The "backdoors" that Cisco and other networking companies implement in their routers and switches for lawful intercept are front and center again at this week's Black Hat security conference. A few years ago, they were cause celebre in some VoIP wiretapping arguments and court rulings.
This time, an IBM researcher told Black Hat conference attendees that these openings can still expose information about us to hackers and allow them to "watch" our Internet activity. Backdoors are implemented in routers and switches so law enforcement officials can track the Internet communications and activity of an individual or individuals under surveillance.They are required by law to be incorporated in devices manufactured by networking companies and sold to ISPs.
In this report from Forbes, IBM Internet Security Systems researcher Tom Cross demonstrated how easily the backdoor in Cisco IOS can be exploited by hackers. When they gain access to a Cisco router, they are not blocked after multiple failed access attempts nor is an alert sent to an administrator. Any data collected through the backdoor can be sent to anywhere -- not just merely to an authorized user, Forbes reports.
What's more, an ISP is not able to perform an audit trail on whoever tried to gain access to a router through the backdoor - that nuance was intended to keep ISP employees from detecting the intercept and inadvertently tipping off the individual under surveillance. But according to IBM's Cross, any authorized employee can use it for unauthorized surveillance of users and those privacy violations cannot be tracked by the ISP.
Read more at :-https://www.networkworld.com/community/node/57070
Companies should be aware that almost all tech equipment and services supplied by a US tech company isn't safe from secret NSA spying. Most companies aren't.
Or companies are blase about it and don't believe the NSA / CIA would ever spy on THEM.
However one of the CIA's specialities is INDUSTRIAL espionage for a paying US "client".
Industrial Espionage: The CIA's New Frontier | LA Times (from 1993 - should be well developed by now)
http://articles.latimes.com/1993-07-18/opinion/op-14369_1_industrial-espionage
N.B. ex CIA Director James Woolsey, mentioned in the article above, is now an executive with Booz Allen Hamilton - a major private contractor for the NSA and Edward Snowden's previous employer.
Booz Allen Hamilton - A tale of high level corruption in both parties
http://ian56.blogspot.com/2013/06/booze-allen-hamilton-what-you-dont-know.html
NSA / CIA industrial espionage
http://www.securityfocus.com/news/6
Hewlett Packard admits to backdoors in storage products
http://www.theregister.co.uk/2013/07/11/hp_prepping_fix_for_latest_storage_vuln/
It should do wonders for US tech company share prices when word on what the NSA and CIA actually do around the world gets out.
N.B. I shouldn't think any Chinese supplied network equipment is any safer.
The Chinese illegally stole Cisco's designs when they started up.
They are almost bound to have a back door for Chinese government spies.
There seems to be a gap in the market to supply SECURE network and other computer equipment.
A US company couldn't do it - they would be breaking current US law!
If there is no accountability to uphold the basic Rule of Law there is no limit to the potential abuses.
As we have seen and are seeing with the scandal over the NSA Mass Surveillance programs that have zero tangible oversight by Congress.
Update
Advertising LIE of the century: "Your privacy is our priority" Microsoft
Installed a back door for NSA spying in Windows in 1999.
One of the first (first?) to sign up for Prism Mass data collection.
Handed the NSA access to encrypted messages, before the product was even launched - outlook.com
0 comments:
Post a Comment