Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

NSA Reportedly Adds Backdoors To US-Made Routers

Secret "supply-chain interdiction" program intercepts networking equipment being shipped overseas and adds phone-home surveillance capabilities, says Guardian report.

The National Security Agency has routinely intercepted networking equipment that's built in the United States, added backdoor access capabilities, then shipped the devices to their intended recipients abroad.

So says a report by journalist Glenn Greenwald published Tuesday by the Guardian. Greenwald cites a June 2010 document (leaked by former NSA contractor Edward Snowden) labeled as being from the head of the NSA's Access and Target Development group.

"The NSA routinely receives -- or intercepts -- routers, servers, and other computer network devices being exported from the US before they are delivered to the international customers," Greenwald writes. "The agency then implants backdoor surveillance tools, repackages the devices with a factory seal and sends them on. The NSA thus gains access to entire networks and all their users."

According to the document from the NSA -- the US intelligence agency charged with practicing signals intelligence -- this supply chain "SIGINT tradecraft... is very hands-on (literally!)."

When the hacked networking equipment is brought online, it phones home to NSA-controlled servers. "In one recent case, after several months a beacon implanted through supply-chain interdiction called back to the NSA covert infrastructure," Greenwald quotes the leaked NSA report. "This call back provided us access to further exploit the device and survey the network."

Greenwald has worked with filmmaker Laura Poitras to publish the lion's share of the files leaked to date by Snowden, and his NSA router-backdoor report was timed to coincide with Tuesday's publication of his book, No Place to Hide: Edward Snowden, the NSA, and the U.S. Surveillance State.

The report has already triggered a flood of related questions, including the degree to which technology manufacturers and shipping firms might be colluding -- or are legally forced to comply -- with the NSA's equipment-interception program.

But it's unclear how often the technique gets used. Last year, Snowden told Hong Kong's South China Morning Post that for eavesdropping, the NSA prefers to hack into infrastructure on a grander scale. "We hack network backbones -- like huge Internet routers, basically -- that give us access to the communications of hundreds of thousands of computers without having to hack every single one," he told the Post.

Last year, however, security expert Bruce Schneier -- who also has access to the trove of NSA documents leaked by Snowden -- warned that the NSA was hacking networking equipment as well. "The NSA also attacks network devices directly: routers, switches, firewalls, etc.," he said. "Most of these devices have surveillance capabilities already built in; the trick is to surreptitiously turn them on."

The revelations over the NSA's backdoor-installation program cast new light on warnings issued last year by former CIA director Michael Hayden, who accused Chinese telecom equipment maker Huawei of actively spying for the Chinese government. Expect the latest NSA leak to stoke the ongoing debate about the agency's tactics, and their impact on the privacy rights of non-US citizens.

But some information security experts have warned that the NSA's programs -- and bigger surveillance-state analyses -- must be kept in context. "This is the problem with Greenwald: his inept analysis created a whole new urban mythology about who did what to whom," says Thomas H. Ptacek, principal at Matasano Security, via Twitter.

Indeed, if there's one espionage truism, it's that whatever one side is doing, the other side is likely not far behind -- as has been proven by tit-for-tat accusations from both China and the United States that one is hacking the other.

At the same time that Hayden singled out Chinese networking manufacturers for colluding with the military, he conceded as much, confirming what the NSA leaks have made quite clear: The United States hacks foreign targets. But Hayden portrayed US efforts in different terms. "I fully admit: we steal other country's secrets. And frankly we're quite good at it," he said. "But the reason we steal these secrets is to keep our citizens free, and to keep them safe. We don't steal secrets to make our citizens rich. Yet this is exactly what the Chinese do."

Mathew Schwartz served as the InformationWeek information security reporter from 2010 until mid-2014. View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Camp
50%
50%
Camp,
User Rank: Apprentice
5/19/2014 | 1:50:22 PM
Heading overseas?
I think there are quite a few of those 'tampered with' routers sitting in equipment racks in the US and on bookshelves/entertainment centers in our homes. Who are they kidding? (and with that comment, I assume the back door in my device was just activated!)
anon9930759556
50%
50%
anon9930759556,
User Rank: Apprentice
5/14/2014 | 1:55:30 PM
Re: Somewhere...
http://arstechnica.com/security/2014/01/backdoor-in-wireless-dsl-routers-lets-attacker-reset-router-get-admin/
cumulonimbus
50%
50%
cumulonimbus,
User Rank: Apprentice
5/14/2014 | 6:47:21 AM
Re: Stealng for freedom?
Good point, the end does not justify the means; credibility and trust cannot be discounted. It seems in the world's second oldest profession anything goes. However they have cover. Not to get too convoluted here, but isn't there also the possibility that the documents being released are fake since Snowden is now being manipulated by the Kremlin?

I am sure there is the IT equivalent of an arms race right now, because the first viable quantum computer is likely to be able to crack all the encryption protocols, notwithstanding the fact that quantum encryption itself is uncrackable; the uhderlying data disappearing in a puff of logic. Ah, the beauty!
Charlie Babcock
50%
50%
Charlie Babcock,
User Rank: Ninja
5/13/2014 | 6:26:48 PM
Stealng for freedom?
Based on the last statement in the story by Michael Hayden, ex-CIA director, "We steal for freedom, they don't," I would say it would be wise to base the preservation of freedom on something other than stealing. 
Drew Conry-Murray
50%
50%
Drew Conry-Murray,
User Rank: Ninja
5/13/2014 | 4:50:53 PM
Re: Somewhere...
Is any network equipment still made and assembled in the U.S.? I thought it had all gone overseas already.
Thomas Claburn
50%
50%
Thomas Claburn,
User Rank: Ninja
5/13/2014 | 4:28:50 PM
Somewhere...
...someone at Huawei is smiling.
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/9/2020
4 Security Tips as the July 15 Tax-Day Extension Draws Near
Shane Buckley, President & Chief Operating Officer, Gigamon,  7/10/2020
Russian Cyber Gang 'Cosmic Lynx' Focuses on Email Fraud
Kelly Sheridan, Staff Editor, Dark Reading,  7/7/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15105
PUBLISHED: 2020-07-10
Django Two-Factor Authentication before 1.12, stores the user's password in clear text in the user session (base64-encoded). The password is stored in the session when the user submits their username and password, and is removed once they complete authentication by entering a two-factor authenticati...
CVE-2020-11061
PUBLISHED: 2020-07-10
In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and 19.2.7, a heap overflow allows a malicious client to corrupt the director's memory via oversized digest strings sent during initialization of a verify job. Disabling verify jobs mitigates the problem. This issue is also patched in...
CVE-2020-4042
PUBLISHED: 2020-07-10
Bareos before version 19.2.8 and earlier allows a malicious client to communicate with the director without knowledge of the shared secret if the director allows client initiated connection and connects to the client itself. The malicious client can replay the Bareos director's cram-md5 challenge to...
CVE-2020-11081
PUBLISHED: 2020-07-10
osquery before version 4.4.0 enables a priviledge escalation vulnerability. If a Window system is configured with a PATH that contains a user-writable directory then a local user may write a zlib1.dll DLL, which osquery will attempt to load. Since osquery runs with elevated privileges this enables l...
CVE-2020-6114
PUBLISHED: 2020-07-10
An exploitable SQL injection vulnerability exists in the Admin Reports functionality of Glacies IceHRM v26.6.0.OS (Commit bb274de1751ffb9d09482fd2538f9950a94c510a) . A specially crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerabi...