Slashdot Mirror
Cisco Complains To Obama About NSA Adding Spyware To Routers
pdclarry (175918) writes "Glenn Greenwald's book No Place to Hide reveals that the NSA intercepts shipments of networking gear destined for overseas and adds spyware. Cisco has responded by asking the President to intervene and stop this practice, as it has severely hurt their non-U.S. business, with shipments to other countries falling from 7% for emerging countries to over 25% for Brazil and Russia."
They've got to choose between the "free market" and corporate profits and their aspirations to be big brother.
A bullet may have your name on it but splash damage is addressed "To whom it may concern."
We dunno pay taxes but plz help us make more money.
Why does NSA have to do this? Can't they just order Cisco to install this in their factory?
Or did they co-operate in this way to prevent whistle-blowing or counterintelligence at the factory?
In any case, I doubt Cisco didn't know about this. They are probably trying to save their face after a third party uncovered this.
Considering that this is shopping season, NSA should just buy Cisco and stop all this complaining.
I find it funny how the US government accused Huawei and ZTE of building in backdoor access while engaging in the exact same practice. I don't doubt that they do, they just haven't been caught red-handed. Pun full intended. I'm guessing that even if Obama were to issue an executive order halting the process, it would be largely for show. The actions will continue under renewed secrecy.
It is rather obvious Cisco and Microsoft have backdoors. This seems like a political show because coming to the media saying "We dont have any backdoors" would not be politically correct. Any foreign government that uses this equipment is just dumb at best.
Back in the election of '08, the Reps had an ex-Massachusetts moderate Mormon candidate.
Now, the Bible Thumping Conservative (Mormon hating) kooks that make the base of the Republican party should have melted down. A Liberal BLACK democrat or a Mormon?!? Oh God No!
But, the spin machine with Rush, Hannity, Fox News, and all the lesser minions painted Romney as this upstanding Conservative Christian candidate. Even my die-hard Southern Baptist Mormon and Catholic hating neighbor voted for Romney.
The Republican spin machine will easily manipulate their "base" to not only accept it, but DEMAND that the big corp's profits are protected at the base's expense.
Let's face it, the electorate is informed by mass media and mass media is incompetent and in bed with their corporate masters.
Make the top of the case clear so that the physical modifications are easy to see and encourage reflashing of images to checksumed versions.
Well Thanks OBAMA!
Oh that's easy, your cisco hardware actually works. I'll be here all night folks. Try the fish.
Did you know 80 to 90% of the moderators on slashdot wouldn't recognize a troll even if one dragged them under a bridge.
In possibly related news, Russia is building their own Internet! With central control! And domestic payment system! And in fact, screw the whole "inter" thing...
Under a heart-warming name "Cheburashka".
Not sure if this is directly related to the 28% Cisco orders decrease.
Stop acting like you just found out about it, it's too late for that now, it'll only make you look worse.
Signed:
The rest of the world
I doubt that the NSA would like Cisco to know how/what they are doing to their routers.
Problem is that there is pretty much no possible way Cisco can put the toothpaste back in the tube. They have no simple way to prove to potential customers that their gear hasn't been hacked or compromised in some way. The actions (real or perceived) of the NSA have basically screwed a number of US companies in overseas markets where security is any sort of a concern.
Basically even the perception that the NSA may have compromised the equipment is enough to keep people from buying Cisco. Of course then the question becomes who do you trust? The Chinese make a lot of gear but they are probably trusted even less than the Americans if anything. Unless the gear is manufactured domestically under supervision it's unclear how you ensure that no one has introduced undesirable code/hardware.
Cisco knew exactly what the NSA was up to, just like Google, Microsoft, Apple, Dell, and all the rest.
I clicked on class, got to the classic front page, clicked the article and got back to beta. Fix your fucking beta, that we can disable it!
Don't complain. Sue.
I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.
...to think 40 years ago we were on the brink of nuclear war with a country that did shit like this.
