NSA seen tampering with Cisco kit to add surveillance tools

[Reefa]

Evidence has come to light suggesting that the US National Security Agency (NSA) tampers with networking hardware kit from US firms in order to help it monitor and gain information on surveillance targets.

Sections from the journalist Glenn Greenwald's upcoming book claim the NSA regularly installs itself into hardware that is being sent overseas. It was accused of doing this to enable surveillance, and its motives and means have been branded potentially illegal.

"The NSA routinely receives - or intercepts - routers, servers and other computer network devices being exported from the US before they are delivered to the international customers," he said.

"The agency then implants backdoor surveillance tools, repackages the devices with a factory seal and sends them on. The NSA thus gains access to entire networks and all their users.

"It is quite possible that Chinese firms are implanting surveillance mechanisms in their network devices. But the US is certainly doing the same."

Since then more information has been released including a photograph of the efforts in action. The photo is published on US site Arstechnica with accompanying text culled from official documents and clearly shows Cisco kit being worked on.

Cisco responded about the suggestions of interference from the agency, and is concerned that the NSA has over-reached itself with these actions.

"The tension between security and freedom has become one the most pressing issues of our day. Societies wracked by terror cannot be truly free, but an over-reaching government can also undermine freedom," said Cisco senior vice president Mark Chandler.

"It is in this context that I want to offer some thoughts on actions by the US government that in Cisco's eyes have over-reached, undermining the goals of free communication, and steps that can be taken to right that balance, and I do so on behalf of all of Cisco's leadership team."

Chandler repeated concerns from the media about the NSA and its practices, and said that it should not expect its government to behave in such a way.

This week a number of media outlets reported another serious allegation: that the NSA took steps to compromise IT products en route to customers, including Cisco products.

"We comply with US laws, like those of many other countries, which limit exports to certain customers and destinations," Chandler added.

"We ought to be able to count on the government to then not interfere with the lawful delivery of our products in the form in which we have manufactured them.

"To do otherwise, and to violate legitimate privacy rights of individuals and institutions around the world, undermines confidence in our industry."

Less vocal is the NSA, which told V3 that it would not discuss foreign information collection or "classified material".

"As we have previously said, the implication that NSA's foreign intelligence collection is arbitrary and unconstrained is false," the agency said in a statement.

"NSA's activities are focused and specifically deployed against - and only against - valid foreign intelligence targets in response to intelligence requirements. We are not going to comment on specific, alleged foreign intelligence activities.

"Public release of purportedly classified material about US intelligence collection systems, without context, further confuses an important issue for the country and jeopardises human life as well as national security sources and methods."

The report comes amid Cisco's latest financial release, which saw falling profits and revenues, but the market was pleased with rising sales in UK and the US, helping its stock price rise.

Source