Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Glenn Greenwald: How the NSA Tampers With US Made Internet Routers

samzenpus posted about 5 months ago | from the try-it-now dept.

United States 347

Bob9113 (14996) writes "According to Glenn Greenwald, reporting in The Guardian: 'A June 2010 report from the head of the NSA's Access and Target Development department is shockingly explicit. The NSA routinely receives – or intercepts – routers, servers, and other computer network devices being exported from the US before they are delivered to the international customers. The agency then implants backdoor surveillance tools, repackages the devices with a factory seal, and sends them on. The NSA thus gains access to entire networks and all their users. The document gleefully observes that some "SIGINT tradecraft is very hands-on (literally!)".'"

Sorry! There are no comments related to the filter you selected.

What about inbound? (4, Insightful)

mr_mischief (456295) | about 5 months ago | (#46983447)

Surely the NSA can touch anything that Customs does.

Fuck the foreigners Re:What about inbound? (-1, Flamebait)

mozumder (178398) | about 5 months ago | (#46983697)

This is about exports, to spy on foreigners.

More importantly, how does the release of this information benefit Americans privacy rights? This is about foreigners, not Americans. But I guess traitors aren't really concerned about Americans..

We PAY the NSA to spy on foreigners, because they're foreigners, fuck em. That's the NSA's job.

This is another example of traitors being traitors. Edward Snowden has done NOTHING to help actual American civili liberties.

In fact, all the disclosures released so far have shown government ACTIVELY protecting civil liberties of Americans. For example, why do you think they have actual filters to filter out data on Americans? If the NSA was about violating Americans rights, then they wouldn't have those filters in the first place. They would collect actual data, instead of metadata, because no one has the right to metadata privacy, as courts have decided already 35 years ago.

Remember, the goal is to expand the powers of government. We form a government to give it powers over other entities, like corporations (via laws and regulations) and foreigners (via trade rules and military).

All Americans are guests living in this country. Your role as a citizen is to make sure government continues to function and do its job, because that's what we as citizens have decided.

And we as citizens have decided, fuck foreigners - we're going to spy on them. And it's their governments job to protect their citizens privacy, not ours. Too bad traitors like Edward Snowden and their narcissistic precious snowflake high-school dropout libertarian supporters haven't figured this out yet.

Sorry that won't be able to reply to this, since you "libertarians" don't want us big-government jack-booted socialists thugs like me posting here and prefer to limit my posts because they has sad when we do. lol. Good job, idiots.

Decided now if you want to be a traitor or not. The rest of the country will deal with whatever you decide.

Re:Fuck the foreigners Re:What about inbound? (5, Insightful)

Zontar The Mindless (9002) | about 5 months ago | (#46983819)

We hold these truths to be self-evident, that all men are created equal, that they are endowed by their Creator with certain unalienable Rights, that among these are Life, Liberty and the pursuit of Happiness.

Looks to me like those spying on anyone, anywhere, are the real traitors.

Re:Fuck the foreigners Re:What about inbound? (4, Insightful)

mi (197448) | about 5 months ago | (#46984125)

Looks to me like those spying on anyone, anywhere, are the real traitors.

Just curious, does that include Alan Turing [wikipedia.org] spying on Germans [wikipedia.org] ? Or the UK intelligence intercepting Zimmerman's telegram [wikipedia.org] ?

Re:Fuck the foreigners Re:What about inbound? (5, Informative)

Anonymous Coward | about 5 months ago | (#46983863)

The NSA's own internal watchdog group found that NSA snooping power was used to spy on 'love interests' of several NSA employees.

If their own internal watchdog group is telling the world that there's something going on here, it's a bold move to claim "all the disclosures released so far have shown government ACTIVELY protecting civil liberties of Americans"

Imagine if an organization such as the ACLU had access to all internal NSA snooping records. Are you telling me that you believe that no civil liberties have been violated by the NSA? Alternatively, are you telling me that we have zero rights because the NSA is allowed to spy on everyone doing anything at any time for no reason at all?

Re:What about inbound? (1)

LifesABeach (234436) | about 5 months ago | (#46983931)

One cannot help but wonder what would happen if Router manufacturers put in smaller EPROMS, and Onboard RAM; to reduce costs of course.

Re:What about inbound? (2)

WarJolt (990309) | about 5 months ago | (#46983951)

You think the NSA really needs customs to help them spy on US citizens? They really don't have to be that clever about it.