Chewbacon
The Bible is like Wikipedia: written by a bunch of people and verifiable by questionable sources.
Cisco also USES government funds and resources to handle it's civil matters too gaining an advantage. They use the FBI services for free to inspect and investigate routers being imported from other countries or through Canada to find the "unlicensed" overruns and knockoffs. This is strictly a civil issue between Cisco and it Chinese factories and suppliers.
Cisco chooses to use off shore factories in countries that have a record of corruption, no regard for US IP laws and cutting corners and then make up for the loses and that risk by pushing the enforcement costs off to the US taxpayers. That is a great win-win plan for Cisco. Cisco to FBI. "Hey, factory we choose to use in China to save some money is making knockoffs and selling them in the US cutting into our profits, how can you help us?" The US government SHOULD say, "Hey Cisco, you took that business risk and should have known this could happen, it's not the US taxpayers problem, deal with it yourself."
See Plausible deniability
Plausible deniability is a term coined by the CIA in the early 1960s to describe the withholding of information from senior officials in order to protect them from repercussions in the event that illegal or unpopular activities by the CIA became public knowledge.
It's roots go back to Eisenhower's NSC Directive NSC 5412 of March 15, 1954, which defined "covert operations" as "...all activities conducted pursuant to this directive which are so planned and executed that any U.S. Government responsibility for them is not evident to unauthorized persons and that if uncovered the U.S. Government can plausibly disclaim any responsibility for them." [NSC 5412 was de-classifed in 1977, and is located at the National Archives, RG 273.]
Otherwise known as "They think you're a fucking dumb cunt."
During the NBN infrastructure procurement process, apparently the USA provided intelligence to Australia indicating Chinese owned Huawei be excluded as a supplier . Not doubt to aid both Cisco's chances of winning the bid, whilst also providing an easy in for the NSA to get it's ears pre-installed in Australia's NBN well in advance. It certainly smells dirty to me...
Organizational stagnation keeps cisco in the money. Their contracts are draconian, their prices are exorbitant, they bully IT departments that try to divest from them, and their support/documentation model is based on the 1970's approach to servicing a maytag washer. namely, that only the cloistered few shall have access.
you might need them for carrier grade (whatever that means these days) equipment but largely their market share has diminished because of competition and open source. PF and IPTables solved the firewall part, CARP and keepalived solved redundancy, and asian companies like TPLink took what they learned from years of running Cisco factories and put it into a much more reasonable offering that doesnt include secret spy chips. that is unless you ask an american intelligence agency (whatever that means these days) in which case theyre riddled with evil and you need to keep buying Cisco.
Good people go to bed earlier.
Class, repeat after me
Bing = Bing Is Not Google
Cisco = Cisco IS Cia Owned
I don't know if we ever will receive the precise details of this NSA operation, but I would still like to know:
1) How was the integrity of the shipping chain tainted? At which point NSA grabbed the devices and who allowed them to do this?
2) What does this "spyware" do, and does this mean a modified system firmware or something else?
You sound like a tera'rist, time to inject your browser with javascript exploits and put you on a watch list.
Don't ever think about traveling by plane.
The U.S. government is extremely corrupt. It is silly to talk about the constitution and law when there are many situations in which people operating with the power of the U.S. government do not feel bound by any law.
If you don't want to be shunned by the world, don't produce in a fascist control-crazy country.
Move elsewhere, or put your lobbying money to the use of encouraging openness and liberty rather than corruption. You are the ones buying policies left and right. If you are overriding democracy with money, at least override it with something longterm healthy.
The politicians you are buying right now are not to the best of your longterm interest.
Cisco CEO complains to Pizza Hut about adding cheese to pizza.
Cisco partnered with IBM and CERN.
They have a time machine, reliant on an IBM 5100.
Trust me, I am from the future. One last warning: In the future, Republicans are confused, frightened, always correct and afraid of brown people. Democrats are confused, frightened, always correct and afraid of white people.
