In an attempt to blatantly thwart the NSA from spying through its router products, Cisco will now ship boxes to vacant addresses to foil the NSA’s efforts and protect their customers.
Since the initial reports of the NSA, was revealed last May. The NSA interception campaign was reported to actively intercept the delivery of Cisco routers and install back-doors before the delivered Cisco routers reached their customers in order to have root access of the routers and actively monitor them. Because of this NSA interception campaign some Cisco customers cannot trust the mail service and now drive up to a distributor to pick up Cisco hardware at the door.
In reaction to the NSA’s interception campaign Cisco will ship to fake identities for its most sensitive customers, in the hope that the NSA’s interceptions are targeted and exposed. Cisco has been pro-active and has inspected their routers for possible embedded spy chips, but to date has not found anything because it necessarily does not know precisely what NSA taps may look like.
According to security chief John Stewart of Cisco
“We ship [boxes] to an address that’s has nothing to do with the customer, and then you have no idea who ultimately it is going to. When customers are truly worried … it causes other issues to make [interception] more difficult in that [agencies] don’t quite know where that router is going so its very hard to target – you’d have to target all of them. There is always going to be inherent risk.”
Borg boss John Chambers of Cisco wrote a letter to US President Barack Obama saying the spying would undermine the global tech industry. But is seems to have fallen on deaf ears.
Mike Burgess, chief security officer for Australia’s dominant telco Telstra, says the carrier is confident it will be able to secure the swelling pools of data the nation’s government will force it to collect under soon-to-be-enacted data retention laws. However, the swelling data pools will turn companies into honeypots for hackers, and staff with access to the databases as prime targets for phishing campaigns.
There was not much clarity over how much data retention will cost the telco, but it would impose a significant monetary overhead and that prompted telcos to write to Federal Attorney General George Brandis and Communications Minister Malcolm Turnbull requesting additional government subsidizes.
John Stewart of Cisco points out that hacking groups are likely with sufficient time and effort be successful at targeting systems specifically government mandated data retention databases. Imposing a greater security risk.
And goes on to say
“If a truly dedicated team is coming after you for a very long period of time, then the probability of them succeeding goes up. Telcos should not focus on the financial cost of protecting those databases and instead ensure that acceptable risk levels are met, he says. Checkbox compliance should be all but binned.”