backtop


Print 27 comment(s) - last by Moishe.. on Jan 3 at 3:03 PM

NSA spying could wreak havoc on the national economy, cost the IT space $35-45 billion, creating a digital recession

The stuff of dystopian science fiction has become the reality that Americans are living in.  Newly published documents reveal the U.S. National Security Agency (NSA) is engaging in behavior that many Constitutional experts condemn as criminal.

I. No One is Safe From Those Who Claim to Protect Our Safety

To the NSA every American is a potential criminal.  So it uses techniques it borrowed from cybercriminals against every American.

Every American is a target.  Your data is mined.  It is "temporarily" stored for 15 years.  If you type a suspicious query in search engines or social networks, the NSA's autonomous attack system, targets you for deep attacks.  These deep attacks reportedly literally watch tens of thousands, if not millions of Americans via compromised webcams.

NSA spying
To the NSA we are all suspects. [Image Source: Nation of Change]

The NSA has all of this power under general warrants.  These warrants kill the Constitutional protection of due process.  Courts are replaced with secret courts.  Warrants are effectively eliminated, replaced in some cases with administrative rubber stamping, in other cases with nothing.

The NSA has admitted to violating the law "accidentally" thousands of times a year, but refuses to allow outside parties to inspect its behavior.  It won't even given special Congressional committees the full story on its tactics.  Agents have spied on former lovers.  And documents show the last two Presidents have spied on political rivals (including Quakers and Occupy Wall Street activists).

But the NSA documents reveal in Germany this week show there's more.

NSA Amazon and Newegg
The NSA routinely intercepts packages via programs like ANT, and implants inexpensive spy devices to spy on Americans.

What's more the NSA is implanting secret bugs in the electronics of thousands, if not tens of thousands of Americans, some of whom have been flagged by buggy autonomous profiling artificial intelligence algorithms.  It takes as little as 30 minutes to install some of the NSA's new wireless bugs (one of which uses a so call HOWLER MONKEY transmitter to fit into the victim's USB plug, with no visible profile).  And a bug costs as little as $20 USD. Reportedly the NSA has more than one facility devoted full time to installing bugs on intercepted American and foreign electronics.

II. Complicit or Victims?  Either Way the Sabotage Threatens to Create an American IT Industry Recession

Jacob Appelbaum, a University of Washington (UW) security research remarked in a weekend keynote:

That's a real interesting thing because it tells us that they understand that common wireless cards -- probably running Microsoft Windows, which is an American company -- that they know about vulnerabilities and they keep them secret to use them.  

This part of a constant theme of sabotaging and undermining American companies and American ingenuity. As an American, while generally not a nationalist I find this disgusting, especially as someone that writes free software and would like my tax dollars spent on improving these things. And when they know about them I don't want them to keep it a secret because all of us are vulnerable.  It's a really scary thing.

......

We're going to name a bunch of companies, because, basically f--k those guys for collaborating when they do and f--k them for leaving us vulnerable when they do.

And I mean that in the most loving way, because some of them are victims, actually.  It's important to note that we don't yet understand which is is which.  So it's important to name them so that they have to go on record.  So they have to say where they are.  And so that they can give us enough rope to hang themselves.  I really want that happen because it's important to note who collaborated and who didn't collaborate.

Jacob AppelbaumThe NSA can penetrate virtually any device and routinely does, says Mr. Appelbaum.

Indeed some companies like Yahoo! Inc. (YHOO) CEO Marissa Mayer implied that she and other executives were told that they would face criminal treason charges if they failed to comply.


Yahoo CEO Marissa Mayer implies she was told she would be charged with treason if she resisted the NSA's advances, advances that are now costing her company billions.[Image Source: NPR]

And there's good reason to believe that some American businesses would have been hesistant to cooperate given the damage that could occur -- and is occurring.  Industry experts say the spying revelations could cost American businesses $35-45B USD over the next three years. In Asia alone, sales were down $1.7B USD in Q3, as Asian customers turned to domestic options, wary of U.S. spying.  European customers are staying away from American products at a higher rate, as they belive they are untrustworthy.

