Cisco Goes Straight To The President To Complain About The NSA Intercepting Its Hardware

from the NSA-vows-to-take-this-country-down-from-the-inside dept

One of the previously-unseen NSA documents released in conjunction with Glenn Greenwald's book, "No Place to Hide," contained this slide providing further details about the agency's interception of computer hardware.

As part of the NSA's Tailored Access Operations (TAO), shipments are grabbed en route and loaded up with physical spyware before they reach the end user. The slide notes that this "supply chain interdiction" is one of TAO's "most productive operations."

The people in the photo may have had their identities concealed, but there's no mistaking the logo and name on the side of the box. Here's a closer look:

Cisco was none too pleased to see its hardware being given a spyware payload by NSA operatives. Its general counsel, Mark Chandler, said the following in a blog post addressing the newly-leaked document.

As a matter of policy and practice, Cisco does not work with any government, including the United States Government, to weaken our products. When we learn of a security vulnerability, we respond by validating it, informing our customers, and fixing it. We react the same when we find that a customer’s security has been impacted by external forces, regardless of what country or form of government or how that security breach occurred. We offer customers robust tools to defend their environments against attack, and detect attacks when they are happening. By doing these things, we have built and maintained our customers’ trust. We expect our government to value and respect this trust.
That the NSA has done what it can to ensure Cisco's world dominance (via its Huawei-related espionage) is probably of little comfort at this point. Anyone looking to purchase Cisco equipment has probably decided to take their business elsewhere. Cisco expressed some concern about the NSA's detrimental effect on its overseas sales last November. This photo only makes that situation worse.

Cisco has now decided to take its complaints right to the top.
Warning of an erosion of confidence in the products of the U.S. technology industry, John Chambers, the CEO of networking giant Cisco Systems, has asked President Obama to intervene to curtail the surveillance activities of the National Security Agency.

In a letter dated May 15 (obtained by Re/code and reprinted in full below), Chambers asked Obama to create “new standards of conduct” regarding how the NSA carries out its spying operations around the world. The letter was first reported by The Financial Times.
Chambers goes even further than Cisco's counsel, decrying the NSA's tactics and the damage they're doing to his company's reputation.
“We simply cannot operate this way; our customers trust us to be able to deliver to their doorsteps products that meet the highest standards of integrity and security,” Chambers wrote. “We understand the real and significant threats that exist in this world, but we must also respect the industry’s relationship of trust with our customers.”
The NSA's self-destructive "no one can touch us" attitude is finally beginning to hurt it -- and everyone it affects. This revelation will chase customers -- including potential targets -- to companies they believe are out of the agency's reach. American companies will be able to offer no assurances that their products have been intercepted/sabotaged. The entire situation is beyond their control, but they'll be the ones ultimately paying the price for the NSA's overreach.




Reader Comments (rss)

(Flattened / Threaded)

  •  
    icon
    BentFranklin (profile), May 19th, 2014 @ 7:01am

    Looks like a UPS label on that box.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Baron von Robber, May 19th, 2014 @ 10:30am

      Re:

      Also opening it from the bottom. Clever. It's in our nature to open the 'top' of the box and not the bottom. Probably wouldn't not the resealed box that way.

      Note to self: Open every package from the bottom. :)

       

      reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, May 19th, 2014 @ 8:18pm

      Re:

      "Looks like a UPS label on that box."

      Yeah, looks like UPS is up their eyeballs in this. UPS - now another 3 letter agency.

       

      reply to this | link to this | view in chronology ]

  •  
    icon
    Josh in CharlotteNC (profile), May 19th, 2014 @ 7:37am

    I see three possible outcomes.

    1) NSA gets forcibly reformed. (Unlikely)
    2) Cisco becomes the next Qwest, John Chambers the next Joe Nacchio. (More likely)
    3) Cisco mutes opposition, shortly thereafter granted big money no bid contracts. (Near certainty)

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      John Fenderson (profile), May 19th, 2014 @ 8:51am

      Re:

      If Cisco is smart, they'll start including some excellent tamper-evident seals and/or GPS trackers in their boxes.

