FYI: NSA actively installed spyware on Cisco routers

[OpenSourcerer 1435]

The following pictures are part of an article by Heise Online, referring to a book by Glenn Greenwald.

The NSA intercepted packages containing Cisco routers in order to install spyware on it.

 

^ Proof ^

 

That happened when the spyware wasn't working like it should

 

(Edit: Pictures were moved and renamed by heise's CDN; fixed <3)

Edited ... by gigan3rd

[PirateParty 49]

Time to junk my Linksys router.... 

[anonym 22]

gigan3rd,

 

Thanks for the info.    I would like to hear your opinion on this topic.

 

Would you think my Linksys WRT54GS running DD-WRT likely has the spyware (was this practice widespread for virtually all routers)?

Or would the spyware have been removed when DD-WRT was installed/flashed?

 

I appreciate it!

 

Best regards,

 

anonym

[OpenSourcerer 1435]

Would you think my Linksys WRT54GS running DD-WRT likely has the spyware (was this practice widespread for virtually all routers)?

Or would the spyware have been removed when DD-WRT was installed/flashed?

 

I can't tell you if possible spyware is gone because I can't tell you how DD-WRT gets installed. Does it replace the whole filesystem with a custom one or is it like Freetz on Fritz!Box where the system image builder downloads the original firmware and patch it with what you set up earlier (additional software (e.g. OpenVPN), filesystem patches (e.g. kernel replacement), removal patches (e.g. ftpd or even dsld))?! Or some method I can't think of right now?! I don't have the time to do some research on this now. Maybe in the evening today or tomorrow.

To answer your question in regards of the SerComm vulnerability, if you read elvanderb's GitHub (the one who discovered it in January) you will read:

 

 

Backdoor is not working in:

• [...]
• Linksys WRT54GL(v1.1) Firmware v4.30.16
• Linksys WRT54GS v1.52.8 build 001 (thanks Helmut Tessarek)
• Linksys WRT600N running 1.01.36 build 3 (@shanetheclassic & issue 46)
• [...]

 

But that only answers your question partially. Let me do some research and I will write you.

[iwih2gk 93]

I just assume my router and modem are "backdoor'd".  Now comes something that has been weighing on my mind.  I ordered a laptop about 6 months ago because I wanted 7 Pro and it came via Amazon.  Would I be crazy to consider selling it and buying one directly from the store?  I am using Linux now for my private stuff so I don't need 7 anymore.  If in fact I have/could get a laptop that is "clean" then using multi hop VPN's and TOR would neutralize my issues with a bad router or modem.

 

I want to buy a pfsense hardware setup but I also fear "THEY" will intercept that and modify it as well.  I am done with buying online.  Maybe I should find a "Mother Theresa" type to buy stuff for me and then pay them back in cash.  Might not be too stupid!

 

Seriously, would you consider getting rid of this laptop?  It works great and is loaded (Linux) just how I want, but the nagging feeling is always in the back of my mind.  Responses???

 

 

Before you write my paranoia off, consider this;  my ISP called me and sent their modem to me telling me that mine can no longer be used.  That did NOT happen to my neighbors.  To make matters worse/stranger, they sent me the exact same model that I bought on my own.  No price difference.  That will screw with your head some, trust me.

[CultureVulture 30]

Bizarre! It would screw with mine.

[OpenSourcerer 1435]

Seriously, would you consider getting rid of this laptop?  It works great and is loaded (Linux) just how I want, but the nagging feeling is always in the back of my mind.  Responses???

 

You could get rid of this laptop. Or you can try to confirm your thoughts in every possible way, even decompilation/disassembling is a way.

Read the traffic logs in idle mode. Connect your PC to a device and run a pcap software on this device (e.g. Wireshark).

 

Before you write my paranoia off, consider this;  my ISP called me and sent their modem to me telling me that mine can no longer be used.  That did NOT happen to my neighbors.  To make matters worse/stranger, they sent me the exact same model that I bought on my own.  No price difference.  That will screw with your head some, trust me.

 

It will. What is your ISP?

[iwih2gk 93]

I am going to go shopping for a new laptop while I consider this issue.  We actually could use another machine in the house since my wife's is a fossil (see how I try to justify this - LOL!).  I can easily secure wipe the drive and restore factory 7 Pro and then use this only for "family cruising".

 

I don't have a bottomless budget.  I would like to get an i7 with at least 16 Gig (upgradeable to 32) and something that works out of the box (mostly) with Linux.  Can be any flavor of ubuntu but desktop mainly since it will be a HOST ONLY OS.  I use all VM's for isolation.

 

Anyone have any "in store" suggestions?  I am partial to Thinkpads since IBM stuff seems to work great on Ubuntu.

 

I will also examine the laptop trade-in value.  As you know its likely 50 cents on the dollar and for that I'll keep it.

 

 

Regarding the ISP.  For now I have to still consider revealing that.  Its one of the largest in the country.

 

Side note:  if you could see my internet activity you would be convinced its all about privacy, and not anything like running a hidden TOR service.  Just a boring privacy advocate!

[OpenSourcerer 1435]

if you could see my internet activity you would be convinced its all about privacy

 

I'm not that simple-minded to classify high numbers of total traffic as pirate traffic. Most of those users are just hard Steam/Origin users or HD movie streamers.