
U.S. to China: We Hacked Your Internet Gear We Told You Not to Hack - kercker
http://www.wired.com/wiredenterprise/2013/12/nsa-cisco-huawei-china/
======
gonvaled

      In the U.S., military espionage is heroic and economic espionage is a crime. In China, the line is not that clear.
    

Let me say this: BULLSHIT, a thousand times.

Who says this? Any of the companies who have been lying to their customers?
Any of the government agencies which have not explained anything about the NSA
activities (not that they would know what is going on)? Any of the officials
caught lying, one and again?

The US will not perform economic espionage as long as the US has a
technological edge (which is probably not anymore the case in lots of areas).

Which brings us to an important observation: OCDE rules forbidding economic
espionage are designed to keep the current technological status quo; any
country is well advised to sign them to be accepted to the club, and
immediately throw the rules to the garbage bin. Because we can be sure that
any country capable of doing economic espionage has been doing it, is doing
it, and will continue to do it, no matter the rules, no matter if they get
caught, no matter the hypocrital public posturing of their leaders.

Those rules, and the whole "Intellectual Property" apparatus, is there for the
suckers to respect them. The US, in particular, has never respected those
rules.

~~~
wavefunction
One of my coworkers actually expressed this sentiment to me. He's generally a
smart guy but I don't know how you get across how damaging this is to basic
commerce.

The NSA is destroying the American technical industry piece by piece. How do
we approach this existential crisis, when the folks behind the NSA apparently
don't give a shit what damage they do to America?

~~~
adventured
The money is what matters politically. Interestingly in this case, while
that's one of the most sickening aspects of US politics these days (the
extreme dominance of money), it's also the one we can count on here. Enough
damage - which seems to be a matter of time now - and a lot more companies
will stand up and 'force' their politicians to dismantle the NSA's programs.

Either that or the military industrial complex has reached a point of scale
where it's basically going to end up destroying itself by bleeding out the
economy and the tax dollars required to fund such a massive beast.

I'd argue that there's no scenario in which the military industrial complex
survives intact going forward, short of WW3. That's particularly fitting
timing wise, as America has reached all sorts of crossroads in its path
forward (huge generation changing issues on debt, education, standards of
living, war, jobs).

edit:

Another thought - it's also going to self-cripple the military by eroding the
US technology sector (capital seeds tech companies in other countries instead
of the US as a response, so more technology is created outside the US in the
future, in a downward spiral, potentially depriving the NSA and military of
all sorts of technology and access). The relative US technology lead has been
a massive competitive advantage for the military for a century.

~~~
gonvaled
Isightful. And the follow-up question is: since the military industrial
complex has probably already reached this conclussion, will they force war? I
mean, in a more direct way than what we are used to ...

In this light, trusting the USA to responsably handle the nuclear arsenal may
prove to be the biggest mistake that the international community has done
since WWII.

~~~
adventured
The nuclear arsenal is for Russia and China and self-defense, it's useless in
WW3 unless mutual assured end-of-civilization is desired (or as a one-off
response to someone like Iran or Pakistan using a nuke or a small number of
them). That arsenal is no more risky in the US hands than in, say, the hands
of Russia or China or Britain or France.

The military industrial complex wants money and power, not global annihilation
- always remember it's run by people, and they want what most people in power
want. It's not a complicated beast, it's mostly about the world's largest
slush fund, $700 some odd billion up for grabs every year, and they want all
of it and more if they can get it. The military people want to play military,
and the industrial people want to play industry, and they leverage each other
to that end.

