Cisco Complains To Obama About NSA Adding Spyware To Routers

← Back to Stories (view on slashdot.org)

Cisco Complains To Obama About NSA Adding Spyware To Routers

Posted by samzenpus on Monday May 19, 2014 @12:06AM from the get-out-of-there dept.

pdclarry (175918) writes "Glenn Greenwald's book No Place to Hide reveals that the NSA intercepts shipments of networking gear destined for overseas and adds spyware. Cisco has responded by asking the President to intervene and stop this practice, as it has severely hurt their non-U.S. business, with shipments to other countries falling from 7% for emerging countries to over 25% for Brazil and Russia."

19 of 297 comments (clear)

Min score:

Reason:

Sort:

Why bother with tricks? by Katatsumuri · 2014-05-19 00:13 · Score: 5, Insightful

Why does NSA have to do this? Can't they just order Cisco to install this in their factory?
Or did they co-operate in this way to prevent whistle-blowing or counterintelligence at the factory?
In any case, I doubt Cisco didn't know about this. They are probably trying to save their face after a third party uncovered this.
1. Re:Why bother with tricks? by CrimsonAvenger · 2014-05-19 00:16 · Score: 5, Informative
  
  Why does NSA have to do this? Can't they just order Cisco to install this in their factory?
  
  Actually, no. They can ASK Cisco to do this, but they have no legal power to order them to do this.
  Now, they may quietly PRETEND they have the legal power to order this, and phrase their request as an order. But they really can't do much if Cisco ignores them.
  
  --
  
  "I do not agree with what you say, but I will defend to the death your right to say it"
2. Re:Why bother with tricks? by Tha_Zanthrax · 2014-05-19 00:17 · Score: 5, Insightful
  
  Cisco knew, they even had a 'choice' in the matter: cooperate with the government and keep your mouth shut about it or get your business ruined by that same government.
3. Re:Why bother with tricks? by NotDrWho · 2014-05-19 00:44 · Score: 5, Insightful
  
  Why does NSA have to do this? Can't they just order Cisco to install this in their factory?
  
  Why risk someone at Cisco running to the press? Best to keep them out of the loop.
  
  --
  SJW's don't eliminate discrimination. They just expropriate it for themselves.
4. Re:Why bother with tricks? by NotDrWho · 2014-05-19 01:21 · Score: 5, Insightful
  
  If it weren't for Edward Snowden, Cisco would have never been able to complain--because no one would have ever known it was happening. Keep in mind that the NSA had been doing this kind of stuff for OVER 10 YEARS without a significant leak. So you can't blame them for functioning under the assumption that neither Cisco nor anyone else was ever going to know it was happening (until about 75 years from now, when it's finally declassified).
  
  --
  SJW's don't eliminate discrimination. They just expropriate it for themselves.
5. Re:Why bother with tricks? by kilfarsnar · 2014-05-19 01:49 · Score: 5, Insightful
  
  What they do is use their total information awareness to find some excuse to put the executives in prison for a completely different reason. The difference matters little to the executive.
  Now, who would do such a thing?
  
  --
  "What the American public doesn't know is what makes them the American public." -Ray Zalinsky (Tommy Boy)
6. Re:Why bother with tricks? by Lumpy · 2014-05-19 02:37 · Score: 5, Funny
  
  You cant, It's a criminal offense to actually read that part of the patriot act.
  
  --
  Do not look at laser with remaining good eye.
7. Re:Why bother with tricks? by Lumpy · 2014-05-19 02:40 · Score: 5, Insightful
  
  Actually you can, Cisco can start hiring contractor security firms and get more guns than the NSA. an NSA agent that has a M16 rifle pushed in his face by contractors and being told to "please leave the premises..... SIR!" has two options, he can leave or he can be killed in self defense.
  A large very rich corperation can get away with a hired army to protect themselves from the government.
  but that slippery slope is very steep and very very slippery.
  
  --
  Do not look at laser with remaining good eye.
Hypocritical by DaMattster · 2014-05-19 00:17 · Score: 5, Interesting

I find it funny how the US government accused Huawei and ZTE of building in backdoor access while engaging in the exact same practice. I don't doubt that they do, they just haven't been caught red-handed. Pun full intended. I'm guessing that even if Obama were to issue an executive order halting the process, it would be largely for show. The actions will continue under renewed secrecy.
1. Re:Hypocritical by Anonymous Coward · 2014-05-19 00:25 · Score: 5, Insightful
  
  It takes one to know one. The US government was afraid of that kind of thing exactly because they knew they were doing it to everybody else.
2. Re:Hypocritical by NotDrWho · 2014-05-19 00:49 · Score: 5, Interesting
  
  I find it funny how the US government accused Huawei and ZTE of building in backdoor access while engaging in the exact same practice.
  It's funny. I was watching the news this morning and one of the lead stories was about the arrest of a bunch of Chinese officials for "cyberspying." And the first thing that I thought when I saw that was "I wonder what the Administration is trying to hide with this stunt." So I come on Slashdot and this is the first story I see this morning. Guess I know now why those Chinese dudes got arrested.
  Smart strategy. Whenever a story breaks about YOUR cyberspying, just stage a distraction stunt to highlight OTHER COUNTRY'S cyberspying.
  
