Cisco Goes Straight To The President To Complain About The NSA Intercepting Its Hardware

from the NSA-vows-to-take-this-country-down-from-the-inside dept

One of the previously-unseen NSA documents released in conjunction with Glenn Greenwald's book, "No Place to Hide," contained this slide providing further details about the agency's interception of computer hardware.

As part of the NSA's Tailored Access Operations (TAO), shipments are grabbed en route and loaded up with physical spyware before they reach the end user. The slide notes that this "supply chain interdiction" is one of TAO's "most productive operations."

The people in the photo may have had their identities concealed, but there's no mistaking the logo and name on the side of the box. Here's a closer look:

Cisco was none too pleased to see its hardware being given a spyware payload by NSA operatives. Its general counsel, Mark Chandler, said the following in a blog post addressing the newly-leaked document.

As a matter of policy and practice, Cisco does not work with any government, including the United States Government, to weaken our products. When we learn of a security vulnerability, we respond by validating it, informing our customers, and fixing it. We react the same when we find that a customer’s security has been impacted by external forces, regardless of what country or form of government or how that security breach occurred. We offer customers robust tools to defend their environments against attack, and detect attacks when they are happening. By doing these things, we have built and maintained our customers’ trust. We expect our government to value and respect this trust.
That the NSA has done what it can to ensure Cisco's world dominance (via its Huawei-related espionage) is probably of little comfort at this point. Anyone looking to purchase Cisco equipment has probably decided to take their business elsewhere. Cisco expressed some concern about the NSA's detrimental effect on its overseas sales last November. This photo only makes that situation worse.

Cisco has now decided to take its complaints right to the top.
Warning of an erosion of confidence in the products of the U.S. technology industry, John Chambers, the CEO of networking giant Cisco Systems, has asked President Obama to intervene to curtail the surveillance activities of the National Security Agency.

In a letter dated May 15 (obtained by Re/code and reprinted in full below), Chambers asked Obama to create “new standards of conduct” regarding how the NSA carries out its spying operations around the world. The letter was first reported by The Financial Times.
Chambers goes even further than Cisco's counsel, decrying the NSA's tactics and the damage they're doing to his company's reputation.
“We simply cannot operate this way; our customers trust us to be able to deliver to their doorsteps products that meet the highest standards of integrity and security,” Chambers wrote. “We understand the real and significant threats that exist in this world, but we must also respect the industry’s relationship of trust with our customers.”
The NSA's self-destructive "no one can touch us" attitude is finally beginning to hurt it -- and everyone it affects. This revelation will chase customers -- including potential targets -- to companies they believe are out of the agency's reach. American companies will be able to offer no assurances that their products have been intercepted/sabotaged. The entire situation is beyond their control, but they'll be the ones ultimately paying the price for the NSA's overreach.



Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: barack obama, interdiction, john chambers, mark chandler, nsa, surveillance, tao
Companies: cisco


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. icon
    BentFranklin (profile), 19 May 2014 @ 7:01am

    Looks like a UPS label on that box.

    link to this | view in thread ]

  2. icon
    Josh in CharlotteNC (profile), 19 May 2014 @ 7:37am

    I see three possible outcomes.

    1) NSA gets forcibly reformed. (Unlikely)
    2) Cisco becomes the next Qwest, John Chambers the next Joe Nacchio. (More likely)
    3) Cisco mutes opposition, shortly thereafter granted big money no bid contracts. (Near certainty)

    link to this | view in thread ]

  3. identicon
    Anonymous Coward, 19 May 2014 @ 8:45am

    Meanwhile the US is pissing and moaning about China spying on US companies. Thanks, NSA, for making our nation look like a community of whiny clowns.

    link to this | view in thread ]

  4. icon
    John Fenderson (profile), 19 May 2014 @ 8:51am

    Re:

    If Cisco is smart, they'll start including some excellent tamper-evident seals and/or GPS trackers in their boxes.

    link to this | view in thread ]

  5. identicon
    Anonymous Coward, 19 May 2014 @ 8:53am

    Re:

    But the US does it to keep people safe ... you know terrorism . and the children.

    link to this | view in thread ]

  6. identicon
    Pixelation, 19 May 2014 @ 8:53am

    Perfect for KoolAid

    The NSA has poisoned the well. You can tell everyone that they are no longer poisoning it but who will believe you and take a drink?

    link to this | view in thread ]

  7. identicon
    Anonymous Coward, 19 May 2014 @ 8:54am

    Let's face it in the long term, Cisco should move manufacturing overseas for their clients requesting equipment from the EU, Asia, et al. It will mean loss of US jobs, but that's going to happen anyways with demand dwindling due to lack of trust.
    Short term, offer existing customers a SmartNet replacement and for larger government/commercial organizations offer a consultation service to ensure that none of the equipment has been tampered with.

    link to this | view in thread ]

