Glenn Greenwald: How the NSA Tampers With US Made Internet Routers 347
Bob9113 (14996) writes "According to Glenn Greenwald, reporting in The Guardian: 'A June 2010 report from the head of the NSA's Access and Target Development department is shockingly explicit. The NSA routinely receives – or intercepts – routers, servers, and other computer network devices being exported from the US before they are delivered to the international customers. The agency then implants backdoor surveillance tools, repackages the devices with a factory seal, and sends them on. The NSA thus gains access to entire networks and all their users. The document gleefully observes that some "SIGINT tradecraft is very hands-on (literally!)".'"
What about inbound? (Score:5, Insightful)
Surely the NSA can touch anything that Customs does.
China (Score:1, Insightful)
Nice job NSA (Score:5, Insightful)
You just single-handedly killed the entire US tech industry. You murdered trust. No one will ever trust US hardware again.
Re:Knock knock (Score:5, Insightful)
Working for a defense contractor, I can say that someone is going to have fun talking with the FBI and/or the CIA and/or the NSA soon.
Happy butt raping!
Soon?
You must have missed the part where it says "A June 2010 report from the head of the NSA's Access and Target Development ".
I seriously doubt the FBI or CIA are going to go after the NSA.
It just costs US companies sales, and further encourages them to move manufacturing overseas.
Re:First (Score:5, Insightful)
You can't trust open source either.
Devices like these often have "binary blobs" that aren't open source and could contain backdoors (one of the reasons RMS has been rallying against them, but probably not the primary reason), but even more fundamentally than that, it would be naive to assume that the NSA can't hire programmers to contribute to these projects and that they can't be good enough at what they do to make a backdoors that would pass a code review without being detected.
That said, at least with open source you have the chance to find such things, so there is that. But either way ... I think we're screwed.
Re:Nothing unconstitutional about this (Score:2, Insightful)
Considering the US government blatantly and consistently ignores its constitution, the document which grants it sovereignty, and is thus a rogue or fail[ing/ed] state, dismantling the intelligence apparatus would be a good thing for its citizens.
Re:Nice job NSA (Score:5, Insightful)
The problem is that even if this is a lie, the NSA has done enough that it will likely be believed. Once some lines have been crossed, its difficult to claim that others have not been. There are lots of companies with a huge financial interest in damaging the reputation of US equipment, so one can expect a constant flow of stories - some true some not.
Yes the NSA has done grave damage to US tech industry. They likely have also drastically weakened our national defense by creating / allowing / obscuring weaknesses in our cyber defense. I don't think it was intentional, just people applying 20th century ideas to 21st century conflicts. The sort of thinking that causes great nations to become quaint has-been's.
Re:Nice job NSA (Score:5, Insightful)
You mean that Chinese manufactured US hardware? They have to ship the crap here for the NSA to backdoor it because it's made in China. My question is do they take out the Chinese backdoors or do they leave those in with the NSA backdoors?
Re:First (Score:4, Insightful)
I think we're screwed.
Only if you keep on reelecting the same old crooked politicians over and over again. The NSA can't control who you vote for.
Re:Nothing unconstitutional about this (Score:5, Insightful)
Had Snowden only leaked the unconstitutional domestic spying, he would be a hero. It should be very clear now that those leaks were just a cover for treason. His goal seems to be nothing less than the dismantling of our entire intelligence apparatus.
You can't hide an intelligence operation of this scale forever, this was going to come out sooner or later, Snowden is an inevitability. That having been said, while your concern over how the USA's ability to find out what color underwear everybody else is ordering online is a valid one, consider the economic impact of this. I'm sure Cisco and a whole horde of other US based network equipment manufactures were thrilled to the core when they woke up one morning and found out that the NSA just crashed their sales and to add insult to injury ensured that in the long term their overseas competitors will get a whole lot more business as governments and corporations look for secure and preferably domestic sources of network equipment. Maybe the fact that it was all done in the name of patriotism and national security will more than compensate these US businesses for any financial losses that result from this activity?
Re:Most damaging release yet (Score:4, Insightful)
Re:Fuck the foreigners Re:What about inbound? (Score:5, Insightful)
We hold these truths to be self-evident, that all men are created equal, that they are endowed by their Creator with certain unalienable Rights, that among these are Life, Liberty and the pursuit of Happiness.
Looks to me like those spying on anyone, anywhere, are the real traitors.
NSA's message (Score:5, Insightful)
NSA's message:
Beware: we're doing it to them so they could be doing it to us.
Of course they could not go public with part one to they only publicized part two.
Re:Nice job NSA (Score:5, Insightful)
"'Merica is doing it so everyone must be doing it" is a really dumb defense mechanism. In the case of the US we now all have the facts, in the case of everyone else you just have your paranoia.
Re:First (Score:4, Insightful)
And people though Huawei concerns were baseless (Score:4, Insightful)
Re:First (Score:4, Insightful)
That said, at least with open source you have the chance to find such things, so there is that.
