
Glenn Greenwald: The NSA tampers with US-made routers - not_dirnsa
http://www.theguardian.com/books/2014/may/12/glenn-greenwald-nsa-tampers-us-internet-routers-snowden?r
======
perlpimp
So RMS was right after all, OpenSource gives you visible security where
proprietary products are encumbered with all sorts of unwated and even
dangerous "features".

my 2c

~~~
scott_karana
Open-source designs (for software _or_ hardware) aren't a complete solution.
You need to regularly audit the end-result, lest the compiler/fab add unwanted
nasties to your design.

~~~
lazyjones
We might want to move to mostly FPGA-based or similar reconfigurable systems,
where what we perceive as hardware is more easily audited.

OR we might want to go back to shopping anonymously "offline", hoping that the
NSA will not bother backdooring every device on the market.

~~~
bri3d
What bitstream is the FPGA currently configured with? The one in flash?
Really? What's to say the bitstream made it to the FPGA correctly? Can you
tell? What if it reconfigured itself [1]?

There's some research [2] into using authenticated, encrypted bitstreams, but
even if the implementation matches the theory (and after all, it's crypto, we
know how that goes...) this only reaches the same level of security as a
fixed-configuration ASIC, since FPGAs are vulnerable to the same nefarious fab
attacks as ASICs.

1:
[http://www.cmpe.boun.edu.tr/caslab/publications/selfreconf_f...](http://www.cmpe.boun.edu.tr/caslab/publications/selfreconf_final.pdf)

2:
[http://www.saardrimer.com/sd410/papers/bsauth.pdf](http://www.saardrimer.com/sd410/papers/bsauth.pdf)

~~~
makomk
FPGA bitstreams are big, sometimes even big enough that you couldn't fit
another bitstream in hardware anywhere. What's more, making even a small
change to the bitstream and re-synthesising tends to completely change how the
design is laid out in hardware - so launching an attack that targets a
specific bitstream, like most of the obvious nefarious-fab attacks, isn't much
good.

------
resu
So stay away from routers that are Made in China and Made in USA - what's
left?

Is there a country small enough without a world domination agenda, yet large
enough to not be swayed by bullying from U.S, China etc.? It's time to start a
router manufacturing business there...

~~~
mindslight
There are basically three sovereigns left in the world. You've listed two, and
the third is where Snowden ran. Everywhere else has chosen to give up on the
idea of ultimate state security in favor of economic cooperation, and has
therefore lost a bit of self-determination and will be easily subverted by
agents of the three.

The takeaway from Snowden's revelations shouldn't be that we need a sacrosanct
place for trustable manufacturing / hosting / development. It's that all of
these "hypothetical" subversions are actually continually taking place on an
institutionalized scale by _many_ parties, and to have any hope of having
anything ever being autonomously secure (rather than ultimately ruled by
informational superemperors), we really need to get serious about stomping out
reliance on centralized authority/closed source/trusted hardware/etc.

~~~
angersock
...perhaps the answer is to layer everything behind interleaved stacks of
these sovereign's hardware.

That way, you can _count_ that any traffic is known to them all, and thus
avoid surprise.

------
slacka
I am not surprised by the hypocrisy of the US government here, but where is
the proof? He doesn't directly link to the June 2010 report to back his
claims. While I trust him, the critical thinker in me despises not being able
to check sources.

> Yet what the NSA's documents show is that Americans have been engaged in
> precisely the activity that the US accused the Chinese of doing.

Only points to the generic page [http://www.theguardian.com/world/the-nsa-
files](http://www.theguardian.com/world/the-nsa-files) Couldn't he be more
specific?

~~~
panarky
Maybe the reason you're not surprised is because you've heard this story
before.

We learned last year that the NSA has an "interdiction" operation to intercept
hardware en route to its destination and install monitoring devices or
malware.

For example, here's a Der Spiegel article from December 2013 [1]:

    
    
      If a target person, agency or company orders a new computer or related
      accessories, for example, TAO can divert the shipping delivery
      to its own secret workshops. The NSA calls this method interdiction.
      At these so-called "load stations," agents carefully open the package
      in order to load malware onto the electronics, or even install hardware
      components that can provide backdoor access for the intelligence
      agencies.
    

[1] [http://www.spiegel.de/international/world/the-nsa-uses-
power...](http://www.spiegel.de/international/world/the-nsa-uses-powerful-
toolbox-in-effort-to-spy-on-global-networks-a-940969-3.html)

------
middleclick
Is anything safe? I mean, at this point, would it be too much to assume that
given that the NSA has so much brain power (mathematicians) working for them,
that they have not already cracked most encryption schemes we trust? I am not
being a conspiracy theorist, I am genuinely curious.

