NSA Laughs at PCs, Prefers Hacking Routers and Switches


NSA Laughs at PCs, Prefers Hacking Routers and Switches

BY KIM ZETTER09.04.136:30 AM

Photo: Santiago Cabezas/Flickr

The NSA runs a massive, full-time hacking operation targeting foreign
systems, the latest leaks from Edward Snowden show. But unlike conventional
cybercriminals, the agency is less interested in hacking PCs and Macs.
Instead, America’s spooks have their eyes on the internet routers and
switches that form the basic infrastructure of the net, and are largely
overlooked as security vulnerabilities.

Under a $652-million program codenamed “Genie,” U.S. intel agencies have
hacked into foreign computers and networks to monitor communications crossing
them and to establish control over them, according to a secret black budget
document leaked to the Washington Post. U.S. intelligence agencies conducted
231 offensive cyber operations in 2011 to penetrate the computer networks of
targets abroad.

This included not only installing covert “implants” in foreign desktop
computers but also on routers and firewalls — tens of thousands of machines
every year in all. According to the Post, the government planned to expand
the program to cover millions of additional foreign machines in the future
and preferred hacking routers to individual PCs because it gave agencies
access to data from entire networks of computers instead of just individual

Most of the hacks targeted the systems and communications of top adversaries
like China, Russia, Iran and North Korea and included activities around
nuclear proliferation.

The NSA’s focus on routers highlights an often-overlooked attack vector with
huge advantages for the intruder, says Marc Maiffret, chief technology
officer at security firm Beyond Trust. Hacking routers is an ideal way for an
intelligence or military agency to maintain a persistent hold on network
traffic because the systems aren’t updated with new software very often or
patched in the way that Windows and Linux systems are.

“No one updates their routers,” he says. “If you think people are bad about
patching Windows and Linux (which they are) then they are … horrible about
updating their networking gear because it is too critical, and usually they
don’t have redundancy to be able to do it properly.”

He also notes that routers don’t have security software that can help detect
a breach.

“The challenge [with desktop systems] is that while antivirus don’t work well