  8. identicon
    Anonymous Coward, 19 May 2014 @ 8:55am

    Re: Re:

    Somehow I do not think either of those would inspire much trust at this point.

    link to this | view in thread ]

  9. identicon
    Anonymous Coward, 19 May 2014 @ 8:55am

    Now we know why NSA claimed that Ed Snowden was damaging American interests.

    link to this | view in thread ]

  10. icon
    Richard (profile), 19 May 2014 @ 8:58am

    How is this different

    How is this different from the criminal hacking of chip and pin machines described here?

    link to this | view in thread ]

  11. identicon
    Anonymous Coward, 19 May 2014 @ 9:01am

    Re:

    All the recent Cisco boxes I've seen on recent deliveries in Australia indicate that the products inside were manufactured in China.

    link to this | view in thread ]

  12. identicon
    John, 19 May 2014 @ 9:02am

    USPS

    Tax cheating Cisco is peeved.

    link to this | view in thread ]

  13. identicon
    Anonymous Coward, 19 May 2014 @ 9:04am

    Laughing My Ass Off

    Cisco, like every other company in America, pays taxes. I thought they'd be interested in what their tax dollars are paying for. Instead they're acting like ungrateful children.

    link to this | view in thread ]

  14. icon
    TheResidentSkeptic (profile), 19 May 2014 @ 9:06am

    I see Collateral Damage

    1) Every company outside the US demands return/refund. Buys Huawei to replace all cisco gear.
    2) Cisco loses 100% of its non-US market
    3) 60,000 employees out of a job
    4) taxpayers foot the bill as Cisco sues the gov't
    5) The USTR drops all "US Exports of Technology" from their negotiations - 'cause there won't be any.

    And exactly how many REAL threats were thwarted by this?

    link to this | view in thread ]

  15. icon
    John Fenderson (profile), 19 May 2014 @ 9:11am

    Re: Re: Re:

    I'm not sure what would work better. Certainly, even if they got promises from the government that this won't happen anymore, nobody would believe that. At least this way, there would be some way to tell if the package had been diverted or tampered with.

    link to this | view in thread ]

  16. icon
    pixelpusher220 (profile), 19 May 2014 @ 9:14am

    Re: How is this different

    It's a rather complex logic but I'll try to lay it out.

    "Because."

    Any questions? (Cisco customers excluded)

    link to this | view in thread ]

  17. icon
    Violynne (profile), 19 May 2014 @ 9:17am

    Re: Re:

    Something they should have been doing since day 1.

    Hell, even Amazon has tamper-resistant tape on their boxes.

    link to this | view in thread ]

  18. identicon
    Anonymous Coward, 19 May 2014 @ 9:20am

    Re: Re:

    Any suspicious stops in Virginia in the shipping tracking info?

    link to this | view in thread ]

  19. identicon
    Applesauce, 19 May 2014 @ 9:23am

    Winning a war

    The US won WW II and won the Cold War. The US did not win thru superior intelligence or even military might (Tho both helped).

    The reason the US won was because they had the strongest economy. In the Cold War the USSR couldn't even feed itself, while the USA was feeding a good portion of the whole world.

    Economies, not arms, win wars. The NSA is doing serious damage to the US economy and deluding itself (and its thoughtless apologists) into thinking they are winning.

    Short-sighted stupidity in the extreme.

    link to this | view in thread ]

  20. identicon
    STJ, 19 May 2014 @ 9:25am

    post office

    Doesn't the Post office/UPS/etc, share part of the blame in delivering the boxes to them?

    link to this | view in thread ]

  21. icon
    saulgoode (profile), 19 May 2014 @ 9:28am

    Re:

    Not just pissing and moaning, but actually bringing indictments.

    http://www.theguardian.com/technology/2014/may/19/us-chinese-military-officials-cyber-es pionage

    link to this | view in thread ]

  22. identicon
    Anonymous Coward, 19 May 2014 @ 9:33am

    John Chambers, the CEO of networking giant Cisco Systems, has asked President Obama to intervene to curtail the surveillance activities of the National Security Agency.

    Are we still pretending Obama is going to fix government abuse?

    link to this | view in thread ]

  23. icon
    John Fenderson (profile), 19 May 2014 @ 9:35am

    Re: Re:

    Same difference.

    link to this | view in thread ]

  24. icon
    Berenerd (profile), 19 May 2014 @ 9:42am

    Re: I see Collateral Damage

    The threat of people getting a job and earning a living so their kids can get an education and try to get these idiots out of office.

    link to this | view in thread ]

  25. identicon
    Anonymous Coward, 19 May 2014 @ 9:44am

    Obama has long ago laid out his cares, not by what he says but by what he does. Every time something comes up that the NSA deals with, it has his approval or his reaching out to the public saying we need this. When the public says no, everyone in Washington seems to be deaf on hearing.

