back to article Greenwald alleges NSA tampers with routers to plant backdoors

Glenn Greenwald, the journalist responsible for funnelling many of Edward Snowden's revelations to the world, has penned a book in which he alleges the NSA intercepts routers before US manufacturers can export them, in order to implant backdoors. Excerpted by The Guardian, Greenwald's tome No Place to Hide alleges the …

COMMENTS

This topic is closed for new posts.
  1. bill 36
    Facepalm

    oldest one in the book

    "How else could kit shipped through normal channels be diverted into the NSA's hands long enough for it to be tampered with?"

    Because they have set up spoof companies to do just that ?

    1. Anonymous Coward
      Anonymous Coward

      Do you really think they would be interested in you? Are you really that important to them?

      It's like thinking someone is actually interested in what you have to say on Facebook or Twitter......

      1. Anonymous Coward
        WTF?

        WTF?

        Are they interested in multi-billion pound Tech industries, or Phama's, or Military installations? These use routers and firewalls as well you know?

      2. foo_bar_baz

        Get with the program

        Their current MO is blanket surveillance. Every phone, every account, every cloud service, every device anywhere is a potential target, and they want to have access.

        https://www.schneier.com/essay-469.html

        http://www.theguardian.com/world/2013/jun/14/al-gore-nsa-surveillance-unamerican

        http://en.wikipedia.org/wiki/PRISM_(surveillance_program)

        1. Charles Manning

          Get with the tinfoil

          http://www.afcma.org/

          http://www.usafoil.com/

          http://en.wikipedia.org/wiki/Aluminium_foil

          Just pasting ranty URLs does not build a case.

          I have done consulting work for Cisco. It is an INTERNATIONAL company, with products developed all over the world and manufactured in different places.

          For example, there is a development house in Norway and the products they make are built in Poland.

          On top of that, you can download the code for many of these devices. Granted, you can't download it all.

          While it might be plausible to infect US made products and conspire to keep the US side of Cisco quiet, the company is far too large and multinational to keep anything secret for long.

      3. Anonymous Coward
        Anonymous Coward

        Do you really think they would be interested in you?

        You don't see the irony in posting that AC? Nothing to hide and all that....

      4. Roo
        Windows

        "Do you really think they would be interested in you? Are you really that important to them?"

        Fair question, but the wrong one. The *find* things to be interested in, that's their whole rationale for existence, and there is little to nothing a citizen can do about the damage caused by mistakes of wilful intent...

        You have a bunch of unaccountable people who's stated mission is to find guilty people and fuck them over, and they have a massive amount of (potential) leverage over every man woman and child in society... These folks are prone to temptation & fuck ups like everyone else, it's not a question of when innocent folks are going to get fucked over, it's a question of how many.

        ... And then we come to the people defending and advocating mass surveillance, the "nothing to hide, nothing to fear" brigade. The same brigade that consistently argues *against* the same level of scrutiny being applied to them... They clearly have something to hide, but they are telling you to trust them implicitly, surely that must make you a little suspicious as to why they would advocate something they don't want themselves.

      5. TopOnePercent

        Do you really think they would be interested in you? Are you really that important to them?

        Nobody at the NSA is the least bit interested in anything I say or do. Unfortunately, until they invade my privacy in order to determine that, there's really no other way for them to find out.

        I guess it depends on your world view - Are you happy for people to rummage through your personal life provided they're bored by what they find?

        1. Anonymous Coward
          Anonymous Coward

          "Nobody at the NSA is the least bit interested in anything I say or do. "

          That's what you think. But you're a commentard on a top tech site, read around the world. Your comments amount to briefing against them. The implicit sarcasm in your posting name indicates you may hold other views that aren't part of the commonly received wisdom of the political elite.

          You've already seen a couple of CEO's mysteriously outed and hit hard for private views, comments, or behaviours that suddenly "happened to come to light". Do you really think that people stumbled across these? The EU is in the process of establishing a task force of social media "wardens" to promote the bureaucracy's view of itself as a truth, and bat down detractors. Could be the same for other forms of government.

          When it comes to rude words there's already laws against some of them. How long before the McCarthy-ism that big government is so fond of starts to look for people who it can lable as "anti-democratic", "climate change deniers", "supporters of terrorism" etc?

          1. Anonymous Coward
            Anonymous Coward

            Truer words have never been spoken...