Yes, I think they'll force more wars. Something that big and powerful, in a
state of desperation for survival, is scary indeed. I think that's what the
play in the 'sandbox' (the middle east, aka where you can launch wars and
suffer no domestic enemy retaliation and you can't hardly 'lose' in a classic
historical sense) has been largely about, excuses to spend large amounts of
money and build & experiment with shiny new war machines. If it had been about
economics, oil for example, we'd already control most of the oil in the middle
east (we'd have taken Saudi Arabia and Iraq's oil through force). I think that
explains Wesley Clark's shocking admission about the Pentagon planning all the
wars far in advance:

[http://www.youtube.com/watch?v=bSL3JqorkdU](http://www.youtube.com/watch?v=bSL3JqorkdU)

------
dnautics
Is it just me or does this seem to be a tortured argument - the US suggested
that huawei might be implementing backdoors in their product out of the box,
is not the same thing as the US security agency actively searching for
exploits for the product. One is a collaborative effort to sell someone a
defective product (could be fraud) the other is a adversarial effort that is a
natural part of the security industry cycle.

~~~
gonvaled
Are you aware that the NSA is actively planting exploits into products by
intercepting shipments? Your are not buying a Cisco product: you are buying a
Cisco + NSA product, with a backdoor. Which is exactly the same as buying a
Huawei product with a backdoor.

~~~
alexeisadeski3
Did you even read his comment? Of course he's aware - it's forms the premise
of his entire position.

~~~
gonvaled
The NSA is _planting_ exploits. It is not only exploiting existing security
holes: it is creating new security holes, by manipulating the hardware. Is is
effectively working together with Cisco / any other company (maybe not
willingly, but who cares) to manufacture a Cisco/NSA router, with a backdoor
easily accessible to the NSA.

According to his comment he is not aware of this, otherwise he would not
differentiate between Cisco/NSA and Huawei.

And according to your comment, you do not even understand what I am saying.

~~~
alexeisadeski3
The concern with Huawei is that a security apparatus would be inserting
backdoors/Trojans into _every_ device. The NASA's targeted attacks of a few
hundred (thousand?) devices is entirely unrelated.

~~~
gonvaled
Previously the story was "the chinese are inserting backdoors". Afterwards the
story was, the NSA is spying everyone. Now the story seems to be that the NSA
is spying _and_ planting some backdoors. How many? 1% of devices? 10%? 99%?

Let me clarify two things for you:

\- We do not know how many backdoors the chinese are planting. Maybe none,
maybe in all devices.

\- We do not know how many backdoors the NSA is planting. Maybe just in some
devices, maybe in most devices.

In light of this, how are you so sure that "these two situations aren't even
in the same universe." Do you have any other knowledge that you would like to
share?

~~~
alexeisadeski3
Because one involves all manufacturers, regardless of origin. The other
doesn't.

One involves devices destined for certain people, the other doesn't.

------
slashdotaccount
You can download the documents from CryptoMe:

ANT Files (16.2M ZIP) : [http://cryptome.org/2013/12/nsa-
catalog.zip](http://cryptome.org/2013/12/nsa-catalog.zip)

QUANTUM Tasking (5.7M) - [http://cryptome.org/2013/12/nsa-quantum-
tasking.pdf](http://cryptome.org/2013/12/nsa-quantum-tasking.pdf)

QUANTUM Theory (2.5M) - [http://cryptome.org/2013/12/nsa-
quantumtheory.pdf](http://cryptome.org/2013/12/nsa-quantumtheory.pdf)

~~~
streetnigga
CrypTome, Mr President.

------
askar_yu
It's important to note that during the USG vs Huawei discussions there were no
actual proofs brought by the USG about the allegations it pressed on Huawei.
Huawei even wrote an open letter just two years ago asking for investigation
and denying all the allegations [http://www.huawei.com/ilink/en/about-
huawei/newsroom/press-r...](http://www.huawei.com/ilink/en/about-
huawei/newsroom/press-release/HW_092875)

Later on Huawei testified before the US House
[http://www.youtube.com/watch?v=ApQjSCUpt4s](http://www.youtube.com/watch?v=ApQjSCUpt4s)

To my knowledge, no response has been made by USG justifying the allegations
it was making when it was openly called by Huawei. Given all of this, I find
it ironic the comments here such as "backdoors in Huawei's devices" are taken
for granted. Now with the latest leaks exposing hacking by the USG itself the
tone of the conversation (including the comments in HN) has not changed. What
am I missing?

The only noticeable change seems was the decreased tone of the US media (CNN
alikes) who used to shout extremely loud that _' Those Chinese are hacking our
systems!'_. At the very least frequency of such news got decreased ever since
the leaks.

------
nxbtch
hey,guys. i am from china. I just wanna say, happy new year. and internet has
not border.