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        Anonymous Coward, May 19th, 2014 @ 8:55am

        Re: Re:

        Somehow I do not think either of those would inspire much trust at this point.

         

        reply to this | link to this | view in chronology ]

        •  
          icon
          John Fenderson (profile), May 19th, 2014 @ 9:11am

          Re: Re: Re:

          I'm not sure what would work better. Certainly, even if they got promises from the government that this won't happen anymore, nobody would believe that. At least this way, there would be some way to tell if the package had been diverted or tampered with.

           

          reply to this | link to this | view in chronology ]

          •  
            identicon
            Anonymous Coward, May 19th, 2014 @ 10:51am

            Re: Re: Re: Re:

            My bigger point is if the threat is the NSA diverting a shipment and tampering with it, which they are already doing, fancy hologram stickers and packing tape even perfectly new counterfeit packaging are probably within the NSA budget. The amount of money you would need to invest in a GPS tracking system that could not easily be subverted by the NSA not likely possible so probably not going to be invested in. Even if you get the absolute best un-beatable the right NSA agent in a UPS uniform can pop the chip in and pack the box back up in the back of the truck on while it drives along its expected route ;)

             

            reply to this | link to this | view in chronology ]

            •  
              icon
              John Fenderson (profile), May 19th, 2014 @ 10:57am

              Re: Re: Re: Re: Re:

              At least it would make the inderdiction more difficult to pull off. That's something, and is better than the absolutely nothing we'll otherwise get.

              "The amount of money you would need to invest in a GPS tracking system that could not easily be subverted by the NSA not likely possible so probably not going to be invested in."

              Such a system would not need to be prohibitively expensive, although it might double the cost of shipping, depending. However, that cost might be less than the loss of business will cost them.

               

              reply to this | link to this | view in chronology ]

          •  
            identicon
            Anonymous Coward, May 19th, 2014 @ 12:05pm

            Re: Re: Re: Re:

            The best Idea I have seen is over paint fasteners with glittery nail varnish, photograph them. Then get the other end to photograph them, and send them to you by secure means so that you can check that the same patterns exist over the fasteners. Cheap, and creates a unique pattern every time over every fastener.

             

            reply to this | link to this | view in chronology ]

      •  
        icon
        Violynne (profile), May 19th, 2014 @ 9:17am

        Re: Re:

        Something they should have been doing since day 1.

        Hell, even Amazon has tamper-resistant tape on their boxes.

         

        reply to this | link to this | view in chronology ]

      •  
        identicon
        Anonymous Coward, May 19th, 2014 @ 12:01pm

        Re: Re:

        But then the NSA would print entirely new, counterfeit boxes and tamper-evident seals.

         

        reply to this | link to this | view in chronology ]

    •  
      icon
      Zos (profile), May 19th, 2014 @ 10:58am

      Re:

      too much noise and attention on this to pull a qwest

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, May 19th, 2014 @ 8:45am

    Meanwhile the US is pissing and moaning about China spying on US companies. Thanks, NSA, for making our nation look like a community of whiny clowns.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Pixelation, May 19th, 2014 @ 8:53am

    Perfect for KoolAid

    The NSA has poisoned the well. You can tell everyone that they are no longer poisoning it but who will believe you and take a drink?

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      HegemonicDistortion (profile), May 19th, 2014 @ 9:46am

      Re: Perfect for KoolAid

      Exactly As Reagan used to say of the Soviet Union: "trust but verify."

      "Trust" will no longer be sufficient for what the government says nor for much of the tech made in the US. Instead, we're going to need to find ways to verify.

       

      reply to this | link to this | view in chronology ]

      •  
        icon
        John Fenderson (profile), May 19th, 2014 @ 10:26am

        Re: Re: Perfect for KoolAid

        It occurs to me that a common practice amongst the really paranoid (like me) of putting a permanent sniffer & tripwire system into your network should become standard practice all around.

