The new head of the US National Security Agency vowed on Monday to bring greater transparency to the under-fire spy agency, but his words were undermined by newly released allegations claiming the NSA routinely intercepted US-made routers bound for export and planted backdoors on them.
The allegations appear to be based on yet more information gleaned from the treasure trove of secret documents lifted by Edward Snowden and soon to be published in a book by journalist Glenn Greenwald.
They include a June 2010 report from the head of the NSA’s Access and Target Development department which claims the agency either receives or intercepts servers, routers and other tech kit bound for international customers, according to an excerpt in The Guardian.
The NSA then fits the kit with some kind of backdoor surveillance tool before repackaging the gear and replacing the factory seal, Greenwald alleges.
The report apparently continues:
"In one recent case, after several months a beacon implanted through supply-chain interdiction called back to the NSA covert infrastructure. This call back provided us access to further exploit the device and survey the network."
The revelations, if true, are doubly damaging to the US given that a high profile House Intelligence Committee report in 2012 accused Chinese companies Huawei and ZTE of posing a national security risk because it couldn’t be guaranteed that their products didn’t contain similar backdoors.
The report effectively killed the companies’ chances of competing in the lucrative US telecoms market.
Greenwald argues that part of the motivation of the US government in making that bold claim may have been to warn other countries off buying Chinese-made devices, because it wanted its own backdoor-riddled kit to reach as many nations as possible.
The latest revelations come as new NSA head, Admiral Mike Rogers, tried to build bridges after a hugely damaging year for the agency.
At a Washington conference he claimed the NSA’s controversial surveillance programs were legal but needed explaining better to the public. Rogers added that he would travel abroad to meet counterparts in countries such as Germany to try and rebuild trust.
"It is by design that I have tried to start a series of engagements with a broader and perhaps more different groups than we have traditionally done," he told the Reuters Cybersecurity Summit.
"The dialogue to date that we have had for much of the last nine months or so from my perspective, I wish was a little bit broader, had a little more context to it, and was a little bit more balanced."