Obama has already publicly stated many times that illegal surveillance is not going away. It would be far easier to build factories overseas to bypass this issue and thus further destroy the US economy. But then you would probably end up with some other spy agency knocking at your door with "secret" orders.
Why! Cisco gear is actually manufactured in the USA. (As opposed to being outsourced to the cheapest outfit on the planet.)
I hadn't the slightest objection to his spending his time planning massacres for the bourgeoisie... (P.G. Wodehouse)
Is the factory in China? :P
He'll, you know, speak truth to power! He'll battle the NSA on our behalf!
He'll, he'll uh... Oh, never mind.
Peace is easy to achieve, just surrender. Liberty is much harder get/keep.
The phone also allows new OS software only if it is signed by Apple. That should be equally possible on an Cisco router.
If Cisco can monitor your gear, so can the NSA. You are presuming that Cisco actually is not in cahoots with the NSA. While it is certainly possible Cisco is not working with the NSA, a foreign buyer cannot assume that is true because they have no way to confirm.
http://www.usatoday.com/story/...
Putting open source routing software on a rack-mount PC equipped with a few NICs is looking better all the time. Since the open source routing software solutions are getting quite good, this is doable. I did it and wouldn't go back:
About three years ago I noticed that our Cisco routers were a bottle-neck, worryingly old, and I was the only member of my staff comfortable with their CLI. We definitely did not have the budget to buy new Cisco routers, so I looked into HP and D-Link layer-3 switches. They were still too expensive. We used OpenWRT on some wireless routers, so the idea of using open source routing software was not new to us. Tested using plain Linux as a router. That worked, but was (way) over my staff's head. Tried Vyatta on the same hardware. At that time Vyatta's web-interface was a joke, making it no better than plain Linux for our purposes. (The web-interface may have improved since then and as a virtual router in a VM environment, Vyatta looks quite good.) Untangle was decent, but all of the interesting features had to be bought, which nullifies most of the advantages of it being open source. Heard about pfSense on the Linux Action Show and gave it a try.
Testing pfSense and learning its feature-set convinced us that it could do everything we needed (NAT, routing/firewalling between VLANs and the outside world) as well as do some other nice tricks (VPN concentrator, web caching/filtering, nice graphs of important stats, logging web usage, acting as a DHCP and DNS server, etc.). Basically, pfSense does everything that OpenWRT does and more since it expects to be run on more powerful standard hardware. Since it runs on standard hardware, the community isn't as fragmented as with OpenWRT, and more of pfSense's users are applying it in a professional environment, so the community support is quite good. The paid support is excellent. Being able to replace a failing router or NIC with something we had on the shelf is nice too.
So we had an open source routing solution that fit our needs, and much better than Cisco's offerings. But shifting all of our routing from Cisco to pfSense was a bold move. The Huawei story was the clincher for us. If Huawei did it, Cisco could too. That realization lead to my decision to always use an open source solution on network edge devices. This story seems to support that decision.
That is odd, I thought FOX News, CNN, MSNBC were all putting on shows with entertaining gossip, talking heads with poor track records (but good ratinings) and other infotainment BS? Why would I bother to READ anything Glen Greenwald writes when I can turn in simple minded entertaining tripe that will not depress me?
High profits and high ratings come from being ALL SHOW. I think you have him confused with most the media.
The ONLY reason Greenwald makes a living competing against the infotainment industry is because he has actually done his job. Which BTW, a large part of it is getting out the news to as many people as he can. People wanting some real news about things that actually matter go to him in great enough numbers he can make a living; an idealistic type like him wants readership more for spreading the news than for merely increased profit. It does little good to dump news in ways that people don't get it; it's irresponsible and defeats the point.
Spreading out leaks and structuring them so the PR spin/coverups become evident is a whole level above just good journalism.
