NSA Chooses to Hack Routers over PCs

 Pages 1 2 NEXT
 

NSA Chooses to Hack Routers over PCs

NSA logo

It turns out people around the world forget to update their routers.

Popular misconceptions of hacking imagine hackers sitting in dark basements hitting keys in no specific order, taking control of computers. The NSA laughs at that idea. The agency focuses on attacking routers in foreign countries to monitor and control information. Most of the hacks target communication systems of China, Russia, Iran, and North Korea, usually concerning the spread of nuclear weapons.

Hacking routers is an ideal way for an intelligence or military agency to maintain a hold on network traffic, Marc Maiffret, chief technology officer at security firm Beyond Trust, said. Routers are rarely updated with new software like systems for PCs. "No one updates their routers," he said, and routers do not have security software that detects breaches.

By hacking a router, one can re-route traffic to a different location. Sometimes intelligence units physically place hardware implants or software modifications rather than working remotely. The CIA's Tailored Access Programs and NSA's software engineers possess "templates" used to infiltrate common brands of routers.

"For folks at a place like the NSA or any other major government intelligence agency, it's pretty standard fare of having a ready-to-go backdoor," Maiffret said.

The government plans to extend its $652 million "Genie" program of hacking to cover millions of additional foreign machines according to a secret document leaked to the Washington Post. Currently, the malware attacks tens of thousands computers and routers each year. The US government treats all cyber operations as covert and does not acknowledge them.

Source: Washington Post via Wired

Permalink

"Quickly, tell the internet about attacking the evil communists so they'll forget we do THE EXACT SAME THING everywhere else."
- NSA

It is an interesting way of bypassing cyber security, though. People forget that the weakest link in networks is not the computers themselves, but what lies in between.

And I wondered why the new router[1] stopped working.

[1] New as in only a few years old, not as in brand new.

OT: This doesn't really surprise me. Why would they go for sensitive information on secure computers when you can pluck it easily (timestamped with forward and return address!) from the in-between? You're only as good as your weakest link, and your weakest link is what you don't pay attention to, and no one acknowledges the existence of routers.

...OK, I'm a bit surprised that NO ONE has ever updated their router, allowing the NSA to freaking template it. That's just sad, people.

what ever stops the terrorists like Al Qaeda. Would that be the some Al Qaeda in Syria the west has been funding?

Damn it NSA, stop stealing my work share with your PSA!*cough*

Seriously though, they're right. Routers and "intelligent" end point devices (printers, fax, scanners, bluetooth hubs) are common targets and a good place to look for vulnerabilities simply because they're very easy to overlook.

And this this right here is why I use a custom Kernel for my router. Linux FTW. Does it make me unhackable? HELL NO! Nothing is perfect. But it does make me a more difficult target,and like robbers who wants to go to the difficult house when the same results are at an easier to reach one.

When people rob stores and boast about it on Facebook we call them idiots and the police arrest them.

What do we do when the Government hacks its citizens possessions, spies and steals their information, and then boasts about it online?

Thanks for spying on all of us, America.

flarty:
what ever stops the terrorists like al Qaeda. Would that be the some al Qaeda in syriabthe west has been funding?

Yes, because most Afghani caves are equipped with high-end routers. And since when is Al-Queda based in Russia, China or North-Korea?

Any network admin that doesn't do firmware updates should be fired. At home users who don't know what firmware is, well... I can't say much because it would just be a rant on how people tend to think computers do everything by themselves and apply that wrong thinking to the peripherals that go along with it.
Sigh...

slash2x:
And this this right here is why I use a custom Kernel for my router. Linux FTW. Does it make me unhackable? HELL NO! Nothing is perfect. But it does make me a more difficult target,and like robbers who wants to go to the difficult house when the same results are at an easier to reach one.

the irronic thing is it probably makes you more of a target because you have higher than average security. you must be hidding something and that means you are a terrorist of some sort

Still, when the Chinese hack shit then OMFGYOUBASTARDSHOWDAREYOUFASCISTCHINKBASTARDS. But when the 'Muricans do it, it's okay - because they're the good guys.

Anyone else find this ramp up in cyber warfare scary? I suppose on one hand you could say it was inevitably, but coming from a country that doesn't try to project a global military (Canada) I can stall call out US/China/Russia for being a bunch of assholes.

Just picture the typical internet equation, normal person + anonymity + audience = asshole. Now imagine a big military general, who now has the capability to pull full scale operations on the digital front without ever being seen. If America were to commit an airstrike against Iran's nuclear facilities the world would quickly know about it and there'd be major repercussions. But what if you could knock one offline with a virus? Yeah that's already happened...

And don't think the US is safe from this sort of stuff either. A little while ago I saw a report that critical information concerning all the damns in the US was recently stolen. With the right hacking instruments in place this is information that could be used to cause the damns to burst, all of which could be done remotely from some bunker in any corner of the world.

