

The NSA, CALEA, and the hardware backdoors built into routers (required by law) - j2d3

Everyone should read this paper in full &quot;CALEA, Carnivore, and Countermeasures&quot; (2000):<p>http:&#x2F;&#x2F;www.dis.org&#x2F;gessel&#x2F;IS2K&#x2F;CALEA_Carnivore.pdf<p>...but not everyone will, so here&#x27;s an excerpt that relates to what I&#x27;m put in the title. The law the excerpt refers to is CALEA (Communications Assistance for Law Enforcement Act), which was passed in the 1990s:<p>&quot;The law, as interpreted by the FBI, requires all companies providing telecommunications services in
the United States to install remote control ports on their routers which allow law enforcement, acting
autonomously and remotely (though theoretically only on a warrant) to easily extract any conversation in it’s entirety, up to 1% of the hub’s total traffic simultaneously. This capability must have been
implemented by 1998, unless a waver until 10&#x2F;24&#x2F;2000 was granted.
Given a large installed base of equipment, there was a controversial element of cost involved. The FBI
played down the cost, asking congress to allocate $500 million. The FBI admits now that the cost
may be 4-8 times that high. Industry estimates the cost at $10 Billion.
Congress was convinced to allocate the original FBI estimate out of tax revenues, meaning the cost of
implementation is borne by taxpayers. The difference in implementation cost is borne by customers
of communication services.&quot;<p>Imagine how far things have come in the past 15 or so years.<p>To imagine that the US has anything less than the full capability to record and data-mine practically every electronically mediated communication is naive.
======
j2d3
PS - an interesting post from slashdot 2010 about this topic:

[http://hardware.slashdot.org/story/10/10/29/1456242/hiding-b...](http://hardware.slashdot.org/story/10/10/29/1456242/hiding-
backdoors-in-hardware)

quartertime writes "Remember Reflections on Trusting Trust, the classic paper
describing how to hide a nearly undetectable backdoor inside the C compiler?
Here's an interesting piece about how to hide a nearly undetectable backdoor
inside hardware. The post describes how to install a backdoor in the expansion
ROM of a PCI card, which during the boot process patches the BIOS to patch
grub to patch the kernel to give the controller remote root access. Because
the backdoor is actually housed in the hardware, even if the victim reinstalls
the operating system from a CD, they won't clear out the backdoor. I wonder
whether China, with its dominant position in the computer hardware assembly
business, has already used this technique for espionage. This perhaps explains
why the NSA has its own chip fabrication plant."

~~~
samstave
I was fist told about this backdoor by an ex employee of Cisco in 1997.

~~~
j2d3
Yeah, I worked at an ISP in 1998 and was told of the request / demand that we
install Carnivore. Since then I've understood that everything is being
recorded, but I've just carried on with everyone else with a kind of sad,
resigned, "oh well" attitude... and have taken comfort in the fact that we're
ALL subject to this, so - at least things are somewhat leveled out. Resistance
seems futile.

------
chris_dcosta
I guess any customer using US Equipment in any part of the world is also
accessible, even without a local law supporting it?

Interestingly I managed to discover a Huawei trojan that installed itself
without me granting permission via a hotel router. It wasn't particularly well
built back in the day which made it easy-ish to identify.

Makes me wonder where China is going with all the deals Huawei is making with
Govts across the world too.