As far as leaking things that harm the US; well that is really what a free press is all about! Leaders kill plenty of people in more ways that people realize but that is OK?? They always justify their actions with time-tested rhetoric that people are so conditioned to that it hardly needs repeating. What we need is people bringing up the 4th estate as being every bit as justified as the other branches of government for the loss of life for "high minded ideals" (doesn't that phrase always seem empty or sarcastic? things are exploited so much the words lose meaning.)
Democracy Now! - uncensored, anti-establishment news
I would assume that whatever the NSA is doing to this equipment must make hardware changes. If reflashing with new IOS loads "fixed" NSA compromises, I would expect it wouldn't be a very successful program as firmware upgrades would close the back doors.
They must be making changes to hardware in some way that are transparent to IOS and possibly not even visible to someone doing field replacement of internal modules.
It's kind of crummy they do it at all, but it would be pretty fascinating to see how they are able to backdoor this equipment in a way that survives firmware flashing and doesn't add mystery daughterboards to the equipment. Given that it's also network equipment typically implemented by people who are smarter than the average bear, it's also interesting how they manage to configure remote access into the equipment without being detected and accommodating the actual premise configurations.
Instead of buying backdoored equipment that's been tampered with by NSA employees, I replaced a $6,000 Cisco AVA box with a 1U dual-core atom box running pfSense for about a grand. I've also reflashed the various WRT-series routers in the field with DD-WRT. ....And now our official new IT policy is "thou shalt not buy Cisco/Linksys gear".
Way to go NSA, you sank what little remains of the US tech industry. And it's not Snowden's fault in the least for revealing the crimes and assault on our liberty at the hands of the NSA. It's the NSA's fault for committing the serious crimes against their own people in the first place. They should be shut down, tarred, feathered and put on trial for becoming domestic terrorists. Don't tread on me.
He can fix all the things.
Software based networking running on a generic chip that you add to the router.
Plausible Deniability.
If they asked company C to participate in this little program of theirs and they get caught, then it's pretty much game over for Cisco.
OTOH, if company C simply agreed to " look the other way " and let the NSA intercept outgoing hardware for " quality inspections ", then company C can simply say they had no idea this was going on. Without some notification from within company C's organization, I don't see how the NSA would be able to keep track of what hardware company C was sending overseas with 100% accuracy. I'm guessing there is some sort of agreement in place between the two here. Just my theory though.
What has me curious is what about the other major ( USA based ) players in the Routing / Switching world ? ( Juniper comes to mind ) I would assume they would be in the exact same position.
Cisco should just encrypt the hardware so it won't work if someone has altered it in transit.
Aren't most tech products made in China or elsewhere outside the U.S.? Are they saying the NSA is doing this outside of the U.S. in overseas shipping locations?
when this happens you have to think out of the box. Cisco is big business and it sure hinders the business. I would build a few plants outside of the us and drop nsa and the likes out picture.
You know, if you buy hardware and a support contract, you want to download the latest (and/or greatest) image for your device and reflash it yourself anyway.
If the hardware you cannot flash has been compromised you can flash whatever you want and it probably won't matter.
For this many years, NSA is employing this practice of injecting spyware code into CISCO's software/firmware and CISCO is realizing this malfeasance just today ? Gimme a break ! Get real people of CISCO. You were in cahoots with NSA, more than likely, inserting the sanctioned code into your hardware, wherever and whenever asked by the big brother. Now you are crying foul and run into the arms of Uncle Obama ? People are not that stupid as you can imagine. I can guarantee you, there are not that many people with skills of injecting a nearly undetectable routing code into a world renowned router and at the same time, work at NSA for a peanut salary paid by government. So, NSA doing this on their own with no help from CISCO is as believable as someone growing a bubble gum tree on their backyard.
__________
The more I know people, the more I love animals
You can't have it both ways. Either they're willful manipulators or incompetent buffoons, but not both.
When you grow up, you will realize the World isn't Black and White; Good or Evil; Vanilla or Chocolate.
And you expressed one of the many problems with our World today.
