To Avoid NSA Interception, Cisco Will Ship To Decoy Addresses
An anonymous reader writes with this news snipped from The Register: Cisco will ship boxes to vacant addresses in a bid to foil the NSA, security chief John Stewart says. The dead drop shipments help to foil a Snowden-revealed operation whereby the NSA would intercept networking kit and install backdoors before boxen reached customers. The interception campaign was revealed last May. Speaking at a Cisco Live press panel in Melbourne today, Stewart says the Borg will ship to fake identities for its most sensitive customers, in the hope that the NSA's interceptions are targeted. 'We ship [boxes] to an address that has nothing to do with the customer, and then you have no idea who, ultimately, it is going to,' Stewart says.
I would be happy to pay a little extra for this service for non-critical hardware. But if I were actually concerned the NSA would want to twist my knickers there's no way in hell I would: It's a huge red flag for them. Instead I would bribe someone at a different company to accept my shipment and forward it to me.
But let's be honest, if the NSA is interested enough in you to install extras on your hardware, they probably already know your favorite porn, your underwear size, and what you had for breakfast. I'm happy to see extra services appearing for privacy-loving individuals but I don't think this particular one will help.
If video games influenced behavior the Pac Man generation would be eating pills and running away from their problems.
the actual plan is pretty secretive but crap like Smallco at Nowheresville is easy to catch. all the NSA has to do is take a spammers approach when sifting through UPS and FEDEX databases pertaining to Cisco. Using Sparse Orthogonal Bigrams or CRM114 with a combination of known customer addresses and contacts allows the NSA to quickly weed out any future attempt to subvert its practice.
what isnt more difficult to thwart is a conscious customer, and thats the NSA's real problem. A shipment from San Francisco to Dallas for example, that takes a detour to Boson, could be good reason for suspicion. anti-tamper systems like tip-n-tell, environmental dyes, tamper seals, or a combination of these sytems as well as the much maligned DRM signed firmware could make the NSA's efforts substantially more difficult. Finally, getting out of lock-in technology monocultures like dell-everything shops and cisco-anything shops is helpful. a moving target is, after all, harder to hit.
Good people go to bed earlier.
This strikes me as either silly (very James Bond), or an indication that Cisco doesn't even trust its own employees.
Otherwise, why wouldn't Cisco just hand deliver the items using its own employees.
Taking this cloak-and-dagger approach implies that if anyone at Cisco knows who's receiving the hardware, then it is at risk, meaning that Cisco is compromised and knows it.
by putting their stuff into the Cisco boxes in the factory. Wait, aren't they already doing that?
Does nothing if all hardware is compromised prior to shipping. Would they be allowed to tell you if it were? Would they even be aware if it was? Has the government ever looked at their code or received a report from them about potential security vulnerabilities as part of a disclosure required for a government contract or security certification? I'm guessing if they did, that report was sent directly to the NSA.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?