Skip to content Skip to footer

The NSA Is Hacking Our Hardware Too

It seems that the NSA’s surveillance activities go beyond exploiting vulnerabilities in computer software.

Dell Laptops.(Photo: Nebraska Library Commission / Flickr)We’ve known since June that the National Security Agency (NSA) has been engaged in mass surveillance programs enabling it to access information from global phone and internet networks. The German newsmagazine Der Spiegel recently reported that the NSA’s surveillance activities go beyond exploiting vulnerabilities in computer software. The agency has actually “modified the firmware of computers and network hardware — including systems shipped by Cisco, Dell, Hewlett-Packard, Huawei, and Juniper Networks — to give its operators both eyes and ears inside the offices the agency has targeted,” says Ars Technica.

According to Der Spiegel, the NSA has been intercepting laptops purchased online in a method called “interdiction.” After sending them to its own “secret workshops,” it then installs “malicious hardware” that gives the agency remote access. While Der Spiegel does not say how extensive this program is or who is being targeted, the report sheds quite a bit more light on how a U.S. government agency is acting in a very Big Brotherish mode, working with the intelligence community and accessing hardware all with the intention of remotely checking in on what someone is doing.

A “Catalogue” of Surveillance Tools

If that sounds troubling, and more the sort of thing that would be part of a science fiction spy thriller, you’ll only be more wary on reading about the NSA’s “fantastical collection of surveillance tools” that range from “back doors installed in computer network firmware and software to passively powered bugs installed within equipment.” The agency’s use of these extends to 2007 and it is not known if they are still in use or not. Each has given the NSA the means to harvest data for long periods of time and without being noticed.

Der Spiegel’s documents “appear to be pages” from nothing less than “a catalogue of capabilities” for NSA’s Tailored Access Operations (TAO) division. Some tools involve “ordinary” Windows exploits designed to use parts of a laptop’s operating system to “phone home” to the NSA with data. Ars Technica details a number of the NSA’s hacks and implants whose code names (DEITYBOUNCE, IRONCHEF, SIERRAMONTANA, BULLDOZER, GINSU, SOMBERKNAVE, DROPOUTJEEP, MONKEYCALENDAR, CANDYGRAM) hint that someone has been investing their creative energies in these activities.

Installing the hardware- and firmware-based back doors requires that someone have physical access to these components, meaning that NSA operators somehow divert laptop and other hardware “during shipping to ‘load stations’ where the surveillance components are installed. According to Der Spiegel, the C.I.A. and the F.B.I. have been known to give NSA agents some assistance in giving rides “on FBI jets to plant wiretaps.”

U.S. Companies Such As Cisco Could Now Face More Scrutiny

It’s to be noted that these practices are “no different from what other countries (including China, Russia, and France) try to do to the United States and other countries via their intelligence organizations,” Ars Technica observes. The NSA does have some extra capacities, as it is able access far more technical resources and, due to the number of tech companies in the United States, to insert itself into the “supply chain for technology flowing to the rest of the world.”

These covert practices are precisely what U.S. officials have suspected that the Chinese government is doing with hardware from companies such as Huawei, which has been connected to surveillance activities by the Chinese military, Ars Technica points out. Accordingly, American companies such as Cisco and Juniper named in Der Spiegel‘s report are likely to face scrutiny similar to what Huawei has been subjected to.

In the wake of Der Spiegel‘s claims, and along with more recent reports about the NSA seeking to build a quantum computer that could break “nearly every kind of encryption used to protect banking, medical, business and government records around the world” and not saying that it is not “spying” on members of Congress, you can bet that we’ll be hearing plenty more about the NSA in 2014.