Every 'Threat' The NSA Spreads FUD About Seems To Be Something The NSA Itself Is Actually Doing

from the i-guess-they-would-know... dept

Fri, Jan 3rd 2014 10:31am — Mike Masnick

Nearly a year ago, well before all the Snowden leaks, we had a discussion about how, for all the talk from Keith Alexander about how the US was facing "unprecedented cyberattacks" that might bring about a "cyber Pearl Harbor," in reality, it appeared that the real global threat to computer systems was... the US government itself, via Keith Alexander's "US Cyber Command," which had, by far, the most sophisticated and advanced digital attack unit and wasn't afraid to use it. In fact, the US government seems to think it has incredibly broad powers to attack digitally. Of course, the nature of those attacks have become a lot more clear lately. And, as a part of that, one thing that's becoming clear: every time you hear a scary story about a kind of attack that some foreigners might do, you can pretty much guarantee: the NSA has already done it.

You may recall that, late in 2012, the House Intelligence Committee, led by dishonest NSA defender Rep. Mike Rogers, put out a report claiming that Americans should not use networking equipment made by Huawei, the Chinese networking giant, hinting that the company might be inserting backdoors and spyware into the equipment for the Chinese government. Huawei -- which had actually previously publicly asked the US government to investigate it to prove that such claims were false -- was not at all pleased about this, claiming that the whole thing was libelous and "utterly lacking in substance." A month ago, Huawei suggested that it was going to just ditch the US market because of all of this.

And yet... the recent NSA revelations about its technical capabilities to backdoor various hardware products showed that it's actually the NSA which has backdoors in Huawei's equipment. That doesn't foreclose the possibility that the Chinese have hacked it as well, but it sure looks ridiculous. As the Wired article linked above summarizes: "US to China: We hacked your internet gear we told you not to hack." This certainly plays into the hands of the Chinese, who have long argued that the attack on Huawei by Mike Rogers and friends was really just an attempt to pump up US-based competitors like Cisco (whose products the NSA has also apparently compromised).

And then there's the whole "BIOS" attack thing. You may recall that the big "scoop" in the hilariously lopsided 60 Minutes infomercial for the NSA by John Miller (a counterterrorism official pretending to be a journalist), was that there was some scary foreign threat out there from another country that was going to "infect the BIOS" of every computer on earth and turn them all into bricks. Experts pointed out that the claims were pure gibberish.

Except in that same report about the NSA's technical capabilities came the news that it's the NSA that is installing malware in the BIOS. As Marcy Wheeler notes:

Most fearmongering claims the NSA makes may well be projection about its own activities.

None of this means that others (and the finger is usually pointed at the Chinese) aren't doing the same sorts of things themselves. But it sure does seem pretty hypocritical to go around fearmongering about the things that we, ourselves, are doing.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: bios, china, cyberattacks, fud, nsa, threats
Companies: huawei

28 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Anonymous Coward, 3 Jan 2014 @ 10:36am

Who better to explain what the enemy is up to than the enemy itself.
[ link to this | view in chronology ]
Anonymous Coward, 3 Jan 2014 @ 10:42am

I wonder how much the NSA pays their terrorist?
[ link to this | view in chronology ]
Glen, 3 Jan 2014 @ 10:51am

That reminds me of the Cold War days. The old has become new again.
[ link to this | view in chronology ]
- jupiterkansas (profile), 3 Jan 2014 @ 11:57am
  
  Re:
  You think all those people employed during the Cold War just went away? The Cold War/War on Terror is their career.
  [ link to this | view in chronology ]
John Fenderson (profile), 3 Jan 2014 @ 10:51am

I noticed this years ago
Starting with 9/11, although I'm certain that's just when I started noticing it, not when it started happening, it turned out that pretty much every single thing that we were being told we should fear from the "others" (be they Middle-easterners, liberals, antiwar activists, whatever) were things that those doing the fear mongering were themselves doing.

It's a handy tell. If you just assume that when someone in power says to be afraid of something they themselves are doing it, you'll be right far more often than you'll be wrong.
[ link to this | view in chronology ]
anonymouse, 3 Jan 2014 @ 10:58am

LOL
The US tried to get network admins to purchase US equipment by lying about Huawei. Now the US companies that had a boost becasue the governemetn lied on their behalf are not going to lose any advantage they had. In one way i am hoping that the US manages to get the laws in place to allow Huawei to sue the American government for doing what they did to actively destroy Huawei's name even though they were doing worse.
[ link to this | view in chronology ]
- John Fenderson (profile), 3 Jan 2014 @ 11:04am
  
  Re: LOL
  Apparently, the US was being honest when they said that Huawei's equipment was compromised. What they lied about was who did the compromising.
  [ link to this | view in chronology ]
  - Anonymous Coward, 3 Jan 2014 @ 11:56am
    
    Re: Re: LOL
    If there is a backdoor of any kind it can and will be exploited by anyone.
    