For businesses who did not cooperate this is a nightmare.  They're watching Americans having paid for unregulated, unaccountable spy rings, given near limitless power and funding.

Nokia hundred dollar bill
The NSA considers trading freedom and economic success for security an acceptable deal.  With the IT industry set to lose $35-45B USD due to the spying tech leaders don't. [Image Source: U.S. Treasury]

They've watched as the biggest of these spy rings -- the NSA -- has turned against the American corporations, hacking them like a cybercriminal.  But the NSA is not just another cybercriminal.  It has a near limitless budget.  And its leader, retiring/resigning NSA Director, General Keith Alexander preached a message of "information dominance", unsatisfied until the NSA was capable of compromising every digital device and harvesting the data of every American.

It now appears that he achieved that goal at a great cost not only to American freedom, but the American economy.  Teetering on the brink of an IT recession, busineses aren't happy.


III. Microsoft Denies Involvement

Microsoft Corp.'s (MSFT) Windows error reports are being regularly intercepted by the NSA in order to perform automated attacks on U.S. and foreign victims.  One NSA agent found this amusing enough to create the image below (one of several inside images among agents joking with each other about spying on Americans), which he internally distributed.  The image was even included in an official document.

Microsoft
The NSA thinks compromising Americans' data is funny. [Image Source: Der Spiegel/Graham Cluley]

Microsoft did not find this alleged sabotage of its products as amusing as the NSA agents did.  It tells The Huffington Post:

Microsoft does not provide any government with direct or unfettered access to our customer's data.  We would have significant concerns if the allegations about government actions are true.

Microsoft gold sign
[Image Source: BGR]

Microsoft, along with Google Inc. (GOOG) and Yahoo, already has stated that it will be increasing encryption as it is forced to treat the U.S. government like the world's most well-funded cybercriminal enterprise.

IV. Apple Denies Involvement

Apple, Inc. (AAPL) responded to the NSA's claim that it could sabotage "any" iOS device (including iPhones and iPads) asserting that it was unaware of these attacks.

Apple

Comments an Apple spokesperson to All Things Digital:

Apple has never worked with the NSA to create a backdoor in any of our products, including iPhone. Additionally, we have been unaware of this alleged NSA program targeting our products.

Whenever we hear about attempts to undermine Apple's industry-leading security, we thoroughly investigate and take appropriate steps to protect our customers. We will continue to use our resources to stay ahead of malicious hackers and defend our customers from security attacks, regardless of who's behind them.

Newer SIM card attacks (like MONKEYCALENDAR) were also reportedly used to compromise Apple devices, in addition to DROPOUTJEEP.

V. Huawei Comments

William Plummer, vice president at beleaguered Chinese telecom OEM Huawei Technologies Comp. (SHE:002502), appreciated the irony of the situation.  His company had lost customers in 2012 after a U.S. House Select Committee on Intelligence suggested that Huawei's products might be compromised by Chinese hackers.  A White House report later concluded that had not happened, but by then damage had been done and a cloud hung over Huawei.

Huawei

But in a wicked twist now Huawei finds itself again target, this time over revelations that the U.S. was using precisely the kind of sabotage and backdoors that it offer unprovene innuendo about the Chinese doing.  Mr. Plummer says that Huawei is working to close these holes, implying in an interview with Wired that they weren't intentional.  He states:

We read the media reports, and we’ve noted the references to Huawei and our peers.  As we have said, over and over again — and as now seems to be validated — threats to networks and data integrity can come from any and many sources.

VI. Cisco Vows to Protect Customers Against the NSA, Denies Involvement

Cisco Systems, Inc.'s (CSCO) offers perhaps the most convincing and impassioned response to the claims. 

