Report: NSA sticks backdoor tools in routers

Ready for another juicy NSA spying revelation? All right, here goes. According to the latest report by The Guardian, the National Security Agency implants backdoor tools in routers exported from the United States. The NSA then uses those tools to conduct network surveillance.

A June 2010 report from the head of the NSA’s Access and Target Development department is shockingly explicit. The NSA routinely receives – or intercepts – routers, servers and other computer network devices being exported from the US before they are delivered to the international customers.
The agency then implants backdoor surveillance tools, repackages the devices with a factory seal and sends them on. The NSA thus gains access to entire networks and all their users. The document gleefully observes that some “SIGINT tradecraft … is very hands-on (literally!)”.

The document reportedly goes on to mention one instance of a router phoning home to the NSA several months after being implanted with spying tools. “This call back provided us access to further exploit the device and survey the network,” the document allegedly states.

As the Guardian points out, this news comes on the heels of repeated allegations by the U.S. government that Chinese-built hardware contains backdoors used by the Chinese government. The House Intelligence Committee went so far as to advise private companies in the U.S. not to do business with two Chinese telecommunications equipment firms, Huawei and ZTE, on those grounds that they “cannot be trusted to be free of foreign state influence.”

Comments closed
    • shank15217
    • 7 years ago

    That’s why you make sure you update your router firmware regularly and from the manufacturer.

    • Krogoth
    • 7 years ago

    slowpoke.jpeg

    /thread

    All of the international intelligence agencies have been bugging civilian communication networks and mediums for decades. The internet is no exception.

    • Tech Savy
    • 7 years ago

    Mr. President, how do we know that the Chinese are equipping manufactured hardware with backdoor spy tools? Well…. because we have been doing it for years, so we knew it would be a matter of time before the slow pokes caught up. We just kept watch and yelled fire when they finally got hip to the tactic.

    The moral of the story here Ladies and Gentlemen, is nobody can be a underhanded, deceitful, dirt bag but us. HEY! I didn’t start this crap Bush did…. I just kept it going because if the $h*t hit the Fan then I knew I could blame Bush.

    Ah, Bush Jr. I love that Man. He gave me a do what I want and get away with it Ticket with the foolish mistakes he made doing his term. Nothing like his Daddy, that guy worked for the CIA for 20 years, the whole time smuggling SMACK and CRACK into America to sell to it’s already impoverished communities, then he Hit the big time with the Eron Contra affair, when roomers came out he had Mrs. Reagan start D.A.R.E and assassinated Eron Contra Contact when Congress was pursuing them for questioning. His crowning moment, when He became the President and game himself, Oliver North and all CIA operatives involved Amnesty!

    Ah the Sinister Brilliance of Bush Sr….. most Presidents only dream of being like him.

    • MarkG509
    • 7 years ago

    One word: pfSense.

    Plus self-signed large keys, stay up to date on patches.

      • hbarnwheeler
      • 7 years ago

      Three more: m0n0wall, ClearOS, IPCop

      • TwoEars
      • 7 years ago

      pfSense rocks.

      • ZGradt
      • 7 years ago

      I’ve had a pfsense gateway running on my VM server for about a year now. It’s great once you figure out it’s weird menu system.

    • chuckula
    • 7 years ago

    Wait a minute guys!!!

    It’s really unfair to put the blame on us for these backdoors OK? I mean, we don’t actually put them onto the routers.

    Instead, we just exploit the backdoors than the manufacturers put onto the routers all by themselves without telling them that we know how to get in.

    That’s a horse of a different color altogether!
    — Your friends at the NSA

    • Goofus Maximus
    • 7 years ago

    Just goes to show, when the US was pointing it’s finger at China as the greatest hacking espionage entity, all those other fingers were pointed right back at the US…

    As revelations go, however, I thought we already knew that one for quite a while….

      • mesyn191
      • 7 years ago

      Suspected by lots but not known until now.