First (1)

CBravo (35450) | about 5 months ago | (#46983449)

we were innocent and naive. Now you can only trust open source.

Re:First (5, Insightful)

dougmc (70836) | about 5 months ago | (#46983539)

You can't trust open source either.

Devices like these often have "binary blobs" that aren't open source and could contain backdoors (one of the reasons RMS has been rallying against them, but probably not the primary reason), but even more fundamentally than that, it would be naive to assume that the NSA can't hire programmers to contribute to these projects and that they can't be good enough at what they do to make a backdoors that would pass a code review without being detected.

That said, at least with open source you have the chance to find such things, so there is that. But either way ... I think we're screwed.

Re:First (4, Insightful)

fustakrakich (1673220) | about 5 months ago | (#46983725)

I think we're screwed.

Only if you keep on reelecting the same old crooked politicians over and over again. The NSA can't control who you vote for.

Re:First (5, Informative)

machineghost (622031) | about 5 months ago | (#46983793)

Does it really matter who we vote for, as far as the NSA is concerned? Any "electable" candidate will just let the NSA keep doing what they're doing.

Even if someone like Al Franken got elected president by some miracle (which is not going to happen) he still couldn't do much unless people also elected a whole bunch of Al Frankens/Rand Pauls to Congress. And that just isn't going to happen (there's a reason why those two are such outliers).

Ultimately the only way we'll ever end NSA malfeseanse (or CIA malfeseanse for that matter) is if we can somehow expose what they do. Without that, we'll change politcians but they'll stay the same.

Re:First (3, Interesting)

fustakrakich (1673220) | about 5 months ago | (#46983857)

Al Franken? No thanks [opensecrets.org] ! Besides, he thinks the NSA is a-okay...

Re:First (1)

Anonymous Coward | about 5 months ago | (#46983905)

OMG did you just put Al Franken and Rand Paul in the same sentence?

Re:First (3, Informative)

Anonymous Coward | about 5 months ago | (#46983803)

The NSA can't control who you vote for.

YET.

Re:First (3, Insightful)

LifesABeach (234436) | about 5 months ago | (#46983941)

Electronic Voting Machines maybe?

Re:First (4, Informative)

Grishnakh (216268) | about 5 months ago | (#46983775)

You can't trust open source either.
Devices like these often have "binary blobs" that aren't open source

No, you CAN trust open source. If it has a binary blob, then by definition, it is not open source.

it would be naive to assume that the NSA can't hire programmers to contribute to these projects and that they can't be good enough at what they do to make a backdoors that would pass a code review without being detected.

That's still better than closed-source code that you can never inspect. Also, any such contributions will be recorded and tracked. Serious open-source projects like the Linux kernel don't accept anonymous contributions; they have to be signed off by someone. Also importantly, if you look at the Linux kernel, you'll find most contributions (esp. in an area where a backdoor could have a real impact, not places like USB joystick drivers or whatever) come from programmers working for well-known companies, not from random people on the internet.

Re:First (3, Insightful)

Obfuscant (592200) | about 5 months ago | (#46984063)

That said, at least with open source you have the chance to find such things, so there is that.

Even with "open source" you still have to get the source code to your spiffy new router. Then you have to do a code review to see what's there. Then compile it, then get the libraries and try to link it, then try comparing the binary just to find out that it will have natural differences from what is installed in the router IF you can extract the binary once it has been flashed into it. (Do many firmware-upgradeable routers have an "extract" function, or only "install"?)

So, if by "chance to find such things" you really mean "install your own code that will overwrite anything that isn't supposed to be there", yes. But to actually FIND the backdoors you need to extract the binary and decompile it anyway. The source may be a guide to what you expect to see, but with optimization and compiler tricks the source may not be all that helpful.

Re:First (3, Interesting)

Goaway (82658) | about 5 months ago | (#46984111)

You can't really trust the firmware upgrader to actually write your code there unmodified, either. Or that your code is the only code that runs on the system.

Re:First (0)

Anonymous Coward | about 5 months ago | (#46983547)

What if the back door is hardware-related? Software(open source) can't save you from that.

Re:First (0)

Anonymous Coward | about 5 months ago | (#46984055)

Yep only trust OpenSSL.