        You may not be able to tell if a given piece of hardware is compromised, but those beacons don't work by magic -- they have to communicate to pose any threat. A permanent sniffer would be able to stop that communication and raise an alarm.

         

        reply to this | link to this | view in chronology ]

        •  
          icon
          John Fenderson (profile), May 19th, 2014 @ 10:27am

          Re: Re: Re: Perfect for KoolAid

          "would be able to stop"

          Should be "would be able to spot". Sputid Lysdexia.

           

          reply to this | link to this | view in chronology ]

        •  
          identicon
          Anonymous Coward, May 19th, 2014 @ 10:48am

          Re: Re: Re: Perfect for KoolAid

          Wouldn't your sniffer need to be running on uncompromised hardware for that to work?

           

          reply to this | link to this | view in chronology ]

          •  
            icon
            John Fenderson (profile), May 19th, 2014 @ 10:59am

            Re: Re: Re: Re: Perfect for KoolAid

            Yes indeed -- but that's actually really easy to ensure by repurposing old computers to the task (that's what I do) or by building your own system. All you need is a very basic, very cheap computer.

             

            reply to this | link to this | view in chronology ]

            •  
              identicon
              Anonymous Coward, May 19th, 2014 @ 11:27am

              Re: Re: Re: Re: Re: Perfect for KoolAid

              That works for small networks but I don't get the feeling that small networks on the endpoints is where the majority of this is happening. Cisco makes a very wide variety of products for all levels of the networking infrastructure. Given the size of the box that they are opening, this likely a rather large piece of hardware designed to be installed at a much bigger choke point and handle a much larger amount of traffic. Using an old pc with a custom configured linux box to analyze traffic likely wouldn't be a viable option. However, setting up a test environment to run an analysis on new equipment before final deployment might be a viable strategy.

               

              reply to this | link to this | view in chronology ]

              •  
                icon
                John Fenderson (profile), May 19th, 2014 @ 12:00pm

                Re: Re: Re: Re: Re: Re: Perfect for KoolAid

                My statements hold true on a large scale as well -- only there the "old equipment" isn't a consumer PC. The processing required to do this is very, very light.

                 

                reply to this | link to this | view in chronology ]

                •  
                  identicon
                  Anonymous Coward, May 19th, 2014 @ 12:32pm

                  Re: Re: Re: Re: Re: Re: Re: Perfect for KoolAid

                  Really it depends on the traffic. I was running suricata on my lab with 10Gbps links mirrored on the wan side. Switch used if interested: MT CRS Dual Xeon 5400s were working fine, but I wasn't pushing much traffic. I would expect that you would probably need several servers in any large network, and need to dig down to the access layer as much as possible. Lab is a basic IaaS with about 10 virtual networks currently running, so I guess like 10 SMBs.

                   

                  reply to this | link to this | view in chronology ]

                •  
                  identicon
                  Anonymous Coward, May 19th, 2014 @ 12:33pm

                  Re: Re: Re: Re: Re: Re: Re: Perfect for KoolAid

                  Except that the "old equipment" that they would likely have laying around would also likely be highly specialized for the purpose it was initially designed and not be suited to be repurposed in the same way that you suggest.

                   

                  reply to this | link to this | view in chronology ]

      •  
        icon
        The Wanderer (profile), May 19th, 2014 @ 8:00pm

        Re: Re: Perfect for KoolAid

        Except, of course, that "trust but verify" is an oxymoron. If you trust, you don't need to verify; if you feel the need to verify, that demonstrates that you don't trust.

         

        reply to this | link to this | view in chronology ]

        •  
          identicon
          Anonymous Coward, May 20th, 2014 @ 2:11am

          Re: Re: Re: Perfect for KoolAid

          if you feel the need to verify, that demonstrates that you don't trust.


          That's not true in a security sense. In the security world, trust is used to designate those things that can harm you - if you don't trust something, you don't interact with it, so it's not relevant.

          That is, it's a perfectly valid idea to verify trust... depending on your level of trust you may want to do it more or less often.