    • HisDivineOrder
    • 7 years ago

    WHY do you think the US government was SO convinced that there were backdoors into all those Chinese devices?

    The most paranoid people are often the people who do the very things they’re paranoid others are doing. Who better than us to know it’s being done by China, right? πŸ˜‰

    • Wirko
    • 7 years ago

    I see that the ads below have grown some *intelligence* and are not trying to sell me a router on this occasion.

      • DPete27
      • 7 years ago

      They’re trying to sell me spy gear.

    • UberGerbil
    • 7 years ago

    Bit of a tangent, but the mention of Chinese hardware reminds me of something: about a decade ago a friend was invited to teach a class at a university in Guangdong (she’s a journalist, and among the things the class emphasized was the principles and responsibilities of a free press, which in this context has all sorts of ironies). At this university the only way you could connect to the internet through their servers was by installing TLS on your PC. This surprised me, because TLS was pretty new at the time (this was v1.0 IIRC) and I’d never seen it required for basic internet access. Investigating further, it appeared they were offering a custom Chinese build of TLS; while I wasn’t able to verify it, I’m pretty sure it included a man-in-the-middle feature for passing along everything to the Ministry of State Security. Needless to say, she did her usual nuke-from-orbit and restore after she left.

      • NovusBogus
      • 7 years ago

      That sort of thing is standard fare over there, the Great Firewall censorship program employs an estimated 50,000 secret police agents.

    • albundy
    • 7 years ago

    is this hard coded in the router? or can you just wipe the firmware and replace it with open ddwrt?

      • willmore
      • 7 years ago

      If you read some of the Snoden documents, they seem to have different kids of firmware compromises. Many of them mention that they persist over a sofware upgrade or at least leave in a back door which can be used to reinstall the exploit.

    • NeelyCam
    • 7 years ago

    This is good. Helps with the war against terrorists.

    Besides, unless you have something to hide, this shouldn’t bother anyone. Miniscule privacy sacrifice for a huge boost in a fight against evildoers.

    If this helps them find people with assault weapons, even better.

      • stdRaichu
      • 7 years ago

      Downvoted already? I’m was going to give you a -1 just to point out to all and sundary that satire really [i<]is[/i<] dead but there was a giant whooooosh that moved my mouse.

        • l33t-g4m3r
        • 7 years ago

        There’s good satire, and then there’s bad satire. This was gallows humor satire, like concentration camp prisoners joking about the food. Plus, there are people who actually believe what he just said. SSK, for one.

        I personally didn’t find it that offensive, as I have a dark sense of humor, but I also understand why other people might take offense.

        * Should have also mentioned reinstating the alien and sedition act. (Truthfully, the country does need something like that to purge corrupt politicians out of office, as there is too many revolving door appointments to oversight committees.)

      • LeoScott
      • 7 years ago

      Good? Really? Maybe you are for doing away with the 4th amendment, if you live in the US. That would help with the war on terror also. And the 5th amendment also, I mean doing away with the 5th would only affect those that have something to hide.

        • NeelyCam
        • 7 years ago

        Get rid of all the amendments. The Original Constitution is Perfect, like the Perfect People who wrote it intended it to be.

        We need to blindly do exactly what the Original Constitution says. Any suggestions regarding modifying, clarifying or simplifying it are blasphemy.

          • Waco
          • 7 years ago

          Well played, good sir.

          • mesyn191
          • 7 years ago

          Yea you gotta make your satire super blunt cuz Poes law and freepers makes it hard to tell these days otherwise.

      • credible
      • 7 years ago

      Exactly.

      • chΒ΅ck
      • 7 years ago

      [url<]https://i.imgur.com/xWHYwCI.jpg[/url<]

        • NeelyCam
        • 7 years ago

        I need to bookmark this

      • oldDummy
      • 7 years ago

      I disagree.
      What happens if, with a change in leadership, they go after all Polish people.
      just saying.

