Report: NSA ‘Uses Vulnerabilities To Exploit Networking Gear’

The US National Security Agency (NSA) has its own catalogue of vulnerabilities that it uses to exploit commercial networking gear in order to insert backdoors to conduct surveillance, according to a report published during the weekend in German news magazine Der Spiegel.

The report is based on materials leaked by NSA whistleblower Edward Snowden and details new revelations about an NSA unit known as the Tailored Operations Unit, or TAO, which conducts operations that enable it to gain access to user PCs and computer networks in a number of ways. One of the more elaborate ways the NSA is able to insert backdoors is by intercepting technology shipments from a vendor to a user, loading malware onto the device, then forwarding the technology to its original destination.

Exploitation

According to the report, TAO is also able to gain information is by exploiting Microsoft Windows crash reports sent from user PCs. Microsoft has recently taken steps to boost its own encryption efforts in a bid to improve its security in light of previous NSA exploitation disclosures.

Microsoft isn’t the only US tech vendor that the NSA’s TAO has been able to exploit. According to the Der Spiegel report, there is a 50-page document that reads like a mail-order catalog of exploits that the agency can use to infiltrate myriad technologies from US-based technology vendors.

Among the vendors named in the report as being exploitable is networking giant Cisco Systems. In a publicly released statement, Cisco chief security officer John Stewart denied any knowledge of any NSA backdoor vulnerabilities in the company’s equipment.

“We are deeply concerned with anything that may impact the integrity of our products or our customers’ networks and continue to seek additional information,” Stewart stated. “At this time, we do not know of any new product vulnerabilities, and will continue to pursue all avenues to determine if we need to address any new issues.”

Concerns about the NSA’s activities in general have already had an impact on Cisco in 2013. During Cisco’s first-quarter fiscal 2014 earnings call, chief executive John Chambers had to respond to an analyst question about the NSA impact. At the time, Chambers indicated that the NSA spying was affecting Cisco’s business efforts in emerging markets.

RSA controversy

In recent weeks, at least one US technology vendor has been publicly identified as working with the NSA to facilitate backdoor access. On 20 December, Reuters reported that US security vendor RSA had a secret contract with the NSA to enable various forms of backdoor access.

Cisco, however, has repeatedly denied that it has directly worked with the NSA to enable unauthorised access.

“As we have stated prior, and communicated to Der Spiegel, we do not work with any government to weaken our products for exploitation, nor to implement any so-called security ‘backdoors’ in our products,” Stewart said.

What do you know about IT in Russia? Take our quiz.

Originally published on eWeek.

Sean Michael Kerner

Sean Michael Kerner is a senior editor at eWeek and contributor to TechWeek

Recent Posts

Apple Sales Rise 6 Percent After Early iPhone 16 Demand

Fourth quarter results beat Wall Street expectations, as overall sales rise 6 percent, but EU…

9 hours ago

X’s Community Notes Fails To Stem US Election Misinformation – Report

Hate speech non-profit that defeated Elon Musk's lawsuit, warns X's Community Notes is failing to…

10 hours ago

Google Fined More Than World’s GDP By Russia

Good luck. Russia demands Google pay a fine worth more than the world's total GDP,…

11 hours ago

Spotify, Paramount Sign Up To Use Google Cloud ARM Chips

Google Cloud signs up Spotify, Paramount Global as early customers of its first ARM-based cloud…

1 day ago

Meta Warns Of Accelerating AI Infrastructure Costs

Facebook parent Meta warns of 'significant acceleration' in expenditures on AI infrastructure as revenue, profits…

1 day ago

AI Helps Boost Microsoft Cloud Revenues By 33 Percent

Microsoft says Azure cloud revenues up 33 percent for September quarter as capital expenditures surge…

2 days ago