Is The NSA Still Putting Back Doors in Tech Products?
This is a bit like the old question “are you still beating your spouse?” In order to answer that you would have to admit that you had been doing it previously.
The NSA, as far as I know, hasn’t admitted to placing back doors in tech products but there is a lot of information that has leaked out over the years that seems to indicate that they did and possibly still do.
One example. The CIA and NSA, in partnership with German intelligence, actually OWNED the Swiss crypto hardware company Crypto AG. They sold backdoored crypo hardware (back when hardware was the only way to do that) to both our friends and our foes. Of course, no one knew that the intelligence community owned the company or that the crypto was defective. The company was shut down or sold in around 2015 when all encryption was done in software and the CIA and NSA no longer had the monopoly that Crypto AG once was, but the NSA and CIA had access to the supposedly secure communications of both our friends and enemies for decades.
Second example. Juniper has admitted that in 2015 someone inserted a back door – what they refer to as unauthorized code – into the Juniper operating system ScreenOS. Some sources say that the code goes back to 2008. Call unauthorized code a code word for back door.
Third example. The NSA paid RSA millions of dollars to use a particular pseudo random number generator called dual EC. The algorithm has a weakness making the numbers not so random and the NSA knew that and was able to leverage that to make crypto easily crackable. By them. Because they knew about this flaw. They even managed to get NIST, for whom the NSA was a technical advisor, to adopt Dual EC as a standard.
When Snowden released the documents that he did release, it became clear that the algorithm was fatally flawed. NIST says that they were duped – which is both possible and possibly a lie – and revoked the standard.
But in the meantime some government other than ours figured out that there was a flaw in the Juniper software and kind of used the flaw against us. And others.
All that is background.
Senator Ron Wyden, a member of the Intelligence Committee has asked the NSA for a copy of a report they created after it became public that the NSA’s back door was being used against us. Wyden is opposed to back doors because it is hard even for the NSA to keep a secret a secret. For one thing, someone else might discover it accidentally.
Mysteriously, the NSA says that they cannot find that report.
Supposedly after the NSA’s hack got hacked the NSA changed its policy on inserting back doors into commercial products.
But, hmmm, they can’t seem to find that information. Maybe we should ask Snowden to look for it like Trump asked Russia to look for Clinton’s emails.
Rumor has it that for years the NSA intercepted equipment from vendors like Cisco while it was in transit and inserted “gifts”. They then put it back in the delivery stream and used the access they had to steal information.
Bottom line, we don’t really know what the NSA’s policy is about adding back doors to commercial products.
And the NSA is not saying.
You would think that if they were NOT doing it any more, they might be willing to say so, which leads me to assume that the new policy is “don’t get caught”.
You are going to have to figure this one out yourself.