Tuesday, May 13, 2014

What TICS was all about

The latest NSA leak: the NSA has been systematically compromising exported routers:

But while American companies were being warned away from supposedly untrustworthy Chinese routers, foreign organisations would have been well advised to beware of American-made ones. A June 2010 report from the head of the NSA's Access and Target Development department is shockingly explicit. The NSA routinely receives – or intercepts – routers, servers and other computer network devices being exported from the US before they are delivered to the international customers.

The agency then implants backdoor surveillance tools, repackages the devices with a factory seal and sends them on. The NSA thus gains access to entire networks and all their users. The document gleefully observes that some "SIGINT tradecraft … is very hands-on (literally!)".

Eventually, the implanted device connects back to the NSA. The report continues: "In one recent case, after several months a beacon implanted through supply-chain interdiction called back to the NSA covert infrastructure. This call back provided us access to further exploit the device and survey the network."

I guess this is why the GCSB was so hot to get the power to micromanage ISP procurement decisions: so they could require the use of compromised technology which would give total control over our communications and network infrastructure to their foreign "partners". But as Bruce Schneier points out, vulnerable systems are vulnerable to everybody. The NSA's backdoor for "national security" can just as easily be used by cybercriminals to steal your credit card - or by cyberterrorists to bring down a crucial system. And by deliberately introducing such vulnerabilities into the system, the spies make us less safe, not more.