Have a Privacy-Invasion Wishlist? Peruse NSA's Top Secret Catalog

An anonymous reader writes with a link to Der Spiegel, which describes a Top-Secret spy-agency catalog which reveals that the NSA "has been secretly back dooring equipment from US companies including Dell, Cisco, Juniper, IBM, Western Digital, Seagate, Maxtor and more, risking enormous damage to US tech sector." Der Spiegel also has a wider ranging article about the agency's Tailored Access Operations unit.

This will be a boon to other countries

[sandbagger]

I was working for a software company specializing in network security back in the post 2001 period. I recall that we had more than a few discussions with the unskilled egomaniac in charge of the marketing of that firm that many competitors were using their Canadian branch office addresses 'front and centre' in their marketing to the European market.

Why? Because one doesn't always want to be perceived as an American.

The myth of Americans with Canadian flag stickers on their passports is not completely false.

Well, he was horrified at the notion. In fact, if you want to see how existential angst can be suddenly manifest in someone's behaviour in an unexpected setting, try this. I expect that we'll see more of the same in the next year. Ultimately, countries will roll their own code, and have their own Silicon Valleys because of the national security issue. A few years ago I remember seeing an ad from I believe a Swedish firm selling routers and switches that were 'designed and built' in Europe with each unit only delivered to a physical address in Europe. Does anyone else remember this outfit?

coin, sides, same

[PopeRatzo]

Don't think for a second that these back-doors that companies put in at the behest of the NSA aren't also being used to the benefit of those companies.

So, if the NSA were shuttered tomorrow, what makes you think those back-doors are going to go away? How much is it worth to those tech companies to know exactly what their customers are doing? How much is it worth to their institutional shareholders?

See, the ugliest part of this is that it's a two-headed monster. Fight one head and the other one will come around and bite you. Both government and corporations have come to believe that they are beyond our reach, above reproach and entitled to everything you have.

Re:Don't buy from US companies

[nurb432]

Get a clue, its not just the US/NSA that does this. They are just the ones that are getting beat up in the press.

Coreboot BIOS

[chill]

Unfortunately I don't have the skill set and there doesn't seem to be any other way to support them.

If you have a machine that supports it, Coreboot could be a very interesting solution.

De- & Redamaged

[Rotworm]

I'm not sure if the NSA seeking to exploit technology is particularly damaging to US firms. The NSA is seeking to exploit all technologies, not just American-based ones.
I think the part that does damage American firms, was the end of the second article. It read that the NSA has been redirecting the shipping of some computers to their address, installing software or hardware, repacking the device, and shipping it to the purchaser.

Re:Don't buy from US companies

[fatphil]

Much of the US-branded kit is fabbed and manufactured in China, yes. Occasionally ipods (iphones?) ship with MS Windows viruses because of this. However, that was sloppiness rather than malice.

The reason I'd be interested in a Loongson Lemote box is that it does have a remarkably open design at almost all levels. You could create your own version of the processor on an FPGA if you so desired. The same isn't true of intel, AMD, NVidia, Freescale, TI, Samsung (or any ARM SoC vendors) etc. I think several generations of Sparc are equally open too, you'd have to check opencores. The layer above the hardware - the BIOS - is also open in Lemote (Loongson) devices. And of course you can run your own (open) OS on top of that. I don't know of any more open device. It's the best way to go if you're Richard Stallman, certainly (it's what he's used and recommended for half a decade). For anyone else, YMMV.

If I was the NSA and I wanted to make sure there was a way to get into a Loongsn device - I'd aim at the AMD chipset that it uses. If you control the flow of all data, you effectively control everything.

Nothing's 100% trustworthy. I like strength through depth though.

I appreciate that this doesn't answer your question particularly well, but it just some closely related thoughts.

Re:Damn, the movies have been right all along

[gweihir]

The NSA has a lot less power than the Stasi. The Stasi could directly go out and arrest or vanish people as it was the enforcement arm of a totalitarian regime. While the US is on the way to a classical totalitarian regime, it is not there yet (but it will get there unless stopped very soon). For example, secret executions of US citizens are really not something the NSA can do, while the Stasi routinely executed citizens it did not like. All completely legal, incidentally.

But yes, I agree that totalitarianism is making a comeback and the masses are cheering it on. Just like the last time. Last time, it took a war with 60 Million dead (just over 2.5% of the world population) to stop it. The catastrophe will be a bit bigger this time though and last much longer.