Resultados 1 a 3 de 3
  1. #1
    WHT-BR Top Member
    Data de Ingresso
    Dec 2010

    [EN] Greenwald: NSA Plants ‘Backdoors’ in Foreign-Bound Routers and Servers

    For years, the US government loudly warned the world that Chinese routers and other Internet devices pose a "threat" because they are built with backdoor surveillance functionality that gives the Chinese government the ability to spy on anyone using them. Yet what the NSA's documents show is that Americans have been engaged in precisely the activity that the US accused the Chinese of doing -- the NSA has been covertly implanting interception tools in US servers heading overseas, says Glenn Greenwald, in an extract from his new book about the Snowden affair, No Place to Hide

    By Don Clark and Danny Yadron

    Journalist Glenn Greenwald’s new book highlights a snooping exploit of interest to Silicon Valley: the National Security Agency, he asserts, plants intelligence-gathering “backdoors” in U.S. suppliers’ routers and other networking hardware before they reach foreign customers.

    Greenwald, a reporter for the Guardian, has written about numerous NSA documents that were provided by former NSA contractor Edward Snowden. An excerpt of Greenwald’s book in the British newspaper Monday cites a June 2010 report from the head of the NSA’s Access and Target Development department.

    The NSA routinely receives–or intercepts–routers, servers, and other computer network devices being exported from the U.S. before they are delivered to the international customers,” Greenwald writes.

    The agency then implants backdoor surveillance tools, repackages the devices with a factory seal and sends them on. The NSA thus gains access to entire networks and all their users. The document gleefully observes that some "SIGINT tradecraft … is very hands-on (literally!)".

    Eventually, the implanted device connects back to the NSA. The report continues: "In one recent case, after several months a beacon implanted through supply-chain interdiction called back to the NSA covert infrastructure. This call back provided us access to further exploit the device and survey the network."

    It is quite possible that Chinese firms are implanting surveillance mechanisms in their network devices. But the US is certainly doing the same.

    There is no indication that U.S. companies were aware of the practice.

    A spokesman for Cisco, the largest maker of networking equipment, noted that the book excerpt in the Guardian did not mention the company by name.

    “We’ve stated previously that Cisco does not work with any government to weaken our products for exploitation,” he said. “We would, of course, be deeply concerned with anything that could damage the integrity of our products or our customers’ networks.”

    A spokeswoman for Juniper Networks, one of Cisco’s largest competitors, declined to comment.

    An NSA spokeswoman noted that it and other government agencies rely heavily on products from the U.S. technology industry, calling them the most secure available.

    “Given its own reliance on many of the very same technologies that the public uses, the U.S. government is as concerned as the public is with the security of these products. While we cannot comment on specific, alleged intelligence-gathering activities, NSA’s interest in any given technology is driven by the use of that technology by foreign intelligence targets. The United States pursues its intelligence mission with care to ensure that innocent users of those same technologies are not affected.”

    The U.S. government for years has been warning customers about buying Chinese-made networking equipment from Huawei Technologies and others, as Greenwald notes, because of the possibility of backdoors that could be exploited by Chinese agencies. All the while it was doing the same thing, he said.

    Besides trying to prevent espionage, “an equally important motive seems to have been preventing Chinese devices from supplanting American-made ones, which would have limited the NSA’s own reach,” Greenwald writes.

    Huawei has gotten little traction in U.S. government agencies or corporations, though its hardware is popular elsewhere.

    Bill Plummer, Huawei’s U.S.-based vice president for external affairs, said it has “no insight” into the motives of U.S. or other intelligence agencies. Huawei employs “dynamic and sophisticated security assurance disciplines” to identify and thwart potential threats and is a proven supplier in more than 170 markets, he said. “Huawei considers the security of our solutions to be our highest priority,” Plummer said.
    Última edição por 5ms; 13-05-2014 às 09:44.

  2. #2
    Data de Ingresso
    Oct 2010
    Rio de Janeiro

    A listinha de emails hackeados do link acima é bem interessante :-)

  3. #3
    WHT-BR Top Member
    Data de Ingresso
    Dec 2010

    Reação da Cisco

    Today’s security challenges are real and significant. We want governments to detect and disrupt terrorist networks before they inflict harm on our society, our citizens, and our systems of government. We also want to live in countries that respect their citizens’ basic human rights. The tension between security and freedom has become one the most pressing issues of our day. Societies wracked by terror cannot be truly free, but an overreaching government can also undermine freedom.

