Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Network vendors hit back after being named in NSA spying toolkit

Brian Karlovsky | Jan. 10, 2014
The world's largest networking vendors have hit back at claims their products have been compromised by the National Security Agency after being named in an NSA spying toolkit.

The world's largest networking vendors have hit back at claims their products have been compromised by the National Security Agency after being named in an NSA spying toolkit.

The volley of statements and denials from companies including Cisco, HP, Dell, Microsoft, Juniper, Huawei, Apple and Western digital follow an explosive article in German magazine, Der Speigel, which coincided with a speech from security specialist and hacker Jacob Applebaum at the 30th Chaos Computer Conference, Hamburg, Germany.

During the speech, on December 31, Applebaum, a cryptography expert, revealed leaked NSA slides detailing the agency's exploits.

He was also named as the author of the Der Speigel article which listed the names and details of NSA exploits, which allowed them to spy on data moving through the switches and routers of the world biggest networking vendors.

He also revealed alleged NSA exploits targeting the world's most popular servers manufactured by Dell and HP.

Applebaum told the conference by naming the companies he hoped it would build pressure on vendors to come clean on whether they were accomplices or victims.

"Every year the number of people hired to break into people's computers is growing day by day," he said.

"In order to have truth and reconciliation we need a little truth."

Applebaum told the conference the NSA had cracked the server hardware systems at the BIOS level.

Basic Input Output System is the firmware that provides the most basic instructions to a system.

If malware is inserted in the BIOS, security experts will have no way to locate it, even when they can see the result.

One of the leaked slides specifically referred to Dell's PowerEdge servers (1850, 2850, 1950).

It said all of the servers featured a vulnerability which allowed the NSA to compromise the BIOS using remote access or a USB stick.

Dell vice president of global security John McClurg categorically denied assisting the NSA in a blog post.

"Our highest priority is the protection of customer data and information, which is reflected in our robust and comprehensive privacy and information security programme and policies," he said.

"We take very seriously any issues that may impact the integrity of our products or customer security and privacy.

"Should we become aware of a possible vulnerability in any of Dell's products we will communicate with our customers in a transparent manner as we have done in the past.

"Dell does not work with any government - United States or otherwise - to compromise our products to make them potentially vulnerable for exploit.

"This includes 'software implants' or so-called 'back doors' for any purpose whatsoever."

HP said it was not aware of any of the information presented in the Der Spiegel article and that it was not aware of any NSA efforts to compromise their gear.

 

1  2  Next Page 

Sign up for Computerworld eNewsletters.