Cisco logo

Its senior vice president and chief security officer, John Stewart wrote a lengthy and blog post on the topic, making it clear the Cisco does not tolerate these kind of actions, and while unaware of it would now be investigating the NSA attacks, just like any other criminal attack.  Mr. Stewart writes:

An article was published in Der Spiegel today about the alleged capabilities of the United States National Security Agency (NSA) Tailored Access Operations (TAO) organization. The article says that TAO “exploits the technical weaknesses” of Information Technology products from numerous companies, and mentions Cisco. We are deeply concerned with anything that may impact the integrity of our products or our customers’ networks and continue to seek additional information.

We are committed to avoiding security issues in our products, and handling issues professionally when they arise. Our Trustworthy Systems initiatives, Cisco Secure Development Lifecycle, Cisco Common Crypto models, and Product Security Incident Response Team (PSIRT) and Vulnerability Disclosure policies are all industry-leading examples of our commitment to our customers. This is central to how we earn and maintain trust.

At this time, we do not know of any new product vulnerabilities, and will continue to pursue all avenues to determine if we need to address any new issues. If we learn of a security weakness in any of our products, we will immediately address it.

As we have stated prior, and communicated to Der Spiegel, we do not work with any government to weaken our products for exploitation, nor to implement any so-called security ‘back doors’ in our products.
UPDATE 1: Customers seeking additional information may refer to the Cisco Security Response.

VII. Dell Responds

Dell faced harsh criticism for "accidentally" leaving holes in its hardware.  It appears that security researchers were among those targeted in the wild with the exploit.  One irate researcher blasted Dell's "Dell Cares" service team's "apology" for cooperating with the government.
Dell Pow

Dell later clarified that the apology was an admission that it cooperated with the NSA writing to CRN:

[We don't collude with] any government — United States or otherwise — to compromise our products.We take very seriously any issue that may impact the integrity of our products or customer security.  Should we become aware of a possible vulnerability in any of Dell’s products we will communicate with our customers in a transparent manner as we have done in the past.

VIII. HP Claims It Wasn't Compromised

A spokesperson for Hewlett-Packard Comp. (HPQ) tells The Desk:

[HP has] no reason to believe that the HP ProLiant G5 server mentioned was ever compromised as suggested in the (Der Spiegel) article.
HP Proliant
The server was specifically mentioned as an option for implants by the NSA.  HP did not explain how it is so sure the servers have never been attacked, stating:

HP’s privacy and security policies are quite clear; we do not knowingly develop products to include security vulnerabilities.  We are also active in testing and updating our products regularly to eliminate threats and make our products more secure. HP takes the privacy and security of our customer information with great seriousness. We will continue to put in place measures to keep our customers’ information confidential and secure.

IX. Juniper is "Actively" Investigating Claims

Juniper Networks, Inc. (JNPR) told USA Today:

Juniper Networks recently became aware of, and is currently investigating, alleged security compromises of technology products made by a number of companies, including Juniper.  We take allegations of this nature very seriously and are working actively to address any possible exploit paths. [If necessary, we will] work closely with customers to ensure they take any mitigation steps.

 
Juniper Networks
Juniper Networks denies knowledge of NSA spying, and says it is investigating the possible breach.

X. Western Digital, et al.

Hard drive maker Western Digital Corp. (WDC) tells Legit Reviews:

Western Digital has no knowledge of, nor has it participated in the development of technology by government entities that create ‘implants’ on Western Digital hard drives, as Der Spiegel described.

Western Digital

I have reached out to Seagate Technology PLC (STX) (and its Maxtor brand) and Samsung Electronics Comp., Ltd. (KSC:005930) as I was unable to locate comments from them.

Sources: All Things Digital [Apple comment], Wired [Huawei comment], Cisco, The Huffington Post [Microsoft comment]



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

...
By shabby on 1/1/2014 4:12:55 PM , Rating: 5
Is anyone actually expecting publicly traded companies to say "yes we helped the nsa spy on our customers"? They're going to deny it until they turn blue.