            "How long before the McCarthy-ism that big government is so fond of starts to look for people who it can lable as "anti-democratic", "climate change deniers", "supporters of terrorism" etc?"

            Glenn Greenwald said as much, on "The Colbert Report" just 2 days ago,

            and,

            that he is currently writing an expose for the Guardian based on material that Edward Snowden collected that attested to that VERY FACT.

            Greenwald went on to say: THESE revelations were the WORST of the exposed abuse of power by the NSA:

            http://thecolbertreport.cc.com/videos/2j80wh/glenn-greenwald-pt--1

            http://thecolbertreport.cc.com/videos/31s76v/glenn-greenwald-pt--2

      6. heyrick Silver badge

        "Do you really think they would be interested in you? Are you really that important to them?"

        In a word - YES.

        I may be a boring forty year old that watches animé and writes crappy programs for a passtime...

        ...but that could be a cover for my exciting secret life as an Al Qaeda operative plotting to blow up the Eiffel tower just, cos, that's what terrorists do.

        I get the impression that the NSA isn't looking to follow people of interest, but rather looking to discard those who are obviously not of interest. Which means hacking personal routers provides just as much value as those of companies.

        Not a/c, there's no point...

        1. Joe 48

          @heyrick

          I think you've got enough key words in that to peak their interest for a few days. I'd suggest going into hiding for a while. I know a nice place in Russia......

      7. Primus Secundus Tertius

        St Snowden

        I was once heavily downvoted for criticising Saint Snowden. So, congratulations sir or madam, and here is my upvote.

    2. nerdbert
      Holmes

      Re: oldest one in the book

      Why do you think that they need to intercept something in the channel and delay a transport? The NSA could simply have a stock of hacked routers in their warehouse. Then, when a router is ordered, it could simply substitute the hacked router for the ordered router at some step along the way. Customs comes to mind, since it could just as easily swap in a bugged router for the unbugged router as it is doing its "inspections."

      Don't make things too complicated, folks. Think like a spook.

      1. Matt Bryant Silver badge
        FAIL

        Re: dumbert Re: oldest one in the book

        "....The NSA could simply have a stock of hacked routers in their warehouse. Then, when a router is ordered, it could simply substitute the hacked router for the ordered router at some step along the way....." Except it won't have the serial numbers or software license IDs recorded by the factory, which means when you place a support call for it it would bleeding obvious that it was not the right router.

        1. Matt Bryant Silver badge
          Happy

          Re: Re: dumbert oldest one in the book

          Ooh, two thumbs down, but no explanation of how they are convinced the Big Bad Man could work around the serial number and licensing issues I pointed out. It seems some people are so determined to baaaah-lieve that actual and reasoned argument is just beyond them.

    3. Anonymous Coward
      Anonymous Coward

      Has anyone extracted the 'backdoor' code yet?

      If it was a hardware item they'd implanted, I'd expect to see picture of it online by now. So let's assume it's a firmware thing. So where is the code dump, showing Before and After?

      Given all the other tear-downs, BOM estimating, code reverse engineering, chip probing, Wire Sharking, and 'Will It Blend?' videos, this one seems to be a bit evidence-sparse.

    4. Matt Bryant Silver badge
      FAIL

      Re: bill 36 Re: oldest one in the book

      "....Because they have set up spoof companies to do just that ?" OMGeeeeeeez, now you want to claim UPS is a CIA front company??? Seriously, UNWRAP THE FOIL!

      1. Rick Giles
        Joke

        Re: bill 36 oldest one in the book

        "Seriously, UNWRAP THE FOIL!"

        But the potato isn't done yet....

  2. emmanuel goldstein

    I'm just waiting to be told...

    Oceania has always been at war with Eastasia.

    1. John G Imrie

      Re: I'm just waiting to be told...

      Oceania has always been at war with Euraisa Citizen. Please present yourself to room 101 immediately.

    2. TopOnePercent

      Re: I'm just waiting to be told...

      Oceania has always been at war with Eastasia.

      I hope not! I detest gin.

  3. OliverJ

    No! Yes. Oh...!

    "You were aware that fellows at the NSA were tampering with routers?"

    "NO!"

    "Yes."

    "Oh..."

    "And unless I'm gravely mistaken they were doing so to plant backdoors."

    "NO!"

    "Yes."

    "Oh..."