      • crabjokeman
      • 7 years ago

      nvm

      • Goofus Maximus
      • 7 years ago

      You say that, but we ALL have something to hide. And sometimes it’s not even something we think we have to hide, until it get’s out, and gets taken out of context, and blows up in our face…

      Edit: since I didn’t read the last sentence, my satire-ometer didn’t redline. Sorry about that!

        • NeelyCam
        • 7 years ago

        [quote<]my satire-ometer didn't trollline.[/quote<] ftfy

    • odizzido
    • 7 years ago

    This is a larger issue than it seems I think. It means that any company who has purchased equipment from either china or the US has a potential backdoor for anyone to use. Hackers, rival companies, etc.

    I wonder if this is hurting cisco’s business.

    • smilingcrow
    • 7 years ago

    Sounds as if the NSA are big Howlin’ Wolf Fans – [url<]http://www.youtube.com/watch?v=HTAc62476f4[/url<]

    • sschaem
    • 7 years ago

    I would love for the people with the bugged devices to come forward.

    Waiting…

      • LeoScott
      • 7 years ago

      Several of the routers you sent your comment through are hacked. Why hack an router at a company or a person’s house when you can get one that serves a larger portion of the internet to send you information from specific sources just by sending the source net id via something like IRC. If you want to dig inside a particular net then plant something on a router that serves a focused subnet.

    • DPete27
    • 7 years ago

    I’m not advocating for invasion of personal privacy, but all this NSA leak stuff is getting old. To prevent attacks on your country, you need advance information/warning. These days, that doesn’t require human spies (there are spies still, just not as many) because we can leverage technology to do that work for us. Spying has been happening for centuries, get over it.

    PS: I suspect many of these “NSA Spying” techniques were used on a targeted audience for a specific purpose, but has been blown out of proportion as a blanket generalization to feed the media (propaganda) machine.

      • crabjokeman
      • 7 years ago

      Oh, so you trust government officials not to abuse their power? I have some ocean-front property in Nevada for sale that you may be interested in…

        • DPete27
        • 7 years ago

        I definitely agree that government over-steps it’s boundaries frequently. On the issue of national security (for this instance) though, that boundary can be pretty blurry.

      • credible
      • 7 years ago

      Well said.

      • MadManOriginal
      • 7 years ago

      From an overall non-demagogic rational standpoint you are correct, but as implied elsewhere, the important issue is accountability. Given that Congress members of almost all persuasions were initially defensive and/or dismissive of such accusations until the leaks started in full, I’m not even sure Congressional oversight means anything. Of course, as soon as the leaks hit the fan they all cried out for better oversight aka more power. There’s the Judiciary, which is where law enforcement authorization on a case-by-case basis is supposed to take place but that is either rubber-stamped or ‘secret’ as well. I’m not sure what options that leaves for genuine and fair oversight.

      • NovusBogus
      • 7 years ago

      That’s a fair point, and intercepting specific pallets does sound like 21st century wiretapping–which I have no problem with–but the NSA brought this on themselves by setting up broad domestic surveillance programs and then trying to act like it didn’t happen. So now everyone’s out for blood and looking for anything that sticks.

      Hopefully people will learn to be smart about using the Internet and not just blame the NSA for everything, because they were simply the ones who got caught doing it. If you can see the whole world from your computer, then the whole world can see your computer.

    • zenlessyank
    • 7 years ago

    I thought Jim Morrison was our back door man.

    Back on topic…….If you didn’t mask off your own dies, and make all your own supporting chips and circuitry then you deserve to have a back door. Just like if you didn’t raise and process your own food, then you deserve DDT and other strange chemicals on your food.

    coal subscriber.

    • superjawes
    • 7 years ago

    [quote<]NSA sticks backdoor tools in routers[/quote<] Ew. Eeeeeeewww! EEEEEEEEEEEEEEEEEEEEEEEEWWWWWWWWWWW!!!!

