Senator Wyden Wants To Know If The NSA Is Still Demanding Tech Companies Build Backdoors Into Their Products
from the build-them-or-we'll-just-build-our-own dept
It’s been more than a half-decade since it made headlines, but the NSA’s hardware manipulation programs never went away. These programs — exposed by the Snowden leaks — involved the NSA compromising network hardware, either through interception of physical shipments or by the injection of malicious code.
One major manufacturer — Cisco — was righteously angered when leaked documents showed some of its hardware being “interdicted” by NSA personnel. It went directly to Congress to complain. The complaint changed nothing. (Cisco, however, changed its shipping processes.) But even though the furor has died down, these programs continue pretty much unhindered by Congressional oversight or public outcry.
One legislator hasn’t forgotten about the NSA’s hardware-focused efforts. Senator Ron Wyden is still demanding the NSA answer questions about these programs and give him details about “backdoors” in private companies’ computer equipment. The DOJ and FBI may be making a lot of noise about encryption backdoor mandates, but one federal agency is doing something about it. And it has been for years.
Not only has the NSA installed its own backdoors in intercepted devices, it has been working with tech companies to develop special access options in networking equipment. This allows the agency to more easily slurp up communications and internet traffic in bulk. Senator Wyden wants answers.
The agency developed new rules for such practices after the Snowden leaks in order to reduce the chances of exposure and compromise, three former intelligence officials told Reuters. But aides to Senator Ron Wyden, a leading Democrat on the Senate Intelligence Committee, say the NSA has stonewalled on providing even the gist of the new guidelines.
“Secret encryption back doors are a threat to national security and the safety of our families – it’s only a matter of time before foreign hackers or criminals exploit them in ways that undermine American national security,” Wyden told Reuters. “The government shouldn’t have any role in planting secret back doors in encryption technology used by Americans.”
No one knows what’s in the guidelines and whether they forbid the NSA from backdooring hardware or software sold to US buyers. All the NSA is willing to say is it’s trying to patch things up with domestic tech vendors by, um, giving them more stuff to patch up.
The agency declined to say how it had updated its policies on obtaining special access to commercial products. NSA officials said the agency has been rebuilding trust with the private sector through such measures as offering warnings about software flaws.
This is a welcome change after years of exploit hoarding. But there’s no reason to believe the NSA isn’t holding useful flaws back until they’ve outlived their exploitability. As for the built-in backdoors, the NSA refuses to provide any details. It won’t even answer to its oversight. And if it won’t do that, it really needs to stop saying things about “robust oversight” every time more surveillance abuses by the agency are exposed.
There’s more to this than potential domestic surveillance. Any flaw deliberately introduced in hardware and software can be exploited by anyone who discovers it, not just the agency that requested it. The threat isn’t theoretical. It’s already happened. In 2015, it was discovered that malicious hackers had exploited what appeared to be a built-in flaw to intercept and decrypt VPN traffic running through Juniper routers. This appeared to be a byproduct of the NSA’s “Tailored Access Operations.” While Juniper has never acknowledged building a backdoor for the NSA, the circumstantial evidence points in No Such Agency’s direction.
[Juniper] acknowledged to security researcher Andy Isaacson in 2016 that it had installed Dual EC [Dual Elliptic Curve] as part of a “customer requirement,” according to a previously undisclosed contemporaneous message seen by Reuters. Isaacson and other researchers believe that customer was a U.S. government agency, since only the U.S. is known to have insisted on Dual EC elsewhere.
This is the danger of relying on deliberately introduced flaws to gather intelligence or obtain evidence. Broken is broken and broken tools are toys for malicious individuals, which includes state-sponsored hackers deployed by this nation’s enemies. It’s kind of shitty to claim you’re in the national security business when you’re out there asking companies to add more attack vectors to their products.
Filed Under: 4th amendment, backdoors, nsa, ron wyden, surveillance
Companies: cisco, juniper
Comments on “Senator Wyden Wants To Know If The NSA Is Still Demanding Tech Companies Build Backdoors Into Their Products”
Sometimes silence speaks for itself
As the NSA would have no reason not to clearly say that they aren’t trying to pressure companies to slip in security vulnerabilities, and plenty of reasons to say so as they could really use the positive PR after getting caught with their hands in all the cookie jars thanks to Snowden the fact that they refuse to answer what is really a simple question is answer enough I’d say.
Re: Sometimes silence speaks for itself
I’m no fan of the NSA, but I have to disagree here. If you answer questions sometimes but refuse to answer questions other times, it lets other infer information, but if you refuse to answer any questions about anything then no one can infer information from your refusal to answer.
silence
yup, the NSA is wisely silent about dirty deeds — why confess?
"Senator Ron Wyden is still demanding the NSA answer questions about these programs" — which means his decades of previous demands have been successfully ignored.
Only Snowden succeeded.
Remember: When Senator Wyden asks a question publicly, it usually means he’s got a classified answer to it, and we are not going to like that answer.
Re: Re:
how do you know that to be true?
Even if a classified response is received it does not mean NSA actually answered the questions posed.
Re: Re: Re:
Not a response, frequently it’s a thing Wyden already knows before he asks the question. This is how it works, historically. Maybe try reading it again.
What about front doors?
Considering the persistent failure rate in tech is it even necessary for the NSA to ask?
Ollie North
They will just give the Oliver North answer…
I do not recall, Senator.
Re: Ollie North
The sun was in my eyes!
Wyden
Senator Wyden is the best damn member of congress, hands down. I wish more had his integrity and intelligence.
Senator Wyden
OK, he seems to have a lot of integrity and willingness to ask the hard questions. How do we make sure he keeps getting elected and doing such a great job? I, for one, hope he can stay around for a while and keep poking NSA and other to keep them straight. I don’t see many other doing it.
Thanks for the information https://www.omegle.ltd/
Hello everyone
I recently joined this forum and I found its very informative and knowledgeable.
Thanks for sharing this information.
Keep posting more. https://omegle.webcam/
I recently joined this meeting and found her exceptional education and competence.
It is a debt of gratitude for sharing this data.
Continue posting more. https://omegle.link/
Thanks a lot for the nice talk. https://omegle.site/