    "The NSA thus gains access to entire networks and all their users."

    "NO!"

    "Yes."

    "Oh..."

    More of that conversation -> https://www.youtube.com/watch?v=me9ft6HeaMQ

    1. Sir Runcible Spoon

      Re: No! Yes. Oh...!

      I was wondering what the hell that link was all about, but it was worth watching for the punchline :D

    2. Intractable Potsherd

      Re: No! Yes. Oh...!

      I've only ever seen Louis de Funes films in the Czech Republic, dubbed into Czech, of course. I have always wondered why they are not shown in the UK - brilliant comedy with a marvellous absurd streak.

  4. GreyWolf

    Details of the hack, list of routers

    Description of the hack http://www.synacktiv.com/ressources/TCP32764_backdoor_again.pdf

    List of compomised routers https://github.com/elvanderb/TCP-32764

  5. fnusnu

    How?

    Customs

  6. Anonymous Coward
    Black Helicopters

    Not just for export

    Tor developer seems to have thought her new laptop was tampered with, courtesy of Amazon

    https://privacysos.org/node/1311

    1. emmanuel goldstein

      Re: Not just for export

      nice link. thank you - it's almost a shame she didn't wait until the laptop had been delivered before going public. might have been interesting...

    2. StimuliC

      Re: Not just for export

      Nice update that kind of makes her claim rather dubious! Even she said that the seller said that they had entered the wrong tracking number! That HAPPENS! I've done it with people that I have shipped stuff to and then corrected it as soon as I spotted the error and let them know that the first one was wrong.

      People that are paranoid want to read into things that are not there merely to fulfill their fears. That's what this woman has done. Eff Me, to claim that her device has been tampered and yet she hasn't received it should set alarm bells off!

      Maybe The Onion Router project (originally sponsored by DARPA and the U.S.Navy Research Laboratory) has, itself, a back door to allow access? It is just as likely.

      Let's face it, Verizon FiOS has it's own backdoor into the router they supply to customers. It reports back to them new password and admin user id for the device, it reports back the WiFi password and it also reports back any changes to the settings that are made.

      I would be more worried about that than whether the NSA are messing with a router. What Verizon are doing with their equipment is effectively a bigger privacy concern and a bigger concern to your personal security than whether the NSA can access your device.

      Oh and Comcast equipment does similar and I suspect that most equipment supplied and leased to the public by all these companies are far worse. If they can access the information does it not put a risk that a hacker can equally so get access to your personal network through similar hacks. If you want to be all worried and paranoid!

  7. Anonymous Coward
    Anonymous Coward

    At this point I trust Huawai a lot more than e.g. Cisco and other American manufacturers...

    1. Elmer Phud

      "At this point I trust Huawai a lot more than e.g. Cisco and other American manufacturers..."

      I wouldn't - I trust both sides to be equally snoopy.

      I do wish they'd stop trying to bash my backdoors in, though.

    2. razorfishsl

      Then you really are stupid, I have worked at low level Chinese companies.

      I have examples of USB sticks produced in factories that have malware installed, I have seen tablets come off the production lines with 'stuff' an engineer has shoved inside the SW.

  8. Anonymous Coward 101

    In all seriousness, is anyone surprised at this? China is most likely doing the same.

    As an aside, how many routers are actually 'exported' from the US? Isn't everything made in China?

    1. Anonymous Coward
      Anonymous Coward

      I think you've unwittingly found a new tactic for us to employ against the NSA.

      They are having routers sent to them in the US from China, before re-shipping them across the world. Think of how much CO2 that produces. We must get the environmental crusaders in - that'll provide some leverage for the non-snooping side

    2. Anonymous Coward
      Anonymous Coward

      Isn't everything made in China?

      So you get double backdoors (China's and the US')

  9. EddieD

    Privacy sos?

    Definitely - they've blanked out the street address details, but left the full zip code in the image...not too hard to find out where she lives from that...

    I think Privacy SOS may need some tuition in privacy.

    1. VinceH

      Re: Privacy sos?

      "Definitely - they've blanked out the street address details, but left the full zip code in the image...not too hard to find out where she lives from that...

      I think Privacy SOS may need some tuition in privacy."

      That's how she uploaded it to Twitter.