Knock knock (0)

Anonymous Coward | about 5 months ago | (#46983467)

Working for a defense contractor, I can say that someone is going to have fun talking with the FBI and/or the CIA and/or the NSA soon.

Happy butt raping!

Re:Knock knock (5, Insightful)

icebike (68054) | about 5 months ago | (#46983521)

Working for a defense contractor, I can say that someone is going to have fun talking with the FBI and/or the CIA and/or the NSA soon.

Happy butt raping!

Soon?
You must have missed the part where it says "A June 2010 report from the head of the NSA's Access and Target Development ".

I seriously doubt the FBI or CIA are going to go after the NSA.

It just costs US companies sales, and further encourages them to move manufacturing overseas.

Re:Knock knock (4, Interesting)

amiga3D (567632) | about 5 months ago | (#46983543)

Well that's what I was wondering. They must import them to the US, backdoor them and then export them again. I'd bet they have chinese backdoors in addition to the US ones.

Re:Knock knock (0)

Anonymous Coward | about 5 months ago | (#46983879)

Not JUST manufacturing, tourism as well.

The USA is slowly but surely one of those countries you try and avoid entering. I know a LOT of people who choose to fly via Hong Kong / Singapore / Bahrain, etc etc simply so they don't have to fly to Europe via the USA.

I wonder if the USA will be like Rome. Rome took 300 years to collapse, I suspect we are seeing the start of the collapse of the USA as a relevant power.

NSA = Worlds Largest Criminal Organization (1)

shiftless (410350) | about 5 months ago | (#46983473)

Enough said

Re:NSA = Worlds Largest Criminal Organization (1)

MaskedSlacker (911878) | about 5 months ago | (#46983571)

Probably not the largest in terms of sheer numbers.

China (1, Insightful)

naris (830549) | about 5 months ago | (#46983475)

and, of course, China would never, ever consider doing that....

Re:China (2)

TheGratefulNet (143330) | about 5 months ago | (#46983569)

(cough) with china, the backdoors are put there FROM the factory. no trip to the chinese version of NSA needed.

if you trust chinese software or embedded hardware, you are stupid and/or ignorant.

(similar if you trust the US stuff, now, too, sorry to say!)

maybe something good will come from this: the world does not trust as easily anymore. in a way, that can be a good thing; its certainly a maturing thing. the world is growing up and not thinking life is a wonderful disney movie anymore. the world is filled with bad guys and those wearing white are often the worst (so to speak).

Re:China (1)

LifesABeach (234436) | about 5 months ago | (#46983963)

It is always expensive to under estimate a true competitor.

Re:China (5, Interesting)

Jmc23 (2353706) | about 5 months ago | (#46983593)

Why would they? They have a culture of working smart not hard.

Simply raise tech propaganda, wait for the US to build backdoors into everything, and then steal the knowledge because apparently the US is very bad with cybersecurity.

I'm suprised most people haven't realized that it's part of the pattern USians show, do-evil-blame-someone-else. NSA backdoors everything, thinks everybody is just as evil and paranoid as they are so they start creating negative propaganda against 'enemy' targets accusing them of doing exactly what they are doing.

I'm not a USian, so haven't been exposed to all the mind numbing media they have, but has there ever been ONE piece of intelligence about other countries that was true and wasn't simply the US looking in a mirror and trying to cover their tail???

Nothing unconstitutional about this (0, Interesting)

Anonymous Coward | about 5 months ago | (#46983485)

Had Snowden only leaked the unconstitutional domestic spying, he would be a hero. It should be very clear now that those leaks were just a cover for treason. His goal seems to be nothing less than the dismantling of our entire intelligence apparatus.

Re:Nothing unconstitutional about this (1)

Anonymous Coward | about 5 months ago | (#46983575)

Tampering with mail is a crime.

Re:Nothing unconstitutional about this (2, Insightful)

Anonymous Coward | about 5 months ago | (#46983579)

Considering the US government blatantly and consistently ignores its constitution, the document which grants it sovereignty, and is thus a rogue or fail[ing/ed] state, dismantling the intelligence apparatus would be a good thing for its citizens.

Re:Nothing unconstitutional about this (1)

rogoshen1 (2922505) | about 5 months ago | (#46983591)

and not a moment too soon.

Re:Nothing unconstitutional about this (0)

MaskedSlacker (911878) | about 5 months ago | (#46983595)

Keep sucking that totalitarian cock.

