NSA Back-Door Exploits Present Hurdles, Opportunities For U.S. Companies Selling Overseas


Jack Domme
John DeRocker

U.S.-based storage and other systems vendors and solution providers could face new hurdles selling to overseas customers based on new allegations that the National Security Agency inserted malware into components and intercepted IT shipments.

However, according to a former solution provider charged with building his company's overseas sales, those hurdles could be mitigated depending on where the systems were assembled and the level of demand for them.

Meanwhile, a security solution provider said, the NSA's possible tinkering could actually be good for businesses that can provide help in mitigating issues related to the spy agency's malware programs.

[Related: Dell, Cisco 'Deeply Concerned' Over NSA Backdoor Exploit Allegations]

The NSA has been installing back doors in IT storage and networking products as a way to tap into the data accessed by those components, according to Germany-based Der Spiegel.

Those back doors include malware installed on PCs or servers that are "invisible" to anti-virus and other security software, as well as on hard drives from vendors including Seagate, Western Digital, Samsung and Maxtor, Der Spiegel wrote. Seagate in 2006 acquired Maxtor.

The NSA also has the ability to intercept shipments of new computer systems or accessories, Der Spiegel reported in a separate story.

According to that story, the NSA's Office of Tailored Access Operations, or TAO, can divert IT shipments to its own secret workshops.

"The NSA calls this method interdiction. At these so-called 'load stations,' agents carefully open the package in order to load malware onto the electronics, or even install hardware components that can provide back door access for the intelligence agencies. All subsequent steps can then be conducted from the comfort of a remote computer," Der Spiegel wrote.

Seagate and Samsung were unable to respond for comments on the Der Spiegel report. Western Digital emailed a statement to CRN that read: "Western Digital has no knowledge of, nor has it participated in the development of technology by government entities that create 'implants' on Western Digital hard drives, as Der Spiegel described."

For U.S.-based vendors and solution providers looking to tap overseas markets, the reports present new hurdles as international customers will be increasingly concerned about how secure their IT equipment and infrastructures are, said John DeRocker, who prior to September was senior vice president of worldwide channels for Houston-based Computex Technologies where he managed that company's international vendor and distribution partners and engaged with new manufacturing partners.

NEXT: Security Vs. Assembly Location Vs. Demand