NSA Spying goes incredibly deep

NSA Spying goes incredibly deep

NSAs PRISM Spy Program Mining Data From Nine Huge Internet Companies

Thanks to a new report from German news outlet, Der Spiegel, we’re starting to get an idea of just how deep the American National Security Agency (NSA) spying goes – and it’s pretty terrifying.

It seems that beyond simply capturing packets floating around the Internet, NSA agents have gone as far as intercepting computing equipment destined for major US companies (and probably overseas ones, as well) and implanting hardware or software malware into them, to ensure they can gain access to some of the most sensitive information in corporate America.

A division within the NSA, known as ANT, has developed a catalogue of devices from major security players, such as Cisco, Juniper and even Chinese firms like Huawaei, which they have then have the ability to compromise. Organisations who purchase devices from these vendors may have the shipments intercepted and modified prior to delivery – or they may be remotely compromised by NSA techniques.

Devices range from bugged monitor cables, which allow them to capture information sent to your local screen, to fully fledged fake mobile phone towers, allowing a man-in-the-middle attack on mobile phone users (making the capture of phone conversations and data surprisingly simply).

Der Spiegle has even uncovered evidence that hard dives from manufacturers such as Western Digital, Seagate, Samsung and others have been modified, allowing their malware to remain present even after  format. Other attacks seem to go as far as infected BIOS on systems, making them virtually impossible to clean.

At this stage, there’s no evidence any of the companies manufacturing these products were in anyway aware of what’s been going on and it stands to reason that surely several laws have been broken, here.

Given this information, it’s hard to see how companies like Google or Microsoft can protect their cloud customers from such information mining attacks – although if you’re a big enough target, it doesn’t really sound like going it alone is any safer.

It will be interesting to see exactly who has been targeted and how they respond – so far, there seems to be an awful lot of silence in the US, where there really should be outrage.

About the Author

RodneyI'm a veteran of way too many years of IT (although I still love it) and I currently head up the techincal work over at Host One (major sponsor of this site), where I'm also a partner. Feel free to ask me anything about Cloud Computing and I'll try to be helpful, in a non-salesy kind of way.View all posts by Rodney →

Leave a Reply

Time limit is exhausted. Please reload CAPTCHA.