Menu
Reported NSA backdoors might open up networks to more threats

Reported NSA backdoors might open up networks to more threats

The agency intercepts devices and installs software that gives them access, an upcoming book says

Allegations that the NSA installed surveillance tools in U.S.-made network equipment, if true, could mean enterprises have more to worry about than just government spying.

While the U.S. government warned router buyers that the Chinese government might spy on them through networking gear made in China, the U.S. National Security Agency was doing that very thing, according to a report in the Guardian newspaper Monday.

The NSA physically intercepted routers, servers and other network equipment and installed surveillance tools before slapping on a factory seal and sending the products on to their destinations, according to the report, which is extracted from an upcoming book by Glenn Greenwald, a journalist who last year helped expose sensitive documents uncovered by former NSA contractor Edward Snowden.

With the tools it installs, the NSA can gain access to entire internal networks, the story said. For example, in a report on its use of the technology, the NSA said an embedded beacon was able to call back to the agency and "provided us access to further exploit the device and survey the network," Greenwald wrote.

The new charge vastly expands the scope of alleged NSA spying beyond the interception of traffic across the Internet, said Ranga Krishnan, a technology fellow at the Electronic Frontier Foundation. As an example, he pointed to reports from the Snowden documents that the NSA had tapped into Google's own fiber network among its data centers, where the company hadn't encrypted the traffic at all.

"That's how most organizations function," Krishnan said. "So once you're within the company's router, you have access to all that data that's unencrypted."

In addition, any security hole that a government installs could open up the network to attacks by others, he added.

"If you have made something vulnerable ... somebody else could discover that and very well use it," Krishnan said.

The House Intelligence Committee and other arms of the U.S. government have warned for years that networking equipment from vendors in China, namely Huawei Technologies and ZTE, poses a threat to U.S. service providers because of possible links between those companies and the Chinese government.

Specifically, critics have raised alarms that the government could install backdoor surveillance tools in the gear they sell, giving Chinese spies access to communications in the U.S. Those warnings reportedly have held back Huawei and ZTE's sales in the U.S. The companies have said their equipment is safe.

When Greenwald revealed Snowden's alleged evidence of NSA spying, it turned the tables on the U.S., with network buyers in some countries avoiding U.S.-made gear. Cisco Systems, the world's biggest seller of networks, has said worries about the NSA affected its business in China.

With allegations now flying about networking gear made both in China and the U.S., EFF's Krishnan recommended buyers seek convincing evidence from any potential supplier that their gear is in fact secure.

Stephen Lawson covers mobile, storage and networking technologies for The IDG News Service. Follow Stephen on Twitter at @sdlawsonmedia. Stephen's e-mail address is stephen_lawson@idg.com


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags NetworkingU.S. National Security Agency

Featured

Slideshows

The making of an MSSP: a blueprint for growth in NZ

The making of an MSSP: a blueprint for growth in NZ

Partners are actively building out security practices and services to match, yet remain challenged by a lack of guidance in the market. This exclusive Reseller News Roundtable - in association with Sophos - assessed the making of an MSSP, outlining the blueprint for growth and how partners can differentiate in New Zealand.

The making of an MSSP: a blueprint for growth in NZ
Reseller News Platinum Club celebrates leading partners in 2018

Reseller News Platinum Club celebrates leading partners in 2018

The leading players of the New Zealand channel came together to celebrate a year of achievement at the inaugural Reseller News Platinum Club lunch in Auckland. Following the Reseller News Innovation Awards, Platinum Club provides a platform to showcase the top performing partners and start-ups of the past 12 months, with more than ​​50 organisations in the spotlight.​​​

Reseller News Platinum Club celebrates leading partners in 2018
Meet the top performing HP partners in NZ

Meet the top performing HP partners in NZ

HP has honoured its leading partners in New Zealand during 2018, following 12 months of growth through the local channel. Unveiled during the fourth running of the ceremony in Auckland, the awards recognise and celebrate excellence, growth, consistency and engagement of standout Kiwi partners.

Meet the top performing HP partners in NZ
Show Comments