A report out of German news magazine Der Spiegel reveals yet more details about the NSA’s extensive surveillance techniques, which were laid bare when former NSA contractor Edward Snowden blew the whistle earlier this year. The report offers up details about the ways the NSA’s Tailored Access Operations unit, or TAO, gains access to various computer systems the world over by exploiting weaknesses in software made by companies like Microsoft and Cicso. The TAO unit, says the report, even goes so far as to intercept the delivery of electronics to plant malware and hardware that can grant them access later on, unbeknownst to the user.
That last detail is particularly compelling—and somewhat chilling. The report explains the TAO’s methods:
“If a target person, agency or company orders a new computer or related accessories, for example, TAO can divert the shipping delivery to its own secret workshops. The NSA calls this method interdiction. At these so-called ‘load stations,’ agents carefully open the package in order to load malware onto the electronics, or even install hardware components that can provide backdoor access for the intelligence agencies. All subsequent steps can then be conducted from the comfort of a remote computer.”
Moreover, the report explains that some of Cisco’s products have been targeted by the TAO, specifically the 500-series PIX and ASA firewalls, prompting the company to investigate the claims and look for ways to counteract any security flaws. A post on GigaOm offers up a statement from Cisco on the report’s claims:
“At this time, we do not know of any new product vulnerabilities, and will continue to pursue all avenues to determine if we need to address any new issues. If we learn of a security weakness in any of our products, we will immediately address it.
As we have stated prior, and communicated to Der Spiegel, we do not work with any government to weaken our products for exploitation, nor to implement any so-called security ‘back doors’ in our products.”
When I read all this, I couldn’t help but remember the scandal from the mid-2000s, when Sony BMG was caught loading its CDs with spyware that installed on people’s computers in an effort to counteract music piracy. Needless to say, it’s pretty bad when gigantic corporations find ways to load creepy software onto people’s computers—sort of like the digital equivalent of implanting video cameras in showerheads—so it’s even worse when a monolithic and powerful entity like the United States Government goes so far as to actually intercept electronics and implant them with its own hardware and software.
While the NSA’s primary mission is to monitor the communications of other governments and citizens of foreign nations, it’s become pretty clear that the agency has no qualms about monitoring US citizens as well. In short, be aware: they could be watching you too.