Leaked information about the National Security Agency’s operations has reportedly exposed a catalog of tools the spy agency uses to compromise popular software and hardware.
German news magazine Der Spiegel reported that they had obtained a 50-page document resembling a product catalog that outlined tools developed by the NSA’s ANT division – which is believed to stand for either Advaned or Access Network Technology – to compromise technology from a number of vendors responsible for producing routers, servers, firewalls and other equipment in widespread use.
According to the article, the NSA has “targeted products made by well-known American manufacturers and found ways to break into professional-grade routers and hardware firewalls, such as those used by Internet and mobile phone operators. ANT offers malware and hardware for use on computers made by Cisco, Dell, Juniper, Hewlett-Packard and Chinese company Huawei.”
Among the particular products mentioned was the Cisco PIX-series and Cisco ASA-series. According to the report, the Cisco products can be compromised with an implant codenamed “JETPLOW” that creates a backdoor.
In response, John Stewart, chief security officer at Cisco, blogged the company is looking into the allegations.
“We are deeply concerned with anything that may impact the integrity of our products or our customers’ networks and continue to seek additional information,” Stewart blogged. “We are committed to avoiding security issues in our products, and handling issues professionally when they arise. Our Trustworthy Systems initiatives, Cisco Secure Development Lifecycle, Cisco Common Crypto models, and Product Security Incident Response Team (PSIRT) and Vulnerability Disclosure policies are all industry-leading examples of our commitment to our customers. This is central to how we earn and maintain trust.”
Products from Cisco competitor Juniper Networks were mentioned as well, such as Juniper Netscreen/ISG 1000. Other products targeted by the NSA’s operations include Dell PowerEdge Servers, which the catalog reportedly says can be targeted with an implant known as “DEITYBOUNCE” that exploits the motherboard BIOS and utilizes the System Management Mode to give the NSA access.
Products from Huawei and Hewlett-Packard were targeted as well. The article does not allege that the companies worked with the NSA to develop the implants. Each of the companies issued statements to the media saying they had no knowledge of the NSA’s activities.
“Dell does not work with any government – United States or otherwise – to compromise our products to make them potentially vulnerable for exploit,” blogged John McClurg, vice president and chief security officer at Dell. “This includes ‘software implants’ or so-called ‘backdoors’ for any purpose whatsoever.”