X

NSA reportedly installing spyware on US-made hardware

NSA documents reveal the agency is allegedly receiving or intercepting routers, servers, and other computer network devices to embed surveillance tools before international export.

Dara Kerr Former senior reporter
Dara Kerr was a senior reporter for CNET covering the on-demand economy and tech culture. She grew up in Colorado, went to school in New York City and can never remember how to pronounce gif.
Dara Kerr
3 min read

Politics_FlashpointsNSA_67_610x348.jpg
CBS

The National Security Agency has been allegedly accessing routers, servers, and other computer network devices to plant backdoors and other spyware before they're shipped overseas, according to the Guardian.

The news about the NSA's alleged interception of hardware comes via journalist Glenn Greenwald's new book about Edward Snowden's NSA leaks titled "No Place to Hide." Greenwald apparently obtained documents from Snowden that detailed the NSA receiving or intercepting various devices in the US before export.

Ironically, this type of activity is exactly what the US government accused Chinese telecom gear maker Huawei of doing in 2012 on behalf of the Chinese government.

In a letter sent to Huawei in June 2012, the US House Intelligence Committee said that the committee was "concerned" the Chinese authorities could be hacking in or attempting to breach US networks using the company's telecom equipment. With the accusations, Huawei adamantly maintained that it was not involved in any sort of cyberspying. Additionally, the US White House reportedly carried out a review of security risks posed by Huawei and was said to have found no evidence that the company spied on the US.

However, the accusations strained Huawei's relations with the US, and eventually the company pulled out of the US market. Last December, the company's CEO Ren Zhengfei said, "If Huawei gets in the middle of US-China relations," and causes problems, "it's not worth it."

What the NSA is allegedly doing is outlined in a leaked report that Greenwald refers to in his new book -- it's dated June 2010 and from the head of the NSA's Access and Target Development department, according to the Guardian. This report details the NSA allegedly intercepting US-made hardware, embedding backdoor surveillance tools, then repackaging the equipment and sending it onto international customers.

With backdoor surveillance systems, the NSA could feasibly gain access to vast networks and users.

"In one recent case, after several months a beacon implanted through supply-chain interdiction called back to the NSA covert infrastructure," the NSA report says, according to the Guardian. "This call back provided us access to further exploit the device and survey the network."

This isn't the first time the NSA has been accused of this type of activity. A report from German newspaper Der Spiegel alleged that the US agency intercepts deliveries of electronic equipment to plant spyware to gain remote access to systems once they are delivered and installed. According to the report, the NSA has planted backdoors to access computers, hard drives, routers, and other devices from companies such as Cisco, Dell, Western Digital, Seagate, Maxtor, Samsung, and Huawei.

For its part, the NSA doesn't deny that it's using US-made hardware for its work but hasn't been clear on whether it's installing backdoor spyware onto devices.

In statements sent to CNET, the agency said it relies on US-made products to "protect our nation's most sensitive information" and its intelligence gathering is only focused on "valid foreign intelligence targets." The agency declined to comment on specific activities.

Below are the statements the NSA sent to CNET:

As we have said before, the US technology industry builds the most secure hardware and software in the world today. NSA relies on these products to help protect our nation's most sensitive information and, over the past decade, has turned to commercial technology to replace government-built technology. Given its own reliance on many of the very same technologies that the public uses, the US Government is as concerned as the public is with the security of these products. While we cannot comment on specific, alleged intelligence-gathering activities, NSA's interest in any given technology is driven by the use of that technology by foreign intelligence targets. The United States pursues its intelligence mission with care to ensure that innocent users of those same technologies are not affected.
As we have previously said, the implication that NSA's foreign intelligence collection is arbitrary and unconstrained is false. NSA's activities are focused and specifically deployed against -- and only against -- valid foreign intelligence targets in response to intelligence requirements. We are not going to comment on specific, alleged foreign intelligence activities. Public release of purportedly classified material about US intelligence collection systems, without context, further confuses an important issue for the country and jeopardizes human life as well as national security sources and methods.