    Maybe Mike Rogers knew that the Chinese had discovered the backdoors that the NSA implanted into Huawei hardware.
    [ link to this | view in chronology ]
- Jerrymiah, 3 Jan 2014 @ 12:32pm
  
  Re: NSA spreds FUD
  I think the United Nations should setup a Tribunal to fight all that NSA shit and assist those that been wronged by the US in suing the US government in an international court.
  [ link to this | view in chronology ]
  - btrussell (profile), 5 Jan 2014 @ 1:28am
    
    Re: Re: NSA spreds FUD
    I'd rather sue those responsible as opposed to every American.
    [ link to this | view in chronology ]
- akp (profile), 3 Jan 2014 @ 1:48pm
  
  Re: LOL
  It's almost a good outcome, actually.
  
  Once US companies start losing money because of all this, they'll start putting their massive lobbying dollars to work.
  
  They may not care about the privacy of the average American, but they sure as hell care about their company reputation and bottom line.
  [ link to this | view in chronology ]
Anonymous Coward, 3 Jan 2014 @ 11:04am

If we do it, it's defending freedom. If they do it, it's because they are a totalitarian government.
[ link to this | view in chronology ]
Anonymous Coward, 3 Jan 2014 @ 11:08am

Actually, I think the Chinese companies are a bit more creative. For example the SpamBot teapot: Register /s

In all reality though, Huawei makes some pretty crappy home routers, but so does a lot of vendors. I.E. recent example of chipset flaw in Linksys, Netgear, etc routers: GitHub

What I really think is happening, is that DoD is pen testing various products for flaws. Instead of doing the right thing and reporting the issues to the vendors, they are basically criminal scum using the hacks to wreak havoc on other people's equipment. This, of course, is leaving every US entity also using the equipment vulnerable to attack and thus creating their own problems.
[ link to this | view in chronology ]
Anonymous Coward, 3 Jan 2014 @ 11:22am

Next they are going to warn us about evil countries out there that torturing people, or killing dozens of innocents at once with their attacks.
[ link to this | view in chronology ]
Applesauce, 3 Jan 2014 @ 11:23am

NSA: enemy of America
By installing backdoors everywhere, the NSA has materially and deliberately sabotaged the security of the nation's cyber infrastructure.
This damage is potentially catastrophic.
NSA assumes that only they know about those backdoors.
This is obviously a reckless assumption.
1. Insiders like Snowdon (but more mercenary) can (and will) resell these exploits to the PLA and the Russian Mafia for $.
2. Recall Robert Hanssen. For 22 years he was a paid Russian agent while being responsible for finding Russian agents. He would have had knowledge of these backdoors and therefore so would the GRU.
3. Aldrich Aimes.
4. Christopher John Boyce.
None of these guys are isolated players. It would be stupfyingly naive to think no one in the upper ranks of the NSA hasn't been compromised.
The reason why the USA won the cold war despite the Russians having all our secrets was that our economy was stronger than theirs.
The NSA's obsession with secrets is a waste of time. By damaging our infrastructure and our cyber industries, the economy of the USA and the whole country has been seriously impaired and we are less likely to win the next cold war.
You think there won't be a next cold war? Don't bet on it.
[ link to this | view in chronology ]
- Anonymous Coward, 3 Jan 2014 @ 11:27am
  
  Re: NSA: enemy of America
  EXACTLY.
  
  I want to see more headlines like that in big papers "NSA intentionally sabotaged that nation's infrastructure, that they promised to protect".
  
  NSA is making systems LESS vulnerable, and they aren't protecting or "securing" anything, yet they keep asking for more money for "cyber security", when in fact what they're doing is "cyber warfare". And on top of that they are undermining the security of US and other countries, too (including allies).
  [ link to this | view in chronology ]
- Anonymous Coward, 3 Jan 2014 @ 11:27am
  
  Re: NSA: enemy of America
  EXACTLY.
  
  I want to see more headlines like that in big papers "NSA intentionally sabotaged that nation's infrastructure, that they promised to protect".
  
