If you got a shiny new computer for Christmas, you may want to check it for bugs. A report from the German magazine Der Spiegel reveals how the National Security Agency’s intrusive data collection efforts go far beyond so-called “metadata” collection, detailing how the NSA sometimes intercepts computer deliveries in order to plant spyware to monitor user activity and gain backdoor access to the electronics.
According to the report, NSA has intercepted and compromised computers, hard drives, routers and other electronic equipment from Cisco, Dell, Western Digital, Seagate, Maxtor, Samsung, Huawei and other big-name technology companies.
In what is described as one of the NSA’s “most productive operations,” the agency can collaborate with the FBI and CIA to intercept new computers and electronic equipment en route to it intended destination and retrofit the devices with espionage software or hardware designed to create a log and provide access to a user’s every activity.
Based on information obtained by the magazine, NSA expects to have backdoor access to 85,000 computers around the world by the end of 2013 via physical modifications or network hacking. That’s up from 21,252 in 2008.
Der Spiegel also reports that the NSA also has a listing of tools resembling a mail order catalog to give its spies the ability to do everything from computer monitoring to phone call interception.
From the report:
…And no matter what walls companies erect, the NSA’s specialists seem already to have gotten past them.
This, at least, is the impression gained from flipping through the 50-page document. The list reads like a mail-order catalog, one from which other NSA employees can order technologies … for tapping their targets’ data. The catalog even lists the prices for these electronic break-in tools, with costs ranging from free to $250,000.
With its ability to intercept computers and install spy software in addition to its digital data penetration and collection abilities, the NSA has essentially gained the ability to penetrate the security of just about every major technology firm.
Many of the firms that the NSA exploits to gain user data by physical and electronic means have no idea that they are providing information to the spy agency, according to the report.
In one example, Der Spiegel reveals that the NSA has the ability to spy on all of Microsoft Corp.’s crash reports, the messages sent to users and Microsoft engineers when a program malfunctions on a consumer’s machine. The crash reports are used to help the agency find better ways to infect users’ computers with spyware. The magazine cites one NSA document that jokingly replaces the standard Microsoft error message a user sees when a crash report is sent with, “This information may be intercepted by a foreign sigint (signals intelligence) system to gather detailed information and better exploit your machine.”
In an email to USA Today, Microsoft said that it was completely unaware of the government’s activities.
“Microsoft does not provide any government with direct or unfettered access to our customer’s data,” a company representative said. “We would have significant concerns if the allegations about government actions are true.”