[smutticus]

How much hardware is actually made in the USA anymore? Most HW is manufactured in Taiwan, China, Korea, Thailand, Malaysia or maybe Mexico. I used to work for a router manufacturer that manufactured all of its equipment in Taiwan and Mexico. When we shipped to someone in Europe(for example) we shipped directly from Taiwan to Europe, not through the US. So I have to wonder how much of this stuff the NSA could actually get their hands on.

The other question I have is what happens when there is an RMA, or the equipment is sent back for repair? Might someone notice that it's been tampered with? We need more specifics to really understand what was going on here. So many questions, no real answers.

[pasbesoin]

This is not based upon any particular knowledge or expertise, but upon many years of casual observation, general news reporting, and anecdote from friends and whomever: Given their position as well as long-standing ties both politically and militarily as well as economically, I have to -- in my own mind -- seriously question the independence of anything of real interest to the U.S., that's happening in Taiwan.

I don't mean that the Taiwanese aren't their own people with their own interests; nonetheless, I would expect to find their various systems rather thoroughly and effectively infiltrated.

Again, I don't have any real knowledge in this regard. I'd welcome more knowledgeable comments in response to mine.

[intslack]

Anything that's shipped from the US, basically. From the slides released with Greenwald's new book today: https://i.imgur.com/lCM0apx.png

Here's the source, but be warned that this is a 90 MB pdf: http://hbpub.vo.llnwd.net/o16/video/olmk/holt/greenwald/NoPl...

[csandreasen]

I get the feeling that if every router was being intercepted, that picture would look more like a giant series of assembly lines rather than three people casually sitting around a Cisco box.

[intslack]

Guess I should've been clearer: any equipment they're interested in that ships from the US is at risk. They don't need to go after all equipment. They only need to go after equipment being shipped to backbone providers abroad, and specific targets they are interested in that are "tough to crack."

Further, if one believes that TAO is limiting themselves to terrorists buying Cisco equipment, I have a bridge to sell you. That's absurd considering they produly boast about their economic espionage, their spying on activists such as Wikileaks supporters and other "radicals," and their partners bragging about how they DDoS IRC chat rooms of hacktivists.

One example: http://justsecurity.org/2013/11/29/nsa-sexint-abuse-youve-wa...

All of this is summarized in Greenwald's new book.

[csandreasen]

I don't expect them to be limiting themselves to terrorists - they're a foreign intelligence agency. I expect them to be gathering info on foreign governments, militaries, etc. (along with spying on terrorists).

I've written about the NSA porno article before, so I'll just post the link to that thread[1]. The TLDR is that Greenwald seems to have left a good deal out of his reporting in order to both sensationalize and avoid discrediting his own argument. I haven't read his new book; maybe he addresses it in there.

[1] https://news.ycombinator.com/item?id=6885325

[intslack]

No, but that's their justification the vast majority of the time. They don't limit it to foreign governments or militaries either. They do engage in economic espionage, fact. They do single out anyone they don't like which isn't limited to terrorists in these campaigns: "radicals", among them Wikileaks supports, fact.

Stewart Baker has discredited himself[1], his opinion is worth jack shit frankly. I wouldn't trust anything he says, not only because he was behind many of these programs as council but also because of Eben Moglen's interactions with him during the almost-prosecution of Phil Zimmerman, and suggest you do the same.

That the documents are 'sensationalized' is the favorite refuge of NSA goons: when Keith Alexander's comment about collecting it all became public, SEXINT, PRISM, etc. He talks about all of those and leaves no doubt that this characterization is horse shit after the third chapter.

[1] http://www.skatingonstilts.com/skating-on-stilts/2014/04/hid...

[csandreasen]

Wow, thanks for accusing me of being an NSA goon. For the record, I said the reporting was sensationalized, not the documents.

On the economic espionage front, I really don't care if the NSA spies in order to shape national policy. Things get a lot murkier when intelligence agencies spy and then hand off that data off to private companies. Huawei was caught red-handed using stolen source code from Cisco[1]. Cisco probably lost millions because Huawei was able to undercut them and skimp on R&D costs. Frankly, I don't want any foreign companies willing to steal trade secrets managing the same internet backbones I conduct business on, just like China probably doesn't want their internet backbones running on American equipment. If there is evidence that the NSA has been handing Huawei source code to Cisco, or any kind of data to any private organization for that matter, in order to gain a competitive advantage, then Greenwald has yet to show it.

You can consider Stewart Baker's opinion to be worth jack shit, but apparently Glenn Greenwald, Ryan Gallagher and Ryan Grim thought his opinion was good enough to quote extensively for the SEXINT article that they wrote. But that's not even the point - they could have been quoting Glenn Beck for all I care. The issue is that they quoted him very selectively in order to not discredit their argument. That wasn't even the first time: right off the bat they omitted slides from the PRISM presentation in order to make the argument that the NSA had direct access to Google/Yahoo/Microsoft/etc.[2] I can see in the PDF file for Greenwald's book that he still extensively cites the Boundless Informant slides, despite the fact that they've been thoroughly discredited[3]. I'm honestly curious - did he mention that part in the book?

The Washington Post silently corrected their initial reporting without issuing a public statement[4][5], and as far I know Glenn Greenwald has never issued any retractions. I'm sure that there's probably plenty of interesting information in the Snowden cache, but I don't trust most of the reporting up until now.

[1] http://blogs.cisco.com/news/huawei-and-ciscos-source-code-co...

[2] https://medium.com/state-of-play/8ebc878074ce

[3] http://electrospaces.blogspot.com/search/label/BoundlessInfo...

[4] http://www.forbes.com/sites/jonathanhall/2013/06/07/washingt...

[5] http://www.zdnet.com/how-did-mainstream-media-get-the-nsa-pr...

[stuki]

I simply cannot fathom how the NSA could hope to intercept and physically mess with every single piece of $10 to $10,000 router sold.

If true, and I have a hard time believing it is not, either this is done at the design level (and not just on router chips), or only for big ticket backbone and/or enterprise equipment.

[Someone]

It doesn't have to be every $10 router. Plant one compromised router at each router factory, check when primary target X, Y or Z orders routers, intercept that shipment and hack each router.

[eyeareque]

I'm not sure how much is shipped directly from the over seas manufacturer to the customer. However, the NSA could be intercepting RMA hardware as well.