NSA able to compromise Cisco, Juniper, Huawei switches

Blair Trosper blair.trosper at gmail.com
Tue Dec 31 05:19:37 UTC 2013


To supplement and amend what I said:

These are the KINDS of things we want the NSA to do; however, the
institutional oversight necessary to make sure it's Constitutional,
warranted, and kept "in bounds" is woefully lacking (if any exists at all).
 Even FISA is unsatisfactory.

At any rate, I agree that the current disposition of the NSA (or, at least,
what's been leaking the last few months) is simply unacceptable and cannot
be allowed.  I say that last part from the perspective of a US citizen,
though I'd imagine most people of other nationalities would agree with me,
but probably for different reasons.


On Mon, Dec 30, 2013 at 11:08 PM, Jimmy Hess <mysidia at gmail.com> wrote:

> On Mon, Dec 30, 2013 at 10:41 PM, Blair Trosper <blair.trosper at gmail.com>wrote:
>
>> I'm torn on this.  On one hand, it seems sinister.  On the other, it's not
>> only what the NSA is tasked with doing, but it's what you'd EXPECT them to
>> be doing in the role as the NSA.
>>
> [snip]
>
> The NSA's role is not supposed to include subterfuge and undermining the
> integrity or security of domestic enterprise infrastructure
>
> With any luck, we'll hopefully find absolutely nothing, or that it was
> "targetted" backdooring against specific targets only.
>
> And people have a need to know that the security agencies haven't left a
> trail of artificially inserted bugs and backdoors in common IT equipment
> providing critical infrastructures services,  and that the agencies haven't
> prepared a collection of instant-root 0days,  that are no more protected
> then the agencies' other poorly guarded "secrets".
>
> There would be a risk that any 'backdoors' are ready to be exploited by
> other unintended nefarious actors!
> Because the NSA are apparently  great at prepping the flammables and
> setting fires,    but  totally incapable of  keeping the fires contained,
> once they  (or someone else)  lights it.
>
>
> It is not the least bit necessary for the NSA itself to be a nefarious
> actor  exploiting things or even complicit;  for the mere presence of  any
> backdoor or surreptitious code to eventually have the potential for serious
> damage.
>
> It could well be a rogue ex-employee of the NSA, such as Snowden,  or
> others,  that happened to be aware of technical details, hackers, or
> members of a foreign nation state,  who will just happen to have the time
> and energy to track down open doors waiting for the taking,  AND  figure
> out how to abuse them  for evil purposes.
>
>
> There are enough potential 0day risks, without intentional ones,  waiting
> for bad guys to co-opt!
>
> --
> -JH
>


More information about the NANOG mailing list