      • MarkG509
      • 7 years ago

      My annual prostate exam is due in Sept. This is the new “eewww…”, and suddenly makes that seem like “meh”.

    • TwoEars
    • 7 years ago

    Of course everything you do on the internet is public for people with the right tools. You’d be a fool to expect otherwise.

    If you want something to be secure and private use obscure encryptions that no one’s ever heard of and take it off the grid.

    Heck – if someone wanted to sell government secrets the best way would probably be to just send an old fashioned snail mail in an envelope. No one checks those these days.

    • anotherengineer
    • 7 years ago

    Well the world can know that……………..I’m going pee now, brb, kthx laters.

    • UnfriendlyFire
    • 7 years ago

    Huawei: “Hypocrites…”

      • crabjokeman
      • 7 years ago

      “He started it!”

        • crabjokeman
        • 7 years ago

        Dad: “Don’t make me stop this car and come back there!

    • Chrispy_
    • 7 years ago

    Never buy any electronics from the US, they’re bugged by the NSA.
    Never buy any electronics from China, they’re bugged by the Chinese Government.
    Never use tin foil from the US or China when making your tin foil hats.

    Seriously, the internet is not private. If you don’t want stuff to be on the web, don’t connect to or post material to or even use the internet.

    [b<]Edit: I guess I need to clarify that if you use online services like Google web search, Facebook, any "cloud" storage your privacy is already so compromised that you might as well give up the fight. The lobbyists won a decade ago and without capaigning for radically new legislation the damage has been done, compounded upon and multiplied by a thousand since then.[/b<]

      • Shambles
      • 7 years ago

      So everyone would need to buy a second computer so they can store their personal documents on a machine that never is connected to the internet? While it will always be true that merely being connected to the internet is a security risk the privacy of the masses should be respected. With international family, friends, and businesses we should be able to communicate without being spied on. Hopefully this new era of digital espionage leads to the consumer market starting to look for open source projects that while they are not perfect, at least have far more transparency than what you get now. ie. We are already seeing companies ship routers with DD-WRT or Tomato on them.

      • Sargent Duck
      • 7 years ago

      Doesn’t really matter if you’re connected to the web or not

      [url<]http://www.engadget.com/2014/01/14/nsa-access-computers-offline/[/url<]

      • slowriot
      • 7 years ago

      Bullshit. Not using the Internet is NOT an option. Before you’re even born your personal information has already been uploaded. Beyond that, because you live in a modern society you’re required either directly or indirectly to use the Internet. Not just surf the web, but have your private, personal information transmitted over it. Heaven forbid you want to actually use things like a bank or buy a piece of property.

      Not using the Internet is not an option, because you’re not even given a choice.

      • credible
      • 7 years ago

      Well said and further to that, lets have all the *sses that are so concerned about privacy in the west get all this spying to be gone and then we can just let China and Russia continue doing the exact same thing.

      Then we can watch North American fall further and further behind and quite possibly end up in a no win position down the road because they have been handicapped by our democracies.

      • Flatland_Spider
      • 7 years ago

      Everything behind an edge router is private, and this circumvents that.

      • hbarnwheeler
      • 7 years ago

      I’m going offline until a Canadian firm begins manufacturing network equipment.

        • Sargent Duck
        • 7 years ago

        Nortel?

        …oh…wait a minute…

      • superjawes
      • 7 years ago

      I agree with you when it comes to posting material, but the materials stored on your machine(s) should not be accessed without your permission (be it through a program or manual transfer). We’re talking about tools that are being installed to transmit data that might not have been transmitted otherwise.

      EDIT: I do understand if you’re taking the position of a realist, saying that you can’t trust the US or China to respect your privacy. I just think that people (myself included), find this unacceptable as desire change.

        • Chrispy_
        • 7 years ago

        It was actually a tongue-in-cheek comment, but yeah – as a realist I have to admit that a simple router backdoor was kinda obvious after all the stuff leaked by Snowden.