This is like asking a Alpha Wolf to protect the sheep from the rest of the wolf pack which he has order to slaughter the sheep.
... that you think the Constitution matters anymore.
if it was done at the factory, then the chinese would know what "extra features" the firmware has.
Do I sense a hint of morality and ethics in the "gotta hack'em all" mindset of big tech?
isn't this tampering with commerce?
isn't this illegal?
isn't this what the gov accuses the chinese of doing with their own routers?
My God can beat up your God. Just kidding...don't take offense. I know there's no God.
The shifting is all the sleazy tricks to make shell companies so that the 'territory' which makes the profit happens to be a small office in a low tax country which somehow is supplying this global market, and the large operations in the large markets operate at a loss.
The US charging taxes on worldwide income is an attempt to circumvent those shenanigans.
The 'territorial' system would make the farcical tax evasion entirely legal instead of tax-deferred. Now it's just legal until the money comes back to the U.S. (i.e. tax-deferral benefit provided for free).
Now the companies and their WSJ propagandists claim all this money is "trapped" when it is no such thing---they just don't want to pay the taxes they owe---and use it as extortion for tax "reform" which reforms only one half of the bargain. Is your money in your 401k "trapped"?
And in aggregate, corporate income tax i.e. actual money paid is at generational lows, not highs as you would have believed from the noise. But they're working to make it even lower.
The Mormon "Church" was started by a Con man.
It is perpetuated by people who are stupid or in on the Con.
So, YOU are either stupid or part of the con.
Either of those are people I do NOT want to associate with.
Big brother bama isn't a republican.
Waterloo and Ottawa have more computer scientists. but Tranna has the manufacturing infrastructure, so Cisco's announced that they're moving significant parts of the company there. The first phase is $100 million, out of a $4-billion investment in Ontario. and roughly 1,700 jobs. See http://www.theglobeandmail.com...
Besides, many people fear CSE less than they do the NSA. After all, Canada's only been caught spying on Brazil, while the US was found spying on everyone on the planet (;-))
davecb@spamcop.net
https://s3.amazonaws.com/img.docstoc.com/thumb/orig/170154030.png
I'd paste the whole text here if it weren't an image.
Use my userscript to add story images to Slashdot. There's no going back.
I use pfSense at home and for my hosted servers.
Everyone I know who has tried pfSense has become a convert.
Cisco can go eat a dick when they want to charge me $10,000 for a product that is inferior in most ways to my $800 pfSense box + a layer 2 switch.
I wish all my company's sales would fall from 7% to over 25%. Curse you NSA, and curse the 350% increase in sales you've unleashed upon me!
Nothing posted to
Either they're willful manipulators or incompetent buffoons, but not both.
Yes, they can be both. They can be incompetent buffoons in the sense of not realizing that their stupid empty ideology based on religious indoctrination is a mental trap that pushes them beyond stupid, yet be very good at manipulating things to accomplish their childish goal of armageddon and rapture. Or, they can be total slaves to their corporate masters with no sense of morals or ethics of their own, and yet be very good at carrying out the goals of their masters.
-- thinkyhead software and media
seriously, only lets me read this article in it. what a pile of crap.
"Evil bit" to be renamed "Patriot bit"
how in the hell did it degrade into a religious discussion...get a life people, keep on topic
Given open knowledge of NSA tampering with Cisco export kit, how does this affect the gray market in pre-owned kit originally destined for domestic US use?
Is it booming, with all the not-Five Eyes wanting a copy to take apart?
Is it in a slump because of fear of a free ride to Gitmo?
And might this have any relation to Cisco's attempts to crack down on this market in the past?
Just curious....
--
Are you embarrassed to be an American? If not, why not?
Based on concerns expressed here, I have investigated traffic coming across my desk directed to the www.nsa.gov IP address, and found innocent explanations for it. Are there examples anywhere of syslog records for traffic confirmed as being generated by compromised equipment?