Slashdot Mirror

← Back to Stories (view on slashdot.org)

Have a Privacy-Invasion Wishlist? Peruse NSA's Top Secret Catalog

Posted by timothy on from the after-christmas-specials dept.

An anonymous reader writes with a link to Der Spiegel, which describes a Top-Secret spy-agency catalog which reveals that the NSA "has been secretly back dooring equipment from US companies including Dell, Cisco, Juniper, IBM, Western Digital, Seagate, Maxtor and more, risking enormous damage to US tech sector." Der Spiegel also has a wider ranging article about the agency's Tailored Access Operations unit.

15 of 259 comments (clear)

  1. And that ain't all by NoNonAlphaCharsHere · · Score: 5, Funny

    The NSA has been "secretly back-dooring" the American people for years.

  2. And Ultimately by mrspoonsi · · Score: 5, Insightful

    The NSA will achieve the opposite for the USA, not more security but less, with the rest of the world now keen to do their own thing, the NSA are a loose cannon on a rolling ship.

    1. Re:And Ultimately by Anonymous Coward · · Score: 5, Insightful

      The NSA has already achieve the opposite for the USA

      There FTFY... Talking to non IT people, the thing that most people don't seem to have understood is that Snowdon and hundreds of administrators from private contractors like him had uncontrolled access to all of the data. Those people will for 100% sure include some spies from hostile powers like Russia, China and North Korea. Some of those people will have already extracted data. People working for the NSA and DOD wrote the orange book about this. They have no excuse to pretend they didn't know that gathering all this data together would be dangerous.

      The real thing that the NSA and GCHQ are trying to hide, is not the spying. It is that they were caught seriously endangering their countries for profit.

    2. Re:And Ultimately by Jah-Wren+Ryel · · Score: 5, Informative

      Since the public record indicates that the vast majority of terrorist attacks that the NSA has helped stopped are overseas, outside the US

      Even a broken clock is right twice a day.

      Let it be known that uber-con cold fjord has acknowledged that the NSA's domestic meta-data program (section 215) has stopped zero terrorist attacks inside the US and that the overseas meta-data interception program (section 702) has "helped" to stop one, perhaps two attacks in the US.

      215: We Found None

      702: Only One, Perhaps Two

      --
      When information is power, privacy is freedom.
    3. Re:And Ultimately by paiute · · Score: 5, Insightful

      Have we already acquiesced to the NSA's desired reality?
      Were these criminal activities which could not have been prevented by old-fashioned police work done within the law or were Orwellian-scale intrusions absolutely necessary?

      --
      If Slashdot were chemistry it would look like this:Cadaverine
    4. Re:And Ultimately by VortexCortex · · Score: 5, Insightful

      A scientist would say: Prove their evidence is real.

      They lied to congress, and have a a long history of evil. It would be foolish to trust anything they say. See, that's the thing with secrets and lies: You can never trust anything they say to be true. "Oh we're strengthening security." Prove it -- Could be weakening security instead, we don't know because: Secrets. Oh, so they say these guys are terrorists? Prove it. You'll have to use independent evidence -- not like digital records can't be fabricated, what with all the routers and systems backdoored or exploited. They could have written the damn email from the guy's system themselves at a whim. These spooks are real creeps, tasked with socio-political control, not safety. What they do is target "radicals". They thought the Civil Rights Movement was "radical". The Privacy Rights Movement is considered "radical" too, especially since it requires an end government secrets. Everyone knows the atrocities the CIA gets up to, you think any of theses guys have qualms about silencing "radicals" any way they can?

      Anyone think these programs are beneficial? That's an unproven claim. Disprove the null hypothesis: No secret spy organization can be proven to be beneficial. They can't be proven to be telling the truth. A secret oversight committee just moves the problem around.

      You're 4 times more likely to die from lightning strike. The flu kills six times more people than a 9/11 scale attack every ear. Cars and cheeseburgers have killed Four Thousand times more lives than a 9/11 scale attack since 9/11. The cost to benefit ratio of the spying programs is ridiculous. Life is dangerous: There are risks that are acceptable. If we're brave enough to drive the kids to get a Happy Meal, then what possible fear can we have of a minuscule in comparison terrorist threat? Even if all 50 of those supposed bombers would have gone off, they'd still wouldn't justify the cost to privacy, freedom, and trust in our governments -- Falling down in the shower is more dangerous than terrorists. Where's the free government bath-mats if terrorists are such a big concern? Mutually assured destruction means big countries are no threat. The cold war didn't end, the military industrial complex just turned on its own people in secret. Everything Eisenhower warned us about came true.

      The very word 'secrecy' is repugnant in a free and open society; and we are as a people inherently and historically opposed to secret societies, to secret oaths, and to secret proceedings.
      - John F. Kennedy

      What a "radical" thought.

  3. Re:Don't buy from US companies by Desler · · Score: 5, Informative

    Huawei and Samsung are US companies? Because if you read the article these things are not limited to US companies despite the implication of the summary.

  4. Misleading Summary by the+eric+conspiracy · · Score: 5, Informative

    If you actually go to the referenced article and read it you will see that these are exploits, not backdoors, and they apply to equipment from non-US manufacturers as well as from US manufacturers, for example Samsung and Huawei.

    Good job slashdot. NOT. A nice raspberry for Der Spiegel too.

    1. Re:Misleading Summary by the+eric+conspiracy · · Score: 5, Insightful

      Do you think the NSA is somehow unique in possessing tapping and forensic tools for IT equipment?