        NSA/China/Hackers/Whoever – there are exploitable loopholes in just about everything from hardware/protocols/API/software. If you truly want to keep something private you need to rely on multiple security methods and hope that the value of the information is outweighed by the amount of effort required to get it.

        I think of security like locking up your bike outside. Any lock can be broken, the trick is to apply enough security to deter the thief and make other targets more appealing.

          • LeoScott
          • 7 years ago

          As I read the article it wasn’t about “exploitable loopholes.” It was about the NSA intercepting the hardware in the shipping cycle and planting backdoors in it that didn’t exist there before. That’s a whole different action than exploiting existing loopholes and if done to equipment deployed in the US should require a FISA court order for each instance.

      • c1arity
      • 7 years ago

      I agree. I talk to people everyday that want to know how to make themselves “safe” from “hackers” when they’re online. To them, this includes the government as well (I live in Texas). I tell them to stay off the internet if they’re really that worried. They just look at me funny.

      If someone wants to spy on you they will, period. Unless you move completely off the grid, it’s possible. Even then, there are still ways.

      Use the web, love the web, learn from it, and move on with your life.

      • Noigel
      • 7 years ago

      I knew I should have kept that Tandy! Sucker didn’t even have a mouse… let alone a modem. My data would have QBASICally been impregnable.

        • Chrispy_
        • 7 years ago

        Better make sure you’re using a dot matrix printer πŸ˜‰

        [url=http://boingboing.net/2008/10/23/howto-read-the-secre.html<]CEILING CAT CAN SPY ON YOUR INKJETS TOO[/url<]

        • ozzuneoj
        • 7 years ago

        Oh man… we had a Tandy 1000 early on as well. Nothing like using a paint program on an 8 color CGA screen without a mouse. And then having the whole system lock up after a while due to lack of memory and nowhere to put anything resembling virtual memory. 256Kbyte memory and a 1.4Mb floppy… no hard drive… that’s it.

        It’d surely keep the NSA off your trail if the system ran of out RAM and crashed every time they tried to snoop.

        I know what to do now! *installs Windows 8.1 on a system with 64Mb of RAM and disables the swap file*

      • l33t-g4m3r
      • 7 years ago

      That’s why I don’t use Google (or it’s browser), facebook, or cloud services, plus I use ddg, noscript, DNTM, HTTPS Everywhere, and a few other addons. Not to mention I can always turn on Tor and peerblock. Sure, the gov / corps can potentially spy on me through unknown backdoors, but they damn sure aren’t going to get it the easy way.

        • Zizy
        • 7 years ago

        Backdoors are easy enough πŸ™‚ Would you care if main door is locked when there is another next to it wide open?

        The only plausible way of security is steganography done right.

    • Aistic
    • 7 years ago

    Didn’t we also hear about intercepted computer gear with implanted spy gear back in one of the First Snowden reports?
    This is getting hard to keep track of.

      • hoboGeek
      • 7 years ago

      On the contrary, this makes everything easier: all the devices, without exception, are controlled by either NSA or “the other guys”.
      I wouldn’t be surprised to find out next about the NSA controlled clothing irons.

      EDIT: Sarcasm is dead!

      • Flatland_Spider
      • 7 years ago

      Computer gear with a spy kit installed was known about in the Gulf War. Printers print small yellow dots on printouts, and the dots are suspected to be “fingerprints” which help intelligence agencies identify the printer.

      Spy gear in electronics is why some government contracts specify equipment assembled in the US.

      • Aistic
      • 7 years ago

      I guess I should have just written “Fr111zt!1!”

      Also:
      “intercepts shipments of computers and other devices en route to customers. These products are reportedly loaded with malware and “hardware components” that grant intelligence officers remote access to the targeted systems”
      [url<]https://techreport.com/news/25828/report-nsa-intercepts-computer-shipments-plants-malware[/url<]

Pin It on Pinterest

Share This