Re:Nothing unconstitutional about this (1)

Jmc23 (2353706) | about 5 months ago | (#46983649)

Because it is soooooo VERY important to make the distinction between domestic and international breach of freedom of rights.

Go whine yourself to sleep you rapist.

Re:Nothing unconstitutional about this (1)

Anonymous Coward | about 5 months ago | (#46983653)

US intelligence is nothing but a bunch of single-minded, useful idiots helping a few wealthy people stay that way. Such a laughable waste of life by the least able of society.

Re:Nothing unconstitutional about this (5, Insightful)

Savage-Rabbit (308260) | about 5 months ago | (#46983789)

Had Snowden only leaked the unconstitutional domestic spying, he would be a hero. It should be very clear now that those leaks were just a cover for treason. His goal seems to be nothing less than the dismantling of our entire intelligence apparatus.

You can't hide an intelligence operation of this scale forever, this was going to come out sooner or later, Snowden is an inevitability. That having been said, while your concern over how the USA's ability to find out what color underwear everybody else is ordering online is a valid one, consider the economic impact of this. I'm sure Cisco and a whole horde of other US based network equipment manufactures were thrilled to the core when they woke up one morning and found out that the NSA just crashed their sales and to add insult to injury ensured that in the long term their overseas competitors will get a whole lot more business as governments and corporations look for secure and preferably domestic sources of network equipment. Maybe the fact that it was all done in the name of patriotism and national security will more than compensate these US businesses for any financial losses that result from this activity?

Re:Nothing unconstitutional about this (0)

Anonymous Coward | about 5 months ago | (#46983995)

Revealing the stuff wasn't the harm, the doing was the real harm. Nobody is mentioning this.

Most damaging release yet (0)

Anonymous Coward | about 5 months ago | (#46983487)

Just wait till the markets open tomorrow. NASDAQ down 600-800 points (at least). Nobody sane is going to purchase US-made networking gear for a very long time.

Re:Most damaging release yet (5, Informative)

SpankiMonki (3493987) | about 5 months ago | (#46983603)

Just wait till the markets open tomorrow. NASDAQ down 600-800 points (at least). Nobody sane is going to purchase US-made networking gear for a very long time.

Nah, this won't budge the markets, mainly because this info was released some time ago - and it wasn't limited to router hardware. [forbes.com]

The only reason this is being re-reported is to promote Greenwalds's book. [macmillan.com]

Re:Most damaging release yet (0)

Anonymous Coward | about 5 months ago | (#46983639)

Exactly. I remember hearing this a couple years ago.

Re:Most damaging release yet (2)

amiga3D (567632) | about 5 months ago | (#46983621)

Is there any US made networking gear? I'd be surprised if it was more than 3 percent of the market. Maybe some high end stuff but I'd bet all the consumer grade shit is Chinese in origin. Hard to boycot made in America when it's not made in America. This article sounds like bullshit.

Re:Most damaging release yet (3, Insightful)

DarwinSurvivor (1752106) | about 5 months ago | (#46983791)

I'd assume this wouldn't only be US made networking gear. It probably also includes networking gear that is made elsewhere, shipped to the US and then re-sold and exported to its final destination (as is the case with most US products). If you order a Linksys, D-Link or Netgear router, it may be manufactured in China/Taiwan/Japan, but it almost certainly passed through the US before making it to their Canadian, Mexican, European, etc customers.

Re: Most damaging release yet (0)

Anonymous Coward | about 5 months ago | (#46983991)

We're people people us us router manufacturers. We take the routers made by the chinese, put branding on them, and then sell them back to the Chinese.

#1! (0)

Anonymous Coward | about 5 months ago | (#46983489)

yeah baby

WAT?! spies spy?! (0)

Anonymous Coward | about 5 months ago | (#46983499)

FNORD! why weren't we told of this? the NSA actually eavesdrops on communications outside the U.S.? with aplomb, acting all like it's in the NSA's charter or something?

Re:WAT?! spies spy?! (1)

amiga3D (567632) | about 5 months ago | (#46983643)

I'm sure it's against the law to spy on anyone unless you tell them about it first.

Treason (0)

Anonymous Coward | about 5 months ago | (#46983511)

Glenn Greenwald, reporting ...

I say, arrest this asshat without the BS of a trial and send this traitoress informant of NSA secrets to Gitmo! I say!