I mean after the scare of nuclear annihilation we've had a couple decades of significant piece between global powers. But now military people simply being boys with their toys have a new playground where they can flush that progress all down the toilet, and for no good reason.

...This does not make me feel in the slightest bit safe and confident in my actions.

Even if all I do is not even remotely dangerous...

World, please stop being so scary. I want peace.

Yeah, "foreign."

This is scary shit, man.

SanguiniusMagnificum:

flarty:
what ever stops the terrorists like al Qaeda. Would that be the some al Qaeda in syriabthe west has been funding?

Yes, because most Afghani caves are equipped with high-end routers. And since when is Al-Queda based in Russia, China or North-Korea?

Since when was the NSA not spying on numerous civilian populations around the globe, under the pretense of preventing terrorism? Do you really think this technique will be limited to Russia, China or North Korea after prism?

TiberiusEsuriens:
People forget that the weakest link in networks is not the computers themselves, but what lies in between.

The weakest link in networks is the dang users! XD "Why, no, actually, the blinking ad on your web page which claims your computer has been infected and wants you to download and install their anti-virus is not something you should click on. Please."

america land of the not so free and the not so brave.

Hero in a half shell:
When people rob stores and boast about it on Facebook we call them idiots and the police arrest them.

What do we do when the Government hacks its citizens possessions, spies and steals their information, and then boasts about it online?

What I find interesting is why the rest of the world isn't acting on the fact, after all hacking into another nations computers is technically attacking said nation and thus an act of war. Bloody cowardly governments. Then again they all do it to some extent so they can't complain too much.

EDIT: On second thought, I retract my comment.
I'm still not impressed though.

bloody hell, why is the American government so corrupt?

Hacking is illegal regardless of who is doing it. I do have to wonder why no other country seems to care. If I was in charge of a country then I would simply get a nuclear missile program going and tell USA to mind their own buisness or get prepared for world war three (yeah I would actually push that big red button).

RicoADF:

Hero in a half shell:
When people rob stores and boast about it on Facebook we call them idiots and the police arrest them.

What do we do when the Government hacks its citizens possessions, spies and steals their information, and then boasts about it online?

What I find interesting is why the rest of the world isn't acting on the fact, after all hacking into another nations computers is technically attacking said nation and thus an act of war. Bloody cowardly governments. Then again they all do it to some extent so they can't complain too much.

No one wants to say anything for two reasons.

1) United States is on the UN Security Council. Any actions against a member nation have to go through there. Meaning the US can stop anything the UN does cold.

and of course:

2) We are talking about a nation with a $685 Billion yearly military budget. There is over $3 Trillion in military hardware around New York City and Washington DC alone. That spending can pay off the American national debt in 2 years. It can also feed Africa for a century and a half. No nation really wants to see what an overblown, overspending, runaway military budget with an itchy trigger finger can do.

Sofus:
Hacking is illegal regardless of who is doing it. I do have to wonder why no other country seems to care. If I was in charge of a country then I would simply get a nuclear missile program going and tell USA to mind their own business or get prepared for world war three (yeah I would actually push that big red button).

Care to guess how well that's going for Iran and North Korea? They've both been trying for decades. Not as easy as it sounds. By the time your short range Nuke gets into the air, your entire country would be the world's largest parking lot. Funnily enough, neither country sees the US as their primary enemy (Iran hates Israel, North Korea hates South Korea).

I don't see that putting the world at severe risk of nuclear annihilation is the proper response to global NSA hacking.

The proper response when dealing with any rogue state is for the world to unite against it. The US is by far the most damaging criminal state in the world and the world should unite in opposition. This opposition can easily take an economic/political form - eliminating American military bases around the world, putting economic sanctions on the US (limiting the goods sold to and bought from multinational corporations with American ties), severely limiting American media and academia.

The model for this can be taken from the BDS movement against the state of Israel. Israel is a terribly damaging state but what they do is peanuts compared to the rampaging elephant of the United States.

The major problem with implementing this is that the US is enormously powerful. The US is China's best customer, and no salesman wants to piss off their best customer. The US has their fingers in everybody's pie, and the dogs of the world find it very difficult to bite the hand of the master. But the bite is the first step to freedom for all of us.

One organization that provides some hope is the Community of Latin American and Caribbean States, an early step to integrate South America without the domineering fist of the US and Canada. But much more needs to be done and many more countries need to get on board.

seydaman:
...This does not make me feel in the slightest bit safe and confident in my actions.

Even if all I do is not even remotely dangerous...

World, please stop being so scary. I want peace.

I told someone else on this site that the only way to have true privacy is to put a fire ax through your computer. He stammered out how much of an idiot he was sure that I was.

Tragically, it's utterly true.

Just remember: You've been interacting with a dangerous leak in your security and privacy ever since you first connected to the internet. Nothing bad has happened now, and it will continue to not happen. Keep that in mind if you wish to stay sane.

Sofus:
Hacking is illegal regardless of who is doing it. I do have to wonder why no other country seems to care. If I was in charge of a country then I would simply get a nuclear missile program going and tell USA to mind their own buisness or get prepared for world war three (yeah I would actually push that big red button).

