Dell, Cisco 'Deeply Concerned' Over NSA Backdoor Exploit Allegations
Leading IT companies say they are "deeply concerned" over reports a special unit within the National Security Agency (NSA) has been planting backdoors in new computing and networking hardware from major U.S. vendors including Cisco, Juniper Networks and Dell for as long as the past five years.
According to a report from German news publication Der Spiegel the NSA regularly intercepts new computer hardware orders to OEMs to plant wiretapping bugs and spyware.
In a statement to CRN Dell said, "We take very seriously any issues that may impact the integrity of our products or customer security and privacy. Should we become aware of a possible vulnerability in any of Dell’s products we will communicate with our customers in a transparent manner as we have done in the past."
[Related: The 10 Biggest Security Stories Of 2013 ]
Dell said its "highest priority is the protection of customer data and information," adding "Dell does not work with any government – United States or otherwise – to compromise our products to make them potentially vulnerable for exploit. This includes ‘software implants’ or so-called ‘backdoors’ for any purpose whatsoever."
The Der Spiegel report, which surfaced Sunday, references a leaked, 50-page NSA catalog of software and hardware implants allegedly used by NSA employees for hacking, monitoring and data-skimming their targets' technologies. The idea, according to Spiegel, is that an NSA specialist division called ANT intercepts technology orders made by its targets and then implants the monitoring tools shown in the catalog before the product is delivered.
The catalog includes implants for manufactures including Cisco, Juniper, Dell, Huawei, Western Digital, Seagate, Maxtor and Samsung. Some of the catalog items date as far back as 2008.
Many of the vendors listed in the catalog have stepped forward in response to the latest NSA bombshell. Cisco, for its part, posted a blog post Sunday, saying it was "deeply concerned" by the report's findings and that it "will continue to pursue all avenues to determine if we need to address any new issues."
"If we learn of a security weakness in any of our products, we will immediately address it," wrote John Stewart, senior vice president and chief security officer at Cisco.
Juniper, for its part, told CRN in an emailed statement that it is currently investigating all alleged security compromises mentioned in the leaked documents and is "working actively to address any possible exploit paths."
Huawei's Vice President of External Affairs Bill Plummer told CRN in an email statement: "As we have said in the past, threats to network and data integrity can come from any and many sources. While the security assurance programs we have in place are designed to deter and detect such malicious activity, we will conduct appropriate audits to determine if any compromise has taken place and to implement and communicate any fixes as necessary."
NEXT: NSA Chimes In
The Spiegel report said there is no indication that the companies whose products were listed in the catalog were working with or supporting the NSA.
According to Spiegel, the ANT -- which stands for either Advanced or Access Network Technology -- works alongside the NSA's Tailored Access Operations (TAO) unit, providing "special tools" for data-skimming and monitoring anything from mobile phones, to PCs, to networking equipment.
In response to a CRN request the NSA confirmed the existence of the Tailored Access Operations, describing it as "a unique national asset that is on the front lines of enabling NSA to defend the nation and its allies."
The agency declined to comment on the Spiegel report. "We won’t discuss specific allegations regarding TAO’s mission, but its work is centered on computer network exploitation in support of foreign intelligence collection," the NSA stated in an email to CRN.
In a follow-up report Monday, Spiegel highlighted some of the specific implant technologies included in the leaked catalog. These included "Jetplow," a firm-ware resistant implant for Cisco PIX and ASA Firewalls; "Nightstand," a mobile system for wireless injection of exploits for Windows systems; and "Surlyspawn," a software implant that can log keystrokes, even when a computer is offline.
The Spiegel report comes as many U.S. technology vendors attempt to rebuild trust in their products, following a series of news leaks related to the NSA's global surveillance programs. Earlier this month, Microsoft said it's aiming to bolster encryption for data flowing between its Outlook.com, Office 365 and Windows Azure products in response to the NSA leaks.