Allegations that the NSA installed surveillance tools in U.S.-made network equipment, if true, could mean enterprises have more to worry about than just government spying. <\/p>\n
While the U.S. government warned router buyers that the Chinese government might spy on them through networking gear made in China, the U.S. National Security Agency was doing that very thing, according to a report in the Guardian newspaper Monday. <\/p>\n
The NSA physically intercepted routers, servers and other network equipment and installed surveillance tools before slapping on a factory seal and sending the products on to their destinations, according to the report, which is extracted from an upcoming book by Glenn Greenwald, a journalist who last year helped expose sensitive documents uncovered by former NSA contractor Edward Snowden. <\/p>\n
With the tools it installs, the NSA can gain access to entire internal networks, the story said. For example, in a report on its use of the technology, the NSA said an embedded beacon was able to call back to the agency and provided us access to further exploit the device and survey the network, Greenwald wrote. <\/p>\n
The new charge vastly expands the scope of alleged NSA spying beyond the interception of traffic across the Internet, said Ranga Krishnan, a technology fellow at the Electronic Frontier Foundation. As an example, he pointed to reports from the Snowden documents that the NSA had tapped into Googles own fiber network among its data centers, where the company hadnt encrypted the traffic at all. <\/p>\n
Thats how most organizations function, Krishnan said. So once youre within the companys router, you have access to all that data thats unencrypted. <\/p>\n
In addition, any security hole that a government installs could open up the network to attacks by others, he added. <\/p>\n
If you have made something vulnerable ... somebody else could discover that and very well use it, Krishnan said. <\/p>\n
The House Intelligence Committee and other arms of the U.S. government have warned for years that networking equipment from vendors in China, namely Huawei Technologies and ZTE, poses a threat to U.S. service providers because of possible links between those companies and the Chinese government. <\/p>\n
Specifically, critics have raised alarms that the government could install backdoor surveillance tools in the gear they sell, giving Chinese spies access to communications in the U.S. Those warnings reportedly have held back Huawei and ZTEs sales in the U.S. The companies have said their equipment is safe. <\/p>\n
<\/p>\n