Story 2014-05-16 3KW NSA 'Upgrade Point' Implants Backdoors on Hardware

NSA 'Upgrade Point' Implants Backdoors on Hardware

by
in security on (#3KW)
story imageHere's how the NSA is doing its part to sink the American tech sector by ensuring no one ever buys American products anymore. Ars Technica reports the NSA is intercepting hardware and implanting its backdoors ("beacons") before they are rerouted back to the original destination – the customer. This quote is taken from Glenn Greenwald's No Place to Hide book detailing his investigations and Snowden's allegations. The statement was made by an NSA rep:
Here’s how it works: shipments of computer network devices (servers, routers, etc,) being delivered to our targets throughout the world are intercepted. Next, they are redirected to a secret location where Tailored Access Operations/Access Operations (AO-S326) employees, with the support of the Remote Operations Center (S321), enable the installation of beacon implants directly into our targets’ electronic devices. These devices are then re-packaged and placed back into transit to the original destination. All of this happens with the support of Intelligence Community partners and the technical wizards in TAO.
Already, most of the world has decided that storing data on American servers or using American service providers is a risk. Thanks, NSA, for making sure no one buys American hardware either.
Reply 5 comments

who is the switzerland of tech (Score: 2, Insightful)

by rocks@pipedot.org on 2014-05-16 12:41 (#1NJ)

If companies desire hardware that they don't make themselves and that is "guaranteed" to be free of eavesdropping/tracking additions, from whom do they buy? The fact that it may be "proven" that the USA is doing such activities in no way proves that other countries aren't?

Re: who is the switzerland of tech (Score: 2, Interesting)

by zafiro17@pipedot.org on 2014-05-16 13:57 (#1NN)

Seriously, didn't Huawei get blacklisted from purchases by the American government, largely for doing that exact same thing? Kim Jong Un is about to offer a cellphone to the N. Korean people (running Android, naturally). Anybody want to bet whether or not there's eavesdropping, tracking, and Darth Vader choke-hold technology built into it at the factory?

Meanwhile, Linux users are dealing with "secureboot"crap that - wait for it - keeps a windows install from suffering the dangerous implications of untrusted software. Is this whole world just a big f*cking joke or something?

Re: who is the switzerland of tech (Score: 4, Informative)

by tempest@pipedot.org on 2014-05-16 14:47 (#1NT)

There's a slight difference here. If I order hardware from a European (or wherever) manufacter I trust, the NSA can still intercept and plant back doors. You can't trust ANYTHING in the United States. While I still don't trust Cisco, it seems unlikely the NSA has direct access to the company if they're redirectiong hardware to mod shops. Which is good news in a way.

Re: who is the switzerland of tech (Score: 2, Informative)

by Anonymous Coward on 2014-05-16 14:30 (#1NS)

I do believe it's very significant that even this report purports that the spytech is installed AFTER the fact, and that these were otherwise innocent pieces of hardware being shipped, until they were intercepted by the spooks, and then only for particular "targets".

True or not, it's some small comfort that everything's not completely bugged up before it even leaves the factory.