Nice job NSA (5, Insightful)

cbybear (256161) | about 5 months ago | (#46983513)

You just single-handedly killed the entire US tech industry. You murdered trust. No one will ever trust US hardware again.

Re:Nice job NSA (1)

Anonymous Coward | about 5 months ago | (#46983599)

You just single-handedly killed the entire US tech industry. You murdered trust. No one will ever trust US hardware again.

Right.

Because hardware from China isn't subject to this.

Or Europe. Those oh-so-reasonable Europeans would never engage in espionage.... (what a good, simple eyeroll emoticon?)

Re:Nice job NSA (5, Funny)

Anonymous Coward | about 5 months ago | (#46983719)

You just single-handedly killed the entire US tech industry. You murdered trust. No one will ever trust US hardware again.

Right.

Because hardware from China isn't subject to this.

Or Europe. Those oh-so-reasonable Europeans would never engage in espionage.... (what a good, simple eyeroll emoticon?)

We should get equipment from Canada. If they start to put such measures in their hardware, it would come with an apology sticker on the box.

Re:Nice job NSA (1)

ArcadeMan (2766669) | about 5 months ago | (#46984013)

I think the giveaway would be the wooden casings.

Re:Nice job NSA (3, Funny)

LoRdTAW (99712) | about 5 months ago | (#46984119)

I think the gooey maple syrup finger prints on the hardware would give them away....

Huh? (1, Interesting)

Anonymous Coward | about 5 months ago | (#46983825)

This is far beyond espionage and about the common man. Espionage is some fake shit hollywood wants you to believe is real, the glamorization of getting ass fucked by surveillance and other perceived "cool" stuff the federal government makes to justify the fake terror organizations they set up in each in every country. Currently it's Ukraine.

Ever hear about this? http://swampland.time.com/2013/09/27/whos-watching-the-watchmen-nsa-employees-caught-spying-on-partners/

I suggest you slowly and calmly turn off CNN, Fox news, and wherever else you have justified your attitude and realize the complete betrayal of trust the NSA has been engaged in for over 50 years now.

People are waking up to the fact that the entire system is rigged. Every war, conflict, thing that happens on a global perception scale has been carefully scripted to gain more control over money and resources, and the media is there to keep people like you still believing that we should be good little slaves because we need "Espionage".

When 13 families run the world "Espionage" doesn't mean shit.

Re:Huh? (0)

Anonymous Coward | about 5 months ago | (#46984091)

I turned off the BBC. If anyone thinks they are better than the likes of CNN, I have a bridge to sell you.

Sadly, Slashdot and many other tech sites are no better.

Re:Nice job NSA (5, Insightful)

kruach aum (1934852) | about 5 months ago | (#46983873)

"'Merica is doing it so everyone must be doing it" is a really dumb defense mechanism. In the case of the US we now all have the facts, in the case of everyone else you just have your paranoia.

Re:Nice job NSA (1)

Anonymous Coward | about 5 months ago | (#46983935)

I'm not very worried about what china, europe, canada or zimbabwe are doing.

I'm angry that my country is taking actions that will have years of consequences for our tech industry when there is no justification for their actions. We are not at war and there is no indication that we are about to be attacked by a foreign state. This country is in authoritarian attack mode against its own citizens and the rest of the world for no good reason at all.

Re:Nice job NSA (1)

LifesABeach (234436) | about 5 months ago | (#46983987)

You didn't mention Russia, where the Router looks for you.

Re:Nice job NSA (5, Insightful)

joe_frisch (1366229) | about 5 months ago | (#46983613)

The problem is that even if this is a lie, the NSA has done enough that it will likely be believed. Once some lines have been crossed, its difficult to claim that others have not been. There are lots of companies with a huge financial interest in damaging the reputation of US equipment, so one can expect a constant flow of stories - some true some not.

Yes the NSA has done grave damage to US tech industry. They likely have also drastically weakened our national defense by creating / allowing / obscuring weaknesses in our cyber defense. I don't think it was intentional, just people applying 20th century ideas to 21st century conflicts. The sort of thinking that causes great nations to become quaint has-been's.

Too much. (1)

Anonymous Coward | about 5 months ago | (#46983701)

If the NSA had restricted its spying efforts to foreign countries, would Snowden have felt morally obligated to disclose this?

The NSA spied on Americans in violation of the law. So Snowden blew the whistle. If the NSA had not spied on Americans in violation of the law....maybe Snowden would have kept his mouth shut, and this amazing foreign intelligence network would have continued to function unabated.

