Dell, Cisco 'Deeply Concerned' Over NSA Backdoor Exploit Allegations


Leading IT companies say they are "deeply concerned" over reports a special unit within the National Security Agency (NSA) has been planting backdoors in new computing and networking hardware from major U.S. vendors including Cisco, Juniper Networks and Dell for as long as the past five years.

According to a report from German news publication Der Spiegel the NSA regularly intercepts new computer hardware orders to OEMs to plant wiretapping bugs and spyware.

In a statement to CRN Dell said, "We take very seriously any issues that may impact the integrity of our products or customer security and privacy. Should we become aware of a possible vulnerability in any of Dell’s products we will communicate with our customers in a transparent manner as we have done in the past."

[Related: The 10 Biggest Security Stories Of 2013]

Dell said its "highest priority is the protection of customer data and information," adding "Dell does not work with any government – United States or otherwise – to compromise our products to make them potentially vulnerable for exploit. This includes ‘software implants’ or so-called ‘backdoors’ for any purpose whatsoever."

The Der Spiegel report, which surfaced Sunday, references a leaked, 50-page NSA catalog of software and hardware implants allegedly used by NSA employees for hacking, monitoring and data-skimming their targets' technologies. The idea, according to Spiegel, is that an NSA specialist division called ANT intercepts technology orders made by its targets and then implants the monitoring tools shown in the catalog before the product is delivered.

The catalog includes implants for manufactures including Cisco, Juniper, Dell, Huawei, Western Digital, Seagate, Maxtor and Samsung. Some of the catalog items date as far back as 2008.

Many of the vendors listed in the catalog have stepped forward in response to the latest NSA bombshell. Cisco, for its part, posted a blog post Sunday, saying it was "deeply concerned" by the report's findings and that it "will continue to pursue all avenues to determine if we need to address any new issues."

"If we learn of a security weakness in any of our products, we will immediately address it," wrote John Stewart, senior vice president and chief security officer at Cisco.

Juniper, for its part, told CRN in an emailed statement that it is currently investigating all alleged security compromises mentioned in the leaked documents and is "working actively to address any possible exploit paths."

Huawei's Vice President of External Affairs Bill Plummer told CRN in an email statement: "As we have said in the past, threats to network and data integrity can come from any and many sources. While the security assurance programs we have in place are designed to deter and detect such malicious activity, we will conduct appropriate audits to determine if any compromise has taken place and to implement and communicate any fixes as necessary."

NEXT: NSA Chimes In