  --
  SJW's don't eliminate discrimination. They just expropriate it for themselves.
3. Re:Hypocritical by MaskedSlacker · 2014-05-19 00:56 · Score: 5, Insightful
  
  In the case of Cisco most of the world can trust their gear with the exception of people who are direct targets of the NSA.
  If there is anything we have learned since the Snowden Saga started, it is that most of the world are direct targets of the NSA. That is, your post is self-nullifying and vanishes in a poof of logic.
4. Re:Hypocritical by AmiMoJo · 2014-05-19 01:57 · Score: 5, Insightful
  
  I'm glad America approves me hacking American systems and spying on American people. After all, foreigners are fair game, and Americans are foreigner to me, so...?
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
How do you know if your hardware has this? by NotSoHeavyD3 · 2014-05-19 00:28 · Score: 5, Funny

Oh that's easy, your cisco hardware actually works. I'll be here all night folks. Try the fish.

--
Did you know 80 to 90% of the moderators on slashdot wouldn't recognize a troll even if one dragged them under a bridge.
Too late by sjbe · 2014-05-19 00:42 · Score: 5, Insightful

Problem is that there is pretty much no possible way Cisco can put the toothpaste back in the tube. They have no simple way to prove to potential customers that their gear hasn't been hacked or compromised in some way. The actions (real or perceived) of the NSA have basically screwed a number of US companies in overseas markets where security is any sort of a concern.
Basically even the perception that the NSA may have compromised the equipment is enough to keep people from buying Cisco. Of course then the question becomes who do you trust? The Chinese make a lot of gear but they are probably trusted even less than the Americans if anything. Unless the gear is manufactured domestically under supervision it's unclear how you ensure that no one has introduced undesirable code/hardware.
Feeling ashamed by Chewbacon · 2014-05-19 00:51 · Score: 5, Insightful

...to think 40 years ago we were on the brink of nuclear war with a country that did shit like this.

--
Chewbacon
The Bible is like Wikipedia: written by a bunch of people and verifiable by questionable sources.
USA advised Australia not to purchase chinese by felixrising · 2014-05-19 00:53 · Score: 5, Insightful

During the NBN infrastructure procurement process, apparently the USA provided intelligence to Australia indicating Chinese owned Huawei be excluded as a supplier . Not doubt to aid both Cisco's chances of winning the bid, whilst also providing an easy in for the NSA to get it's ears pre-installed in Australia's NBN well in advance. It certainly smells dirty to me...
DIY routers looking better all the time by Mark+of+the+North · 2014-05-19 02:15 · Score: 5, Informative

Putting open source routing software on a rack-mount PC equipped with a few NICs is looking better all the time. Since the open source routing software solutions are getting quite good, this is doable. I did it and wouldn't go back:
About three years ago I noticed that our Cisco routers were a bottle-neck, worryingly old, and I was the only member of my staff comfortable with their CLI. We definitely did not have the budget to buy new Cisco routers, so I looked into HP and D-Link layer-3 switches. They were still too expensive. We used OpenWRT on some wireless routers, so the idea of using open source routing software was not new to us. Tested using plain Linux as a router. That worked, but was (way) over my staff's head. Tried Vyatta on the same hardware. At that time Vyatta's web-interface was a joke, making it no better than plain Linux for our purposes. (The web-interface may have improved since then and as a virtual router in a VM environment, Vyatta looks quite good.) Untangle was decent, but all of the interesting features had to be bought, which nullifies most of the advantages of it being open source. Heard about pfSense on the Linux Action Show and gave it a try.
Testing pfSense and learning its feature-set convinced us that it could do everything we needed (NAT, routing/firewalling between VLANs and the outside world) as well as do some other nice tricks (VPN concentrator, web caching/filtering, nice graphs of important stats, logging web usage, acting as a DHCP and DNS server, etc.). Basically, pfSense does everything that OpenWRT does and more since it expects to be run on more powerful standard hardware. Since it runs on standard hardware, the community isn't as fragmented as with OpenWRT, and more of pfSense's users are applying it in a professional environment, so the community support is quite good. The paid support is excellent. Being able to replace a failing router or NIC with something we had on the shelf is nice too.
So we had an open source routing solution that fit our needs, and much better than Cisco's offerings. But shifting all of our routing from Cisco to pfSense was a bold move. The Huawei story was the clincher for us. If Huawei did it, Cisco could too. That realization lead to my decision to always use an open source solution on network edge devices. This story seems to support that decision.
Well it's a good thing.... by ogdenk · 2014-05-19 03:00 · Score: 5, Informative

Instead of buying backdoored equipment that's been tampered with by NSA employees, I replaced a $6,000 Cisco AVA box with a 1U dual-core atom box running pfSense for about a grand. I've also reflashed the various WRT-series routers in the field with DD-WRT. ....And now our official new IT policy is "thou shalt not buy Cisco/Linksys gear".
Way to go NSA, you sank what little remains of the US tech industry. And it's not Snowden's fault in the least for revealing the crimes and assault on our liberty at the hands of the NSA. It's the NSA's fault for committing the serious crimes against their own people in the first place. They should be shut down, tarred, feathered and put on trial for becoming domestic terrorists. Don't tread on me.