Even with "open source" you still have to get the source code to your spiffy new router. Then you have to do a code review to see what's there. Then compile it, then get the libraries and try to link it, then try comparing the binary just to find out that it will have natural differences from what is installed in the router IF you can extract the binary once it has been flashed into it. (Do many firmware-upgradeable routers have an "extract" function, or only "install"?)
So, if by "chance to find such things" you really mean "install your own code that will overwrite anything that isn't supposed to be there", yes. But to actually FIND the backdoors you need to extract the binary and decompile it anyway. The source may be a guide to what you expect to see, but with optimization and compiler tricks the source may not be all that helpful.
Re:Fuck the foreigners Re:What about inbound? (Score:5, Insightful)
Just curious, does that include Alan Turing [wikipedia.org] spying on Germans [wikipedia.org]? Or the UK intelligence intercepting Zimmerman's telegram [wikipedia.org]?
Re:China (Score:5, Insightful)
Let's see. We have proof of the US doing this. We don't have proof of China doing it.
Conclusion: Accuse China!
This makes perfect sense.
Re: Most damaging release yet (Score:4, Insightful)
You do know they put the branding on them there don't you. It comes here to be sold to US consumers. I can't believe anyone is stupid enough to buy a router made in china and then shipped out of the US. You have to know the only possible reason for it to come to the US and then leave again is that it's been altered. Anyone who falls for that is so incompetent you shouldn't really need to spy on them.
Re:Fuck the foreigners Re:What about inbound? (Score:4, Insightful)
Nothwithstanding the fact that I don't think a single person involved in any of this is guilty of treason, you are blatantly wrong about a few things, like this:
In fact, all the disclosures released so far have shown government ACTIVELY protecting civil liberties of Americans.
This is just wrong, the NSA's net is so large that they can and do collect a lot of information about Americans not suspected of a crime. The three hops rule means that they collect data from millions of people who are so loosely connected with a particular suspect as to make it so that there is no real connection there. The recent proposals of changing how the NSA works also removed the privacy advocate. If the federal government's priority was protecting Americans' civil liberties, why did they remove the person whose job that would be?
Remember, the goal is to expand the powers of government.
The goal of what? The goal of the constitution is to limit, not expand, the powers of government. That is spelled out very clearly. The entire purpose of the constitution is to protect the citizens from the government.
Your role as a citizen is to make sure government continues to function and do its job, because that's what we as citizens have decided.
What happens when the government stops doing its job, or starts abusing its power? If that is happening, wouldn't you want to know about it?
Re:Fuck the foreigners Re:What about inbound? (Score:5, Insightful)
No idea why you're being downmoderated. It's *absolutely* the NSA's job to eavesdrop on foreigners. That's what they're being paid to do.
While it is the NSA's job to spy on people, that's traditionally been something you do against your adversaries, not your allies. I mean, it's one thing if we're talking about tapping the USSR's undersea cables. They had nuclear-tipped ICBMs pointed at us. It's quite another thing when we're talking about tapping the phone of Angela Merkel. She's the democratically elected president of an allied NATO state. I mean, up until that point she and Obama had a pretty good working relationship, so if he really wanted to know what she was thinking, he probably could have you, know, asked her.
Re:Fuck the foreigners Re:What about inbound? (Score:5, Insightful)
NSA apologist trope #57: [insert foreign country that has no 4th amendment] routinely does the same thing we do.
This is one of the dumbest arguments in the NSA apologist playbook. Gee, we are as bad as China when it comes to spying on our populace. Great job!
Re:Fuck the foreigners Re:What about inbound? (Score:3, Insightful)
Here is a little logic lesson, take heed of the flow because I realize that logic is difficult for people.
Spying in and of itself can be considered a gray area. We can justify spying on enemies, and not spying on friends.
Deceit on the other hand is always bad. There is really no gray area in that one, try as you like there is no way to convert deceit to honesty.
The issue with the NSA, and say Australia, is that the US Government as a whole has lied to the people that the politicians and office holders are supposed to be representing. Repeatedly lied I'll add, and those lies are all in the open and well documented.
This takes us to an issue of trust, and people simply have no more trust for the US Government. People in offices have lied not just about the NSA, but everything possible. WMDs in Iraq, the TPP, and Fast and Furious are good recent examples, but The Gulf of Tonkin and COINTELPRO were just as real and lies as well. So we have a history of liars holding offices to overcome somehow.
Spying by itself may not be treasonous (unless you are breaking the laws defined in the US Constitution), but providing arms to gangs that kill US citizens surely counts. I would say that declaring war on fabricated and falsified information also counts because it cost thousands of US lives and endangers our country as a whole. A politician failing to protect the US Constitution and trying to subvert our Government also counts as treason, which is why the last 3 Presidents have all been brought up on impeachment charges.
It's the lying in addition to performing acts the US Constitution prohibits that make these acts treasonous.