A new report from The Guardian reveals that NSA has allegedly been tampering with U.S.-made electronic equipment including servers, routers and other network devices that are exported to foreign markets in order to insert backdoor surveillance malware, which can be later activated to spy on networks.
“The agency then implants backdoor surveillance tools, repackages the devices with a factory seal and sends them on,” The Guardian writes. “The NSA thus gains access to entire networks and all their users. The [NSA leaked] document gleefully observes that some “SIGINT [short for signal intelligence] tradecraft … is very hands-on (literally!)”.”
The publication obtained documents from Edward Snowden that details such operations dating back to June 2010.
“In one recent case, after several months a beacon implanted through supply-chain interdiction called back to the NSA covert infrastructure,” the report says. “This call back provided us access to further exploit the device and survey the network.”
Interestingly, the U.S. government has accused Chinese companies including Huawei and ZTE of doing exactly what these newly revealed documents claim the NSA is doing, which is inserting spying tools in networking equipment. Following pressure from these accusations, Huawei has left the U.S. market, although investigations from the House Intelligence Committee did not find actual evidence that the Chinese government was actually using Huawei and ZTE devices to spy on other countries.
“Warning the world about Chinese surveillance could have been one of the motives behind the U.S. government’s claims that Chinese devices cannot be trusted,” The Guardian notes. “But an equally important motive seems to have been preventing Chinese devices from supplanting American-made ones, which would have limited the NSA’s own reach. In other words, Chinese routers and servers represent not only economic competition but also surveillance competition.”
NSA has neither confirmed nor denied such practices in statements sent to CNET.
“As we have said before, the US technology industry builds the most secure hardware and software in the world today,” the Agency said. “NSA relies on these products to help protect our nation’s most sensitive information and, over the past decade, has turned to commercial technology to replace government-built technology. Given its own reliance on many of the very same technologies that the public uses, the US Government is as concerned as the public is with the security of these products. While we cannot comment on specific, alleged intelligence-gathering activities, NSA’s interest in any given technology is driven by the use of that technology by foreign intelligence targets. The United States pursues its intelligence mission with care to ensure that innocent users of those same technologies are not affected.”
“As we have previously said, the implication that NSA’s foreign intelligence collection is arbitrary and unconstrained is false. NSA’s activities are focused and specifically deployed against — and only against — valid foreign intelligence targets in response to intelligence requirements. We are not going to comment on specific, alleged foreign intelligence activities. Public release of purportedly classified material about US intelligence collection systems, without context, further confuses an important issue for the country and jeopardizes human life as well as national security sources and methods,” the NSA said.