backtop


Print

NSA spying could wreak havoc on the national economy, cost the IT space $35-45 billion, creating a digital recession

The stuff of dystopian science fiction has become the reality that Americans are living in.  Newly published documents reveal the U.S. National Security Agency (NSA) is engaging in behavior that many Constitutional experts condemn as criminal.

I. No One is Safe From Those Who Claim to Protect Our Safety

To the NSA every American is a potential criminal.  So it uses techniques it borrowed from cybercriminals against every American.

Every American is a target.  Your data is mined.  It is "temporarily" stored for 15 years.  If you type a suspicious query in search engines or social networks, the NSA's autonomous attack system, targets you for deep attacks.  These deep attacks reportedly literally watch tens of thousands, if not millions of Americans via compromised webcams.

NSA spying
To the NSA we are all suspects. [Image Source: Nation of Change]

The NSA has all of this power under general warrants.  These warrants kill the Constitutional protection of due process.  Courts are replaced with secret courts.  Warrants are effectively eliminated, replaced in some cases with administrative rubber stamping, in other cases with nothing.

The NSA has admitted to violating the law "accidentally" thousands of times a year, but refuses to allow outside parties to inspect its behavior.  It won't even given special Congressional committees the full story on its tactics.  Agents have spied on former lovers.  And documents show the last two Presidents have spied on political rivals (including Quakers and Occupy Wall Street activists).

But the NSA documents reveal in Germany this week show there's more.

NSA Amazon and Newegg
The NSA routinely intercepts packages via programs like ANT, and implants inexpensive spy devices to spy on Americans.

What's more the NSA is implanting secret bugs in the electronics of thousands, if not tens of thousands of Americans, some of whom have been flagged by buggy autonomous profiling artificial intelligence algorithms.  It takes as little as 30 minutes to install some of the NSA's new wireless bugs (one of which uses a so call HOWLER MONKEY transmitter to fit into the victim's USB plug, with no visible profile).  And a bug costs as little as $20 USD. Reportedly the NSA has more than one facility devoted full time to installing bugs on intercepted American and foreign electronics.

II. Complicit or Victims?  Either Way the Sabotage Threatens to Create an American IT Industry Recession

Jacob Appelbaum, a University of Washington (UW) security research remarked in a weekend keynote:

That's a real interesting thing because it tells us that they understand that common wireless cards -- probably running Microsoft Windows, which is an American company -- that they know about vulnerabilities and they keep them secret to use them.  

This part of a constant theme of sabotaging and undermining American companies and American ingenuity. As an American, while generally not a nationalist I find this disgusting, especially as someone that writes free software and would like my tax dollars spent on improving these things. And when they know about them I don't want them to keep it a secret because all of us are vulnerable.  It's a really scary thing.

......

We're going to name a bunch of companies, because, basically f--k those guys for collaborating when they do and f--k them for leaving us vulnerable when they do.

And I mean that in the most loving way, because some of them are victims, actually.  It's important to note that we don't yet understand which is is which.  So it's important to name them so that they have to go on record.  So they have to say where they are.  And so that they can give us enough rope to hang themselves.  I really want that happen because it's important to note who collaborated and who didn't collaborate.

Jacob AppelbaumThe NSA can penetrate virtually any device and routinely does, says Mr. Appelbaum.

Indeed some companies like Yahoo! Inc. (YHOO) CEO Marissa Mayer implied that she and other executives were told that they would face criminal treason charges if they failed to comply.


Yahoo CEO Marissa Mayer implies she was told she would be charged with treason if she resisted the NSA's advances, advances that are now costing her company billions.[Image Source: NPR]

And there's good reason to believe that some American businesses would have been hesistant to cooperate given the damage that could occur -- and is occurring.  Industry experts say the spying revelations could cost American businesses $35-45B USD over the next three years. In Asia alone, sales were down $1.7B USD in Q3, as Asian customers turned to domestic options, wary of U.S. spying.  European customers are staying away from American products at a higher rate, as they belive they are untrustworthy.

