NSA Catalog Lists Vulnerabilities to Exploit Networking Gear: Report
The National Security Agency has a "mail-order" catalog of security vulnerabilities it uses to exploit networking equipment, according to a new published report.The U.S. National Security Agency (NSA) has its own catalog of vulnerabilities that it uses to exploit commercial networking gear in order to insert backdoors to conduct surveillance, according to a report published this weekend in German news magazine Der Spiegel. The report is based on materials leaked by NSA whistleblower Edward Snowden and details new revelations about an NSA unit known as the Tailored Operations Unit, or TAO, which conducts operations that enable it to gain access to user PCs and computer networks in a number of ways. One of the more elaborate ways the NSA is able to insert backdoors is by intercepting technology shipments from a vendor to a user, loading malware onto the device, then forwarding the technology to its original destination. According to the report, TAO is also able to gain information is by exploiting Microsoft Windows crash reports sent from user PCs. Microsoft has recently taken steps to boost its own encryption efforts in a bid to improve its security in light of previous NSA exploitation disclosures. Microsoft isn't the only U.S. tech vendor that the NSA's TAO has been able to exploit. According to the Der Spiegel report, there is a 50-page document that reads like a mail-order catalog of exploits that the agency can use to infiltrate myriad technologies from U.S.-based technology vendors.
Among the vendors named in the report as being exploitable is networking giant Cisco Systems. In a publicly released statement, Cisco Chief Security Officer John Stewart denied any knowledge of any NSA backdoor vulnerabilities in the company's equipment.