~~~
hayksaakian
My opinion:

If everything was broken, then why did they go through so uch trouble in the
lavabit case?

~~~
mindslight
It's not out of the realm of possibilities for intelligence agencies to _let
soldiers die_ rather than risk divulging their actual capabilities.

But I personally don't see much of a (self-determination-ful) way forward
other than making the assumption that _some_ public key crypto works (ie one
way functions exist), and building secure systems based on it.

~~~
rosser
_It 's not out of the realm of possibilities for intelligence agencies to let
soldiers die rather than risk divulging their actual capabilities._

Not just soldiers, witness the Coventry Blitz.

~~~
MattHeard
> In his 1974 book The Ultra Secret, Group Captain F. W. Winterbotham asserted
> that the British government had advance warning of the attack from Ultra:
> intercepted German radio messages encrypted with the Enigma cipher machine
> and decoded by British cryptoanalysts at Bletchley Park. He further claimed
> that Winston Churchill ordered that no defensive measures should be taken to
> protect Coventry, lest the Germans suspect that their cipher had been
> broken.[1] Winterbotham was a key figure for Ultra; he supervised the
> "Special Liaison Officers" who delivered Ultra material to field
> commanders.[2]

> However, Winterbotham's claim has been rejected by other Ultra participants
> and by historians. They state that while Churchill was indeed aware that a
> major bombing raid would take place, no one knew what the target would
> be.[3][4]

> Peter Calvocoressi was head of the Air Section at Bletchley Park, which
> translated and analysed all deciphered Luftwaffe messages. He wrote "Ultra
> never mentioned Coventry... Churchill, so far from pondering whether to save
> Coventry or safeguard Ultra, was under the impression that the raid was to
> be on London."[5]

> Scientist R. V. Jones, who led the British side in the Battle of the Beams,
> wrote that "Enigma signals to the X-beam stations were not broken in time,"
> and that he was unaware that Coventry was the intended target. Furthermore,
> a technical mistake caused jamming countermeasures to be ineffective. Jones
> also noted that Churchill returned to London that afternoon, which indicated
> that Churchill believed that London was the likely target for the raid.[6]

Source:
[https://en.wikipedia.org/wiki/Coventry_Blitz#Coventry_and_Ul...](https://en.wikipedia.org/wiki/Coventry_Blitz#Coventry_and_Ultra)

References:

1\. Winterbotham, F. W. The Ultra Secret, London, Weidenfeld & Nicolson, 1974
ISBN 0-297-76832-8; also London, Futura, 1975, ISBN 0-86007-268-1

2\. Ray, John, "The Night Blitz", Cassel & Co 1996, ISBN 0-304-35676-X p. 155

3\. "Defending Coventry" ([http://www.historiccoventry.co.uk/blitz/defend-
cov.php](http://www.historiccoventry.co.uk/blitz/defend-cov.php)). Historic
Coventry.

4\. Hunt, David (28 August 1976), "The raid on Coventry", The Times: 11

5\. Calvocoressi, Peter (1981). Top Secret Ultra. New York: Ballantine Books.
pp. 85–86. ISBN 0-345-30069-6.

6\. Jones, R. V. (1978). Most Secret War: British Scientific Intelligence
1939–1945. London: Hamilton. p. 149. ISBN 0-241-89746-7. This book was also
published in the US under the title The Wizard War.

~~~
mpyne
All that being as it may (because you're right), don't let that detract from
the larger point about the tension between using intelligence products (like a
tip-off about a bombing raid) and protecting the sources and methods of those
intelligence products for the future.

