Slashdot Mirror
Glenn Greenwald: How the NSA Tampers With US Made Internet Routers
Bob9113 (14996) writes "According to Glenn Greenwald, reporting in The Guardian: 'A June 2010 report from the head of the NSA's Access and Target Development department is shockingly explicit. The NSA routinely receives – or intercepts – routers, servers, and other computer network devices being exported from the US before they are delivered to the international customers. The agency then implants backdoor surveillance tools, repackages the devices with a factory seal, and sends them on. The NSA thus gains access to entire networks and all their users. The document gleefully observes that some "SIGINT tradecraft is very hands-on (literally!)".'"
Surely the NSA can touch anything that Customs does.
You just single-handedly killed the entire US tech industry. You murdered trust. No one will ever trust US hardware again.
Working for a defense contractor, I can say that someone is going to have fun talking with the FBI and/or the CIA and/or the NSA soon.
Happy butt raping!
Soon?
You must have missed the part where it says "A June 2010 report from the head of the NSA's Access and Target Development ".
I seriously doubt the FBI or CIA are going to go after the NSA.
It just costs US companies sales, and further encourages them to move manufacturing overseas.
Sig Battery depleted. Reverting to safe mode.
You can't trust open source either.
Devices like these often have "binary blobs" that aren't open source and could contain backdoors (one of the reasons RMS has been rallying against them, but probably not the primary reason), but even more fundamentally than that, it would be naive to assume that the NSA can't hire programmers to contribute to these projects and that they can't be good enough at what they do to make a backdoors that would pass a code review without being detected.
That said, at least with open source you have the chance to find such things, so there is that. But either way ... I think we're screwed.
Well that's what I was wondering. They must import them to the US, backdoor them and then export them again. I'd bet they have chinese backdoors in addition to the US ones.
Simply raise tech propaganda, wait for the US to build backdoors into everything, and then steal the knowledge because apparently the US is very bad with cybersecurity.
I'm suprised most people haven't realized that it's part of the pattern USians show, do-evil-blame-someone-else. NSA backdoors everything, thinks everybody is just as evil and paranoid as they are so they start creating negative propaganda against 'enemy' targets accusing them of doing exactly what they are doing.
I'm not a USian, so haven't been exposed to all the mind numbing media they have, but has there ever been ONE piece of intelligence about other countries that was true and wasn't simply the US looking in a mirror and trying to cover their tail???
Don't complain about syntax, grammar, or spelling. There is no.hell like input on android.
Just wait till the markets open tomorrow. NASDAQ down 600-800 points (at least). Nobody sane is going to purchase US-made networking gear for a very long time.
Nah, this won't budge the markets, mainly because this info was released some time ago - and it wasn't limited to router hardware.
The only reason this is being re-reported is to promote Greenwalds's book.
Security researcher and Tor developer, Andrea Shepherd, found something fishy:
http://www.techdirt.com/articl...
These are my friends, See how they glisten. See this one shine, how he smiles in the light.
I think we're screwed.
Only if you keep on reelecting the same old crooked politicians over and over again. The NSA can't control who you vote for.
“He’s not deformed, he’s just drunk!”
You can't trust open source either.
Devices like these often have "binary blobs" that aren't open source
No, you CAN trust open source. If it has a binary blob, then by definition, it is not open source.
it would be naive to assume that the NSA can't hire programmers to contribute to these projects and that they can't be good enough at what they do to make a backdoors that would pass a code review without being detected.
That's still better than closed-source code that you can never inspect. Also, any such contributions will be recorded and tracked. Serious open-source projects like the Linux kernel don't accept anonymous contributions; they have to be signed off by someone. Also importantly, if you look at the Linux kernel, you'll find most contributions (esp. in an area where a backdoor could have a real impact, not places like USB joystick drivers or whatever) come from programmers working for well-known companies, not from random people on the internet.
Had Snowden only leaked the unconstitutional domestic spying, he would be a hero. It should be very clear now that those leaks were just a cover for treason. His goal seems to be nothing less than the dismantling of our entire intelligence apparatus.
You can't hide an intelligence operation of this scale forever, this was going to come out sooner or later, Snowden is an inevitability. That having been said, while your concern over how the USA's ability to find out what color underwear everybody else is ordering online is a valid one, consider the economic impact of this. I'm sure Cisco and a whole horde of other US based network equipment manufactures were thrilled to the core when they woke up one morning and found out that the NSA just crashed their sales and to add insult to injury ensured that in the long term their overseas competitors will get a whole lot more business as governments and corporations look for secure and preferably domestic sources of network equipment. Maybe the fact that it was all done in the name of patriotism and national security will more than compensate these US businesses for any financial losses that result from this activity?
Only to idiots, are orders laws.
-- Henning von Tresckow
Does it really matter who we vote for, as far as the NSA is concerned? Any "electable" candidate will just let the NSA keep doing what they're doing.
Even if someone like Al Franken got elected president by some miracle (which is not going to happen) he still couldn't do much unless people also elected a whole bunch of Al Frankens/Rand Pauls to Congress. And that just isn't going to happen (there's a reason why those two are such outliers).
Ultimately the only way we'll ever end NSA malfeseanse (or CIA malfeseanse for that matter) is if we can somehow expose what they do. Without that, we'll change politcians but they'll stay the same.
We hold these truths to be self-evident, that all men are created equal, that they are endowed by their Creator with certain unalienable Rights, that among these are Life, Liberty and the pursuit of Happiness.
Looks to me like those spying on anyone, anywhere, are the real traitors.
Il n'y a pas de Planet B.
NSA's message:
Beware: we're doing it to them so they could be doing it to us.
