Forgot your password?
typodupeerror
Networking Government Privacy Security

UPS Denies Helping the NSA 'Interdict' Packages 207

Posted by Soulskill
from the what-can-brown-do-for-you dept.
An anonymous reader writes "When Glenn Greenwald's book came out recently, one of the most startling revelations was that the NSA has been intercepting shipments of networking gear to add spyware. Cisco was one of the vendors whose gear was altered, and now their shipping provider has spoken up about it: 'UPS, which Cisco has used since 1997 to ship hardware to customers around the world, said on Thursday that it did not voluntarily allow government officials to inspect its packages unless it is required to do so by law. "UPS' long-standing policy is to require a legal court-ordered process, such as a subpoena, before responding to any third-party requests," UPS spokeswoman Kara Ross wrote in an e-mail to TheBlot Magazine. "UPS is not aware of any court orders from the NSA seeking to inspect technology-related shipments." In a follow-up e-mail, Ross said UPS had no knowledge of similar orders from the FBI, CIA or any other federal agency.' That sounds like carefully parsed language to me. 'Did not voluntarily,' 'unless it is required to do so by law.' Perhaps they're bound by a National Security Letter?"
This discussion has been archived. No new comments can be posted.

UPS Denies Helping the NSA 'Interdict' Packages

Comments Filter:
  • by headhot (137860) on Friday May 30, 2014 @09:41AM (#47128187) Homepage

    If the device is made (or packaged in the US) and is being shipped overseas, the NSA can grab it at customs, there is nothing the shipper can do about it.

  • What kind of spyware (Score:0, Interesting)

    by Anonymous Coward on Friday May 30, 2014 @09:41AM (#47128195)

    So, what kind of spyware could be installed on an IOS router? Does the NSA write their own bootloader?

  • by Gibgezr (2025238) on Friday May 30, 2014 @09:41AM (#47128199)

    Excuse my ignorance, I am not from the U.S., but I thought only the F.B.I. could serve National Security Letters. Can the NSA also serve them?

  • yeah, whatever (Score:4, Interesting)

    by phillk6751 (654352) on Friday May 30, 2014 @09:45AM (#47128229)
    Just like Google, Microsoft, Apple, etc, etc. Nobody wants to fess up, but some appear to be "trying" to step up to the NSA now.

    I wonder if they (private companies) secretly allowed it(NSA infiltration) to happen under fear of the NSA using whatever power they have to get the companies shut down if they didn't follow suit. Now that the public has been informed, the companies are using all the plausible deniability they can to prevent lawsuits. In the case of the UPS, I don't think there's any plausible deniability to use...It's not a software system that the NSA could exploit per-se.

    Or is it the case these companies really are just as corrupt as the NSA?

    I really don't see any other alternative, unless you want to argue that Snowdens docs were fake (Highly unlikely).
  • by Cassini2 (956052) on Friday May 30, 2014 @09:59AM (#47128351)

    Many (all?) custom's warehouses are operated by third-party companies. This will be a little bit more complicated than inspecting luggage. However, the companies (subsidiaries) that operate those warehouses get their entire revenue from allowing people to transport goods across borders. I suspect the NSA can get away with almost anything in that environment.

  • UPS drivers have assigned routes that they drive, so barring vacation and sick time any given address is serviced by the same driver every day. Knowing which truck is similarly easy, since all that would be needed is to track the first few stops to get the truck number - and if required, the driver of the day's name. Knowing the day is a function of UPS' own tracking systems, it will tell you when a package is out for delivery.

    So here is a theoretical setup:

    1) Identify the route of the target - the company who ordered the part
    2) Order a delivery scheduled for the same day to a company earlier in the route
    3) Watch the second company, identify the truck number and driver
    4) Run a background on the driver to find out family, friends, brand of toilet paper
    5) Meet driver en route and perform the stop as above
  • by Guppy06 (410832) on Friday May 30, 2014 @11:16AM (#47128947)
    This all presupposes that Cisco wasn't sending these routers to Fort Meade to begin with, with the NSA re-shipping the routers to their final destination after modification.
  • by phorm (591458) on Friday May 30, 2014 @11:22AM (#47129011) Journal

    OK, so the NSL is basically a secret letter, that nobody wants to talk about. How do they (recipients) even know if/when they're legit. It's not like there's a 1-800-DIAL-NSA number to check it out.

    What's to stop "shady group X" from getting some serious looking guys with suits, sunglasses, and some fake ID's+forms to drop by the local datacentre and say "OK, we're NSA and we need records/access from this group of servers here. Oh, and you can't talk about this to anyone. Delay us and very bad things will happen to your and/or your business"

Real Users never know what they want, but they always know when your program doesn't deliver it.

Working...