Feeds

back to article Greenwald alleges NSA tampers with routers to plant backdoors

Glenn Greenwald, the journalist responsible for funnelling many of Edward Snowden's revelations to the world, has penned a book in which he alleges the NSA intercepts routers before US manufacturers can export them, in order to implant backdoors. Excerpted by The Guardian, Greenwald's tome No Place to Hide alleges the following …

COMMENTS

This topic is closed for new posts.
Facepalm

oldest one in the book

"How else could kit shipped through normal channels be diverted into the NSA's hands long enough for it to be tampered with?"

Because they have set up spoof companies to do just that ?

10
1
Anonymous Coward

Do you really think they would be interested in you? Are you really that important to them?

It's like thinking someone is actually interested in what you have to say on Facebook or Twitter......

2
34
Silver badge
WTF?

WTF?

Are they interested in multi-billion pound Tech industries, or Phama's, or Military installations? These use routers and firewalls as well you know?

13
1

Get with the program

Their current MO is blanket surveillance. Every phone, every account, every cloud service, every device anywhere is a potential target, and they want to have access.

https://www.schneier.com/essay-469.html

http://www.theguardian.com/world/2013/jun/14/al-gore-nsa-surveillance-unamerican

http://en.wikipedia.org/wiki/PRISM_(surveillance_program)

11
1
Anonymous Coward

Do you really think they would be interested in you?

You don't see the irony in posting that AC? Nothing to hide and all that....

21
0
Roo
Silver badge
Windows

"Do you really think they would be interested in you? Are you really that important to them?"

Fair question, but the wrong one. The *find* things to be interested in, that's their whole rationale for existence, and there is little to nothing a citizen can do about the damage caused by mistakes of wilful intent...

You have a bunch of unaccountable people who's stated mission is to find guilty people and fuck them over, and they have a massive amount of (potential) leverage over every man woman and child in society... These folks are prone to temptation & fuck ups like everyone else, it's not a question of when innocent folks are going to get fucked over, it's a question of how many.

... And then we come to the people defending and advocating mass surveillance, the "nothing to hide, nothing to fear" brigade. The same brigade that consistently argues *against* the same level of scrutiny being applied to them... They clearly have something to hide, but they are telling you to trust them implicitly, surely that must make you a little suspicious as to why they would advocate something they don't want themselves.

22
1

Do you really think they would be interested in you? Are you really that important to them?

Nobody at the NSA is the least bit interested in anything I say or do. Unfortunately, until they invade my privacy in order to determine that, there's really no other way for them to find out.

I guess it depends on your world view - Are you happy for people to rummage through your personal life provided they're bored by what they find?

5
1
Silver badge

"Do you really think they would be interested in you? Are you really that important to them?"

In a word - YES.

I may be a boring forty year old that watches animé and writes crappy programs for a passtime...

...but that could be a cover for my exciting secret life as an Al Qaeda operative plotting to blow up the Eiffel tower just, cos, that's what terrorists do.

I get the impression that the NSA isn't looking to follow people of interest, but rather looking to discard those who are obviously not of interest. Which means hacking personal routers provides just as much value as those of companies.

Not a/c, there's no point...

5
1

@heyrick

I think you've got enough key words in that to peak their interest for a few days. I'd suggest going into hiding for a while. I know a nice place in Russia......

2
0
Holmes

Re: oldest one in the book

Why do you think that they need to intercept something in the channel and delay a transport? The NSA could simply have a stock of hacked routers in their warehouse. Then, when a router is ordered, it could simply substitute the hacked router for the ordered router at some step along the way. Customs comes to mind, since it could just as easily swap in a bugged router for the unbugged router as it is doing its "inspections."

Don't make things too complicated, folks. Think like a spook.

4
1
Anonymous Coward

"Nobody at the NSA is the least bit interested in anything I say or do. "

That's what you think. But you're a commentard on a top tech site, read around the world. Your comments amount to briefing against them. The implicit sarcasm in your posting name indicates you may hold other views that aren't part of the commonly received wisdom of the political elite.