Of course they could not go public with part one to they only publicized part two.
The NSA's own internal watchdog group found that NSA snooping power was used to spy on 'love interests' of several NSA employees.
If their own internal watchdog group is telling the world that there's something going on here, it's a bold move to claim "all the disclosures released so far have shown government ACTIVELY protecting civil liberties of Americans"
Imagine if an organization such as the ACLU had access to all internal NSA snooping records. Are you telling me that you believe that no civil liberties have been violated by the NSA? Alternatively, are you telling me that we have zero rights because the NSA is allowed to spy on everyone doing anything at any time for no reason at all?
Just curious, does that include Alan Turing spying on Germans? Or the UK intelligence intercepting Zimmerman's telegram?
In Soviet Washington the swamp drains you.
Let's see. We have proof of the US doing this. We don't have proof of China doing it.
Conclusion: Accuse China!
This makes perfect sense.
"just people applying 20th century ideas to 21st century conflicts."
All too true. Although the results may be far worse than becoming a "quaint has-been". To expand on your point: ... There is a fundamental mismatch between 21st century reality and 20th century security thinking. Those "security" agencies are using those tools of abundance, cooperation, and sharing mainly from a mindset of scarcity, competition, and secrecy. Given the power of 21st century technology as an amplifier (including as weapons of mass destruction), a scarcity-based approach to using such technology ultimately is just making us all insecure. Such powerful technologies of abundance, designed, organized, and used from a mindset of scarcity could well ironically doom us all whether through military robots, nukes, plagues, propaganda, or whatever else... Or alternatively, as Bucky Fuller and others have suggested, we could use such technologies to build a world that is abundant and secure for all."
http://www.pdfernhout.net/reco...
"Likewise, even United States three-letter agencies like the NSA and the CIA, as well as their foreign counterparts, are becoming ironic institutions in many ways. Despite probably having more computing power per square foot than any other place in the world, they seem not to have thought much about the implications of all that computer power and organized information to transform the world into a place of abundance for all. Cheap computing makes possible just about cheap everything else, as does the ability to make better designs through shared computing.
And also on intelligence specifically:
http://www.phibetaiota.net/201...
"A failure to realize this irony will produce ever greater problems down the road as we develop ever greater technologies that can become ever greater amplifiers of destructive impulses (including self-replicating nanotech and biotech) or ever greater inhibitors of constructive impulses (like pervasive surveillance to enforce arbitrary unhealthy norms as a "war on the unexpected"" [see Schneier]). So, how can we have an intelligence community in the 21st century that is truly worthy of the name? How can we have an intelligence community that truly helps prevent misadventures that waste trillions of US dollars while millions of US children grow up in poverty and tens of millions of US citizens lack access to health care or even adequate nutritious food?"
And:
http://pcast.ideascale.com/a/d...
"As with that notion of "mutual security", the US intelligence community needs to look beyond seeing an intelligence tool as just something proprietary that gives a "friendly" analyst some advantage over an "unfriendly" analyst. Instead, the intelligence community could begin to see the potential for a free and open source intelligence tool as a way to promote "friendship" across the planet by dispelling some of the gloom of "want and ignorance" (see the scene in "A Christmas Carol" with Scrooge and a Christmas Spirit) that we still have all too much of around the planet. So, beyond supporting legitimate US intelligence needs (useful with their own closed sources of data), supporting a free and open source intelligence tool (and related open datasets) could become a strategic part of US (or other nation's) "diplomacy" and constructive outreach."
"Good will" is an important resource. Slowly the USA has been squandering what goodwill it including from WWII. Fortunately, good will can be a renewable resource depending on the political choices the USA makes going forward.
For example, imagine how much goodwill the USA would have right now if we had given the people of Iraq US$6 trillion dollars (US$300
A 21st century issue: the irony of technologies of abundance in the hands of those still thinking in terms of scarcity.
No idea why you're being downmoderated. It's *absolutely* the NSA's job to eavesdrop on foreigners. That's what they're being paid to do.
While it is the NSA's job to spy on people, that's traditionally been something you do against your adversaries, not your allies. I mean, it's one thing if we're talking about tapping the USSR's undersea cables. They had nuclear-tipped ICBMs pointed at us. It's quite another thing when we're talking about tapping the phone of Angela Merkel. She's the democratically elected president of an allied NATO state. I mean, up until that point she and Obama had a pretty good working relationship, so if he really wanted to know what she was thinking, he probably could have you, know, asked her.
Exposing is not the issue. They need to be convicted. They already HAVE been exposed.
Don't fight for your country, if your country does not fight for you.
NSA apologist trope #57: [insert foreign country that has no 4th amendment] routinely does the same thing we do.
This is one of the dumbest arguments in the NSA apologist playbook. Gee, we are as bad as China when it comes to spying on our populace. Great job!
The NSA can't control who you vote for.
And you know this how? You know for a fact that the NSA can't 1) Dig up information on a candidate, that will cause them to (legitimately) lose the election. 2) Donate, or encourage others to donate, to campaigns such that they legitimately lose the election. 3) Frame the candidate for something, that will cause him to lose your vote. 4) Actively eliminate a candidate, eg an "accident", causing you not to vote for them. 5) Change your vote, such that "your" vote becomes a vote for a different candidate?
Full paranoia mode: and occasionally they release a few people like Snowden, to air a select portion of their dirty laundry and make us believe that we know what the NSA is doing. Remember when they were nicknamed the No Such Agency, think they gave up on that level of secrecy rather than just have the current NSA as their public interactions branch?
Now excuse me while I go add a few more layers to my tin foil hat.
Don't waste your vote! Vote for whoever you want, unless you live in a swing state it won't matter anyways