           

          reply to this | link to this | view in chronology ]

          •  
            icon
            The Wanderer (profile), May 20th, 2014 @ 6:31am

            Re: Re: Re: Re: Perfect for KoolAid

            So they're redefining "trust" from its commonly understood meaning, along with (and quite possibly predating) the other redefinitions we've seen, and who knows what others?

            It may make sense in-industry and as jargon, but it's not going to be understood that way by people not familiar with the industry enough to know the jargon, and I do find it rather questionable whether Reagan would have been using the term in that sense to betin with.

            (I do acknowledge that there can be valid use for "trust the person you're talking to, but verify that that person is the person you think you're talking to", and the like, but in that case what you're trusting and what you're verifying are different things.)

             

            reply to this | link to this | view in chronology ]

        •  
          icon
          John Fenderson (profile), May 20th, 2014 @ 8:17am

          Re: Re: Re: Perfect for KoolAid

          You trust your bank to hold your money, but you verify that they haven't made any errors when you examine your statement.

           

          reply to this | link to this | view in chronology ]

          •  
            icon
            The Wanderer (profile), May 21st, 2014 @ 6:06am

            Re: Re: Re: Re: Perfect for KoolAid

            As I said, in that case, what you're trusting and what you're verifying are different things. If you trust them to not make any errors, you don't feel the need to verify that they haven't made any.

             

            reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, May 19th, 2014 @ 8:54am

    Let's face it in the long term, Cisco should move manufacturing overseas for their clients requesting equipment from the EU, Asia, et al. It will mean loss of US jobs, but that's going to happen anyways with demand dwindling due to lack of trust.
    Short term, offer existing customers a SmartNet replacement and for larger government/commercial organizations offer a consultation service to ensure that none of the equipment has been tampered with.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, May 19th, 2014 @ 8:55am

    Now we know why NSA claimed that Ed Snowden was damaging American interests.

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    Richard (profile), May 19th, 2014 @ 8:58am

    How is this different

    How is this different from the criminal hacking of chip and pin machines described here?

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    John, May 19th, 2014 @ 9:02am

    USPS

    Tax cheating Cisco is peeved.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, May 19th, 2014 @ 9:04am

    Laughing My Ass Off

    Cisco, like every other company in America, pays taxes. I thought they'd be interested in what their tax dollars are paying for. Instead they're acting like ungrateful children.

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    TheResidentSkeptic (profile), May 19th, 2014 @ 9:06am

    I see Collateral Damage

    1) Every company outside the US demands return/refund. Buys Huawei to replace all cisco gear.
    2) Cisco loses 100% of its non-US market
    3) 60,000 employees out of a job
    4) taxpayers foot the bill as Cisco sues the gov't
    5) The USTR drops all "US Exports of Technology" from their negotiations - 'cause there won't be any.

    And exactly how many REAL threats were thwarted by this?

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      Berenerd (profile), May 19th, 2014 @ 9:42am

      Re: I see Collateral Damage

      The threat of people getting a job and earning a living so their kids can get an education and try to get these idiots out of office.

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Applesauce, May 19th, 2014 @ 9:23am

    Winning a war

    The US won WW II and won the Cold War. The US did not win thru superior intelligence or even military might (Tho both helped).

    The reason the US won was because they had the strongest economy. In the Cold War the USSR couldn't even feed itself, while the USA was feeding a good portion of the whole world.

    Economies, not arms, win wars. The NSA is doing serious damage to the US economy and deluding itself (and its thoughtless apologists) into thinking they are winning.

    Short-sighted stupidity in the extreme.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    STJ, May 19th, 2014 @ 9:25am

    post office

    Doesn't the Post office/UPS/etc, share part of the blame in delivering the boxes to them?

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, May 19th, 2014 @ 9:33am

    John Chambers, the CEO of networking giant Cisco Systems, has asked President Obama to intervene to curtail the surveillance activities of the National Security Agency.

    Are we still pretending Obama is going to fix government abuse?

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      Barrack H. Obama (profile), May 19th, 2014 @ 10:21am

      Re: Your recent letter.