      Every police agency in the world will have some of this stuff. Heck, when I accidentally repartitioned a hard drive a couple of years ago I used some software to recover files by carving them. One of the items listed in the article was a splitter cable for crying out loud.

      Backdoors are seriously different from exploits. One implies collusion between a national security agency and a manufacturer. An exploit is the work of somebody independent of the manufacturer.

      The NSA is seriously a problem. However this summary states US equipment manufacturers are in collusion with them. Without presenting any evidence, and filters out information that contradicts that statement from the reference it cites.

      This is not journalism. It's a troll.

  5. Re:Dell by Anonymous Coward · · Score: 5, Insightful

    I'm surprised you couldn't come up with at least some possibilities on your own, K. S. Kyosuke. I always thought that you were a smart cookie.

    One obvious one is that the disk's firmware is updated to detect and modify critical Windows executables, DLLs or drivers with some additional code to send out information to remote servers once a network connection is detected, or perhaps to introduce flaws that can be exploited easily. The same could be done for Linux kernel binaries or modules, too, of course.

    Another pretty obvious one is that the disk's firmware alters log files to remove any traces of intrusions, making it appear as though no intrusion has occurred.

    I'm sure there are many, many other ways that I haven't thought of.

  6. coin, sides, same by PopeRatzo · · Score: 5, Interesting

    Don't think for a second that these back-doors that companies put in at the behest of the NSA aren't also being used to the benefit of those companies.

    So, if the NSA were shuttered tomorrow, what makes you think those back-doors are going to go away? How much is it worth to those tech companies to know exactly what their customers are doing? How much is it worth to their institutional shareholders?

    See, the ugliest part of this is that it's a two-headed monster. Fight one head and the other one will come around and bite you. Both government and corporations have come to believe that they are beyond our reach, above reproach and entitled to everything you have.

    --
    You are welcome on my lawn.
  7. Coreboot BIOS by chill · · Score: 5, Interesting

    Unfortunately I don't have the skill set and there doesn't seem to be any other way to support them.

    If you have a machine that supports it, Coreboot could be a very interesting solution.

    --
    Learning HOW to think is more important than learning WHAT to think.
  8. Re:The summary is not wrong. by Desler · · Score: 5, Insightful

    Didn't say the summary was wrong. What it said was perfectly correct, but leaving out the fact that the article didn't just talk about US companies made it misleading.

  9. Re:Don't buy from US companies by Carewolf · · Score: 5, Insightful

    i wonder if many companies were listed from around the world, but spiegel focused on US companies because the anti-american angle works well for them.

    It is not the Spiegel that wrote the slashdot summary, it is the Spiegel that wrote the article that includes the non-American companies, and the American Slashdot that only included American companies. So how about rethinking your comment?

  10. Re:Don't buy from US companies by VortexCortex · · Score: 5, Informative

    Get a clue, its not just the US/NSA that does this. They are just the ones that are getting beat up in the press.

    Yep, it's too bad the NSA doesn't actually protect national security, and is instead just ensuring all the other state sponsored enemy spies can get at more info than a contractor like Snowed did.

    Imagine what it would be like if the government wasn't allowed any secrets or wiretaps. Our public policy would be the same policy we actually furthered around the world -- We wouldn't have to worry about diplomats making secret arms deals behind our backs; If such things were actually required to save lives then we'd understand the circumstance. The only reason we can't trust their actions is because secrets mask their motives, even when they are on the up and up.

    We have amazing spy satellites launched via the biggest rockets in the world already. They would simply have more funds to split with NASA and be more benefit to actual security, science, disasters relief, while ensuring no force can make a move against us without us knowing instantly. They could even map submarines from space with ground/water penetrating radar. Better space collaboration would ensure decommissioned tech helps the space exploration initiative. No spies can threaten a government without secrets.

    If the NSA were actually protecting the national security of America then they could be tasked with finding all the backdoors in the hardware and software. No one could put backdoors in for fear the NSA would find out, publish it, and ruin their business. Today they stay silent and let the public purchase systems the NSA likely knows have been compromised by enemy spies -- This saves the NSA time: They can just use the existing backdoor instead of put their own in. If the NSA weren't allowed secrets, they'd be eliminating exploits instead of leveraging them and our hardware, firmware, and OS's would be more secure. Eventually other governments would have to start up their own programs of outing intentional exploits just to ensure their people they weren't compromising public security. In addition to the Space Race, we'd have a Privacy Race, where competition would be in building the most secure systems. Public and private sector security experts could be assisted with new tools to show where flaws lie. Security would be a selling point and methods of provable security would be devised (I have done so myself on small scales). Computers and programs have finite state, so provable security is not impossible: Instead of spying the data centers and supercomputers could be tasked with hardening all the hardware and software. People would buy the USA security endorsed systems with pride. We'd have less identity fraud -- one of the most prevalent crimes. Conspiracies could be silenced through truth not ignorance. If we outlawed government secrets and required scientific evidence that their programs were helpful not harmful then we could trust our governments more than any citizens ever could before.

    Sadly, we're too primitive and politically oppressed to apply the simple Scientific Method to governance. None can have assured trust or security from prying eyes because we allow the government to have secrets. That the priority of secrets is valued above security by the spies is obvious and evidenced by the way they compromise security and do not inform the world that we are buying insecure products. They risk spies accessing more than Snowden ever dreamed due to the priority they place on secrecy over security in their digital spying programs. These secret programs aren't getting beat up nearly as bad as they should be in the p