RE: ...
By danjw1 on 1/1/2014 4:43:50 PM , Rating: 2
Well, yes. But, if later leaks show explicitly that they did help, then that would be even worse. I doubt the lawyers would allow them to make statements that they knew were untrue, since there are implications of securities fraud. Now, it is very possible that the NSA bribed or blackmailed employees into helping them without the companies knowledge.


RE: ...
By hughlle on 1/1/2014 5:36:40 PM , Rating: 5
Which might be why statements such as this are made

"Western Digital has no knowledge of, nor has it participated in the development of technology by government entities that create ‘implants’ on Western Digital hard drives, as Der Spiegel described."

take the UK phone hacking thing, the chiefs were saying they had no knowledge, and some of them could say this truthfully, despite it occuring, but their statements were none the less true, or alternatively, the statement "I have no knowledge of my staff stealing stationary" does not mean that they aren't doing it. And it could also be agreed that WD did not participate in the development of the technology that allowed spying, but that doesn't mean it wasn't created solely by the government and implemented though. Why should WD stating they did not participate in the development of the technology prove that the technology wasn't at some stage implemented?


RE: ...
By michael67 on 1/1/2014 10:16:47 PM , Rating: 2
Belgacom the former Belgium state telephone company is all ready months busy trying to getting rid of hacks in there backbone routers, placed by the GCHQ the British NSA counterpart and patsy and also partner in crime.

It lost business contracts in former colonies because of it, and has spend millions on hiring specialist.

Wonder who is going to pay that bill.

A example of the fear of the NSA and Patriot Act:
The AMS-IX (Amsterdam Internet Exchange) the biggest fasted and cheapest Internet Exchange in the world, wanted to branch out to the US, but this encountered strong opposition from the members and owners of AMS-IX, as they feared that by opening a US branch they open up them self to the risk of mandatory secret cooperation with the NSA on the bases that they then in the EU would be also falling under Patriot Act.

Only after compelling the US branch from the EU branch and insurance from a independent lawyer that the risk was minimal, was there a small majority voting to go a head, as most members of the AMS-IX fled to Amsterdam because they did not trust the US or UK with there right of privacy and secure information exchange wile doing business.

And this was all even before Snowden released information, wonder if the go ahead vote would have been casted now again.

As i said before, behaving only on self interest will get you big short term gains, but as the US has bin doing selfish things like this from the 50s, people will wake up, as information digital age is unstoppable, people see what things the NSA and CIA have done for decades in the name of the American (and British) people.

But as there was never solid proof only rumors, most people claimed ignorance.

And if US and UK business is going to lose market share over this, its well deserved, as most Americans and British voted the people in, who tolerated this behavior.

Still wondering why there ware no people at the NSA (and CIA/US Government) that ware smart enough to do any risk analysis of the blow back risk.


RE: ...
By ritualm on 1/1/2014 10:54:21 PM , Rating: 2
quote:
Still wondering why there ware no people at the NSA (and CIA/US Government) that ware smart enough to do any risk analysis of the blow back risk.

Theoretically, they can.

However, the primary goal of the NSA currently is to get that information. How it obtains that information and what to do with it are meaningless and irrelevant.

The folks who do blowback risk analysis would eventually find themselves by their bosses on the wrong side of the fence. Rather than being the hunters, they become the hunted, delayed only by the lack of information sharing between the various US intelligence branches (e.g. one of Snowden's former bosses raised a red flag, but nobody paid attention). Very few people would dare commit professional "suicide" this way and do the right thing.


RE: ...
By michael67 on 1/2/2014 12:51:05 AM , Rating: 2
quote:
However, the primary goal of the NSA currently is to get that information. How it obtains that information and what to do with it are meaningless and irrelevant.

It became real meaningful and real relevant real fast do.

Whats properly even worse for the US is, is all the other skeletons that manly the CIA has left over the past 6~7 decades, and people have sorta know about, but are gone look at more closely.