I am not saying that it is OK for the NSA to spy on foreign governments to this degree...I am just saying that it would not have broken the (American) law and may not have pushed Snowden to blow the whistle.

The NSA got greedy. It's as simple as that.

Re:Too much. (0)

Anonymous Coward | about 5 months ago | (#46983927)

The answer is clearly yes. Domestic spying was what, like 1% of his revelations? You have to be pretty dumb to think that was his primary motivator at this point.

Re:Nice job NSA (4, Insightful)

amiga3D (567632) | about 5 months ago | (#46983667)

You mean that Chinese manufactured US hardware? They have to ship the crap here for the NSA to backdoor it because it's made in China. My question is do they take out the Chinese backdoors or do they leave those in with the NSA backdoors?

Re:Nice job NSA (1)

TheGratefulNet (143330) | about 5 months ago | (#46983687)

what they have, then, is a 'garage'. right? its two backdoors right next to each other: the chinese one and the nsa one.

where I come from, 2 back doors right next to each other = "a garage"

and so, we have been letting our citizens install routers with built-in garages... garages big enough to, uhm, drive a truck thru.

Re:Nice job NSA (0)

Anonymous Coward | about 5 months ago | (#46983869)

They want to deliver vast amounts of information over the Internet. And again, the Internet is not something that you just dump something on. It's not a big truck. It's a series of tubes. And if you don't understand, those tubes can be filled and if they are filled, when you put your message in, it gets in line and it's going to be delayed by anyone that puts into that tube enormous amounts of material, enormous amounts of material.

Doesn't matter. (1)

khasim (1285) | about 5 months ago | (#46983837)

My question is do they take out the Chinese backdoors or do they leave those in with the NSA backdoors?

That doesn't matter. We now know that the NSA has backdoors in them. We highly suspect that the Chinese also have backdoors in them.

The question is how long it will take the other nations to start their own chip fabrication plants and build their own routers / switches / etc.

Since nothing from us can be trusted (even by us) then they should be building their own stuff which they can trust more than our stuff.

Re:Nice job NSA (1)

houstonbofh (602064) | about 5 months ago | (#46983709)

You just single-handedly killed the entire US tech industry. You murdered trust. No one will ever trust US hardware again.

Not single handedly. The FBI seizing domain names of legal foreign companies, and arresting foreign nationals that never came to US soil sure helped.

Re:Nice job NSA (1)

sconeu (64226) | about 5 months ago | (#46983965)

Come on, if we let one person break ROT-13 [cryptome.org] , then all the Evil Content Pirates® will do it!!!

Re:Nice job NSA (0)

Anonymous Coward | about 5 months ago | (#46983787)

You just single-handedly killed the entire US tech industry. You murdered trust. No one will ever trust US hardware again.

No they didn't. Snowden and Greenwald did. They chose to leak this.

Re:Nice job NSA (0)

Anonymous Coward | about 5 months ago | (#46983795)

They certainly did not Kill the entire tech industry, some governments will happily purchase, even encourage the purchase of compromised hardware, then under an intelligence sharing scheme, these same governments get to circumvent the laws protecting their citizens from state based surveilance...

Re:Nice job NSA (1)

Tablizer (95088) | about 5 months ago | (#46983797)

You just single-handedly killed the entire US tech industry. You murdered trust. No one will ever trust US hardware again.

That's okay, we don't trust their hardware either. Tit for tat.

Re:Nice job NSA (3, Informative)

c0d3g33k (102699) | about 5 months ago | (#46983881)

Your statement if altered slightly to reflect the perspective of the NSA and the US government might actually provide insight into the reason behind the outlash against Edward Snowden. One would presume such tampering isn't done wholesale because doing so on an industrial scale is not feasible. Yet. And because ubiquitous tampering would be detected by security researchers so the majority of devices on the market should remain untampered with. Tampering is most effective when done in a targeted manner depending on who will own the routers in question. Maintaining a baseline level of trust that is actually justified is very important, otherwise this technique wouldn't work. Mr. Snowden's revelations have destroyed all trust, thus undermining the ability of the NSA to ride on the back of that trust to engage in targeted spying.