For businesses who did not cooperate this is a nightmare.  They're watching Americans having paid for unregulated, unaccountable spy rings, given near limitless power and funding.

Nokia hundred dollar bill
The NSA considers trading freedom and economic success for security an acceptable deal.  With the IT industry set to lose $35-45B USD due to the spying tech leaders don't. [Image Source: U.S. Treasury]

They've watched as the biggest of these spy rings -- the NSA -- has turned against the American corporations, hacking them like a cybercriminal.  But the NSA is not just another cybercriminal.  It has a near limitless budget.  And its leader, retiring/resigning NSA Director, General Keith Alexander preached a message of "information dominance", unsatisfied until the NSA was capable of compromising every digital device and harvesting the data of every American.

It now appears that he achieved that goal at a great cost not only to American freedom, but the American economy.  Teetering on the brink of an IT recession, busineses aren't happy.


III. Microsoft Denies Involvement

Microsoft Corp.'s (MSFT) Windows error reports are being regularly intercepted by the NSA in order to perform automated attacks on U.S. and foreign victims.  One NSA agent found this amusing enough to create the image below (one of several inside images among agents joking with each other about spying on Americans), which he internally distributed.  The image was even included in an official document.

Microsoft
The NSA thinks compromising Americans' data is funny. [Image Source: Der Spiegel/Graham Cluley]

Microsoft did not find this alleged sabotage of its products as amusing as the NSA agents did.  It tells The Huffington Post:

Microsoft does not provide any government with direct or unfettered access to our customer's data.  We would have significant concerns if the allegations about government actions are true.

Microsoft gold sign
[Image Source: BGR]

Microsoft, along with Google Inc. (GOOG) and Yahoo, already has stated that it will be increasing encryption as it is forced to treat the U.S. government like the world's most well-funded cybercriminal enterprise.

IV. Apple Denies Involvement

Apple, Inc. (AAPL) responded to the NSA's claim that it could sabotage "any" iOS device (including iPhones and iPads) asserting that it was unaware of these attacks.

Apple

Comments an Apple spokesperson to All Things Digital:

Apple has never worked with the NSA to create a backdoor in any of our products, including iPhone. Additionally, we have been unaware of this alleged NSA program targeting our products.

Whenever we hear about attempts to undermine Apple's industry-leading security, we thoroughly investigate and take appropriate steps to protect our customers. We will continue to use our resources to stay ahead of malicious hackers and defend our customers from security attacks, regardless of who's behind them.

Newer SIM card attacks (like MONKEYCALENDAR) were also reportedly used to compromise Apple devices, in addition to DROPOUTJEEP.

V. Huawei Comments

William Plummer, vice president at beleaguered Chinese telecom OEM Huawei Technologies Comp. (SHE:002502), appreciated the irony of the situation.  His company had lost customers in 2012 after a U.S. House Select Committee on Intelligence suggested that Huawei's products might be compromised by Chinese hackers.  A White House report later concluded that had not happened, but by then damage had been done and a cloud hung over Huawei.

Huawei

But in a wicked twist now Huawei finds itself again target, this time over revelations that the U.S. was using precisely the kind of sabotage and backdoors that it offer unprovene innuendo about the Chinese doing.  Mr. Plummer says that Huawei is working to close these holes, implying in an interview with Wired that they weren't intentional.  He states:

We read the media reports, and we’ve noted the references to Huawei and our peers.  As we have said, over and over again — and as now seems to be validated — threats to networks and data integrity can come from any and many sources.

VI. Cisco Vows to Protect Customers Against the NSA, Denies Involvement

Cisco Systems, Inc.'s (CSCO) offers perhaps the most convincing and impassioned response to the claims. 

Cisco logo

Its senior vice president and chief security officer, John Stewart wrote a lengthy and blog post on the topic, making it clear the Cisco does not tolerate these kind of actions, and while unaware of it would now be investigating the NSA attacks, just like any other criminal attack.  Mr. Stewart writes:

An article was published in Der Spiegel today about the alleged capabilities of the United States National Security Agency (NSA) Tailored Access Operations (TAO) organization. The article says that TAO “exploits the technical weaknesses” of Information Technology products from numerous companies, and mentions Cisco. We are deeply concerned with anything that may impact the integrity of our products or our customers’ networks and continue to seek additional information.

