products they are selling (I would have expected that, if the US gov’t was having trouble with backdoored Chinese routers, that they’d be publishing model numbers and decompiled code) I think it’s only reasonable to sow similar skepticism regarding claims of NSA backdoors. In the meantime, I know researchers that are actively looking for them so they can count coup on NSA, but….. So far….. nothing. WTF?

  1. 4
    MORE TOYS THAN Q BRANCH… | Have Coffee Will Write

    […] Echoing a looping thought in my own head, a commenter on Mano Singham’s blog writes: […]

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>