The British were _paranoid_ about this; if they wanted to attack a tactical
target where the Germans would think "there's no way they could have known
about this, our codes must be broken", they'd always send a decoy scout or
something out first to "accidentally come across" the secret target.

The Americans did similar things; when Adm. Yamamoto was shot down, his flight
was duly "detected" by a reconnaissance plane first, even though the Americans
knew full well when it was taking off and where it was going.

------
Htsthbjig
Remove "Patriot Act" or the fascist law obligation of any American to
collaborate with 3 letters agencies by force.

It converts any American worker in a spy of the Government.

~~~
pekk
Not everything that is wrong is fascist.

~~~
peterashford
No, but forcing absolute adherence to the will of the state is pretty much the
definition of Fascism.

------
suprgeek
"The NSA has been covertly implanting interception tools in US servers heading
overseas..."

Which is Somewhat Ok, given the NSA charter.

What is the more interesting question - Is this limited to "US servers heading
overseas..?" I mean we already know that NSA intercepts Laptops, Keyboards and
such routinely for special "people of interest" within the US. Does it do the
same i.e. routinely and indiscriminately bug routers even within the US?

~~~
insuffi
Excuse me? How is that _somewhat OK_? I don't give a damn about the NSA
charter or even the constitution which so many people seem to bring up in
hopes of justifying mass surveillance of civilians abroad - is mass spying on
foreign civilians really OK at this point? Pre-emptively setting up
infrastructure for surveillance without any warrants, in a sovereign state?

What about enterprise customers? Is it still "OK" if they carry out economic
espionage?

Surely laws should only be considered if the situation in question relates to
an american?

~~~
jamra
There is a difference between having the ability to spy and using it en mass
without warrants. Tampering with routers gives the NSA the ability to spy.

The question of whether or not data is being collected illegally should not be
confused with the ability of data to be collected.

~~~
insuffi
You have a point. However, something really rubs me the wrong way about them
having the _ability_ to spy on every person. They are actively going out of
their way to set up future channels of spying, without the consent of
customers who bought the router in question.

And honestly, while your point is valid, there's plenty of discussion
available online about rubber stamping warrants - and this sort of implanting
of surveillance tools just makes it economically/logistically viable for them
to spy on everyone.

The question is - do you feel OK about a foreign nation state embedding the
_ability_ to invade your privacy? Like you said, they don't have to use it,
they just have to be _able_ to use it when necessary. Honestly this sort of
hairsplitting is just silly.

------
backwardm
I'm curious to know if using a different firmware would be a valid way to
secure a (potentially compromised) router, or is this kind of tampering done
at the hardware level—in some hidden part of a microprocessor?

~~~
osivertsson
NSA and company probably do it all levels, but any level below the OS is
probably preferable because it is less risk of being caught.

Who would you know if they targeted only you with a microcode update for your
Intel/AMD CPU that made crypto weaker? All the assembler instructions that you
execute are just the same as someone with a proper microcode blob.

~~~
mschuster91
ucode blobs are usually signed with strong crypto (RSA-2048 on Intel iirc), so
unless the NSA doesn't get the keys or the raw transistor layouts of the CPU
in order to look for bugs, no way to mess with the bytecode.

~~~
osivertsson
I'm paranoid enough to assume they have both the keys and the layout.

------
xacaxulu
The NSA continues to undermine US businesses, further isolating us from the
rest of the world.

------
brianbarker
So essentially the NSA warned us about China tampering with hardware because
they knew how it could be done. They just forgot to mention they'd been doing
it already.

------
SeanDav
Perhaps software and virtual routers are the way to go, especially if any are
open source. It would be great if someone with knowledge in this domain could
comment on this.

~~~
jforman
Switches have reasonably sophisticated hardware to prevent packet collisions
which would probably be hard to do away with.

~~~
VLM
Digilent NetFPGA board, basically plug a bunch of gig-e connectors into a
FPGA, upload some ethernet software and away you go. Upload a softcore and run
spanning tree on the softcore.

