Every 'Threat' The NSA Spreads FUD About Seems To Be Something The NSA Itself Is Actually Doing
from the i-guess-they-would-know... dept
Nearly a year ago, well before all the Snowden leaks, we had a discussion about how, for all the talk from Keith Alexander about how the US was facing "unprecedented cyberattacks" that might bring about a "cyber Pearl Harbor," in reality, it appeared that the real global threat to computer systems was... the US government itself, via Keith Alexander's "US Cyber Command," which had, by far, the most sophisticated and advanced digital attack unit and wasn't afraid to use it. In fact, the US government seems to think it has incredibly broad powers to attack digitally. Of course, the nature of those attacks have become a lot more clear lately. And, as a part of that, one thing that's becoming clear: every time you hear a scary story about a kind of attack that some foreigners might do, you can pretty much guarantee: the NSA has already done it.You may recall that, late in 2012, the House Intelligence Committee, led by dishonest NSA defender Rep. Mike Rogers, put out a report claiming that Americans should not use networking equipment made by Huawei, the Chinese networking giant, hinting that the company might be inserting backdoors and spyware into the equipment for the Chinese government. Huawei -- which had actually previously publicly asked the US government to investigate it to prove that such claims were false -- was not at all pleased about this, claiming that the whole thing was libelous and "utterly lacking in substance." A month ago, Huawei suggested that it was going to just ditch the US market because of all of this.
And yet... the recent NSA revelations about its technical capabilities to backdoor various hardware products showed that it's actually the NSA which has backdoors in Huawei's equipment. That doesn't foreclose the possibility that the Chinese have hacked it as well, but it sure looks ridiculous. As the Wired article linked above summarizes: "US to China: We hacked your internet gear we told you not to hack." This certainly plays into the hands of the Chinese, who have long argued that the attack on Huawei by Mike Rogers and friends was really just an attempt to pump up US-based competitors like Cisco (whose products the NSA has also apparently compromised).
And then there's the whole "BIOS" attack thing. You may recall that the big "scoop" in the hilariously lopsided 60 Minutes infomercial for the NSA by John Miller (a counterterrorism official pretending to be a journalist), was that there was some scary foreign threat out there from another country that was going to "infect the BIOS" of every computer on earth and turn them all into bricks. Experts pointed out that the claims were pure gibberish.
Except in that same report about the NSA's technical capabilities came the news that it's the NSA that is installing malware in the BIOS. As Marcy Wheeler notes:
Most fearmongering claims the NSA makes may well be projection about its own activities.None of this means that others (and the finger is usually pointed at the Chinese) aren't doing the same sorts of things themselves. But it sure does seem pretty hypocritical to go around fearmongering about the things that we, ourselves, are doing.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: bios, china, cyberattacks, fud, nsa, threats
Companies: huawei
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in thread ]
[ link to this | view in thread ]
[ link to this | view in thread ]
I noticed this years ago
It's a handy tell. If you just assume that when someone in power says to be afraid of something they themselves are doing it, you'll be right far more often than you'll be wrong.
[ link to this | view in thread ]
LOL
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: LOL
[ link to this | view in thread ]
In all reality though, Huawei makes some pretty crappy home routers, but so does a lot of vendors. I.E. recent example of chipset flaw in Linksys, Netgear, etc routers: GitHub
What I really think is happening, is that DoD is pen testing various products for flaws. Instead of doing the right thing and reporting the issues to the vendors, they are basically criminal scum using the hacks to wreak havoc on other people's equipment. This, of course, is leaving every US entity also using the equipment vulnerable to attack and thus creating their own problems.
[ link to this | view in thread ]
[ link to this | view in thread ]
NSA: enemy of America
This damage is potentially catastrophic.
NSA assumes that only they know about those backdoors.
This is obviously a reckless assumption.
1. Insiders like Snowdon (but more mercenary) can (and will) resell these exploits to the PLA and the Russian Mafia for $.