You've already seen a couple of CEO's mysteriously outed and hit hard for private views, comments, or behaviours that suddenly "happened to come to light". Do you really think that people stumbled across these? The EU is in the process of establishing a task force of social media "wardens" to promote the bureaucracy's view of itself as a truth, and bat down detractors. Could be the same for other forms of government.

When it comes to rude words there's already laws against some of them. How long before the McCarthy-ism that big government is so fond of starts to look for people who it can lable as "anti-democratic", "climate change deniers", "supporters of terrorism" etc?

3
1
Anonymous Coward

Has anyone extracted the 'backdoor' code yet?

If it was a hardware item they'd implanted, I'd expect to see picture of it online by now. So let's assume it's a firmware thing. So where is the code dump, showing Before and After?

Given all the other tear-downs, BOM estimating, code reverse engineering, chip probing, Wire Sharking, and 'Will It Blend?' videos, this one seems to be a bit evidence-sparse.

2
1
Bronze badge

St Snowden

I was once heavily downvoted for criticising Saint Snowden. So, congratulations sir or madam, and here is my upvote.

1
3
Silver badge
FAIL

Re: bill 36 Re: oldest one in the book

"....Because they have set up spoof companies to do just that ?" OMGeeeeeeez, now you want to claim UPS is a CIA front company??? Seriously, UNWRAP THE FOIL!

0
6
Silver badge
FAIL

Re: dumbert Re: oldest one in the book

"....The NSA could simply have a stock of hacked routers in their warehouse. Then, when a router is ordered, it could simply substitute the hacked router for the ordered router at some step along the way....." Except it won't have the serial numbers or software license IDs recorded by the factory, which means when you place a support call for it it would bleeding obvious that it was not the right router.

0
4
Anonymous Coward

Truer words have never been spoken...

"How long before the McCarthy-ism that big government is so fond of starts to look for people who it can lable as "anti-democratic", "climate change deniers", "supporters of terrorism" etc?"

Glenn Greenwald said as much, on "The Colbert Report" just 2 days ago,

and,

that he is currently writing an expose for the Guardian based on material that Edward Snowden collected that attested to that VERY FACT.

Greenwald went on to say: THESE revelations were the WORST of the exposed abuse of power by the NSA:

http://thecolbertreport.cc.com/videos/2j80wh/glenn-greenwald-pt--1

http://thecolbertreport.cc.com/videos/31s76v/glenn-greenwald-pt--2

1
1
Bronze badge
Joke

Re: bill 36 oldest one in the book

"Seriously, UNWRAP THE FOIL!"

But the potato isn't done yet....

0
0
Silver badge

Get with the tinfoil

http://www.afcma.org/

http://www.usafoil.com/

http://en.wikipedia.org/wiki/Aluminium_foil

Just pasting ranty URLs does not build a case.

I have done consulting work for Cisco. It is an INTERNATIONAL company, with products developed all over the world and manufactured in different places.

For example, there is a development house in Norway and the products they make are built in Poland.

On top of that, you can download the code for many of these devices. Granted, you can't download it all.

While it might be plausible to infect US made products and conspire to keep the US side of Cisco quiet, the company is far too large and multinational to keep anything secret for long.

1
0
Silver badge
Happy

Re: Re: dumbert oldest one in the book

Ooh, two thumbs down, but no explanation of how they are convinced the Big Bad Man could work around the serial number and licensing issues I pointed out. It seems some people are so determined to baaaah-lieve that actual and reasoned argument is just beyond them.

0
2

I'm just waiting to be told...

Oceania has always been at war with Eastasia.

13
0
Silver badge

Re: I'm just waiting to be told...

Oceania has always been at war with Euraisa Citizen. Please present yourself to room 101 immediately.

5
0

Re: I'm just waiting to be told...

Oceania has always been at war with Eastasia.

I hope not! I detest gin.

0
0

No! Yes. Oh...!

"You were aware that fellows at the NSA were tampering with routers?"

"NO!"

"Yes."

"Oh..."

"And unless I'm gravely mistaken they were doing so to plant backdoors."

"NO!"

"Yes."

"Oh..."