    It is in this context that I want to offer some thoughts on actions by the US Government that in Cisco’s eyes have overreached, undermining the goals of free communication, and steps that can be taken to right that balance, and I do so on behalf of all of Cisco’s leadership team.

    Confidence in the open, global Internet has brought enormous economic benefits to the United States and to billions around the world. This confidence has been eroded by revelations of government surveillance, by efforts of the US government to force US companies to provide access to communications of non-US citizens even when that violates the privacy laws of countries where US companies do business, and allegations that governments exploit rather than report security vulnerabilities in products.

    As a matter of policy and practice, Cisco does not work with any government, including the United States Government, to weaken our products. When we learn of a security vulnerability, we respond by validating it, informing our customers, and fixing it. We react the same when we find that a customer’s security has been impacted by external forces, regardless of what country or form of government or how that security breach occurred. We offer customers robust tools to defend their environments against attack, and detect attacks when they are happening. By doing these things, we have built and maintained our customers’ trust. We expect our government to value and respect this trust.

    This past December, eight technology companies expressed concern to the President of the United States and Members of Congress that the US government’s surveillance efforts are in fact harmful. They stated, in part, “We urge the US to take the lead and make reforms that ensure that government surveillance efforts are clearly restricted by law, proportionate to the risks, transparent and subject to independent oversight.” We agree and support these positions – without customer confidence in the privacy and security of communications, the extraordinary steps toward freedom, productivity and prosperity that is the promise of the Internet can be lost.

    This week a number of media outlets reported another serious allegation: that the National Security Agency took steps to compromise IT products enroute to customers, including Cisco products. We comply with US laws, like those of many other countries, which limit exports to certain customers and destinations; we ought to be able to count on the government to then not interfere with the lawful delivery of our products in the form in which we have manufactured them. To do otherwise, and to violate legitimate privacy rights of individuals and institutions around the world, undermines confidence in our industry.

    Bob Weber, the General Counsel of IBM, offered some strong basic principles. He blogged in March, in part:

    “Governments must act to restore trust”, noting that his company “believes governments should take the following actions:

    Governments should reject short-sighted policies, such as data localization requirements, that do little to improve security but distort markets and lend themselves to protectionist tendencies.

    Governments should not subvert commercial technologies, such as encryption, that are intended to protect business data.

    The U.S. government should have a robust debate on surveillance reforms, including new transparency provisions that would allow the public to better understand the scope of intelligence programs and the data collected.”
    (full blog here:

    We support this approach, and offer the following additional suggestions:

    • Governments should have policies requiring that product security vulnerabilities that are detected be reported promptly to manufacturers for remediation, unless a court finds a compelling reason for a temporary delay. By the same token, governments should not block third parties from reporting such vulnerabilities to manufacturers.
    • Governments should not interfere with the ability of companies to lawfully deliver internet infrastructure as ordered by their customers
    • Clear standards should be set to protect information outside the United States which belongs to third parties, but are in the custody of subsidiaries of US companies, so that customers world-wide can know the rules that will apply and work with confidence with US suppliers.

    The failure to have rules such as these does not enhance national security – that failure will simply cause customers to seek solutions that they perceive – rightly or wrongly – will take them outside the reach of government. Moreover, that failure only strengthens those who oppose a free and open internet, and who are exploiting recent allegations to try to justify changes in internet governance that would tighten state control and limit freedom of expression. A failure to establish a clear and transparent set of rules will produce a fragmented Internet, limiting free speech and global economic growth.

    A serious effort to address these issues can build confidence, and most importantly, result in the promise of the next generation of the Internet being met, a world in which the connection of people and devices drives greater freedom, prosperity and opportunity for all the world’s citizens.

Permissões de Postagem

  • Você não pode iniciar novos tópicos
  • Você não pode enviar respostas
  • Você não pode enviar anexos
  • Você não pode editar suas mensagens