  10. Version 1.0 Silver badge
    Big Brother

    The Puzzle Palace

    It's interesting watching a whole new generation of people get excited about this; quite honestly the writing has been on the wall for years. If you want security then you need to start by assuming that all commercial kit is potentially compromised - and even if you can secure your own kit, your packets still have to travel on a public network.

    If you maintain any public profile that might possibly be of interest to someone, somewhere then security through technology is an illusion. To quote Quentin Crisp, "If it can be done, it will be done."

  11. John Smith 19 Gold badge
    Gimp

    To a data fetishist *all* data is precisious

    Which is why who you are is not important.

    There's plenty enough storage so that if you do anything "interesting" they can always look back through your data to find something "useful."

  12. Down not across

    If true, Greenwald's allegations mean the USA is perpetrating just what it accuses China of doing. Which isn't very good or nice.

    Of course they are accusing China. "If we're doing it, they must be doing it too."

  13. phil dude
    Joke

    just because you're paranoid...

    doesn't mean they're not out to get you...

    P.

    1. Matt Bryant Silver badge
      Facepalm

      Re: phil dude Re: just because you're paranoid...

      ...is how Greenwald and co MAKE THEIR LIVING - out of your paranoia.

  14. Chad H.

    Given the Snowden revelations, and that backdoor being discovered the other week that was still open after a patch, I'm inclined to believe the US/Australian worry about Huweii followed their refusal to follow an NSA demand to add a back door.

  15. Wayland Sothcott 1

    Person Of Interest

    I think Snowden gets most of his intel from Person Of Interest TV series, or is it the other way around?

  16. Irony Deficient

    … all manner of US companies must also be complicit.

    Simon, or perhaps just one, if it’s at a critical nexus and it’s large enough.

  17. StimuliC

    Greenwald & Co are getting old...

    It's so very tiring hearing the paranoid dillusional rants of Greenwald and his buddies.

    Am I worried that the NSA may have access to my router through some backdoor? Not really, it's hardly a concern to me, they can snoop in my boring life.

    The only ones that seem to care are those that seem to think they are important and those people tend to be self important. I bet that Stazi agent Angela Merkel is worried as she continues to expand the reach of the fatherland and complete the fuhrer's unfinished work. Snigger.

    Maybe Snowdon's theft of data was caught early and they just fed him a load of BS because it is far better for misinformation to be leaked that scares people and keep those that they really would like make their communication and information sharing such as terrorist organizations in fear that their plans may have been compromised by the NSA.

    I am also sure that there is far less leaked information available than Greenwald has claimed because a lot of it keeps getting repeated worded differently but repeated all the same. I am sure that he is concerned that his 15 minutes are over, just as people don't think about or give a hoot about Snowdon anymore, and he is concerned that he is now drifting back behind that curtain of obscurity from whence he came and where this irrelevant tiresome man should have stayed along with the other's in his little clique.

  18. Schultz

    " USA is perpetrating just what it accuses China of doing"

    Well, I'd guess that's why they were suddenly so worried about Huawei's hardware. Must have been a case of 'OMG, we do this to them and they might do the same to us'. Kind of the inverse of don't do to others what you wouldn't want done to yourself.

  19. Anonymous Coward
    Anonymous Coward

    God's Pizza Complex

    According to:

    http://www.statisticbrain.com/pizza-statistics/

    there are 3 billion (with a 'b') pizzas sold every year in the US. That translates to an average of 8,219,178 pizzas sold per day.

    These stats are quantitatively accurate, but the data quality is suboptimal. Many pizzas are ordered and bought in-store, and paid for in cash. These types of transactions are very difficult to track, which makes them extremely suspicious.

    (Memo #1: feasibility study of tracking pizza deliveries in-transit -- better tracking accuracy. Possibly SATINT - check with NRO).

    (Memo #2: correlation between pizza toppings preferences and potential involvement in subversive activities).

    Let's assume that 33% of all pizza orders in the US are in-store cash transactions. The other 67% are phone or internet orders, and are paid for either by credit card or by electronic debit or check. That comes out to 5,506, 849 pizza orders per day. These types of transactions are currently being monitored.

    Presumably, NSA is tracking all the electronic orders in real-time, and keeping a metadata record permanently stored somewhere. In duplicate, just in case.

    Cool.

  20. Anonymous Coward
    Anonymous Coward

    Unfortunately, they're probably not doing this to just the Big Bad other countries, but to their allies as well.

This topic is closed for new posts.

Other stories you might like