"The NSA thus gains access to entire networks and all their users."

"NO!"

"Yes."

"Oh..."

More of that conversation -> https://www.youtube.com/watch?v=me9ft6HeaMQ

2
1
Silver badge

Re: No! Yes. Oh...!

I was wondering what the hell that link was all about, but it was worth watching for the punchline :D

0
0
Silver badge

Re: No! Yes. Oh...!

I've only ever seen Louis de Funes films in the Czech Republic, dubbed into Czech, of course. I have always wondered why they are not shown in the UK - brilliant comedy with a marvellous absurd streak.

0
0

Details of the hack, list of routers

Description of the hack http://www.synacktiv.com/ressources/TCP32764_backdoor_again.pdf

List of compomised routers https://github.com/elvanderb/TCP-32764

7
0

How?

Customs

4
1
ql
Bronze badge
Black Helicopters

Not just for export

Tor developer seems to have thought her new laptop was tampered with, courtesy of Amazon

https://privacysos.org/node/1311

9
1

Re: Not just for export

nice link. thank you - it's almost a shame she didn't wait until the laptop had been delivered before going public. might have been interesting...

3
0

Re: Not just for export

Nice update that kind of makes her claim rather dubious! Even she said that the seller said that they had entered the wrong tracking number! That HAPPENS! I've done it with people that I have shipped stuff to and then corrected it as soon as I spotted the error and let them know that the first one was wrong.

People that are paranoid want to read into things that are not there merely to fulfill their fears. That's what this woman has done. Eff Me, to claim that her device has been tampered and yet she hasn't received it should set alarm bells off!

Maybe The Onion Router project (originally sponsored by DARPA and the U.S.Navy Research Laboratory) has, itself, a back door to allow access? It is just as likely.

Let's face it, Verizon FiOS has it's own backdoor into the router they supply to customers. It reports back to them new password and admin user id for the device, it reports back the WiFi password and it also reports back any changes to the settings that are made.

I would be more worried about that than whether the NSA are messing with a router. What Verizon are doing with their equipment is effectively a bigger privacy concern and a bigger concern to your personal security than whether the NSA can access your device.

Oh and Comcast equipment does similar and I suspect that most equipment supplied and leased to the public by all these companies are far worse. If they can access the information does it not put a risk that a hacker can equally so get access to your personal network through similar hacks. If you want to be all worried and paranoid!

1
0
Anonymous Coward

At this point I trust Huawai a lot more than e.g. Cisco and other American manufacturers...

12
1
Silver badge

"At this point I trust Huawai a lot more than e.g. Cisco and other American manufacturers..."

I wouldn't - I trust both sides to be equally snoopy.

I do wish they'd stop trying to bash my backdoors in, though.

3
0

Then you really are stupid, I have worked at low level Chinese companies.

I have examples of USB sticks produced in factories that have malware installed, I have seen tablets come off the production lines with 'stuff' an engineer has shoved inside the SW.

1
1
Silver badge

In all seriousness, is anyone surprised at this? China is most likely doing the same.

As an aside, how many routers are actually 'exported' from the US? Isn't everything made in China?

3
0
Anonymous Coward

I think you've unwittingly found a new tactic for us to employ against the NSA.

They are having routers sent to them in the US from China, before re-shipping them across the world. Think of how much CO2 that produces. We must get the environmental crusaders in - that'll provide some leverage for the non-snooping side

1
0
Anonymous Coward

Isn't everything made in China?

So you get double backdoors (China's and the US')

0
0
Silver badge

Privacy sos?

Definitely - they've blanked out the street address details, but left the full zip code in the image...not too hard to find out where she lives from that...

I think Privacy SOS may need some tuition in privacy.

1
0
Silver badge

Re: Privacy sos?

"Definitely - they've blanked out the street address details, but left the full zip code in the image...not too hard to find out where she lives from that...

I think Privacy SOS may need some tuition in privacy."

That's how she uploaded it to Twitter.

0
0
Silver badge
Big Brother

The Puzzle Palace

It's interesting watching a whole new generation of people get excited about this; quite honestly the writing has been on the wall for years. If you want security then you need to start by assuming that all commercial kit is potentially compromised - and even if you can secure your own kit, your packets still have to travel on a public network.