Not that its gone make headlines, but something more in the back of there mind.


RE: ...
By Reclaimer77 on 1/2/2014 2:27:22 PM , Rating: 3
quote:
Now, it is very possible that the NSA bribed or blackmailed employees into helping them without the companies knowledge.


The NSA doesn't have to do that. It's basically a crime to NOT allow the NSA to do whatever they want under the guise of "national security". And that to not cooperate puts you at risk of a whole crapload of scary and federal-level offenses to which people get thrown in very dark damp holes and are never seen from again.

People seem to have this romantic notion that we live in a country where the people running these corporations are actually given a choice. And that saying "no" is even an option. Trust me, it's not.


RE: ...
By Moishe on 1/3/2014 2:51:58 PM , Rating: 2
Frankly, the only smart choice is to deny because the NSA will not admit it nor will the manufacturer... So the only chance of it being proven will come through leaked documents, which are unlikely.


RE: ...
By Monkey's Uncle on 1/2/2014 11:11:06 AM , Rating: 2
"Hello Everyone!!

I'm the CEO of Dell Computer. I hope you all had a very happy new year.

I went out of my way to let the NSA plant spying devices in all my server hardware!

Please sell all your DELL stock now because I will be out of business next week.'

Thank you
Michael S, Dell"


RE: ...
By maugrimtr on 1/3/2014 8:31:57 AM , Rating: 2
Doesn't work like that. If Dell admitted that the NSA served them with a (secret court) order to install certain electronic devices, then the boat would be sunk for HP, Cisco, etc. If one got an order, so did the others... You'd get a short term drop in Dell's stock relative to its competitors but they'd all sink as one once reality set into analysts' minds.

And we were worried about the Chinese hacking?


RE: ...
By fic2 on 1/2/2014 3:17:58 PM , Rating: 2
Reporter: Did your company cooperate with the NSA to allow data collection using your hardware/software?
'Merikun Company: The NSA has told us to say we did not work with them.


RE: ...
By milktea on 1/2/2014 4:02:15 PM , Rating: 2
Why am I not surprised that all our cellphones have all been bugged?


RE: ...
By Monkey's Uncle on 1/2/2014 6:28:06 PM , Rating: 2
Well, yeah.

You really didn't expect that anything you do with a smartphone is private did you? After all the nude selfies on Scarlet Johansson's phone wound up on the net didn't they? I bet the NSA got them before the poor schmuck that took the fall for hacking her phone did.


Where's Wally ?
By mike66 on 1/1/2014 8:07:06 PM , Rating: 2
Did anyone note that IBM seem's to be missing from the list, Our government here (Aussie) use them extensively for all our infrastructure. Sure local terminals will be Dell and such but the back of house stuff is IBM.
I could go on about some of the security hardware built into the old (for protection not a NSA slave) PowerPC infrastructure but you never no who may be watching.
P.S. Get yourself an old G3 mac and live free.




RE: Where's Wally ?
By superstition on 1/2/2014 5:07:28 AM , Rating: 3
Even small e-mail providers have been targeted. Everything is being targeted. Did you see the last article? They're putting vulnerabilities into Solaris and FreeBSD. If you think IBM is immune you're wrong. Also, I definitely doubt your old Apple G3 isn't compromised.


RE: Where's Wally ?
By mike66 on 1/2/14, Rating: -1
RE: Where's Wally ?
By ritualm on 1/2/2014 4:10:19 PM , Rating: 2
If the NSA can crack x86, it already knows how to crack PowerPC.

Apple wasn't unhackable. All it had was security by obscurity - it worked only for as long as it's not popular outside its own closed circle. The PowerPC architecture is still used today, just not on computers, and it is as vulnerable - if not more - as x86 and ARM.

Epic fail.