    Obama is the one using the Espionage Act to prosecute whistle blowers to prevent leaks as retaliation.

    He will not be interested in hearing Cisco's moans and groans until it costs his party financial funding and influence. If Cisco wants a cure, it best get on with the moving out of country. Nothing short of that is going to stop this until the entire economy is up in arms over this.

    link to this | view in thread ]

  26. icon
    HegemonicDistortion (profile), 19 May 2014 @ 9:46am

    Re: Perfect for KoolAid

    Exactly As Reagan used to say of the Soviet Union: "trust but verify."

    "Trust" will no longer be sufficient for what the government says nor for much of the tech made in the US. Instead, we're going to need to find ways to verify.

    link to this | view in thread ]

  27. identicon
    Matthew A. Sawtell, 19 May 2014 @ 9:47am

    First Amazon, now Cisco

    Hm... first Amazon drops a hint...

    http://www.techdirt.com/articles/20140124/10564825981/nsa-interception-action-tor-developers- computer-gets-mysteriously-re-routed-to-virginia.shtml

    ... now Cicso. Wonder whom else is in the U.S. computer business is going to 'step up', Ebay?

    link to this | view in thread ]

  28. identicon
    mcinsand, 19 May 2014 @ 9:47am

    yesterday's newscast on the FBI

    A news anchor yesterday presented an article claiming that the FBI is getting tough on cybercrime. I won't believe it, not until they start marching NSA officials in handcuffs past the cameras.

    link to this | view in thread ]

  29. identicon
    antymat, 19 May 2014 @ 9:59am

    Here goes the EU market.

    Apparently the sales estimates came in and the bottom line is hurt big time.
    The Titanic has just departed. Time to pop some corn...

    link to this | view in thread ]

  30. icon
    limbodog (profile), 19 May 2014 @ 10:00am

    Re: US is pissing and moaning about China spying

    The tail attempting to wag the dog is even less effective when the dog is this big.

    link to this | view in thread ]

  31. icon
    Karl Bode (profile), 19 May 2014 @ 10:09am

    Showtime

    Do we really know Cisco didn't know about the "interception" of this gear? Isn't it possible this is just a big show of faux shock? I simply don't buy the NSA indignation and surprise from some of these companies post Snowden (Microsoft also comes to mind).

    After all, Cisco is a big player behind the pushes to accuse Huawei of spying:

    http://www.washingtonpost.com/business/technology/huaweis-us-competitors-among-those-pushing- for-scrutiny-of-chinese-tech-firm/2012/10/10/b84d8d16-1256-11e2-a16b-2c110031514a_story.html

    That kind of protectionism goes hand in hand with doing what government wants.

    link to this | view in thread ]

  32. identicon
    Anonymous Coward, 19 May 2014 @ 10:11am

    Re: Here goes the EU market.

    The Titanic has just departed.

    More like it has struck the Iceberg.

    link to this | view in thread ]

  33. icon
    Barrack H. Obama (profile), 19 May 2014 @ 10:21am

    Re: Your recent letter.

    Mr. John Chambers,

    I have recently recieved a letter in which you expressed concern about how my people have beent reating your customers recent purchase. After much consideration, and serious contemplation, about your copmlaint I have finally decided in what way to resopnd;

    Go Fuck Yourself!

    Why? Because , Bitches! You cant do shit about it!

    link to this | view in thread ]

  34. identicon
    wiserabbit, 19 May 2014 @ 10:22am

    So No Place to Hide was released on 5/13. Various technology publications have been reporting specifically on the Cisco issue for over 12 hours.

    Forbes just released (4 hours ago) a post about Cisco with hits on "product transitions" (no, I don't think they were joking) and "uncertain environments" (also I'm not thinking they realize the funny/sad) with no mention of the "hey, your products just got outted as being hijacked by the NSA".

    ...this is kind of important if you own Cisco stock, no?

    link to this | view in thread ]

  35. icon
    John Fenderson (profile), 19 May 2014 @ 10:26am

    Re: Re: Perfect for KoolAid

    It occurs to me that a common practice amongst the really paranoid (like me) of putting a permanent sniffer & tripwire system into your network should become standard practice all around.

    You may not be able to tell if a given piece of hardware is compromised, but those beacons don't work by magic -- they have to communicate to pose any threat. A permanent sniffer would be able to stop that communication and raise an alarm.

    link to this | view in thread ]

  36. icon
    John Fenderson (profile), 19 May 2014 @ 10:27am

    Re: Re: Re: Perfect for KoolAid

    "would be able to stop"

    Should be "would be able to spot". Sputid Lysdexia.

    link to this | view in thread ]

  37. icon
    John Fenderson (profile), 19 May 2014 @ 10:29am

    Re: Winning a war

    Excellent point. It's a bit of a corollary to the fact that all wars are actually about economics, but are dressed up in moral or nationalistic garb to sell them to the people.

    link to this | view in thread ]

  38. identicon
    Baron von Robber, 19 May 2014 @ 10:30am

    Re:

    Also opening it from the bottom. Clever. It's in our nature to open the 'top' of the box and not the bottom. Probably wouldn't not the resealed box that way.