~~~
bananacurve
Yes. Our governments may act like asses, but we don't have to. Happy New Year.

~~~
liuw
Same to you. Happy new year.

~~~
akinity
Peace! :)

------
blazespin
Why do you think the US was so concerned about buying gear from China? They
just realized that since they're doing it, China is probably doing it as well.

~~~
moootPoint
The liar's punishment is they can trust no one

~~~
bananacurve
The problem with liars is not that they lie, it's that sometimes they tell the
truth.

------
mh_
I guess at this point, its fair to ask all those previous commenters who were
telling us: "It just doesn't work like that.. We were in the dept of defense..
you guys don't understand" to comment..

------
bobjordan
Time seems ripe for open source networking equipment movement. Can't trust
closed source solutions.

~~~
beagle3
That's a nice but naive sentiment. You can rest assured your hardware is
similarly trojaned - whether it is your CPU, your Ethernet controller or your
network switch. No, I do not have first hand knowledge about CPU trojaning by
the NSA. But given everything else, I'd be surprised if they don't have access
to the CPU itself.

~~~
asveikau
What would the point be of intercepting shipments if the job is already done?
Are you saying they are doing this work redundantly?

Also we don't know what percentage of shipments are intercepted. If this is
the primary means of attack it seems a bit shy of "you can rest assured" that
_your_ hardware in particular is affected. (Or at this rate perhaps we can
wait for the next revelation to show us. :P)

~~~
beagle3
> What would the point be of intercepting shipments if the job is already
> done? Are you saying they are doing this work redundantly?

Have you ever seen a government job that wasn't redundant?

But seriously - if you want to make sure that what you are doing works, you
have to use redundancies. Many of them, in fact.

> If this is the primary means of attack it seems a bit shy of "you can rest
> assured" that your hardware in particular is affected. (Or at this rate
> perhaps we can wait for the next revelation to show us.

I'm sure it is not the primary means of attack. Here's a hypothetical
scenario: You work at Cisco or Intel, designing firmware / microcode. The NSA
appears at your door with an NSL saying you can't disclose anything, not even
to your boss - and a carrot: Get $200K to insert this backdoor into the new
x86 / megarouter. And also a stick - if you don't comply, showing your wife
all of the correspondence you have with your mistress (which they gleaned from
earlier interception) or giving the DEA a recording of you asking your friend
to bring some pot over.

You think that's crazy? Ladar Levison, Joseph Nacchio and Edward Snowden
indicate that's business as usual. I have no knowledge of anything other than
what I read in the guardian/hn etc -- but given all that is public, I'd be
surprised if this scenario hasn't played out a few times. Or a few hundred
times.

------
Irishsteve
The consistently frustrating thing about all these 'revelations' is that the
US government allegedly do it only for national security concerns where as
other nations does it for corporate espionage.

~~~
nabla9
US spied French aerospace industry in 90's and there is no indication that
they won't do it every time they feel US might get advantage from it.

------
throwwit
Continuously stock piling exploits cannot lead to any desired end game. It's
probably beneficial there's some deflating of all this stuff.

------
gaius
It's a good way to think about it, that the US is now in a Cold War with the
entire rest of the world.

~~~
bananacurve
Not quite.

[http://cphpost.dk/news/denmark-is-one-of-the-
nsas-9-eyes.761...](http://cphpost.dk/news/denmark-is-one-of-the-
nsas-9-eyes.7611.html)

~~~
a3n
Governments are "now in a Cold War with the [citizens of the] entire rest of
the world."

Better?

------
ck2
Messing with the manufacturing base for maybe 80% of all USA non-food goods is
probably a very bad idea.

Sure we can open source our router software for review but what if their hacks
are right in the chips being made in China.

Don't US fighter jets and bombers use some electronics made in China too?