      Mr. John Chambers,

      I have recently recieved a letter in which you expressed concern about how my people have beent reating your customers recent purchase. After much consideration, and serious contemplation, about your copmlaint I have finally decided in what way to resopnd;

      Go Fuck Yourself!

      Why? Because , Bitches! You cant do shit about it!

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, May 19th, 2014 @ 9:44am

    Obama has long ago laid out his cares, not by what he says but by what he does. Every time something comes up that the NSA deals with, it has his approval or his reaching out to the public saying we need this. When the public says no, everyone in Washington seems to be deaf on hearing.

    Obama is the one using the Espionage Act to prosecute whistle blowers to prevent leaks as retaliation.

    He will not be interested in hearing Cisco's moans and groans until it costs his party financial funding and influence. If Cisco wants a cure, it best get on with the moving out of country. Nothing short of that is going to stop this until the entire economy is up in arms over this.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Matthew A. Sawtell, May 19th, 2014 @ 9:47am

    First Amazon, now Cisco

    Hm... first Amazon drops a hint...

    http://www.techdirt.com/articles/20140124/10564825981/nsa-interception-action-tor-developers- computer-gets-mysteriously-re-routed-to-virginia.shtml

    ... now Cicso. Wonder whom else is in the U.S. computer business is going to 'step up', Ebay?

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    mcinsand, May 19th, 2014 @ 9:47am

    yesterday's newscast on the FBI

    A news anchor yesterday presented an article claiming that the FBI is getting tough on cybercrime. I won't believe it, not until they start marching NSA officials in handcuffs past the cameras.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    antymat, May 19th, 2014 @ 9:59am

    Here goes the EU market.

    Apparently the sales estimates came in and the bottom line is hurt big time.
    The Titanic has just departed. Time to pop some corn...

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    Karl Bode (profile), May 19th, 2014 @ 10:09am

    Showtime

    Do we really know Cisco didn't know about the "interception" of this gear? Isn't it possible this is just a big show of faux shock? I simply don't buy the NSA indignation and surprise from some of these companies post Snowden (Microsoft also comes to mind).

    After all, Cisco is a big player behind the pushes to accuse Huawei of spying:

    http://www.washingtonpost.com/business/technology/huaweis-us-competitors-among-those-pushing- for-scrutiny-of-chinese-tech-firm/2012/10/10/b84d8d16-1256-11e2-a16b-2c110031514a_story.html

    That kind of protectionism goes hand in hand with doing what government wants.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      bob, May 20th, 2014 @ 11:49am

      Re: Showtime

      the problem is that huaweis had embedded firmware that sends information back to a chinese IP address.

       

      reply to this | link to this | view in chronology ]

      •  
        icon
        John Fenderson (profile), May 21st, 2014 @ 10:36am

        Re: Re: Showtime

        You say that as if it were a known fact, when it's far from it. The government hasn't produced any evidence that this is true, and independent researchers can't find any. So this is a case of the US government making completely unsupported accusations and asking us to take their word for it.

        On the other hand, we know for a fact that the government has subverted at least some Cisco equipment.

         

        reply to this | link to this | view in chronology ]

  •  
    identicon
    wiserabbit, May 19th, 2014 @ 10:22am

    So No Place to Hide was released on 5/13. Various technology publications have been reporting specifically on the Cisco issue for over 12 hours.

    Forbes just released (4 hours ago) a post about Cisco with hits on "product transitions" (no, I don't think they were joking) and "uncertain environments" (also I'm not thinking they realize the funny/sad) with no mention of the "hey, your products just got outted as being hijacked by the NSA".

    ...this is kind of important if you own Cisco stock, no?

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    aldestrawk (profile), May 19th, 2014 @ 11:04am

    unscrambling image

    I remember that a similar, photoshopped, image was unscrambled by U.S. law enforcement. That person was identified from the picture and arrested. It should be relatively easy to reverse the smearing of the face of the man on the right. Who applied the smearing? Glenn Greenwald, the publisher, or some NSA hack?