This is why you aren't in charge of a country. If you were in the diplomatic position to even authorize a nuclear strike, you wouldn't be a UN-involved superpower, so first your missile would be shot down before even leaving your borders, and then your entire country would be utterly annihilated in minutes.

Also, you're a terrible person for lobbing nukes. Just saying.

Well guess its time to go out on the balcony, look up, and smile for the satellite picture. All hail the coming of the Digital Cold War!

"So be good, for goodness sake, whoa oh oh oh, somebodies commin...."

Hero in a half shell:
When people rob stores and boast about it on Facebook we call them idiots and the police arrest them.

What do we do when the Government hacks its citizens possessions, spies and steals their information, and then boasts about it online?

Cops and robbers have the same personality profile. They are gangsters. Cops exist to ensure the property of their kingpins, nothing more. If we wanted white knights we'd have to knock down those kingpins first. It's a criminals world.

RandV80:
Anyone else find this ramp up in cyber warfare scary? I suppose on one hand you could say it was inevitably, but coming from a country that doesn't try to project a global military (Canada) I can stall call out US/China/Russia for being a bunch of assholes.

Just picture the typical internet equation, normal person + anonymity + audience = asshole. Now imagine a big military general, who now has the capability to pull full scale operations on the digital front without ever being seen. If America were to commit an airstrike against Iran's nuclear facilities the world would quickly know about it and there'd be major repercussions. But what if you could knock one offline with a virus? Yeah that's already happened...

And don't think the US is safe from this sort of stuff either. A little while ago I saw a report that critical information concerning all the damns in the US was recently stolen. With the right hacking instruments in place this is information that could be used to cause the damns to burst, all of which could be done remotely from some bunker in any corner of the world.

I mean after the scare of nuclear annihilation we've had a couple decades of significant piece between global powers. But now military people simply being boys with their toys have a new playground where they can flush that progress all down the toilet, and for no good reason.

person - anonymity - audience = secret asshole waiting to blow

If we were a planet of laws we'd figure out ways to keep the peace without breaking our own laws. It's like we punish criminality while worshiping it at the same time, ever noticed how almost everything on television is in some way or another about criminality? Everyone is to blame here.

Hey guys, Lets add 652 million on to our Trillions of dollars of debt in hopes someone didn't update the security on their router >.< It really shows how pathetic our country is getting when we'll drop over half a mill to spy on other countries internet usage, cause their paranoid about things?

Hell you just know a month from now someone will cover a story about under cover US agents Kicking in some Grandma's door because Little Billy a 5 year old was planning and posting on a attack in someone's Minecraft world.

RandV80:
snippy

And don't think the US is safe from this sort of stuff either. A little while ago I saw a report that critical information concerning all the damns in the US was recently stolen. With the right hacking instruments in place this is information that could be used to cause the damns to burst, all of which could be done remotely from some bunker in any corner of the world.

I mean after the scare of nuclear annihilation we've had a couple decades of significant piece between global powers. But now military people simply being boys with their toys have a new playground where they can flush that progress all down the toilet, and for no good reason.

Pretty much everyone "in the know" about the state of the military and the hacking scene agree that any future big military actions, e.g. invading a country, will be preceded by a cyberattack to cripple infrastructure and communications, making it easier to invade said country. South Korea has been hit with a few medium-sized cyberattacks. I guess it's North Korea practicing.

lacktheknack:

OT: This doesn't really surprise me. Why would they go for sensitive information on secure computers when you can pluck it easily (timestamped with forward and return address!) from the in-between? You're only as good as your weakest link, and your weakest link is what you don't pay attention to, and no one acknowledges the existence of routers.

...OK, I'm a bit surprised that NO ONE has ever updated their router, allowing the NSA to freaking template it. That's just sad, people.

those damn goverment bodies that always screw up your invitation
image

anyways, its easy to forget to update your firmware since you dont really ay a lot of attention to it besides having to unplug and re-plug it again when it malfunctions. or "malfunctions" since this article.

Eve Charm:
Hey guys, Lets add 652 million on to our Trillions of dollars of debt in hopes someone didn't update the security on their router >.< It really shows how pathetic our country is getting when we'll drop over half a mill to spy on other countries internet usage, cause their paranoid about things?

it has foiled several times my plan to take over the world with bockwurst and kartoffelsalat..

We are nearing a crossroads, my friends. We have discarded privacy for the sake of convenience, and our ugliest secrets will soon be put on parade. The images we carefully groom to represent ourselves will complete their deterioration, falling away from us. Then, and only then, will we see how tolerant we really are as a people.

 Pages 1 2 NEXT

Reply to Thread

Log in or Register to Comment
Have an account? Login below:
With Facebook:Login With Facebook
or
Username:  
Password:  
  
Not registered? To sign up for an account with The Escapist:
Register With Facebook
Register With Facebook
or
Register for a free account here