2. Recall Robert Hanssen. For 22 years he was a paid Russian agent while being responsible for finding Russian agents. He would have had knowledge of these backdoors and therefore so would the GRU.
3. Aldrich Aimes.
4. Christopher John Boyce.
None of these guys are isolated players. It would be stupfyingly naive to think no one in the upper ranks of the NSA hasn't been compromised.
The reason why the USA won the cold war despite the Russians having all our secrets was that our economy was stronger than theirs.
The NSA's obsession with secrets is a waste of time. By damaging our infrastructure and our cyber industries, the economy of the USA and the whole country has been seriously impaired and we are less likely to win the next cold war.
You think there won't be a next cold war? Don't bet on it.
[ link to this | view in thread ]
New certification sticker.
Seriously, how do we go about setting up a certification board to guarantee that low level BIOSes are not back door equipped? That SMI and SMM is not one huge security problem? The problem if this certification catches on, the NSA will simply install their own people in there. I guess we need to open source everything now so everyone can scrutinize the firmware. However, even if the public source is clean, how do we verify the ROM?
[ link to this | view in thread ]
Re: NSA: enemy of America
I want to see more headlines like that in big papers "NSA intentionally sabotaged that nation's infrastructure, that they promised to protect".
NSA is making systems LESS vulnerable, and they aren't protecting or "securing" anything, yet they keep asking for more money for "cyber security", when in fact what they're doing is "cyber warfare". And on top of that they are undermining the security of US and other countries, too (including allies).
[ link to this | view in thread ]
Re: NSA: enemy of America
I want to see more headlines like that in big papers "NSA intentionally sabotaged that nation's infrastructure, that they promised to protect".
NSA is making systems LESS vulnerable, and they aren't protecting or "securing" anything, yet they keep asking for more money for "cyber security", when in fact what they're doing is "cyber warfare". And on top of that they are undermining the security of US and other countries, too (including allies).
[ link to this | view in thread ]
Re: NSA: enemy of America
[ link to this | view in thread ]
Re: New certification sticker.
[ link to this | view in thread ]
Re: New certification sticker.
For hardware:
http://www.opencompute.org/
For software:
http://www.openfirmware.info
http://sourceforge.net/projects/tianocore/
[ link to this | view in thread ]
What if...
This would show that 1) DUH, the Chinese government spies; 2)They weren't as discrete about their backdoors (hehehe) as the NSA; and 3) the NSA practiced in economic espionage to discredit a Chinese competitor.
Interesting...
[ link to this | view in thread ]
Re: Re: LOL
Maybe Mike Rogers knew that the Chinese had discovered the backdoors that the NSA implanted into Huawei hardware.
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
It is not out of the realm of speculation to consider 9/ll in this light. They may not have actually done a false flag but they had to know. There were too many convenient and unexplained happenings during the before and after not to show they were concerned with what might be found out.
There's also things like why TC building #7 collapsed even though no plane hit it. The plane that was likely to have targeted it went down before it got there. Yet the building fell. Not only fell but they all fell in their footprints. A signature of a controlled explosion as no building falls that way unless. Someone was in on it. Those someones don't want anyone to know it wasn't a plane that brought it down.
I hate to sound like a conspiratard but there are still too many unanswered questions.
[ link to this | view in thread ]
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: NSA spreds FUD
[ link to this | view in thread ]
Re: LOL
Once US companies start losing money because of all this, they'll start putting their massive lobbying dollars to work.
They may not care about the privacy of the average American, but they sure as hell care about their company reputation and bottom line.
[ link to this | view in thread ]
[ link to this | view in thread ]
When you point your finger at someone...
When you point your finger at someone,
4 fingers are pointing back at you.
[ link to this | view in thread ]
Re: Re: NSA spreds FUD
[ link to this | view in thread ]
Re: When you point your finger at someone...
[ link to this | view in thread ]