Cisco Systems gear reportedly bugged by NSA

Newly reported revelations that the National Security Agency bugged Cisco Systems’ networking equipment so the agency could spy on various adversaries has triggered a biting response from the San Jose company.

The revelation was reported by the online news site Ars Technica, which cited a 2010 NSA internal newsletter article referenced in Glenn Greenwald’s book “No Place To Hide.” It shows images of the agency intercepting packages of Cisco servers, routers and other computer networking equipment to install the surveillance bugs.

The NSA document from the chief of the agency’s Access and Target Development department (S3261) provided this detailed explanation for how the bugging was done:

“Here’s how it works: shipments of computer network devices (servers, routers, etc,) being delivered to our targets throughout the world are intercepted. Next, they are redirected to a secret location where Tailored Access Operations/Access Operations (AO-S326) employees, with the support of the Remote Operations Center (S321), enable the installation of beacon implants directly into our targets’ electronic devices. These devices are then re-packaged and placed back into transit to the original destination. All of this happens with the support of Intelligence Community partners and the technical wizards in TAO.”

Cisco previously has denied helping the government use its equipment to conduct spying operations and the latest revelations drew a sharp rebuke from the corporation’s General Counsel, Mark Chandler.

“This week a number of media outlets reported another serious allegation: that the National Security Agency took steps to compromise IT products enroute to customers, including Cisco products,” Chandler said in a blog post.

“We comply with US laws, like those of many other countries, which limit exports to certain customers and destinations; we ought to be able to count on the government to then not interfere with the lawful delivery of our products in the form in which we have manufactured them. To do otherwise, and to violate legitimate privacy rights of individuals and institutions around the world, undermines confidence in our industry.”

Photo by Paul Sakuma, AP

Steve Johnson Steve Johnson (297 Posts)

Steve Johnson covers the microchip industry, cyber security and the big-technology sector that includes Hewlett-Packard, Oracle and Cisco Systems.