Photos of NSA hacking routers

Recall the story of how the NSA was intercepting the shipment of US-made routers and secretly installing backdoors in them that would enable the NSA to gain access to their entire traffic and users before re-sealing the packages and forwarding them to the unwitting recipients.

It turns out that there are internal NSA documents containing actual photographs of this being done. These documents and photographs are contained in Glenn Greenwald’s recently released book No Place to Hide.

Recall also how the US government vociferously accused Chinese manufacturers of routers of doing exactly this same thing in the service of the Chinese government, even though they never produced any actual evidence that this was the case. This resulted in one Chinese manufacturer withdrawing his product from the American market because he did not want to deal with the headache of defending himself from these accusations.

I suspect that publicly accusing the Chinese of doing what they themselves were doing was not just part of a propaganda war but was designed to make companies that use routers wary of Chinese manufacturers. Those companies were then more likely to purchase routers made by US manufacturers and thus were walking straight into the NSA’s trap.


  1. Katie Anderson says

    I would love to know if the router manufacturers were aware of it. The company I work at ships industrial equipment that is used for testing all sorts of products, including military ones, to countries all over the world. If something went wrong with some and the controllers (basically PCs) were shipped back for engineering to look over I would know pretty quickly if they had been tampered with. One of the first tests I run is comparing it to the factory install with independent equipment to see what files have changed.

  2. lorn says

    There have been stories, I’ve seen a few reports dating back to the 90s, of odd inclusions in drivers. In one case an entire mini-game was included in the firmware driver for a tape drive produced in China. Speculation was that the game was on the computer storing the driver firmware and accidentally got bundled into the firmware, where it has no purpose and is impossible to play, when someone cut and pasted the pieces of the driver together.

    It isn’t as simple as saying some/all US routers has back doors installed and no Chinese, or Taiwanese, of Korean routers did. Firmware drivers are now so complex that it is pretty much impossible to detect a back door if someone doesn’t tell you where to look. You are largely operating on a companies reputation. Ironically, given the way software is created in a cooperative environment, it is pretty much certain that back doors exist in almost every piece of software of any length. The majority are likely patched or commented out but the odds of getting every one are pretty small. Years after being “ready for prime-time” and released security flaws are still getting patched.

    There is no functional difference between a back door purposely inserted, a back door written in for development but mistakenly not removed, and a back door that is the result of happenstance. Holes are holes.

  3. Armored Scrum Object says

    @Katie Anderson #2: I think you’re underestimating the deviousness of the NSA. Unless you’re doing a close visual inspection of the hardware and/or extremely sensitive signal integrity checks on any kind of privileged serial control bus in the system (I2C, CAN, SPI, USB, Ethernet, RS-232/422/485, SMBus, JTAG, etc.), the trojan could be a microcontroller about the size of an SMT transistor. They wouldn’t even need special-purpose chips; hobbyists have figured out how to bitbang protocols like 10Mbit Ethernet and Full Speed USB with an ATtiny or the like.

    @lorn #3: All true, and there are good reasons to believe that there are undisclosed holes in at least Cisco and Juniper routers (e.g. Theo de Raadt has apparently indicated that he is aware of a FreeBSD-specific OpenSSH hole that made it into JunOS). Sobering stuff.

Leave a Reply

Your email address will not be published. Required fields are marked *