People's Democracy(Weekly Organ of the Communist Party of India (Marxist) |
Vol. XXXVIII
No. 01 January 05, 2014 |
The
NSA and Its Corporate Partners Prabir Purkayastha THE
third most important set of revelations from Snowden's
treasure trove of NSA
documents took place last week. Der Spiegel, a
leading German newspaper,
published a set of reports that show how networks and
computers have been
compromised by the NSA. This was complemented by Jacob
Appelbaum's address in
the 30th Chaos Communications Congress in THE SETS OF REVELATIONS The
first set of Snowden revelations had nailed the Internet
giants – Google,
Microsoft, Yahoo, Facebook and others – who were allowing
the NSA to read in
real time every bit of communications that passed through
their networks. All
of them had built the next generation of cloud facilities –
where data would be
stored in the “cloud” – read stored in the massive array of
servers of these
companies in the The
second set of revelations is regarding the telecom
companies. This is the
second pillar of NSA's mass surveillance. The data packets
going over the
telecom network can be tapped with the “assistance” of the
telecom companies.
The mass surveillance of telecom data is collated with
Internet companies’ data
to work out who is talking to whom and what they are talking
about. NSA also
tracks what are the websites that subjects are looking at or
what topics. As a
bulk of the Internet traffic still passes through the From
mass surveillance, we come to Tailored Access Operating
Group (TAO), a new and
rapidly expanding part of the NSA. Spiegel reports:
“It (TAO)
maintains its own covert network, infiltrates computers
around the world and
even intercepts shipping deliveries to plant back doors
in electronics ordered
by those it is targeting.” In other words, from
inserting rogue code on
different machines and networks, it also takes control
of machines in transit
from the manufacturer/dealer to the target, and implants
hardware and software
into it. And such targets are not just individuals but
governments and
companies as well. COMPANIES
IN NSA’S SURVEILLANCE
SCHEMES Make no
mistake. TAO is not about surveillance alone – it is about
targeting of
machines and networks of any entity, and modifying either
their software or
even their hardware for taking control of such machines.
It is an offensive
weapons unit – it attacks computers and network of others.
It is such an attack
of the Supervisory Control and Data Acquisition System
(SCADA) in Natanz fuel
enrichment plant that took out 1,000 centrifuges. The
principle is the same –
implant rogue hardware or software and take control of
such machines. And Spiegel
makes clear that targets are not
just terrorists; they include agencies of friendly
governments ( The
list of equipment manufacturers, in whose equipment NSA
has found security
holes or connived with their help to create such holes,
are who-is-who in the
computer industry. It includes computer manufacturers such
as Dell and HP,
I-Phone, I-Pad and Mac systems of Apple's, network routers
from Juniper and
Cisco. It is widely known that Android phones also have
similar backdoors. All
of them have issued bland denials – they do not work with
NSA to create
backdoors. What some of them have added is quite
interesting – they have said
that they comply with the laws of the countries they
operate in. Does it mean
giving NSA the encryption keys? Does it mean reporting to
NSA known security
holes in their systems so that NSA can use them? The
interesting part of the NSA's laundry list of companies'
hardware they have
broken into include Huwawei, the Chinese network company.
It now appears that
NSA knows about security holes also in Huwawei's network
equipment and is able
to use it to hack into private and public networks.
Presumably, Huwawei did not
cooperate with NSA on this, so it is possible that some of
the other companies
may be unknowing partners of the NSA as well. But the
range of equipment and
the scale of the security holes that NSA uses would lead
to one to believe that
American companies have been a part of NSA's mass
surveillance schemes. The
list of network equipment that NSA can take over raises
some other questions.
Snowden had mentioned earlier that NSA takes over giant
routers that direct
Internet traffic and have done so in INTERESTING
QUESTION This
also brings out another interesting question. Appelbaum
says that when the NSA
uses a computer to attack targets, the computer IP address
is rarely in the The Some of
the holes that NSA has created are indeed extremely
dangerous. In a 60-minute
TV programme, NSA's information assurance director Debora
Plunkett spoke about
the threat of a BIOS implant – that part of the software
that boots all the
rest – and how the “malevolent” Chinese were hacking into
it, endangering the
whole world. IF BIOS is infected, no virus checking
software can uncover it. It
now transpires that BIOS threat really exists, but from
the NSA. It routinely
infects the BIOS, making all measures against such malware
irrelevant. Even if
you change the hard disk or reformat it, your machine will
still stay infected. The
kinds of “gadgets” that NSA has engineered are striking.
They provide USB
sticks that contain wireless communications and can be
used to control or read
from the machines. The smart phones have been “cracked” –
the NSA uses
implanted software to provide all information in the phone
to NSA. It has a
high power wave generator that from a distance can bounce
signals of your
monitor and see what your monitor is displaying. Remember
Snowden: NSA can read
your thoughts as you type them on your computer,
pooh-poohed by “experts”?
Well, we now know it is true. Appelbaum
said in his speech that if there are 10 ways to break into
your computer, NSA
will find 13 ways to do so. NSA's motto is: Collect it
all. Pretty similar to
what used to be the mercenaries motto in wars: “kill them
all and let god sort
it out.” OUR
STRATEGIC REQUIREMENT For
countries such as The
problem with all of this is that success of such policies
it depend on private
capital or even multinational capital. However, such
policy goals have no interest
for them. Indeed, for many of these companies, an Indian
hardware platform is
against their corporate and country interests. If
Indian government
truly believes that it needs indigenous manufacturing, and
the recent
revelations make clear why this is a strategic
requirement, they need to create
in public sector with public investments for Indian
electronics manufacturing.
Writing reams of well-meaning documents will not create an
electronics
manufacturing sector; public investments will. Remember
ECIL? Without ECIL the Indian atomic energy programme
would have failed. All
the control systems in the nuclear plants have come from
ECIL. ECIL indeed
seeded the entire electronics and computer industry in the
country. What we
need today is a major effort to create similar companies
that will be tasked
with creating strategic electronics equipment – and that
includes the telecom
network. Whether we use Cisco's or Huwawei's equipment –
the questions are the
same. There is no “safe” networking equipment unless you
build it yourself.
Even after that, we need to be cautious as Huwawei is
discovering, but at least
it would be a start.
For a
serious discussion on security for the Indian network, we
need to reboot these
discussions. Too long, NASSCOM and FICCI have been
pretending to be the Indian
industry. The reality is NASSCOM has been taken over by US
Internet companies
such as Google and Microsoft. FICCI”s telecom group is
again lead by foreign
companies – AT&T, Vodafone, Yahoo and others. If we
want a serious discussion,
we have to remove foreign players from the core discussion
on national
security. Otherwise, we may as well invite the NSA (or the
Chinese) to
formulate our cyber security policies.