We are committed to avoiding security issues in our products, and handling issues professionally when they arise. Our Trustworthy Systems initiatives, Cisco Secure Development Lifecycle, Cisco Common Crypto models, and Product Security Incident Response Team (PSIRT) and Vulnerability Disclosure policies are all industry-leading examples of our commitment to our customers. This is central to how we earn and maintain trust.

At this time, we do not know of any new product vulnerabilities, and will continue to pursue all avenues to determine if we need to address any new issues. If we learn of a security weakness in any of our products, we will immediately address it.

As we have stated prior, and communicated to Der Spiegel, we do not work with any government to weaken our products for exploitation, nor to implement any so-called security ‘back doors’ in our products.
UPDATE 1: Customers seeking additional information may refer to the Cisco Security Response.

VII. Dell Responds

Dell faced harsh criticism for "accidentally" leaving holes in its hardware.  It appears that security researchers were among those targeted in the wild with the exploit.  One irate researcher blasted Dell's "Dell Cares" service team's "apology" for cooperating with the government.
Dell Pow

Dell later clarified that the apology was an admission that it cooperated with the NSA writing to CRN:

[We don't collude with] any government — United States or otherwise — to compromise our products.We take very seriously any issue that may impact the integrity of our products or customer security.  Should we become aware of a possible vulnerability in any of Dell’s products we will communicate with our customers in a transparent manner as we have done in the past.

VIII. HP Claims It Wasn't Compromised

A spokesperson for Hewlett-Packard Comp. (HPQ) tells The Desk:

[HP has] no reason to believe that the HP ProLiant G5 server mentioned was ever compromised as suggested in the (Der Spiegel) article.
HP Proliant
The server was specifically mentioned as an option for implants by the NSA.  HP did not explain how it is so sure the servers have never been attacked, stating:

HP’s privacy and security policies are quite clear; we do not knowingly develop products to include security vulnerabilities.  We are also active in testing and updating our products regularly to eliminate threats and make our products more secure. HP takes the privacy and security of our customer information with great seriousness. We will continue to put in place measures to keep our customers’ information confidential and secure.

IX. Juniper is "Actively" Investigating Claims

Juniper Networks, Inc. (JNPR) told USA Today:

Juniper Networks recently became aware of, and is currently investigating, alleged security compromises of technology products made by a number of companies, including Juniper.  We take allegations of this nature very seriously and are working actively to address any possible exploit paths. [If necessary, we will] work closely with customers to ensure they take any mitigation steps.

 
Juniper Networks
Juniper Networks denies knowledge of NSA spying, and says it is investigating the possible breach.

X. Western Digital, et al.

Hard drive maker Western Digital Corp. (WDC) tells Legit Reviews:

Western Digital has no knowledge of, nor has it participated in the development of technology by government entities that create ‘implants’ on Western Digital hard drives, as Der Spiegel described.

Western Digital

I have reached out to Seagate Technology PLC (STX) (and its Maxtor brand) and Samsung Electronics Comp., Ltd. (KSC:005930) as I was unable to locate comments from them.

Sources: All Things Digital [Apple comment], Wired [Huawei comment], Cisco, The Huffington Post [Microsoft comment]





"I want people to see my movies in the best formats possible. For [Paramount] to deny people who have Blu-ray sucks!" -- Movie Director Michael Bay






Most Popular ArticlesASRock Z370 Killer – Powerful VR Ready Motherboard
November 30, 2017, 7:15 AM
Comcast xFi Advanced Gateway Modem/Router
December 6, 2017, 6:30 AM
OnePlus 5T - Star Wars Limited Edition
December 3, 2017, 6:35 AM
Harman Kardon – Home Speaker with Cortana
December 5, 2017, 5:55 AM
Samsung Galaxy A8+ - Leaked Images Online
December 2, 2017, 9:20 AM







botimage
Copyright 2017 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki