Go Back   nV News Forums > General Forums > Open Forum

Newegg Daily Deals

Reply
 
Thread Tools
Old 05-14-14, 06:33 AM   #1
Vasot02
Crazy Greek guy
 
Vasot02's Avatar
 
Join Date: Jan 2007
Location: Athens\Greece
Posts: 411
Default NSA implants backdoor tools in routers



The NSA has been covertly implanting interception tools in US servers heading overseas – even though the US government has warned against using Chinese technology for the same reasons, says Glenn Greenwald, in an extract from his new book about the Snowden affair, No Place to Hide

For years, the US government loudly warned the world that Chinese routers and other internet devices pose a "threat" because they are built with backdoor surveillance functionality that gives the Chinese government the ability to spy on anyone using them. Yet what the NSA's documents show is that Americans have been engaged in precisely the activity that the US accused the Chinese of doing.

The drumbeat of American accusations against Chinese internet device manufacturers was unrelenting. In 2012, for example, a report from the House Intelligence Committee, headed by Mike Rogers, claimed that Huawei and ZTE, the top two Chinese telecommunications equipment companies, "may be violating United States laws" and have "not followed United States legal obligations or international standards of business behaviour". The committee recommended that "the United States should view with suspicion the continued penetration of the US telecommunications market by Chinese telecommunications companies".

The Rogers committee voiced fears that the two companies were enabling Chinese state surveillance, although it acknowledged that it had obtained no actual evidence that the firms had implanted their routers and other systems with surveillance devices. Nonetheless, it cited the failure of those companies to cooperate and urged US firms to avoid purchasing their products: "Private-sector entities in the United States are strongly encouraged to consider the long-term security risks associated with doing business with either ZTE or Huawei for equipment or services. US network providers and systems developers are strongly encouraged to seek other vendors for their projects. Based on available classified and unclassified information, Huawei and ZTE cannot be trusted to be free of foreign state influence and thus pose a security threat to the United States and to our systems."

The constant accusations became such a burden that Ren Zhengfei, the 69-year-old founder and CEO of Huawei, announced in November 2013 that the company was abandoning the US market. As Foreign Policy reported, Zhengfei told a French newspaper: "'If Huawei gets in the middle of US-China relations,' and causes problems, 'it's not worth it'."

But while American companies were being warned away from supposedly untrustworthy Chinese routers, foreign organisations would have been well advised to beware of American-made ones. A June 2010 report from the head of the NSA's Access and Target Development department is shockingly explicit. The NSA routinely receives – or intercepts – routers, servers and other computer network devices being exported from the US before they are delivered to the international customers.

The agency then implants backdoor surveillance tools, repackages the devices with a factory seal and sends them on. The NSA thus gains access to entire networks and all their users. The document gleefully observes that some "SIGINT tradecraft … is very hands-on (literally!)".

Eventually, the implanted device connects back to the NSA. The report continues: "In one recent case, after several months a beacon implanted through supply-chain interdiction called back to the NSA covert infrastructure. This call back provided us access to further exploit the device and survey the network."

It is quite possible that Chinese firms are implanting surveillance mechanisms in their network devices. But the US is certainly doing the same.

Warning the world about Chinese surveillance could have been one of the motives behind the US government's claims that Chinese devices cannot be trusted. But an equally important motive seems to have been preventing Chinese devices from supplanting American-made ones, which would have limited the NSA's own reach. In other words, Chinese routers and servers represent not only economic competition but also surveillance competition.

• No Place to Hide, by Glenn Greenwald is published on 13 May 2014 by Hamish Hamilton

SOURCE: http://www.theguardian.com/books/201...outers-snowden
__________________
Vasot02 is offline   Reply With Quote
Old 05-14-14, 07:09 AM   #2
mullet
 
mullet's Avatar
 
Join Date: Oct 2005
Posts: 8,062
Default Re: NSA implants backdoor tools in routers

Not surprised anymore.

BT modems have NSA back-door, claim researchers

Quote:
Gaining local access to the BT Broadband modem provided to customers using a USB serial cable wired directly to the motherboard, the team claim to have discovered a hidden virtual local area network run by the modem and connecting it directly to the NSA and GCHQ's data capture network. Not visible using any LAN-side package capture tools, nor from the connected router's administrative page, the network presents all ports to the VLAN without restriction - providing the ability to, for example, insert false entries in the DNS table as part of a man-in-the-middle attack, to access computers on the LAN side of the modem, or even to mirror all outgoing and incoming internet traffic across the VLAN for capture - a mode it is claimed to use by default.