This is why it baffles me that people can so readily point to entities like Startpage and Duck Duck Go as trustworthy just because they say so. Their claims may indeed be accurate for the vast majority of those using their services, but it's easy to imagine that particular searches can be scrutinized on demand if there is an interest. In other words, they can't be trusted based on their claims alone, even if they themselves believe them to be true.

It seems to me the only rational approach is to assume that nothing can be trusted and and act accordingly. Assume that whatever you are doing online is being observed by someone or anyone and don't communicate about genuinely private things, because they will no longer be private.

Re:Nice job NSA (1)

PolygamousRanchKid (1290638) | about 5 months ago | (#46983993)

No one will ever trust US hardware again.

No one will ever trust US citizens again.

I expect we'll be getting blacklisted soon from working on projects in foreign countries.

Sell Cisco (1)

BoRegardless (721219) | about 5 months ago | (#46983527)

What a travesty.

Re:Sell Cisco (0)

Anonymous Coward | about 5 months ago | (#46983683)

Eh? Cisco is manufactured in China anyway, the hardware never needs to enter US jurisdiction. Of course, then you have to trust that the Chinese government is not doing something similar... hahaha.

The NSA is a liablity (0)

Anonymous Coward | about 5 months ago | (#46983529)

Shit. It's almost as if they're out to sabotage the US tech industry all together.

How can we sell gear abroad knowing it can and will be tampered with by a dark budget US agency that has an unknown agenda and doesn't feel the need to report to the Congress or the President?

Modern IT products depend on security. Security is about trust chains. NSA has broken all of the trust chains. US IT products are now useless abroad.

Well sure.... (2)

niftymitch (1625721) | about 5 months ago | (#46983629)

This is to be expected.... what is the real scope of this?

I believe that a router on the way to a German auto maker is not targeted. OK I want to believe.

I believe that a well managed site will audit and reload software. I believe that additional system admin audits behind and in front of the
hardware are justified.

For the NSA (Never Say Anything) to snoop does not bother me but they are not the only TLA in the game today.

The internet has not been friendly for a gosh long time nothing has changed.

Re:Well sure.... (2)

silas_moeckel (234313) | about 5 months ago | (#46983717)

Who says it's just firmware? Working examples of chip level modifications are in the open.

Re:Well sure.... (1)

Noryungi (70322) | about 5 months ago | (#46983759)

Only possibility is to home-build all your systems, using nothing but individual parts, bought from several different suppliers, preferably from factories not based in the U.S. or China. Difficult, but not impossible.

Finally, once machine has been built, install nothing but open-source software, such as Quagga or OpenBGPD, PfSense and FreeNAS, for instance, including auditing the code yourself.

And even then, you are not safe, since Vupen and other delightful guns-for-hire are busy selling NSA zero-day exploits for your favourite piece of gear. Are we having fun yet?

Oh, and NSA snooping not bothering you? Why? Nothing to hide? Meditate upon the old Niemoller saying: "First, they came for the socialist..." until it finally gets through you thick skull.

Re:Well sure.... (0)

Anonymous Coward | about 5 months ago | (#46983911)

I 3D print my own chips at home. Using my prototype 3D printer. And I have an neckbeard. And I never have recreational sex. I'm a faggot, and I can't even get other male faggots to have sex with me. I 3D print Stallman's cock with a heater and ejaculatory mechanism built in for realism. Would somebody please kill me?

Re:Well sure.... (1)

TheGratefulNet (143330) | about 5 months ago | (#46983917)

unless you build CHIPS, you can't build a fully trustable computer anymore. maybe using 30 yr old chips, but not any modern chips.

its easy enough to put firmware and microcode in almost any chip.

would you trust a nic chip? it has firmware and its rom is closed source. cpus? they have closed source 'errata' microcode and even what's deep inside an intel chip is not for you or I to see.

pc's bios? yeah, right. like you can trust that.

basically, nothing is trustable anymore. maybe that 30 yr old trs-80 is, or the atari or amiga or PET computer.

wonder if we'll see a rebirth of those in operation. ebay, here we come!

Re:Well sure.... (1)

viperidaenz (2515578) | about 5 months ago | (#46984045)

So buy everything from Samsung? Everything else is either an American company or made in China.