You won't like the price of the board I mentioned. On the other hand, nobody
said a dev board with a bazillion extra features you don't want, made in
extremely low quantity, is the cheapest possible way to stick a bunch of
ethernet PHY to a FPGA (and you could optimize the size of that FPGA if you
wanted...)

The point of that provided example multi-ethernet FPGA development board isn't
that its the best you could do financially or technologically, but that if you
tried to do your own thing and screwed up, its probably difficult to do worse.

As a practical matter having fooled with much smaller and simpler things the
price should end up competitive in the end.

The biggest problem is synth takes a long time, god only knows what the CIA
and KGB ops embedded in the source, and the IP licenses probably make
distribution of the source rather difficult. Its mostly a business/government
problem, not a technological problem.

------
jrockway
Greenwald is back at the Guardian? I thought he left to do his own thing.

~~~
smacktoward
He did:
[https://firstlook.org/theintercept/](https://firstlook.org/theintercept/)

But it appears to have snarled itself pretty thoroughly in its first few
months: [https://firstlook.org/theintercept/2014/04/14/passover-
greet...](https://firstlook.org/theintercept/2014/04/14/passover-greetings-
editor/)

------
angersock
I'm watching to see if CSCO takes a hit from this--so far, doesn't seem to be
a big issue.

It's not like this is _surprising_ , as such; it's just really bad that these
chucklefucks got _caught_ doing it.

(Yes, it's arguably morally wrong and so on, but just from a purely economic
perspective, bad show.)

~~~
runjake
I'm curious to where you got Cisco from, as I can't find in the article where
they are mentioned.

Not to say that Cisco isn't in cahoots with the NSA. I totally believe they
are, but it's best to level accusations with facts, to lower the SNR, so to
speak.

As a point of trivia: most Cisco routers and switches are manufactured in
China and are stored in the US as inventory, and are shipped to customers as
ordered from the US.

~~~
angersock
My chain of reasoning is:

    
    
      article announces compromise of American networking gear --> Cisco is major American networking gear vendor --> CSCO may suffer cancelled orders because of this
    

Not 100% certain or anything, but it's a big canary that's trivial to watch.
Remember, they didn't actually have to _do_ anything, just suffer from market
fears.

~~~
runjake
Also: Juniper, Brocade, HP, Dell, Arista, NetGear, Apple, Extreme Networks,
etc etc etc.

------
mschuster91
Well, the NSA tampering here at least doesn't happen in the factories...

~~~
chippy
>repackages the devices with a factory seal.

But perhaps with the covert assistance of the factory?

~~~
forgottenpass
Tamper evident only provides evidence of a home user that hasn't spent time
learning how to evade them. You don't need the means to obtain or produce
replica seals, but the NSA also has the money to do exactly that. And that
assumes by 'seal' the author even meant to imply something as strong as tamper
evident.

------
Zigurd
If you wanted to build an Internet product that could be trusted
internationally where and how would you build it?

Unfortunately it looks like one part of the answer that's known is "not in the
US."

We have only begin to feel the effects on this massive violation of trust.
Unless trust can be restored, the US will become techno-provincial and only
trustable with unimportant technologies like entertainment products.

------
cheetahtech
Just read something else he pushed.

He used some pretty strong words against the politicians.

Call Hillary a Neocon and corrupted, but he guesses she will win the next
election. Page 5. [http://www.gq.com/news-politics/newsmakers/201406/glenn-
gree...](http://www.gq.com/news-politics/newsmakers/201406/glenn-greenwald-
edward-snowden-no-place-to-hide)

~~~
r00fus
Hillary was considered a shoe-in for Dem Pres nominee in 2008 as late as Jan
'08, 11 mo before the 2008 election. Keep your speculation in perspective.

------
Sami_Lehtinen
When you register WatchGuard firewall it asks all kind of questions which are
absolutely strategic. What kind of data it is used to protect, are you in tech
or military business etc. And you won't be able to even use it without
registration. And they call it security appliance. Lol. How about honestly
calling it spy appliance.

------
strgrd
I can't help but thinking Intel has something to do with this mission.

I mean think about how many hundreds of thousands of consumer computers come
with Intel AMT vPro by default.

------
zby
"surveillance competition"!