The team further claims to have evidence that this hidden network is owned by the US Department of Defence (DoD) yet operated within the UK. 'This clearly demonstrates that the UK Government, US Government, US Military and BT are co-operating together to secretly wiretap all Internet users in their own homes,' the document warns before adding that 'if you cannot confirm otherwise, you must assume that all ISPs in the UK by policy have the same techniques deployed.'
http://leaksource.info/2013/12/09/fu...ods-uncovered/
__________________
• LIAN-LI PC-A70B • ASUS MAXIMUS V FORMULA (0701) • i7-3770k + NOCTUA|NH-D14 • Intel 520 240GB SSD • G.SKILL Ripjaws X Series 16GB DDR3 1600 •
• EVGA GeForce GTX 680 • PCP&C 750 Quad • ASUS BD-ROM • DELL U2711 H-IPS + DELL 2209WA e-IPS• Windows 7 Pro x64 SP1 • Logitech Z5500 5.1 •
mullet is offline   Reply With Quote
Old 05-16-14, 08:20 AM   #3
mullet
 
mullet's Avatar
 
Join Date: Oct 2005
Posts: 8,062
Default Re: NSA implants backdoor tools in routers

Photos of an NSA “upgrade” factory show Cisco router getting implant

Quote:
Here’s how it works: shipments of computer network devices (servers, routers, etc,) being delivered to our targets throughout the world are intercepted. Next, they are redirected to a secret location where Tailored Access Operations/Access Operations (AO-S326) employees, with the support of the Remote Operations Center (S321), enable the installation of beacon implants directly into our targets’ electronic devices. These devices are then re-packaged and placed back into transit to the original destination. All of this happens with the support of Intelligence Community partners and the technical wizards in TAO.
__________________
• LIAN-LI PC-A70B • ASUS MAXIMUS V FORMULA (0701) • i7-3770k + NOCTUA|NH-D14 • Intel 520 240GB SSD • G.SKILL Ripjaws X Series 16GB DDR3 1600 •
• EVGA GeForce GTX 680 • PCP&C 750 Quad • ASUS BD-ROM • DELL U2711 H-IPS + DELL 2209WA e-IPS• Windows 7 Pro x64 SP1 • Logitech Z5500 5.1 •
mullet is offline   Reply With Quote
Old 07-08-14, 01:18 AM   #4
Rakeesh
 
Rakeesh's Avatar
 
Join Date: Jun 2004
Location: Sonoran Desert
Posts: 6,869
Default Re: NSA implants backdoor tools in routers

I'm curious how these bugs work exactly. In the pictures we don't see them physically modifying the hardware. Instead we see a rather typical setup where the router is connected via console cable, which is common before deploying a new switch/router (issuing configuration commands, etc.)

Based on my (moderate) knowledge, if they aren't making physical changes then my best guess would be they are planting a software backdoor into the IOS images (alternatively they'd be modding rommon, which isn't used while an IOS image is booting proper, and is a hell of a lot more tricky to modify.)

This would all be trivial to "debug" and countersurveil though; just md5sum the IOS image and compare it to known hashes to know if yours is bugged, and if it is bugged then just flash a good one. For counter surveillance, run a diff to see what they changed and their "beacon" server's addresses would be nice and visible for the world to see.

I'm dying to know if somebody has dissected one of these bugged routers/switches.
__________________
Want to listen to audio without your computer going to sleep? Try this.

Core i7 2600k 4.4Ghz 1.385v | Corsair H60 | 8GB Corsair Vengeance 1600 8-8-8-24 | MSI P67A-G45 | OCZ Vertex 3 | Sapphire 7850 OC to Max settings

Rakeesh is offline   Reply With Quote
Reply


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


Similar Threads
Thread Thread Starter Forum Replies Last Post
Western Digital makes routers now News Archived News Items 0 06-15-12 12:30 AM

All times are GMT -5. The time now is 11:03 PM.


Powered by vBulletin® Version 3.7.1
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Copyright ©1998 - 2014, nV News.