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, May 19th, 2014 @ 11:21am

      Re: unscrambling image

      standard opsec would dictate it was altered before being placed in the powerpoint slide by the author.

       

      reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, May 19th, 2014 @ 11:48am

      Re: unscrambling image

      I heard of one case that might be that. It that had to do with misuse of photoshop by child pornographers. They used a swirly blurring transformation - which is perfectly reversible by making one again in the opposite direction. It may have been that in which case.

       

      reply to this | link to this | view in chronology ]

  •  
    icon
    DannyB (profile), May 19th, 2014 @ 11:17am

    Tamper proof seals mean nothing

    There is some talk in this thread about tamper proof seals.

    They mean nothing. The NSA can just slap a sticker on it that says that Customs had to inspect the package. Or that it had been randomly selected by Customs for inspection.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, May 19th, 2014 @ 11:37am

      Re: Tamper proof seals mean nothing

      Here's the easiest way to stop that. Simply set up a foreign distribution point where nothing is shipped directly to a foreign customer directly from a US distribution center. All shipments go to the foreign distribution center BEFORE they are addressed to the final customer. The US government will then have no way of knowing what specific equipment will be going where while it is on US soil as it won't be addressed with it's final destination until it is out of their reach.

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        Anonymous Coward, May 19th, 2014 @ 12:18pm

        Re: Re: Tamper proof seals mean nothing

        In fact, there is an opportunity here for an enterprising shipping service to emerge offering secure passage across borders by simply labeling packages with an internal tracking number and an address of a remote distribution center such that it's final destination is not known at the point it passes through customs. All customs would be aware of is the address of the shipping services foreign distribution center. Where it was going after that they would not be able to tell.

         

        reply to this | link to this | view in chronology ]

      •  
        identicon
        Michael, May 19th, 2014 @ 12:27pm

        Re: Re: Tamper proof seals mean nothing

        This assumes that the NSA cares about the actual destination. I'm fairly certain that they are perfectly happy to add their devices to anything that is shipped to "destination unknown".

         

        reply to this | link to this | view in chronology ]

        •  
          identicon
          Anonymous Coward, May 19th, 2014 @ 12:51pm

          Re: Re: Re: Tamper proof seals mean nothing

          I think you misunderstand what I am suggesting. I am suggesting that in order to counter this and restore faith in their brand in foreign markets, Cisco makes a business decision to open a distribution centers in all major locations and ceases to ship ANY product directly from the US to a foreign address. Instead ALL products bound for Asian customers would be instead shipped to their Asian distribution center. Employees in the US wouldn't even know who the final customer is or what the actual address is where it is ultimately destined much less US Customs. Once a shipment reaches the Asia distribution center the employees there would fill the order and address it to the purchaser.

          As I stated when the original story broke, this sort of technique by it's very nature isn't scalable and only works on a targeted basis. If all foreign shipments no longer have addresses identifying the who should receive it, it makes much harder to compromise it once it is outside of the point where they can assert their control.

           

          reply to this | link to this | view in chronology ]

          •  
            identicon
            Michael, May 19th, 2014 @ 1:06pm

            Re: Re: Re: Re: Tamper proof seals mean nothing

            Instead ALL products bound for Asian customers would be instead shipped to their Asian distribution center. Employees in the US wouldn't even know who the final customer is or what the actual address is where it is ultimately destined much less US Customs. Once a shipment reaches the Asia distribution center the NSA agents there would fill the order and address it to the purchaser

            ...all fixed.

             

            reply to this | link to this | view in chronology ]

            •  
              identicon
              Anonymous Coward, May 19th, 2014 @ 1:21pm

              Re: Re: Re: Re: Re: Tamper proof seals mean nothing

              How exactly? Unless Cisco is implicitly working with the NSA to compromise their products before they are delivered to foreign customers, in which case, interception would not be necessary as the compromise can be inserted before it is even packaged at the factory.