    Note to self: Open every package from the bottom. :)

    link to this | view in thread ]

  39. icon
    silverscarcat (profile), 19 May 2014 @ 10:42am

    Re: Re: How is this different

    "Why?"

    link to this | view in thread ]

  40. identicon
    Michael, 19 May 2014 @ 10:43am

    Re:

    Didn't they all just violate the Hot News do doctorine?

    link to this | view in thread ]

  41. identicon
    Anonymous Coward, 19 May 2014 @ 10:48am

    Re: Re: Re: Perfect for KoolAid

    Wouldn't your sniffer need to be running on uncompromised hardware for that to work?

    link to this | view in thread ]

  42. identicon
    Anonymous Coward, 19 May 2014 @ 10:51am

    Re: Re: Re: Re:

    My bigger point is if the threat is the NSA diverting a shipment and tampering with it, which they are already doing, fancy hologram stickers and packing tape even perfectly new counterfeit packaging are probably within the NSA budget. The amount of money you would need to invest in a GPS tracking system that could not easily be subverted by the NSA not likely possible so probably not going to be invested in. Even if you get the absolute best un-beatable the right NSA agent in a UPS uniform can pop the chip in and pack the box back up in the back of the truck on while it drives along its expected route ;)

    link to this | view in thread ]

  43. icon
    John Fenderson (profile), 19 May 2014 @ 10:57am

    Re: Re: Re: Re: Re:

    At least it would make the inderdiction more difficult to pull off. That's something, and is better than the absolutely nothing we'll otherwise get.

    "The amount of money you would need to invest in a GPS tracking system that could not easily be subverted by the NSA not likely possible so probably not going to be invested in."

    Such a system would not need to be prohibitively expensive, although it might double the cost of shipping, depending. However, that cost might be less than the loss of business will cost them.

    link to this | view in thread ]

  44. icon
    Zos (profile), 19 May 2014 @ 10:58am

    Re:

    too much noise and attention on this to pull a qwest

    link to this | view in thread ]

  45. icon
    John Fenderson (profile), 19 May 2014 @ 10:59am

    Re: Re: Re: Re: Perfect for KoolAid

    Yes indeed -- but that's actually really easy to ensure by repurposing old computers to the task (that's what I do) or by building your own system. All you need is a very basic, very cheap computer.

    link to this | view in thread ]

  46. icon
    aldestrawk (profile), 19 May 2014 @ 11:04am

    unscrambling image

    I remember that a similar, photoshopped, image was unscrambled by U.S. law enforcement. That person was identified from the picture and arrested. It should be relatively easy to reverse the smearing of the face of the man on the right. Who applied the smearing? Glenn Greenwald, the publisher, or some NSA hack?

    link to this | view in thread ]

  47. icon
    DannyB (profile), 19 May 2014 @ 11:17am

    Tamper proof seals mean nothing

    There is some talk in this thread about tamper proof seals.

    They mean nothing. The NSA can just slap a sticker on it that says that Customs had to inspect the package. Or that it had been randomly selected by Customs for inspection.

    link to this | view in thread ]

  48. identicon
    Anonymous Coward, 19 May 2014 @ 11:21am

    Re: unscrambling image

    standard opsec would dictate it was altered before being placed in the powerpoint slide by the author.

    link to this | view in thread ]

  49. icon
    DannyB (profile), 19 May 2014 @ 11:21am

    Re:

    All Ed Snowden did was reveal how NSA is damaging American interests.

    link to this | view in thread ]

  50. identicon
    Anonymous Coward, 19 May 2014 @ 11:27am

    Re: Re: Re: Re: Re: Perfect for KoolAid

    That works for small networks but I don't get the feeling that small networks on the endpoints is where the majority of this is happening. Cisco makes a very wide variety of products for all levels of the networking infrastructure. Given the size of the box that they are opening, this likely a rather large piece of hardware designed to be installed at a much bigger choke point and handle a much larger amount of traffic. Using an old pc with a custom configured linux box to analyze traffic likely wouldn't be a viable option. However, setting up a test environment to run an analysis on new equipment before final deployment might be a viable strategy.

    link to this | view in thread ]

  51. icon
    ChurchHatesTucker (profile), 19 May 2014 @ 11:37am

    Photoshop anyone?