  NSA is making systems LESS vulnerable, and they aren't protecting or "securing" anything, yet they keep asking for more money for "cyber security", when in fact what they're doing is "cyber warfare". And on top of that they are undermining the security of US and other countries, too (including allies).
  [ link to this | view in chronology ]
vastrightwing, 3 Jan 2014 @ 11:24am

New certification sticker.
NSA free! GCHQ Free!

Seriously, how do we go about setting up a certification board to guarantee that low level BIOSes are not back door equipped? That SMI and SMM is not one huge security problem? The problem if this certification catches on, the NSA will simply install their own people in there. I guess we need to open source everything now so everyone can scrutinize the firmware. However, even if the public source is clean, how do we verify the ROM?
[ link to this | view in chronology ]
- Anonymous Coward, 3 Jan 2014 @ 11:42am
  
  Re: New certification sticker.
  The NSA is literally breaking into hardware shipments to compromise computers. The only way to be 100% safe would be to make the hardware yourself, and I don't think 3D printing is going to be up to that for awhile.
  [ link to this | view in chronology ]
- Anonymous Coward, 3 Jan 2014 @ 11:42am
  
  Re: New certification sticker.
  OpenSource isn't bad, just hopefully enough people are there for support and testing...
  
  For hardware:
  http://www.opencompute.org/
  
  For software:
  http://www.openfirmware.info
  http://sourceforge.net/projects/tianocore/
  [ link to this | view in chronology ]
jimb (profile), 3 Jan 2014 @ 11:34am

Re: NSA: enemy of America
All these revelations about the NSA compromising hardware, corrupting firmware, and creating quantum-computer encryption busters is like waving a red flag in front of a bull. Not every computer or software wizard is a patriot willing to work for the NSA, and I'll bet there are some people out in the world right now hacking up the next new thing to see if they can beat the NSA. It might even become a medalist category at the next Black Hat 'hacker olympics'. If they NSA had any brains they'd stop now, because they're just encouraging more, better, and tougher opposition.
[ link to this | view in chronology ]
Trevor, 3 Jan 2014 @ 11:53am

What if...
What if the NSA, in installing it's own back door in Huawei's software, it discovered ANOTHER back door already installed (presumably by Huawei for the government, for the same purpose as the NSA) and called them out to cover up their own wrongdoing?

This would show that 1) DUH, the Chinese government spies; 2)They weren't as discrete about their backdoors (hehehe) as the NSA; and 3) the NSA practiced in economic espionage to discredit a Chinese competitor.

Interesting...
[ link to this | view in chronology ]
Anonymous Coward, 3 Jan 2014 @ 12:08pm

None of this surprises me. In fact I've commented on this before. That what the NSA and the US government warns of in cyberwarfare and what they are doing is pretty much the same thing. If you hear them blame someone/some country over cyberhacking, they've already done it. Remember the photos of the Chinese army computer screens showing the hacking attempts? Only way that came to be was by them hacking the hackers with screen shots off their computer.

It is not out of the realm of speculation to consider 9/ll in this light. They may not have actually done a false flag but they had to know. There were too many convenient and unexplained happenings during the before and after not to show they were concerned with what might be found out.

There's also things like why TC building #7 collapsed even though no plane hit it. The plane that was likely to have targeted it went down before it got there. Yet the building fell. Not only fell but they all fell in their footprints. A signature of a controlled explosion as no building falls that way unless. Someone was in on it. Those someones don't want anyone to know it wasn't a plane that brought it down.

I hate to sound like a conspiratard but there are still too many unanswered questions.
[ link to this | view in chronology ]
Anonymous Coward, 3 Jan 2014 @ 12:19pm

been taking a few lessons from the FBI and the 'how to create a terrorist threat from nothing' brigade, have they??
[ link to this | view in chronology ]
Anonymous Coward, 3 Jan 2014 @ 12:23pm

the best way to allay suspicion is to shout very loud about what some other party COULD POSSIBLY be doing! when all eyes look in the other direction, threat to you averted. simples!!
[ link to this | view in chronology ]
Anonymous Coward, 3 Jan 2014 @ 4:39pm

Are you saying Misrep. Rogers, has been misrepresenting the facts again? Color me surprised.
[ link to this | view in chronology ]
Anonymous Coward, 4 Jan 2014 @ 5:16am

When you point your finger at someone...
Don't forget:

When you point your finger at someone,
4 fingers are pointing back at you.
[ link to this | view in chronology ]
- John Fenderson (profile), 6 Jan 2014 @ 10:31am
  
  Re: When you point your finger at someone...
  You obviously have never seen how I point my finger at people.
  [ link to this | view in chronology ]