Slashdot Mirror
How Cisco Is Trying To Prove It Can Keep NSA Spies Out of Its Gear (csoonline.com)
itwbennett writes: A now infamous photo [leaked by Edward Snowden] showed NSA employees around a box labeled Cisco during a so-called 'interdiction' operation, one of the spy agency's most productive programs,' writes Jeremy Kirk. 'Once that genie is out of the bottle, it's a hell of job to put it back in,' said Steve Durbin, managing director of the Information Security Forum in London. Yet that's just what Cisco is trying to do, and early next year, the company plans to open a facility in the Research Triangle Park in North Carolina where customers can test and inspect source code in a secure environment. But, considering that a Cisco router might have 30 million lines of code, proving a product hasn't been tampered with by spy agencies is like trying 'to prove the non-existence of god,' says Joe Skorupa, a networking and communications analyst with Gartner.
That is a lot of code, is that a realistic number for a router? I'm genuinely interested in knowing.
More like "the devil", in this case.
How can they convince anyone that they can keep the NSA out when the Law says they have to let the NSA in?
Seen enough YouTube videos from cameras packed in shipments for the obvious answer...
These boxes are costly enough to justify packaging it with some device that will record GPS, video, and sound. Make sure there is some good cryptographic signature on the device. Attach it to the router, and put a nasty anti-tamper dye spray to boot. (Although might have some regulatory issues with the explosive device for that, hmmm...).
Give the customer a rebate for returning the tracking device. (After unlocking, of course.)
Of course, the tracking device will need solid cryptographic signature/protection, but would have a lot fewer millions of lines of code than the router!
Then the guy you see stumbling out of the FedEx office covered in dye... he's not with FedEx.
The best the spys can do, then, is to "lose" the device in shipment, pay off the carrier's insurance company (otherwise, insurance rates will go sky-high), and then try to sell the router in the black market to spy on somebody other than the original target.
Use only Huawei in the core and Cisco on the edge, with a firewall rule to block traffic to/from China to block the Huawei back doors. Or vice versa. You can't trust either, but hopefully both aren't compromised by the same group.
Learn to love Alaska
Did they move their operations from the US and fire all their US developers and only hire ones from countries with the strongest data protection laws and the weakest spy agencies?
No? Then they are NSA compromised. Here is a letter from the DOJ ordering you to cooperate with the NSA or go to jail. You can't show the letter to anyone or you go to jail. If you want to contest it you will first go to jail and then you will have to contest it in a special court where you can't get any evidence that is in your favour. So you stay in jail.
If companies like Siemens are using Cisco equipment then they are fools.
Snowden sure did us a favor with his revelations.
What did we do for him in return?
We threw him to the wolves.
Americans don't deserve whistle-blowers.