    That guy on the right looks to have been "obscured" by a standard photoshop filter. Should be easy to de-swirl.

    link to this | view in thread ]

  52. identicon
    Anonymous Coward, 19 May 2014 @ 11:37am

    Re: Tamper proof seals mean nothing

    Here's the easiest way to stop that. Simply set up a foreign distribution point where nothing is shipped directly to a foreign customer directly from a US distribution center. All shipments go to the foreign distribution center BEFORE they are addressed to the final customer. The US government will then have no way of knowing what specific equipment will be going where while it is on US soil as it won't be addressed with it's final destination until it is out of their reach.

    link to this | view in thread ]

  53. identicon
    Anonymous Coward, 19 May 2014 @ 11:48am

    Re: unscrambling image

    I heard of one case that might be that. It that had to do with misuse of photoshop by child pornographers. They used a swirly blurring transformation - which is perfectly reversible by making one again in the opposite direction. It may have been that in which case.

    link to this | view in thread ]

  54. identicon
    Anonymous Coward, 19 May 2014 @ 11:58am

    How will anyone believe in reforms?

    Since we have had nothing but lies, denials, cover-ups, excuses and so-on from the NSA, congress and the Whitehouse; how will anyone ever believe in reforms? Unless we have another leaker (assuming the leaks are real) show documents that prove reforms are in place, who would believe the government? They lie at every turn; especially the current administration.

    link to this | view in thread ]

  55. icon
    Nigel (profile), 19 May 2014 @ 11:58am

    Tad swamped today but I can un blur that stuff. Pretty lame attempt on their part actually.

    link to this | view in thread ]

  56. icon
    John Fenderson (profile), 19 May 2014 @ 12:00pm

    Re: Re: Re: Re: Re: Re: Perfect for KoolAid

    My statements hold true on a large scale as well -- only there the "old equipment" isn't a consumer PC. The processing required to do this is very, very light.

    link to this | view in thread ]

  57. identicon
    Anonymous Coward, 19 May 2014 @ 12:01pm

    Re: Re:

    But then the NSA would print entirely new, counterfeit boxes and tamper-evident seals.

    link to this | view in thread ]

  58. identicon
    Anonymous Coward, 19 May 2014 @ 12:05pm

    Re: Re: Re: Re:

    The best Idea I have seen is over paint fasteners with glittery nail varnish, photograph them. Then get the other end to photograph them, and send them to you by secure means so that you can check that the same patterns exist over the fasteners. Cheap, and creates a unique pattern every time over every fastener.

    link to this | view in thread ]

  59. identicon
    Anonymous Coward, 19 May 2014 @ 12:18pm

    Re: Re: Tamper proof seals mean nothing

    In fact, there is an opportunity here for an enterprising shipping service to emerge offering secure passage across borders by simply labeling packages with an internal tracking number and an address of a remote distribution center such that it's final destination is not known at the point it passes through customs. All customs would be aware of is the address of the shipping services foreign distribution center. Where it was going after that they would not be able to tell.

    link to this | view in thread ]

  60. identicon
    Michael, 19 May 2014 @ 12:27pm

    Re: Re: Tamper proof seals mean nothing

    This assumes that the NSA cares about the actual destination. I'm fairly certain that they are perfectly happy to add their devices to anything that is shipped to "destination unknown".

    link to this | view in thread ]

  61. identicon
    Michael, 19 May 2014 @ 12:29pm

    Re: Photoshop anyone?

    I'll go ahead and take care of...

    ...oh crap, Adobe's DRM has disabled Photoshop on me.

    link to this | view in thread ]

  62. identicon
    Anonymous Coward, 19 May 2014 @ 12:32pm

    Re: Re: Re: Re: Re: Re: Re: Perfect for KoolAid

    Really it depends on the traffic. I was running suricata on my lab with 10Gbps links mirrored on the wan side. Switch used if interested: MT CRS Dual Xeon 5400s were working fine, but I wasn't pushing much traffic. I would expect that you would probably need several servers in any large network, and need to dig down to the access layer as much as possible. Lab is a basic IaaS with about 10 virtual networks currently running, so I guess like 10 SMBs.

    link to this | view in thread ]

  63. identicon
    Michael, 19 May 2014 @ 12:32pm

    Re: How will anyone believe in reforms?

    The same way most regimes sway public opinion once their own people have stopped believing anything they say.

    Reeducation.

    link to this | view in thread ]

  64. identicon
    Anonymous Coward, 19 May 2014 @ 12:33pm

    Re: Re: Re: Re: Re: Re: Re: Perfect for KoolAid

    Except that the "old equipment" that they would likely have laying around would also likely be highly specialized for the purpose it was initially designed and not be suited to be repurposed in the same way that you suggest.

    link to this | view in thread ]

  65. identicon
    antymat, 19 May 2014 @ 12:36pm

    Re: Re: Here goes the EU market.

    Iceberg

    You might be right.

    Anyway, "Nothing to see here, please, disperse".

    link to this | view in thread ]

  66. identicon
    Anonymous Coward, 19 May 2014 @ 12:37pm

    Re:

    I wonder who actually put the blur on, if it was the NSA who did it or Glenn Greenwald covering his ass legally. If the later it is brilliant actually, applying a weak protection to the NSA's privacy.

    link to this | view in thread ]

  67. identicon
    Anonymous Coward, 19 May 2014 @ 12:51pm

    Re: Re: Re: Tamper proof seals mean nothing

    I think you misunderstand what I am suggesting. I am suggesting that in order to counter this and restore faith in their brand in foreign markets, Cisco makes a business decision to open a distribution centers in all major locations and ceases to ship ANY product directly from the US to a foreign address. Instead ALL products bound for Asian customers would be instead shipped to their Asian distribution center. Employees in the US wouldn't even know who the final customer is or what the actual address is where it is ultimately destined much less US Customs. Once a shipment reaches the Asia distribution center the employees there would fill the order and address it to the purchaser.

    As I stated when the original story broke, this sort of technique by it's very nature isn't scalable and only works on a targeted basis. If all foreign shipments no longer have addresses identifying the who should receive it, it makes much harder to compromise it once it is outside of the point where they can assert their control.

    link to this | view in thread ]

  68. identicon
    Michael, 19 May 2014 @ 1:06pm

    Re: Re: Re: Re: Tamper proof seals mean nothing

    Instead ALL products bound for Asian customers would be instead shipped to their Asian distribution center. Employees in the US wouldn't even know who the final customer is or what the actual address is where it is ultimately destined much less US Customs. Once a shipment reaches the Asia distribution center the NSA agents there would fill the order and address it to the purchaser

    ...all fixed.

    link to this | view in thread ]

  69. identicon
    Anonymous Coward, 19 May 2014 @ 1:21pm

    Re: Re: Re: Re: Re: Tamper proof seals mean nothing

    How exactly? Unless Cisco is implicitly working with the NSA to compromise their products before they are delivered to foreign customers, in which case, interception would not be necessary as the compromise can be inserted before it is even packaged at the factory.

    link to this | view in thread ]

  70. icon
    MadAsASnake (profile), 19 May 2014 @ 1:36pm

    Now, where is the shot of them doing it to a Huawei box...

    link to this | view in thread ]

  71. identicon
    antymat, 19 May 2014 @ 1:57pm

    Re: Re: Re: Re: Re: Re: Tamper proof seals mean nothing

    Interception would be needed even if Cisco worked with NSA. First, because NSA would like to keep it secret as they already have some problems with their own employees sharing too much. So they would like to keep the number of informed people low and it's much easier to have one mole tipping you off, than to hide whole NSA-cooperation department somewhere down your production line.
    And second - so that Cisco would be able to plausibly deny any involvement.

    link to this | view in thread ]

  72. identicon
    Anonymous Coward, 19 May 2014 @ 2:34pm

    Re: Re: Re: Re: Re: Re: Re: Tamper proof seals mean nothing

    Still my suggestion isn't necessarily just about Cisco, but rather any large US company with a global presence that is worried about their reputation and wants to head off any attempts by the NSA to compromise their products by intercepting them prior to export to a foreign customer.

    I disagree though about the need for actual interception in the case of cooperation. The compromise doesn't have to occur on the production line. There could simply be a small number of units that are kept separate which are altered by a small team that is officially labeled as a "quality control" or "R & D" team and when requested, they package up one of their units to be shipped out instead of the one of the one's from the normal stock.

    As for the argument about plausible deniability, this is the NSA we are talking about here. Their hubris is legendary. They never believe any of their secrets are going to get out. This is one of the reasons they are so bad at dealing with the fallout when they do. To assume the plausible deniability idea theory you would have to assume that the NSA assumed that the public was going to find out about it and wanted to put a cover in place to protect Cisco when that happened. I think that would be giving a little too much credit in the forethought department to a group that has repeatedly demonstrated that they are far more reactionary than they are proactive.

    link to this | view in thread ]

  73. identicon
    mark, 19 May 2014 @ 2:47pm

    In the Greenwald documents is also a worldmap, they have this in almost every country. So everyone who thinks they are only in the US doing this. Think again! This things probably come directly from China anyway!

    link to this | view in thread ]

  74. identicon
    Anonymous Coward, 19 May 2014 @ 2:59pm

    Re: How is this different

    On one side:
    A sophisticated "chip and pin" scam run by criminal gangs in China and Pakistan.

    On the other:
    The NSA.

    Your right, there is no difference!

    link to this | view in thread ]

  75. identicon
    Personanongrata, 19 May 2014 @ 3:16pm

    Public Relations

    Good propagandists always turn the tables on their victims by accusing them of acting in the same manner as themselves.

    link to this | view in thread ]

  76. identicon
    Personanongrata, 19 May 2014 @ 3:20pm

    Oopsy, I meant for my comment above to be posted on the:

    Irony Alert: US Filing Criminal Charges Against China For Cyberspying

    thread.

    Please disregard comment on this thread.

    link to this | view in thread ]

  77. identicon
    antymat, 19 May 2014 @ 3:20pm

    Re: Re: Re: Re: Re: Re: Re: Re: Tamper proof seals mean nothing

    All I am trying to say is that there are sensible reasons for the cooperation to be kept secret, for Cisco's sake. Interception limits the sources of disclosure and makes plausible deniability possible. I would not expect such an idea to come from NSA, as they do not have to care for Cisco's business; but it looks sensible to me for Cisco to employ it to protect itself. In case of forced cooperation this is what I would do.

    link to this | view in thread ]

  78. identicon
    Anonymous Coward, 19 May 2014 @ 7:23pm

    Why are those idiots using the swirl on that poor man's face? If he, as an NSA agent, visits China and is arrested due to the "blur" being "unblurred" that'd be ... wow.

    Srsly ... wtf were they thinking

    link to this | view in thread ]

  79. icon
    The Wanderer (profile), 19 May 2014 @ 8:00pm

    Re: Re: Perfect for KoolAid

    Except, of course, that "trust but verify" is an oxymoron. If you trust, you don't need to verify; if you feel the need to verify, that demonstrates that you don't trust.

    link to this | view in thread ]

  80. identicon
    Anonymous Coward, 19 May 2014 @ 8:18pm

    Re:

    "Looks like a UPS label on that box."

    Yeah, looks like UPS is up their eyeballs in this. UPS - now another 3 letter agency.

    link to this | view in thread ]

  81. This comment has been flagged by the community. Click here to show it
    identicon
    Whatever, 19 May 2014 @ 8:23pm

    nice story, but

    As usual this articles skimps on the details, but it's expected from such a Google shill like Masnick.

    Mike Masnick just hates it when copyright law is enforced.

    link to this | view in thread ]

  82. identicon
    Anonymous Coward, 19 May 2014 @ 8:26pm

    Re: Winning a war

    "Short-sighted stupidity in the extreme."

    But the people behind it are, and will continue to be, living high-on-the-hog. Stupidity pays off pretty well in the US for some people these days.

    link to this | view in thread ]

  83. identicon
    Anonymous Coward, 19 May 2014 @ 8:34pm

    Re: Re: Re: Re: Re: Re: Tamper proof seals mean nothing

    "How exactly? Unless Cisco is implicitly working with the NSA"

    What make you think they aren't?

    "in which case, interception would not be necessary as the compromise can be inserted before it is even packaged at the factory."

    By letting the NSA do it off-premises, plausible deniability becomes much easier. It worked on you. See?

    link to this | view in thread ]

  84. identicon
    Anonymous Coward, 19 May 2014 @ 10:26pm

    I tried to post this response on Cisco's website.

    "No politicians, governmental agencies, or laws can be relied on to protect security or privacy. Only technology that's able to be audited for vulnerabilites and backdoors can accomplish this goal.

    That means being able to examine and compile the source code, then reflash the resulting binary code onto NAND memory.

    Hardware documentation and schematics would also be a big help for auditing the security of a device. Seeing as none of this will probably happen, potential customers will have no choice but to blindly trust the manufacturer and the shipping process.

    Unless Cisco figures out a way for customers to audit the binaries on flash NAND memory using hashes, but then again if the hardware is compromised then it could output falsified hash values to the customer. Similar to what happened in Iran, and the falsified PLC diagnostic equipment outputs during Stuxnet.

    No, I suppose open source software and documented hardware is the only way to be secure. I suspect it's always been this way, but has just become more apparent post Snowden."

    link to this | view in thread ]

  85. identicon
    Anonymous Coward, 20 May 2014 @ 2:11am

    Re: Re: Re: Perfect for KoolAid

    if you feel the need to verify, that demonstrates that you don't trust.


    That's not true in a security sense. In the security world, trust is used to designate those things that can harm you - if you don't trust something, you don't interact with it, so it's not relevant.

    That is, it's a perfectly valid idea to verify trust... depending on your level of trust you may want to do it more or less often.

    link to this | view in thread ]

  86. identicon
    Anonymous Coward, 20 May 2014 @ 5:46am

    Re: Re: Photoshop anyone?

    use another pdf thing

    link to this | view in thread ]

  87. icon
    The Wanderer (profile), 20 May 2014 @ 6:31am

    Re: Re: Re: Re: Perfect for KoolAid

    So they're redefining "trust" from its commonly understood meaning, along with (and quite possibly predating) the other redefinitions we've seen, and who knows what others?

    It may make sense in-industry and as jargon, but it's not going to be understood that way by people not familiar with the industry enough to know the jargon, and I do find it rather questionable whether Reagan would have been using the term in that sense to betin with.

    (I do acknowledge that there can be valid use for "trust the person you're talking to, but verify that that person is the person you think you're talking to", and the like, but in that case what you're trusting and what you're verifying are different things.)

    link to this | view in thread ]

  88. identicon
    Anonymous Coward, 20 May 2014 @ 7:12am

    Re: Re: Re: Re: Re: Re: Re: Tamper proof seals mean nothing

    I didn't say that they weren't. That is certainly a possibility. However, if they were it would seem much harder for it to be detected if it wasn't intercepted, broken into, altered and then repackaged carefully in an attempt to make it appear unaltered. The concept of it purposely being done this way for plausible deniability reminds me of a joke a friend used to make about people who drive Volvos because of their crash safety record. He would say you need to stay away from those people because the only reason anyone would drive one of them is that they were looking to get into a crash.

    link to this | view in thread ]

  89. icon
    John Fenderson (profile), 20 May 2014 @ 8:17am

    Re: Re: Re: Perfect for KoolAid

    You trust your bank to hold your money, but you verify that they haven't made any errors when you examine your statement.

    link to this | view in thread ]

  90. identicon
    bob, 20 May 2014 @ 11:49am

    Re: Showtime

    the problem is that huaweis had embedded firmware that sends information back to a chinese IP address.

    link to this | view in thread ]

  91. icon
    The Wanderer (profile), 21 May 2014 @ 6:06am

    Re: Re: Re: Re: Perfect for KoolAid

    As I said, in that case, what you're trusting and what you're verifying are different things. If you trust them to not make any errors, you don't feel the need to verify that they haven't made any.

    link to this | view in thread ]

  92. identicon
    Pragmatic, 21 May 2014 @ 8:12am

    Re: Re:

    Now, now, DannyB, they're not damaged till we find out about it...

    link to this | view in thread ]

  93. identicon
    Pragmatic, 21 May 2014 @ 8:14am

    Re: Re: Winning a war

    That is true, the Cold War was basically a game of economic chicken in which the winner could afford the biggest MIC.

    link to this | view in thread ]

  94. icon
    John Fenderson (profile), 21 May 2014 @ 10:36am

    Re: Re: Showtime

    You say that as if it were a known fact, when it's far from it. The government hasn't produced any evidence that this is true, and independent researchers can't find any. So this is a case of the US government making completely unsupported accusations and asking us to take their word for it.

    On the other hand, we know for a fact that the government has subverted at least some Cisco equipment.

    link to this | view in thread ]

  95. identicon
    Arlene Johnson, 6 Aug 2014 @ 6:45am

    Re: Winning a war

    Does it occur to anyone that the NSA was established to destroy America? After all it is a shadow government agency. See http://www.truedemocracy.net/td3/index.html

    Peace,

    Arlene Johnson
    Publisher/Author

    link to this | view in thread ]

  96. identicon
    Abroad, 16 Oct 2014 @ 4:17am

    Only way to have government really listen

    The only, surefire way to get governments to listen to your complaints is to threat (and possibly implement) moving your entire company to other countries with lesser invasive-spying intelligence services.
    Yes, this means lay-offs to some extent, but perhaps employees are willing to move with the company. But having more and more companies moving out of United Spies of America will eventually get the government to pay attention.
    And to be honest, life abroad can be pretty sweet too :)

    link to this | view in thread ]

  97. identicon
    Andrew Zwicker, 20 Oct 2014 @ 1:41pm

    Thanks for your post. I really like the information which you have shared in your post about the cisco. Keep sharing the wonderful post in future also.

    link to this | view in thread ]

  98. identicon
    Pass4surekey 400-101, 1 Mar 2017 @ 4:28am

    Cisco introduces IoT certification

    Cisco, the brand synonymous with all things networking associated, these days announced a brand new certification especially for people keen on proving their expertise in IoT.

    This certification, together with the improvement of synergies among IoT stakeholders through engagements like the IoT international discussion board, has proven the tech’s giant’s strong affirmation of IoT’s function in the future of IT. The certification was made possible thru Cisco’s partnership with Rockwell foundation. http://pass4surekey.com/exam/400-101.html
    The certification, called the Cisco Industrial Networking Specialist certification.

    link to this | view in thread ]

  99. identicon
    jennyjfoy, 25 Apr 2017 @ 3:46am

    Braindumpskey provides good quality Dumps

    We provide high quality 300-115 Dumps PDF to get certification in Cisco CCNP . Each product is affordable, simple with fast download, and easy to understand. http://www.braindumpskey.com/exam/200-125.html

    link to this | view in thread ]

  100. identicon
    Anon, 9 May 2017 @ 4:35pm

    Re: Re:

    I always open from the bottom. This way you open it, flip it over and slid the box off the stuff rather than pull the stuff out of the box.

    My guess is they did the same thing to preserve the packing of each item in the box. (Documentation, software media, accessories, power, etc.,...)

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.