               

              reply to this | link to this | view in chronology ]

              •  
                identicon
                antymat, May 19th, 2014 @ 1:57pm

                Re: Re: Re: Re: Re: Re: Tamper proof seals mean nothing

                Interception would be needed even if Cisco worked with NSA. First, because NSA would like to keep it secret as they already have some problems with their own employees sharing too much. So they would like to keep the number of informed people low and it's much easier to have one mole tipping you off, than to hide whole NSA-cooperation department somewhere down your production line.
                And second - so that Cisco would be able to plausibly deny any involvement.

                 

                reply to this | link to this | view in chronology ]

                •  
                  identicon
                  Anonymous Coward, May 19th, 2014 @ 2:34pm

                  Re: Re: Re: Re: Re: Re: Re: Tamper proof seals mean nothing

                  Still my suggestion isn't necessarily just about Cisco, but rather any large US company with a global presence that is worried about their reputation and wants to head off any attempts by the NSA to compromise their products by intercepting them prior to export to a foreign customer.

                  I disagree though about the need for actual interception in the case of cooperation. The compromise doesn't have to occur on the production line. There could simply be a small number of units that are kept separate which are altered by a small team that is officially labeled as a "quality control" or "R & D" team and when requested, they package up one of their units to be shipped out instead of the one of the one's from the normal stock.

                  As for the argument about plausible deniability, this is the NSA we are talking about here. Their hubris is legendary. They never believe any of their secrets are going to get out. This is one of the reasons they are so bad at dealing with the fallout when they do. To assume the plausible deniability idea theory you would have to assume that the NSA assumed that the public was going to find out about it and wanted to put a cover in place to protect Cisco when that happened. I think that would be giving a little too much credit in the forethought department to a group that has repeatedly demonstrated that they are far more reactionary than they are proactive.

                   

                  reply to this | link to this | view in chronology ]

                  •  
                    identicon
                    antymat, May 19th, 2014 @ 3:20pm

                    Re: Re: Re: Re: Re: Re: Re: Re: Tamper proof seals mean nothing

                    All I am trying to say is that there are sensible reasons for the cooperation to be kept secret, for Cisco's sake. Interception limits the sources of disclosure and makes plausible deniability possible. I would not expect such an idea to come from NSA, as they do not have to care for Cisco's business; but it looks sensible to me for Cisco to employ it to protect itself. In case of forced cooperation this is what I would do.

                     

                    reply to this | link to this | view in chronology ]

              •  
                identicon
                Anonymous Coward, May 19th, 2014 @ 8:34pm

                Re: Re: Re: Re: Re: Re: Tamper proof seals mean nothing

                "How exactly? Unless Cisco is implicitly working with the NSA"

                What make you think they aren't?

                "in which case, interception would not be necessary as the compromise can be inserted before it is even packaged at the factory."

                By letting the NSA do it off-premises, plausible deniability becomes much easier. It worked on you. See?

                 

                reply to this | link to this | view in chronology ]

                •  
                  identicon
                  Anonymous Coward, May 20th, 2014 @ 7:12am

                  Re: Re: Re: Re: Re: Re: Re: Tamper proof seals mean nothing

                  I didn't say that they weren't. That is certainly a possibility. However, if they were it would seem much harder for it to be detected if it wasn't intercepted, broken into, altered and then repackaged carefully in an attempt to make it appear unaltered. The concept of it purposely being done this way for plausible deniability reminds me of a joke a friend used to make about people who drive Volvos because of their crash safety record. He would say you need to stay away from those people because the only reason anyone would drive one of them is that they were looking to get into a crash.

                   

                  reply to this | link to this | view in chronology ]

  •  
    icon
    ChurchHatesTucker (profile), May 19th, 2014 @ 11:37am

    Photoshop anyone?

    That guy on the right looks to have been "obscured" by a standard photoshop filter. Should be easy to de-swirl.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, May 19th, 2014 @ 11:58am

    How will anyone believe in reforms?

    Since we have had nothing but lies, denials, cover-ups, excuses and so-on from the NSA, congress and the Whitehouse; how will anyone ever believe in reforms? Unless we have another leaker (assuming the leaks are real) show documents that prove reforms are in place, who would believe the government? They lie at every turn; especially the current administration.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Michael, May 19th, 2014 @ 12:32pm

      Re: How will anyone believe in reforms?

      The same way most regimes sway public opinion once their own people have stopped believing anything they say.

      Reeducation.

       

      reply to this | link to this | view in chronology ]

  •  
    icon
    Nigel (profile), May 19th, 2014 @ 11:58am

    Tad swamped today but I can un blur that stuff. Pretty lame attempt on their part actually.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, May 19th, 2014 @ 12:37pm

      Re:

      I wonder who actually put the blur on, if it was the NSA who did it or Glenn Greenwald covering his ass legally. If the later it is brilliant actually, applying a weak protection to the NSA's privacy.

       

      reply to this | link to this | view in chronology ]

  •  
    icon
    MadAsASnake (profile), May 19th, 2014 @ 1:36pm

    Now, where is the shot of them doing it to a Huawei box...

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    mark, May 19th, 2014 @ 2:47pm

    In the Greenwald documents is also a worldmap, they have this in almost every country. So everyone who thinks they are only in the US doing this. Think again! This things probably come directly from China anyway!

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Personanongrata, May 19th, 2014 @ 3:16pm

    Public Relations

    Good propagandists always turn the tables on their victims by accusing them of acting in the same manner as themselves.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Personanongrata, May 19th, 2014 @ 3:20pm

    Oopsy, I meant for my comment above to be posted on the:

    Irony Alert: US Filing Criminal Charges Against China For Cyberspying

    thread.

    Please disregard comment on this thread.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, May 19th, 2014 @ 7:23pm

    Why are those idiots using the swirl on that poor man's face? If he, as an NSA agent, visits China and is arrested due to the "blur" being "unblurred" that'd be ... wow.

    Srsly ... wtf were they thinking

     

    reply to this | link to this | view in chronology ]

  • This comment has been flagged by the community. Click here to show it
     
    identicon
    Whatever, May 19th, 2014 @ 8:23pm

    nice story, but

    As usual this articles skimps on the details, but it's expected from such a Google shill like Masnick.

    Mike Masnick just hates it when copyright law is enforced.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, May 19th, 2014 @ 10:26pm

    I tried to post this response on Cisco's website.

    "No politicians, governmental agencies, or laws can be relied on to protect security or privacy. Only technology that's able to be audited for vulnerabilites and backdoors can accomplish this goal.

    That means being able to examine and compile the source code, then reflash the resulting binary code onto NAND memory.

    Hardware documentation and schematics would also be a big help for auditing the security of a device. Seeing as none of this will probably happen, potential customers will have no choice but to blindly trust the manufacturer and the shipping process.

    Unless Cisco figures out a way for customers to audit the binaries on flash NAND memory using hashes, but then again if the hardware is compromised then it could output falsified hash values to the customer. Similar to what happened in Iran, and the falsified PLC diagnostic equipment outputs during Stuxnet.

    No, I suppose open source software and documented hardware is the only way to be secure. I suspect it's always been this way, but has just become more apparent post Snowden."

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Abroad, Oct 16th, 2014 @ 4:17am

    Only way to have government really listen

    The only, surefire way to get governments to listen to your complaints is to threat (and possibly implement) moving your entire company to other countries with lesser invasive-spying intelligence services.
    Yes, this means lay-offs to some extent, but perhaps employees are willing to move with the company. But having more and more companies moving out of United Spies of America will eventually get the government to pay attention.
    And to be honest, life abroad can be pretty sweet too :)

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Andrew Zwicker, Oct 20th, 2014 @ 1:41pm

    Thanks for your post. I really like the information which you have shared in your post about the cisco. Keep sharing the wonderful post in future also.

     

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
Advertisement
Essential Reading
Techdirt Deals
Techdirt Insider Chat
Techdirt Reading List
Advertisement
Recent Stories
Advertisement
Support Techdirt - Get Great Stuff!

Close

Email This

This feature is only available to registered users. Register or sign in to use it.