Cisco Shipping Hardware To Bogus Addresses To Throw Off NSA Intercept-And-Implant Efforts

from the 1324-Middle-Finger-Extended-Blvd. dept

Cisco became an inadvertent (and very unwilling) co-star in the NSA Antics: Snowden Edition when its logo was splashed across the web by a leaked document detailing the agency's interception of outbound US networking hardware in order to insert surveillance backdoors.

It moved quickly to mitigate the damage, sending a letter to the President asking him and his administration to institute some safeguards and limitations to protect US tech companies from the NSA's backdoor plans. To date, there has been no direct response. So, Cisco has decided to handle the problem itself.
Cisco will ship boxes to vacant addresses in a bid to foil the NSA, security chief John Stewart says.

The dead drop shipments help to foil a Snowden-revealed operation whereby the NSA would intercept networking kit and install backdoors before boxen reached customers…

"We ship [boxes] to an address that's has nothing to do with the customer, and then you have no idea who ultimately it is going to," Stewart says.

"When customers are truly worried ... it causes other issues to make [interception] more difficult in that [agencies] don't quite know where that router is going so its very hard to target - you'd have to target all of them. There is always going to be inherent risk."
Stewart acknowledges that Cisco's modified dead drop shipping operations aren't foolproof, but will at least force the agency to do a little more research before intercepting packages. Stewart also noted that some customers aren't taking any chances, opting to pick up their hardware from Cisco directly.

There are also variables Cisco simply can't control, like the possibility of inbound components from upline manufacturers arriving pre-compromised. But it's doing what it can to ensure that "Cisco" isn't synonymous with "spyware."

Then there's always the possibility that the government may find Cisco's new routing methods to be quasi-fraudulent and force the company to plainly state where each package is actually going. No response has been issued by the ODNI or NSA to this news, and most likely, none will be forthcoming. Any statement on Cisco's fictitious routing would tip its hand.

Cisco's plan makes a lot of assumptions about the NSA's capabilities, most of which aren't particularly sound, but this seems to be more a public display of pique than a surefire way to eliminate most of the NSA's hardware interceptions. It also sends a message to the NSA, one it's been hearing more and more of over the last couple of years: the nation's tech companies aren't your buddies and they're more than a little tired of being unwilling partners in worldwide surveillance.

Filed Under: backdoors, fake addresses, interception, nsa, shipping, surveillance
Companies: cisco


Reader Comments

The First Word

Subscribe: RSS

View by: Time | Thread


  1. identicon
    Anonymous Coward, 20 Mar 2015 @ 2:45pm

    Nice corporate PR, that's it. It simply does not matter until corporations make it absolutely clear with demands that get attention and the needed actions out of congress, what they say.

    It will be assumed that it comes rigged with spyware. Corporations took the money and all was fine until the public learned of actions. Suddenly when profit margins start dropping and only then do they get religion.

    The deal with the devil was done in many cases with full knowledge. All will be assumed to be painted with the same brush of complicity until major changes are made. Even then it will be years if ever that American corporations will ever re-earn the trust of their customers. While I can not control everything there is one thing I can do. I can pick those parts up for computers and build it myself. While no 100% guarantee, it will have a higher unlikely hood to have been visited by the repackaging team.

    Globally, people will start refusing American products that can be done this way. Foreign governments can and will refuse American products over it. Long term contracts will be changed when they reach termination for other choices.

    The damage is already done.

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Special Affiliate Offer

Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.