I think this relates: (5, Interesting)

jafac (1449) | about 5 months ago | (#46983661)

Security researcher and Tor developer, Andrea Shepherd, found something fishy:
http://www.techdirt.com/articl... [techdirt.com]

Re:I think this relates: (1)

TheGratefulNet (143330) | about 5 months ago | (#46983733)

that is almost guaranteed to be bogus.

why? do you REALLY think that the world' 'greatest' spy agency would be so sloppy as to have the mail system (any mail system) log 'route-arounds' that look suspicious?

really? REALLY??

anyone that powerful will have built-in ways to suppress any mail log records. in fact, if you ordered from dell, my GUESS is that dell is in bed with the bad guys and any 'special firmware' that might have to be installed for user X will be done BY dell AT dell, never having to give any indication that wrong-doing happened.

Re:I think this relates: (0)

Anonymous Coward | about 5 months ago | (#46983859)

Didn't you know? Amazon ships everything from A to (NSA) to Z.

Re:I think this relates: (0)

Anonymous Coward | about 5 months ago | (#46983907)

Amazon ships everything from A to N to S to A to Z.

Re:I think this relates: (1)

viperidaenz (2515578) | about 5 months ago | (#46984017)

Nah, if they did it at Dell it would have been leaked by now.

Re:I think this relates: (1)

wile_e_wonka (934864) | about 5 months ago | (#46984121)

Two things:

1) According to the picture on the tracking thing, this was not a Dell, it was a Lenovo Thinkpad, which is a Chinese company, which Chinese company probably does not install "special firmware" for the NSA.

2) However, the picture actually doesn't say it is a Lenovo Thinkpad, it actually says it is a Lenovo Thinkpad KEYBOARD. I guess I haven't dismantled a Thinkpad lately, but it doesn't make as much sense to me to intercept a keyboard as it does to intercept a computer.

Re:I think this relates: (1)

Tablizer (95088) | about 5 months ago | (#46983841)

Careful! My coworker clicked that link and was never seen from again the next day. At least with goat-se you know what happened to them (after slapping them to consciousness).

Why should I distrub Heuwei again ? (1)

aepervius (535155) | about 5 months ago | (#46983751)

Ah yes because the NSA says me so. You know what i think ? I think NSA told us to distrust other vendor because they have no back door in them.

Welp (0)

Anonymous Coward | about 5 months ago | (#46983805)

This just goes to show what happens when you let a bunch of fucking niggers run your security departments.

NSA's message (4, Insightful)

fgouget (925644) | about 5 months ago | (#46983831)

NSA's message:

Beware: we're doing it to them so they could be doing it to us.

Of course they could not go public with part one to they only publicized part two.

Oh dear (2)

viperidaenz (2515578) | about 5 months ago | (#46983973)

Now they've been found out it's going to hurt USA's export market.

fw (0)

Anonymous Coward | about 5 months ago | (#46983977)

they are fiddling with the firmware/bios (absolute.com). almost impossible to detect.

Glen Greenwald The Guardian?? (0)

Anonymous Coward | about 5 months ago | (#46983997)

Bollocks

And people though Huawei concerns were baseless (3, Insightful)

nomad63 (686331) | about 5 months ago | (#46984031)

You need to be one to understand one. US, especially the international cyber security related ranks of government, were worried about the security of networks, operating on Chinese made Huawei brand routing equipment. Has anyone give it a thought "why" ? Because, they were doing the same thing to the US manufactured equipment and up until Huawei undercut Cisco prices and made inroads to the US networks, they didn't say anything. I am just laughing why people are getting so upset at this point in game. Your privacy and mine as well, is no more than a joke.

And one time at band camp. (1)

Virtucon (127420) | about 5 months ago | (#46984113)

Sorry, I've given up on all this Spy vs. Spy nonsense. Frankly I'm surprised that there hasn't been a story where the NSA employes pixies who spread magic fairy dust on the Internet Tubes and the secret encryption keys float magically in the air. Sure, a lot of what Snowden took possession of and released was most likely based in fact but a lot of it is starting to sound a bit more ridiculous. If this article has even 1% of credibility I would have thought that any security firm outside the US would have been able to confirm it. Once it's confirmed then I'll worry. If it's not confirmed then it's another red herring.

So... What? (1)

jimmifett (2434568) | about 5 months ago | (#46984127)

I have no problem with the NSA spying on the rest of the planet.
That's what they are paid to do.
I'm even fine with them intercepting my inbound stuff with a warrant or FISA order if I was connected via phone or other means to known enemies overseas.

Outright spying on me in my day to day life tho, that is right out.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?