RE: Where's Wally ?
By mike66 on 1/2/2014 9:27:43 PM , Rating: 1
I won't get into it but you have no idea. How the hell are you going to run your CISC code on my RISC based system. All this rubbish with viral attack and hacking is happening on CISC systems,even the privileged ring system in the hardware is different. This falls under the "the more complex a system - the more vulnerable it is to primitive attack.
quote:
The PowerPC architecture is still used today,

yep, sure is and it's different from what it was, it evolved to service different environments and needs.


RE: Where's Wally ?
By michael67 on 1/2/2014 9:57:41 PM , Rating: 2
You ever heard of Java, Ruby or other languishes like it?, they are platform independence, and if there is a weakness in how they run code, you can have a cross platform hack.
http://www.computerworld.com/s/article/110330/Kasp...

And if criminals, vandals and hackers can do it, what you think the NSA with its unlimited budget can do?

You dont have to be close to the architecture anymore to hack a system.
Like Winx86 and WinRT run many of the same programs, are they not totally different hardware to?

Your thinking is about 10 years behind the facts, and that's even more dangerous the the hackers them self.
That's like saying i am not gay so i cant get aids! O_0


RE: Where's Wally ?
By mike66 on 1/3/2014 6:16:20 AM , Rating: 1
Java is a problem and has been used extensively for this sort of thing, I get that, but at the end of the day securities biggest failure is stopping some numpty from clicking on that exec. Penetration from the web is wear my system wins big time time, call me paranoid but I don't have wifi connected to any of my PC's, the only way to get at my lan is physically, my surfing PC is a PowerPC behind a PowerPC firwall. I won't tell the rest of the measures but so far after 5 years no intrusions have been successful (plenty have tried). I have windows boxes running on my lan but they require constant monitoring and do pick up some nasty stuff sometimes(mostly keyloggers) I'm not saying everything is perfect but it's as hardened as possible.


RE: Where's Wally ?
By Moishe on 1/3/2014 2:54:02 PM , Rating: 2
They target the backbone, which gathers all data. They also target the endpoint devices. So either your device is giving you up, or they'll capture it on the backbone.

It's a net that catches everything, all the time.


By inperfectdarkness on 1/3/2014 1:54:01 AM , Rating: 2
I don't really know how far the NSA's reach of influence extends. I'm positive they can spy on whomever they want...but I don't know if they possess the capability to strong-arm a company that doesn't really have any footprint in the USA.




By roykahn on 1/3/2014 5:34:35 AM , Rating: 2
quote:
I don't know if they possess the capability to strong-arm a company


You bring up an interesting issue. I would say it depends if a company is willing to be represented by Hellboy.
http://matthias-schlitte.de/en/


By Moishe on 1/3/2014 3:03:28 PM , Rating: 2
Why not?

If they collect all emails for my company, internal and external, how many trade secrets and how much dirt do you think exists just waiting to be exploited?

They might not have the time to examine all information, but it does provide the "whack-a-mole" hammer. When need arises, the info is already there and able to be used.


I Would Merely Note...
By mmatis on 1/2/2014 8:59:59 AM , Rating: 4
that Gibson Guitars was simply a warning to US companies of what the FedPigs can and would do to ANYONE they want, over even the most picayune perceived offense. Thank your fine friends in "Law Enforcement" at ALL levels, for they are the enablers for this treason. In direct violation of their very oaths of office to the Constitution. And for those fine "Law Enforcement" types who scream "I DIDN'T DO IT!!!", you are their enablers. Without you and your support, they could NOT commit their treason for they would soon be dead.




Introducing....
By EasyC on 1/3/2014 9:55:41 AM , Rating: 3
The revolutionary and magical spiPhone and spiPad!




Responses coming straight from..
By ie5x on 1/2/2014 8:57:09 AM , Rating: 2
... NSA's anti-allegation response 101 http://www.wired.com/threatlevel/2012/03/nsa-whist...




“So far we have not seen a single Android device that does not infringe on our patents." -- Microsoft General Counsel Brad Smith














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki