Forgot your password?
typodupeerror
Security Privacy United States

The Startling Array of Hacking Tools In NSA's Armory 215

Posted by samzenpus
from the pick-your-poison dept.
littlekorea writes "A series of servers produced by Dell, air-gapped Windows XP PCs and switches and routers produced by Cisco, Huawei and Juniper count among the huge list of computing devices compromised by the NSA, according to crypto-expert and digital freedom fighter Jacob Applebaum. Revealing a trove of new NSA documents at his 30c3 address (video), Applebaum spoke about why the NSA's program might lead to broader adoption of open source tools and gave a hot tip on how to know if your machines have been owned."
This discussion has been archived. No new comments can be posted.

The Startling Array of Hacking Tools In NSA's Armory

Comments Filter:
  • by MikeRT (947531) on Monday December 30, 2013 @04:02PM (#45821355) Homepage

    The fact is that the NSA needs these tools for the same reason the Army needs weapons ranging from small arms to weapons of mass destruction. It needs tools that let it collect signals intelligence on foreign targets. And yes, that includes our "allies." They do it as much to as we do it to them. It's understood that it happens. Even the British and Canadians wouldn't be shy about collecting Top Secret data on our operations that we want to keep from them if they could acquire it without jeopardizing their highly productive and close relationship with the US.

    Americans should be outraged that the NSA is now deeply integrated with federal law enforcement per 9/11 "reforms" that all but created an integrated security state. That puts our rights deeply at risk. Prior to 9/11, the most the NSA could legally do was inform Customs and the Coast Guard that smugglers were en route to US territorial waters or airspace. Now, they're damn near as much of an intelligence arm for law enforcement as the military.

    What we need is an iron clad, black letter of the law statute that says that no data the NSA collects on Americans is legally admissible unless the communication was collected abroad, occurred entirely outside of US territory and is specifically of a nature that is dangerous to our national security.

  • Cisco and Huawei (Score:4, Interesting)

    by icebike (68054) on Monday December 30, 2013 @04:17PM (#45821493)

    Given all the US lobbying against Huawei gear [forbes.com] being used in critical infrastructure [businessweek.com], it seems odd that the NSA is claiming they have managed to penetrate these routers.

    Perhaps while NSA was powning Huawei routers they discovered they were already compromised.

    Seems far more likely that in doing so, the NSA penetration was in turn detected and prevented by Huawei, or they haven't been able to penetrate to the extent they have with Cisco routers, and therefore they need to keep these out of critical infrastructure.

  • Re:Open source? (Score:2, Interesting)

    by Anonymous Coward on Monday December 30, 2013 @04:17PM (#45821505)

    I disagree. The code is out, anybody can review patches, etc. At least if it is developed in an open manor (ie truecrypt is a fine example of an application we shouldn't rely on as while its code is available its development is not transparent). If something is published that's nefarious you have to make some sort of effort to conceal it, and if its developed transparently as well all the more so. If it is proprietary you have to make zero effort to conceal it.

  • Re:Open source? (Score:5, Interesting)

    by noh8rz10 (2716597) on Monday December 30, 2013 @04:42PM (#45821717)

    NSA does SIGINT, or signals intelligence, and it doesn't matter what computer solution you think you found, they will own you. The only solution is to avoid all computers. Have something important to say? do so in person. An important thing to record? Write it down. Heck, even the USPS or FedEx seems to be less compromised - they record the address info (metadata) but I haven't seen anything to imply they've been opening the letters.

    CIA and FBI do HUMINT, or old-school spying, but from what I've heard their skills here have withered as they've focused on SIGINT themselves.

    inb4 encryption - I assume that they can crack any encrypted files, or they wrote the specs in the first place.

Theory is gray, but the golden tree of life is green. -- Goethe

Working...