If you maintain any public profile that might possibly be of interest to someone, somewhere then security through technology is an illusion. To quote Quentin Crisp, "If it can be done, it will be done."

5
0
Gold badge
Gimp

To a data fetishist *all* data is precisious

Which is why who you are is not important.

There's plenty enough storage so that if you do anything "interesting" they can always look back through your data to find something "useful."

3
1
Bronze badge

If true, Greenwald's allegations mean the USA is perpetrating just what it accuses China of doing. Which isn't very good or nice.

Of course they are accusing China. "If we're doing it, they must be doing it too."

1
1
Bronze badge
Joke

just because you're paranoid...

doesn't mean they're not out to get you...

P.

1
1
Silver badge
Facepalm

Re: phil dude Re: just because you're paranoid...

...is how Greenwald and co MAKE THEIR LIVING - out of your paranoia.

1
4
Silver badge

Given the Snowden revelations, and that backdoor being discovered the other week that was still open after a patch, I'm inclined to believe the US/Australian worry about Huweii followed their refusal to follow an NSA demand to add a back door.

2
0

Person Of Interest

I think Snowden gets most of his intel from Person Of Interest TV series, or is it the other way around?

0
0
Bronze badge

… all manner of US companies must also be complicit.

Simon, or perhaps just one, if it’s at a critical nexus and it’s large enough.

0
0

Greenwald & Co are getting old...

It's so very tiring hearing the paranoid dillusional rants of Greenwald and his buddies.

Am I worried that the NSA may have access to my router through some backdoor? Not really, it's hardly a concern to me, they can snoop in my boring life.

The only ones that seem to care are those that seem to think they are important and those people tend to be self important. I bet that Stazi agent Angela Merkel is worried as she continues to expand the reach of the fatherland and complete the fuhrer's unfinished work. Snigger.

Maybe Snowdon's theft of data was caught early and they just fed him a load of BS because it is far better for misinformation to be leaked that scares people and keep those that they really would like make their communication and information sharing such as terrorist organizations in fear that their plans may have been compromised by the NSA.

I am also sure that there is far less leaked information available than Greenwald has claimed because a lot of it keeps getting repeated worded differently but repeated all the same. I am sure that he is concerned that his 15 minutes are over, just as people don't think about or give a hoot about Snowdon anymore, and he is concerned that he is now drifting back behind that curtain of obscurity from whence he came and where this irrelevant tiresome man should have stayed along with the other's in his little clique.

1
6
Silver badge

" USA is perpetrating just what it accuses China of doing"

Well, I'd guess that's why they were suddenly so worried about Huawei's hardware. Must have been a case of 'OMG, we do this to them and they might do the same to us'. Kind of the inverse of don't do to others what you wouldn't want done to yourself.

2
0
Anonymous Coward

God's Pizza Complex

According to:

http://www.statisticbrain.com/pizza-statistics/

there are 3 billion (with a 'b') pizzas sold every year in the US. That translates to an average of 8,219,178 pizzas sold per day.

These stats are quantitatively accurate, but the data quality is suboptimal. Many pizzas are ordered and bought in-store, and paid for in cash. These types of transactions are very difficult to track, which makes them extremely suspicious.

(Memo #1: feasibility study of tracking pizza deliveries in-transit -- better tracking accuracy. Possibly SATINT - check with NRO).

(Memo #2: correlation between pizza toppings preferences and potential involvement in subversive activities).

Let's assume that 33% of all pizza orders in the US are in-store cash transactions. The other 67% are phone or internet orders, and are paid for either by credit card or by electronic debit or check. That comes out to 5,506, 849 pizza orders per day. These types of transactions are currently being monitored.

Presumably, NSA is tracking all the electronic orders in real-time, and keeping a metadata record permanently stored somewhere. In duplicate, just in case.

Cool.

0
0
Anonymous Coward

Unfortunately, they're probably not doing this to just the Big Bad other countries, but to their allies as well.

1
1
This topic is closed for new posts.